diff --git a/README.md b/README.md
index 482c29f04ecff3b3b0623bfeadc73b9f8e39cd23..948a638e44df030f688814a3148c0479a96afcb4 100644
--- a/README.md
+++ b/README.md
@@ -1,19 +1,24 @@
#
+openstack coe cluster create --cluster-template kubernetes-1.25.3-3 --keypair rocha-cern --node-count 3 --flavor m2.large --master-flavor m2.large --merge-labels webinar-central3
+kubect label node ..-0 role=ingress
+openstack server set --property landb-alias=webinar-central3-thanos-sidecar,webinar-central3-prometheus webinar-central3-jdztdvws2gf3-node-0
+
+
## Vault Install
### Deploy
```
-kubectl create namespace base
+kubectl create namespace vault
helm repo add hashicorp https://helm.releases.hashicorp.com
-helm -n base install base hashicorp/vault --values base/values.yaml
+helm -n vault install vault hashicorp/vault --values srv/vault/values.yaml
```
### Unseal
```bash
-kubectl -n base exec -it base-vault-0 -- vault operator init
+kubectl -n vault exec -it vault-0 -- vault operator init
Unseal Key 1: ZjDlOfzThT71UjrYA9ejErGLeonZdKk9vdkNv4fHjflw
Unseal Key 2: 8zobbnPtHO1bVnmJXR8zRG2KKligspAJ2K1xaCPgqu60
@@ -36,15 +41,15 @@ existing unseal keys shares. See "vault operator rekey" for more information.
```
```bash
-kubectl -n base exec -ti base-vault-0 -- vault operator unseal <key-1>
-kubectl -n base exec -ti base-vault-0 -- vault operator unseal <key-2>
-kubectl -n base exec -ti base-vault-0 -- vault operator unseal <key-3>
+kubectl -n vault exec -ti vault-0 -- vault operator unseal <key-1>
+kubectl -n vault exec -ti vault-0 -- vault operator unseal <key-2>
+kubectl -n vault exec -ti vault-0 -- vault operator unseal <key-3>
```
### Root Token
```bash
-kubectl -n base exec -it base-vault-0 -- sh
+kubectl -n vault exec -it vault-0 -- sh
/ $ vault login token=<initial root token>
/ $ vault token create
Key Value
@@ -67,6 +72,9 @@ token hvs.302Sazfzp1U8FGp93KKYdSsC
### Vault Credentials
```bash
+kubectl create namespace argocd
+```
+```
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
@@ -77,8 +85,8 @@ type: Opaque
stringData:
AVP_TYPE: vault
AVP_AUTH_TYPE: token
- VAULT_ADDR: "http://$(kubectl -n base get service -o jsonpath='{.items[?(@.metadata.name == "base-vault")].spec.clusterIP}'):8200"
- VAULT_TOKEN: "hvs.302Sazfzp1U8FGp93KKYdSsC"
+ VAULT_ADDR: "http://$(kubectl -n vault get service -o jsonpath='{.items[?(@.metadata.name == "vault")].spec.clusterIP}'):8200"
+ VAULT_TOKEN: "$(kubectl -n vault exec -it vault-0 -- vault token create -field=token)"
EOF
```
@@ -86,13 +94,27 @@ EOF
```bash
helm repo add argocd https://argoproj.github.io/argo-helm
-helm -n argocd install argocd argocd
+helm -n argocd install argocd srv/argocd
```
+### Login
+
+```
+kubectl -n argocd exec -it argocd-server-5745d56587-xfnll -- argocd admin initial-password
+QvkTZy4sERGTVwZz
+```
+```
+kubectl -n argocd port-forward svc/argocd-server 9999:443
+```
+
+http://localhost:9999
+
+### Rename in-cluster to cluster name
+
### Adding Secret
```bash
-kubectl -n base exec -ti base-vault-0 -- sh
+kubectl -n vault exec -it vault-0 -- sh
/ $ vault kv put kv/services/myservice/mysecret foo=bar
/ $ vault kv patch kv/services/myservice/mysecret foo2=bar2
/ $ vault kv get kv/services/myservice/mysecret
@@ -112,3 +134,29 @@ kubectl config set-context --current --namespace=argocd
```bash
argocd app create -f main.yaml
```
+
+or
+
+kubectl apply -f main.yaml
+
+## Workflows
+
+kubectl create sa workflows-webui
+kubectl create clusterrolebinding workflows-webui --clusterrole=cluster-admin --serviceaccount=default:workflows-webui
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: workflows-webui
+ annotations:
+ kubernetes.io/service-account.name: workflows-webui
+type: kubernetes.io/service-account-token
+EOF
+ARGO_TOKEN="Bearer $(kubectl get secret workflows-webui -o=jsonpath='{.data.token}' | base64 --decode)"
+echo $ARGO_TOKEN
+
+## Clusters
+
+```
+kubectl apply -f main.yaml
+```