chore(argocd): add ksops integration

2024-05-24 22:34:01 -04:00 · 2024-05-24 22:34:01 -04:00 · 39cb540328
commit 39cb540328
parent 0bf93c3227
3 changed files with 65 additions and 0 deletions
--- a/bootstrap/argo-cd/argocd-repo-server-ksops-patch.yaml
+++ b/bootstrap/argo-cd/argocd-repo-server-ksops-patch.yaml
@ -0,0 +1,59 @@
+# argo-cd-repo-server-ksops-patch.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-repo-server
+spec:
+  template:
+    spec:
+      # 1. Define an emptyDir volume which will hold the custom binaries
+      volumes:
+        - name: custom-tools
+          emptyDir: {}
+        - name: sops-age
+          secret:
+            secretName: sops-age
+      # 2. Use an init container to download/copy custom binaries into the emptyDir
+      # initContainers:
+      #   - name: install-ksops
+      #     image: viaductoss/ksops:v4.3.1
+      #     command: ["/bin/sh", "-c"]
+      #     args:
+      #       - echo "Installing KSOPS...";
+      #         mv ksops /custom-tools/;
+      #         mv kustomize /custom-tools/;
+      #         echo "Done.";
+      #     volumeMounts:
+      #       - mountPath: /custom-tools
+      #         name: custom-tools
+      # # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
+      # containers:
+      #   - name: argocd-repo-server
+      #     volumeMounts:
+      #       - mountPath: /usr/local/bin/kustomize
+      #         name: custom-tools
+      #         subPath: kustomize
+      #       - mountPath: /usr/local/bin/ksops
+      #         name: custom-tools
+      #         subPath: ksops
+      #       - name: sops-age
+      #         readOnly: true
+      #         mountPath: "/.config/sops/age"
+
+      env:
+        - name: XDG_CONFIG_HOME
+          value: /.config
+        - name: SOPS_AGE_KEY_FILE
+          value: /.config/sops/age/keys.txt
+          ## If you use AWS or GCP KMS, don't forget to include the necessary credentials to decrypt the secrets!
+          # env:
+          #  - name: AWS_ACCESS_KEY_ID
+          #    valueFrom:
+          #      secretKeyRef:
+          #        name: argocd-aws-credentials
+          #        key: accesskey
+          #  - name: AWS_SECRET_ACCESS_KEY
+          #    valueFrom:
+          #      secretKeyRef:
+          #        name: argocd-aws-credentials
+          #        key: secretkey
--- a/bootstrap/argo-cd/kustomization.yaml
+++ b/bootstrap/argo-cd/kustomization.yaml
@ -7,6 +7,7 @@ configMapGenerator:
    behavior: merge
    literals:
      - url=https://argocd.int.nc.landry.land
+      - kustomize.buildOptions="--enable-alpha-plugins --enable-exec"
      - |
        repository.credentials=- passwordSecret:
            key: git_token
@ -20,3 +21,6 @@ resources:
  - github.com/argoproj-labs/argocd-autopilot/manifests/base?ref=v0.4.17
  - ./argogrpc.service.yaml
  - ./ingress.yaml
+
+patches:
+  - path: argocd-repo-server-ksops-patch.yaml