davad/argo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore(argocd): add ksops integration

Browse source
This commit is contained in:
David Landry 2024-05-24 22:34:01 -04:00
parent 0bf93c3227
commit 39cb540328
3 changed files with 65 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

59
bootstrap/argo-cd/argocd-repo-server-ksops-patch.yaml Normal file
View file

@ -0,0 +1,59 @@
# argo-cd-repo-server-ksops-patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-repo-server
spec:
template:
spec:
# 1. Define an emptyDir volume which will hold the custom binaries
volumes:
- name: custom-tools
emptyDir: {}
- name: sops-age
secret:
secretName: sops-age
# 2. Use an init container to download/copy custom binaries into the emptyDir
# initContainers:
# - name: install-ksops
# image: viaductoss/ksops:v4.3.1
# command: ["/bin/sh", "-c"]
# args:
# - echo "Installing KSOPS...";
# mv ksops /custom-tools/;
# mv kustomize /custom-tools/;
# echo "Done.";
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
# containers:
# - name: argocd-repo-server
# volumeMounts:
# - mountPath: /usr/local/bin/kustomize
# name: custom-tools
# subPath: kustomize
# - mountPath: /usr/local/bin/ksops
# name: custom-tools
# subPath: ksops
# - name: sops-age
# readOnly: true
# mountPath: "/.config/sops/age"
env:
- name: XDG_CONFIG_HOME
value: /.config
- name: SOPS_AGE_KEY_FILE
value: /.config/sops/age/keys.txt
## If you use AWS or GCP KMS, don't forget to include the necessary credentials to decrypt the secrets!
# env:
# - name: AWS_ACCESS_KEY_ID
# valueFrom:
# secretKeyRef:
# name: argocd-aws-credentials
# key: accesskey
# - name: AWS_SECRET_ACCESS_KEY
# valueFrom:
# secretKeyRef:
# name: argocd-aws-credentials
# key: secretkey