chore(argocd): add ksops integration
This commit is contained in:
David Landry
parent
0bf93c3227
commit
39cb540328
3 changed files with 65 additions and 0 deletions
2
.sops.yaml
Normal file
2
.sops.yaml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
creation_rules:
|
||||||
|
- age: "age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9"
|
||||||
59
bootstrap/argo-cd/argocd-repo-server-ksops-patch.yaml
Normal file
59
bootstrap/argo-cd/argocd-repo-server-ksops-patch.yaml
Normal file
|
|
@ -0,0 +1,59 @@
|
||||||
|
# argo-cd-repo-server-ksops-patch.yaml
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: argocd-repo-server
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
# 1. Define an emptyDir volume which will hold the custom binaries
|
||||||
|
volumes:
|
||||||
|
- name: custom-tools
|
||||||
|
emptyDir: {}
|
||||||
|
- name: sops-age
|
||||||
|
secret:
|
||||||
|
secretName: sops-age
|
||||||
|
# 2. Use an init container to download/copy custom binaries into the emptyDir
|
||||||
|
# initContainers:
|
||||||
|
# - name: install-ksops
|
||||||
|
# image: viaductoss/ksops:v4.3.1
|
||||||
|
# command: ["/bin/sh", "-c"]
|
||||||
|
# args:
|
||||||
|
# - echo "Installing KSOPS...";
|
||||||
|
# mv ksops /custom-tools/;
|
||||||
|
# mv kustomize /custom-tools/;
|
||||||
|
# echo "Done.";
|
||||||
|
# volumeMounts:
|
||||||
|
# - mountPath: /custom-tools
|
||||||
|
# name: custom-tools
|
||||||
|
# # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
|
||||||
|
# containers:
|
||||||
|
# - name: argocd-repo-server
|
||||||
|
# volumeMounts:
|
||||||
|
# - mountPath: /usr/local/bin/kustomize
|
||||||
|
# name: custom-tools
|
||||||
|
# subPath: kustomize
|
||||||
|
# - mountPath: /usr/local/bin/ksops
|
||||||
|
# name: custom-tools
|
||||||
|
# subPath: ksops
|
||||||
|
# - name: sops-age
|
||||||
|
# readOnly: true
|
||||||
|
# mountPath: "/.config/sops/age"
|
||||||
|
|
||||||
|
env:
|
||||||
|
- name: XDG_CONFIG_HOME
|
||||||
|
value: /.config
|
||||||
|
- name: SOPS_AGE_KEY_FILE
|
||||||
|
value: /.config/sops/age/keys.txt
|
||||||
|
## If you use AWS or GCP KMS, don't forget to include the necessary credentials to decrypt the secrets!
|
||||||
|
# env:
|
||||||
|
# - name: AWS_ACCESS_KEY_ID
|
||||||
|
# valueFrom:
|
||||||
|
# secretKeyRef:
|
||||||
|
# name: argocd-aws-credentials
|
||||||
|
# key: accesskey
|
||||||
|
# - name: AWS_SECRET_ACCESS_KEY
|
||||||
|
# valueFrom:
|
||||||
|
# secretKeyRef:
|
||||||
|
# name: argocd-aws-credentials
|
||||||
|
# key: secretkey
|
||||||
|
|
@ -7,6 +7,7 @@ configMapGenerator:
|
||||||
behavior: merge
|
behavior: merge
|
||||||
literals:
|
literals:
|
||||||
- url=https://argocd.int.nc.landry.land
|
- url=https://argocd.int.nc.landry.land
|
||||||
|
- kustomize.buildOptions="--enable-alpha-plugins --enable-exec"
|
||||||
- |
|
- |
|
||||||
repository.credentials=- passwordSecret:
|
repository.credentials=- passwordSecret:
|
||||||
key: git_token
|
key: git_token
|
||||||
|
|
@ -20,3 +21,6 @@ resources:
|
||||||
- github.com/argoproj-labs/argocd-autopilot/manifests/base?ref=v0.4.17
|
- github.com/argoproj-labs/argocd-autopilot/manifests/base?ref=v0.4.17
|
||||||
- ./argogrpc.service.yaml
|
- ./argogrpc.service.yaml
|
||||||
- ./ingress.yaml
|
- ./ingress.yaml
|
||||||
|
|
||||||
|
patches:
|
||||||
|
- path: argocd-repo-server-ksops-patch.yaml
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue