# argo-cd-repo-server-ksops-patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: argocd-repo-server
spec:
  template:
    spec:
      # 1. Define an emptyDir volume which will hold the custom binaries
      volumes:
        - name: custom-tools
          emptyDir: {}
        - name: sops-age
          secret:
            secretName: sops-age
      # 2. Use an init container to download/copy custom binaries into the emptyDir
      # initContainers:
      #   - name: install-ksops
      #     image: viaductoss/ksops:v4.3.1
      #     command: ["/bin/sh", "-c"]
      #     args:
      #       - echo "Installing KSOPS...";
      #         mv ksops /custom-tools/;
      #         mv kustomize /custom-tools/;
      #         echo "Done.";
      #     volumeMounts:
      #       - mountPath: /custom-tools
      #         name: custom-tools
      # # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
      # containers:
      #   - name: argocd-repo-server
      #     volumeMounts:
      #       - mountPath: /usr/local/bin/kustomize
      #         name: custom-tools
      #         subPath: kustomize
      #       - mountPath: /usr/local/bin/ksops
      #         name: custom-tools
      #         subPath: ksops
      #       - name: sops-age
      #         readOnly: true
      #         mountPath: "/.config/sops/age"

      env:
        - name: XDG_CONFIG_HOME
          value: /.config
        - name: SOPS_AGE_KEY_FILE
          value: /.config/sops/age/keys.txt
          ## If you use AWS or GCP KMS, don't forget to include the necessary credentials to decrypt the secrets!
          # env:
          #  - name: AWS_ACCESS_KEY_ID
          #    valueFrom:
          #      secretKeyRef:
          #        name: argocd-aws-credentials
          #        key: accesskey
          #  - name: AWS_SECRET_ACCESS_KEY
          #    valueFrom:
          #      secretKeyRef:
          #        name: argocd-aws-credentials
          #        key: secretkey