60 lines
1.9 KiB
YAML
60 lines
1.9 KiB
YAML
# argo-cd-repo-server-ksops-patch.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: argocd-repo-server
|
|
spec:
|
|
template:
|
|
spec:
|
|
# 1. Define an emptyDir volume which will hold the custom binaries
|
|
volumes:
|
|
- name: custom-tools
|
|
emptyDir: {}
|
|
- name: sops-age
|
|
secret:
|
|
secretName: sops-age
|
|
# 2. Use an init container to download/copy custom binaries into the emptyDir
|
|
initContainers:
|
|
- name: install-ksops
|
|
image: viaductoss/ksops:v4.3.3
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- echo "Installing KSOPS...";
|
|
mv ksops /custom-tools/;
|
|
mv kustomize /custom-tools/;
|
|
echo "Done.";
|
|
volumeMounts:
|
|
- mountPath: /custom-tools
|
|
name: custom-tools
|
|
# 3. Volume mount the custom binary to the bin directory (overriding the existing version)
|
|
containers:
|
|
- name: argocd-repo-server
|
|
volumeMounts:
|
|
- mountPath: /usr/local/bin/kustomize
|
|
name: custom-tools
|
|
subPath: kustomize
|
|
- mountPath: /usr/local/bin/ksops
|
|
name: custom-tools
|
|
subPath: ksops
|
|
- name: sops-age
|
|
readOnly: true
|
|
mountPath: "/.config/sops/age"
|
|
|
|
env:
|
|
- name: XDG_CONFIG_HOME
|
|
value: /.config
|
|
- name: SOPS_AGE_KEY_FILE
|
|
value: /.config/sops/age/keys.txt
|
|
|
|
## If you use AWS or GCP KMS, don't forget to include the necessary credentials to decrypt the secrets!
|
|
# env:
|
|
# - name: AWS_ACCESS_KEY_ID
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: argocd-aws-credentials
|
|
# key: accesskey
|
|
# - name: AWS_SECRET_ACCESS_KEY
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: argocd-aws-credentials
|
|
# key: secretkey
|