59 lines
2 KiB
YAML
59 lines
2 KiB
YAML
# argo-cd-repo-server-ksops-patch.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: argocd-repo-server
|
|
spec:
|
|
template:
|
|
spec:
|
|
# 1. Define an emptyDir volume which will hold the custom binaries
|
|
volumes:
|
|
- name: custom-tools
|
|
emptyDir: {}
|
|
- name: sops-age
|
|
secret:
|
|
secretName: sops-age
|
|
# 2. Use an init container to download/copy custom binaries into the emptyDir
|
|
# initContainers:
|
|
# - name: install-ksops
|
|
# image: viaductoss/ksops:v4.3.1
|
|
# command: ["/bin/sh", "-c"]
|
|
# args:
|
|
# - echo "Installing KSOPS...";
|
|
# mv ksops /custom-tools/;
|
|
# mv kustomize /custom-tools/;
|
|
# echo "Done.";
|
|
# volumeMounts:
|
|
# - mountPath: /custom-tools
|
|
# name: custom-tools
|
|
# # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
|
|
# containers:
|
|
# - name: argocd-repo-server
|
|
# volumeMounts:
|
|
# - mountPath: /usr/local/bin/kustomize
|
|
# name: custom-tools
|
|
# subPath: kustomize
|
|
# - mountPath: /usr/local/bin/ksops
|
|
# name: custom-tools
|
|
# subPath: ksops
|
|
# - name: sops-age
|
|
# readOnly: true
|
|
# mountPath: "/.config/sops/age"
|
|
|
|
env:
|
|
- name: XDG_CONFIG_HOME
|
|
value: /.config
|
|
- name: SOPS_AGE_KEY_FILE
|
|
value: /.config/sops/age/keys.txt
|
|
## If you use AWS or GCP KMS, don't forget to include the necessary credentials to decrypt the secrets!
|
|
# env:
|
|
# - name: AWS_ACCESS_KEY_ID
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: argocd-aws-credentials
|
|
# key: accesskey
|
|
# - name: AWS_SECRET_ACCESS_KEY
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: argocd-aws-credentials
|
|
# key: secretkey
|