kustomize argocd with ksops and age

2022-10-05 20:23:06 +02:00 · 2022-10-05 20:23:06 +02:00 · beb2d9b81e
parent 01c90e2007
commit beb2d9b81e
4 changed files with 68 additions and 6 deletions
--- a/_apps/argocd.yaml
+++ b/_apps/argocd.yaml
@ -4,7 +4,7 @@ metadata:
  name: argocd
  namespace: argocd
  finalizers:
-  - resources-finalizer.argocd.argoproj.io
+    - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: argocd
@ -14,8 +14,8 @@ spec:
    path: argocd
    repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
    targetRevision: HEAD
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: argocd
+  syncPolicy:
+    automated:
+      selfHeal: false
+    syncOptions:
+      - CreateNamespace=true
--- a/argocd/argocd-cm.yaml
+++ b/argocd/argocd-cm.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+data:
+  # For KSOPs versions < v2.5.0, use the old kustomize flag style
+  # kustomize.buildOptions: "--enable_alpha_plugins"
+  kustomize.buildOptions: "--enable-alpha-plugins"
--- a/argocd/ksops-install.yaml
+++ b/argocd/ksops-install.yaml
@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-repo-server
+spec:
+  template:
+    spec:
+      # 1. Define an emptyDir volume which will hold the custom binaries
+      volumes:
+        - name: custom-tools
+          emptyDir: {}
+        - name: sops-age
+          secret:
+            secretName: sops-age
+      # 2. Use an init container to download/copy custom binaries into the emptyDir
+      initContainers:
+        - name: install-ksops
+          image: viaductoss/ksops:v3.0.2
+          command: ["/bin/sh", "-c"]
+          args:
+            - echo "Installing KSOPS...";
+              mv ksops /custom-tools/;
+              mv $GOPATH/bin/kustomize /custom-tools/;
+              echo "Done.";
+          volumeMounts:
+            - mountPath: /custom-tools
+              name: custom-tools
+      # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
+      containers:
+        - name: argocd-repo-server
+          volumeMounts:
+            - mountPath: /usr/local/bin/kustomize
+              name: custom-tools
+              subPath: kustomize
+              # Verify this matches a XDG_CONFIG_HOME=/.config env variable
+            - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops
+              name: custom-tools
+              subPath: ksops
+            - mountPath: /.config/sops/age/keys.txt
+              name: sops-age
+              subPath: keys.txt
+          # 4. Set the XDG_CONFIG_HOME env variable to allow kustomize to detect the plugin
+          env:
+            - name: XDG_CONFIG_HOME
+              value: /.config
+            - name: SOPS_AGE_KEY_FILE
+              value: /.config/sops/age/keys.txt
--- a/argocd/kustomization.yaml
+++ b/argocd/kustomization.yaml
@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - argocd.yaml
+patchesStrategicMerge:
+  - ksops-install.yaml
+  - argocd-cm.yaml