|
|
|
@ -37,6 +37,25 @@ k8s_argocd_helm__release_values:
|
|
|
|
value: /.config
|
|
|
|
value: /.config
|
|
|
|
- name: GNUPGHOME
|
|
|
|
- name: GNUPGHOME
|
|
|
|
value: /home/argocd/.gnupg
|
|
|
|
value: /home/argocd/.gnupg
|
|
|
|
|
|
|
|
- name: HELM_PLUGINS
|
|
|
|
|
|
|
|
value: /custom-tools/helm-plugins/
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_HELM_PATH
|
|
|
|
|
|
|
|
value: /usr/local/bin/helm
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_SOPS_PATH
|
|
|
|
|
|
|
|
value: /custom-tools/sops
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_KUBECTL_PATH
|
|
|
|
|
|
|
|
value: /custom-tools/kubectl
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_CURL_PATH
|
|
|
|
|
|
|
|
value: /custom-tools/curl
|
|
|
|
|
|
|
|
# https://github.com/jkroepke/helm-secrets/wiki/Security-in-shared-environments
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
|
|
|
|
|
|
|
|
value: "false"
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
|
|
|
|
|
|
|
|
value: "false"
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
|
|
|
|
|
|
|
|
value: "false"
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_KEY_LOCATION_PREFIX
|
|
|
|
|
|
|
|
value: "/sops-gpg/"
|
|
|
|
volumes:
|
|
|
|
volumes:
|
|
|
|
- name: custom-tools
|
|
|
|
- name: custom-tools
|
|
|
|
emptyDir: {}
|
|
|
|
emptyDir: {}
|
|
|
|
@ -68,7 +87,30 @@ k8s_argocd_helm__release_values:
|
|
|
|
volumeMounts:
|
|
|
|
volumeMounts:
|
|
|
|
- mountPath: /custom-tools
|
|
|
|
- mountPath: /custom-tools
|
|
|
|
name: custom-tools
|
|
|
|
name: custom-tools
|
|
|
|
- name: 2-import-gpg-key
|
|
|
|
- name: 2-download-tools
|
|
|
|
|
|
|
|
image: alpine:latest
|
|
|
|
|
|
|
|
command: ["/bin/sh", "-ec"]
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
|
|
|
- name: HELM_SECRETS_VERSION
|
|
|
|
|
|
|
|
value: "3.12.0"
|
|
|
|
|
|
|
|
- name: SOPS_VERSION
|
|
|
|
|
|
|
|
value: "3.7.1"
|
|
|
|
|
|
|
|
- name: KUBECTL_VERSION
|
|
|
|
|
|
|
|
value: "1.22.0"
|
|
|
|
|
|
|
|
args:
|
|
|
|
|
|
|
|
- |
|
|
|
|
|
|
|
|
mkdir -p /custom-tools/helm-plugins
|
|
|
|
|
|
|
|
wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
wget -qO /custom-tools/sops https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux
|
|
|
|
|
|
|
|
wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
|
|
|
|
|
|
|
|
wget -qO /custom-tools/curl https://github.com/moparisthebest/static-curl/releases/latest/download/curl-amd64 \
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
chmod +x /custom-tools/*
|
|
|
|
|
|
|
|
volumeMounts:
|
|
|
|
|
|
|
|
- mountPath: /custom-tools
|
|
|
|
|
|
|
|
name: custom-tools
|
|
|
|
|
|
|
|
- name: 3-import-gpg-key
|
|
|
|
image: argoproj/argocd:v2.2.5
|
|
|
|
image: argoproj/argocd:v2.2.5
|
|
|
|
command: ["gpg", "--import","/sops-gpg/gpg_key_smardigo_automation__private"]
|
|
|
|
command: ["gpg", "--import","/sops-gpg/gpg_key_smardigo_automation__private"]
|
|
|
|
env:
|
|
|
|
env:
|
|
|
|
@ -84,6 +126,11 @@ k8s_argocd_helm__release_values:
|
|
|
|
logFormat: json
|
|
|
|
logFormat: json
|
|
|
|
config:
|
|
|
|
config:
|
|
|
|
url: 'https://{{ k8s_argocd_helm__domain }}'
|
|
|
|
url: 'https://{{ k8s_argocd_helm__domain }}'
|
|
|
|
|
|
|
|
helm.valuesFileSchemes: >-
|
|
|
|
|
|
|
|
secrets+gpg-import, secrets+gpg-import-kubernetes,
|
|
|
|
|
|
|
|
secrets+age-import, secrets+age-import-kubernetes,
|
|
|
|
|
|
|
|
secrets,
|
|
|
|
|
|
|
|
https
|
|
|
|
kustomize.buildOptions: "--enable-alpha-plugins"
|
|
|
|
kustomize.buildOptions: "--enable-alpha-plugins"
|
|
|
|
rbacConfig:
|
|
|
|
rbacConfig:
|
|
|
|
policy.default: role:readonly
|
|
|
|
policy.default: role:readonly
|
|
|
|
|
friedrich goerz
4 years ago
committed by
Görz, Friedrich