argocd: integration with sops

Signed-off-by: Login Victor <batazor@evrone.com>

ops/Helm/addons/argocd/values.yaml

@@ -163,10 +163,15 @@ argo-cd:
     volumes:
       - name: custom-tools
         emptyDir: {}
+      - name: sops-gpg
+        secret:
+          secretName: sops-gpg
 
     volumeMounts:
       - mountPath: /custom-tools
         name: custom-tools
+      - mountPath: /sops-gpg/
+        name: sops-gpg
     # helm secrets wrapper mode installation (optional)
     #  - mountPath: /usr/local/sbin/helm
     #    subPath: helm

ops/argocd/shortlink/api/application.yaml

@@ -17,6 +17,12 @@ spec:
     repoURL: 'https://github.com/batazor/shortlink'
     targetRevision: HEAD
     helm:
+      valueFiles:
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?secrets.yaml
       parameters:
         - name: serviceAccount.create
           value: 'true'

ops/argocd/shortlink/link/application.yaml

@@ -17,6 +17,12 @@ spec:
     repoURL: 'https://github.com/batazor/shortlink'
     targetRevision: HEAD
     helm:
+      valueFiles:
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?secrets.yaml
       parameters:
         - name: serviceAccount.create
           value: 'false'

ops/argocd/shortlink/logger/application.yaml

@@ -17,6 +17,12 @@ spec:
     repoURL: 'https://github.com/batazor/shortlink'
     targetRevision: HEAD
     helm:
+      valueFiles:
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?secrets.yaml
       parameters:
         - name: serviceAccount.create
           value: 'false'

ops/argocd/shortlink/metadata/application.yaml

@@ -17,6 +17,12 @@ spec:
     repoURL: 'https://github.com/batazor/shortlink'
     targetRevision: HEAD
     helm:
+      valueFiles:
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?secrets.yaml
       parameters:
         - name: serviceAccount.create
           value: 'false'

ops/argocd/shortlink/next/application.yaml

@@ -17,6 +17,12 @@ spec:
     repoURL: 'https://github.com/batazor/shortlink'
     targetRevision: HEAD
     helm:
+      valueFiles:
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?secrets.yaml
       parameters:
         - name: serviceAccount.create
           value: 'false'

ops/argocd/shortlink/notify/application.yaml

@@ -17,6 +17,12 @@ spec:
     repoURL: 'https://github.com/batazor/shortlink'
     targetRevision: HEAD
     helm:
+      valueFiles:
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?secrets.yaml
       parameters:
         - name: serviceAccount.create
           value: 'false'

ops/argocd/shortlink/proxy/application.yaml

@@ -17,6 +17,12 @@ spec:
     repoURL: 'https://github.com/batazor/shortlink'
     targetRevision: HEAD
     helm:
+      valueFiles:
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?secrets.yaml
       parameters:
         - name: serviceAccount.create
           value: 'false'