39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
apiVersion: airshipit.org/v1alpha1
|
|
kind: Templater
|
|
metadata:
|
|
name: secret-template
|
|
annotations:
|
|
config.kubernetes.io/function: |
|
|
container:
|
|
image: localhost/templater
|
|
envs:
|
|
- TOLERATE_DECRYPTION_FAILURES
|
|
- DEBUG_SOPS_GPG
|
|
template: |
|
|
{{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }}
|
|
{{- $debug := env "DEBUG_SOPS_GPG" }}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: my-config2
|
|
annotations:
|
|
config.k8s.io/function: |
|
|
container:
|
|
image: gcr.io/kpt-fn-contrib/sops:v0.3.0
|
|
envs:
|
|
- SOPS_IMPORT_PGP
|
|
- SOPS_IMPORT_AGE
|
|
- VAULT_ADDR
|
|
- VAULT_TOKEN
|
|
network: true
|
|
data:
|
|
ignore-mac: true
|
|
cmd: decrypt
|
|
{{- if eq $tolerate "true" }}
|
|
cmd-tolerate-failures: true
|
|
{{- end }}
|
|
{{- if eq $debug "true" }}
|
|
override-preexec-cmd: '[ "$SOPS_IMPORT_PGP" == "" ] || (echo "$SOPS_IMPORT_PGP" | gpg --import >&2); [ "$SOPS_IMPORT_AGE" == "" ] || (echo "$SOPS_IMPORT_AGE" >> $XDG_CONFIG_HOME/sops/age/keys.txt);'
|
|
{{- end }}
|
|
cmd-extra-params-json-path-filter: '$[?(@.metadata.name=="decryption-key")]'
|