diff --git a/cmd/gotk/create_kustomization.go b/cmd/gotk/create_kustomization.go index 4c6d3d12..d2eb02cb 100644 --- a/cmd/gotk/create_kustomization.go +++ b/cmd/gotk/create_kustomization.go @@ -73,15 +73,17 @@ var createKsCmd = &cobra.Command{ } var ( - ksSource string - ksPath string - ksPrune bool - ksDependsOn []string - ksValidation string - ksHealthCheck []string - ksHealthTimeout time.Duration - ksSAName string - ksSANamespace string + ksSource string + ksPath string + ksPrune bool + ksDependsOn []string + ksValidation string + ksHealthCheck []string + ksHealthTimeout time.Duration + ksSAName string + ksSANamespace string + ksDecryptionProvider string + ksDecryptionSecret string ) func init() { @@ -94,6 +96,8 @@ func init() { createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied") createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name") createKsCmd.Flags().StringVar(&ksSANamespace, "sa-namespace", "", "service account namespace") + createKsCmd.Flags().StringVar(&ksDecryptionProvider, "decryption-provider", "", "enables secrets decryption, provider can be 'sops'") + createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption") createCmd.AddCommand(createKsCmd) } @@ -178,6 +182,21 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error { } } + if ksDecryptionProvider != "" { + if !utils.containsItemString(supportedDecryptionProviders, ksDecryptionProvider) { + return fmt.Errorf("decryption provider %s is not supported, can be %v", + ksDecryptionProvider, supportedDecryptionProviders) + } + + kustomization.Spec.Decryption = &kustomizev1.Decryption{ + Provider: ksDecryptionProvider, + } + + if ksDecryptionSecret != "" { + kustomization.Spec.Decryption.SecretRef = &corev1.LocalObjectReference{Name: ksDecryptionSecret} + } + } + if export { return exportKs(kustomization) } diff --git a/cmd/gotk/main.go b/cmd/gotk/main.go index cad7015b..03e1afbc 100644 --- a/cmd/gotk/main.go +++ b/cmd/gotk/main.go @@ -104,11 +104,12 @@ var ( ) var ( - defaultComponents = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"} - defaultVersion = "latest" - defaultNamespace = "gitops-system" - defaultNotification = "notification-controller" - supportedArch = []string{"arm64", "amd64"} + defaultComponents = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"} + defaultVersion = "latest" + defaultNamespace = "gitops-system" + defaultNotification = "notification-controller" + supportedArch = []string{"arm64", "amd64"} + supportedDecryptionProviders = []string{"sops"} ) func init() { diff --git a/docs/cmd/gotk_create_kustomization.md b/docs/cmd/gotk_create_kustomization.md index 171f6c0f..78893d71 100644 --- a/docs/cmd/gotk_create_kustomization.md +++ b/docs/cmd/gotk_create_kustomization.md @@ -48,6 +48,8 @@ gotk create kustomization [name] [flags] ### Options ``` + --decryption-provider string enables secrets decryption, provider can be 'sops' + --decryption-secret string set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption --depends-on stringArray Kustomization that must be ready before this Kustomization can be applied --health-check stringArray workload to be included in the health assessment, in the format '/.' --health-check-timeout duration timeout of health checking operations (default 2m0s)