Add decryption flags to create kustomization cmd

2026-02-06 19:05:55 +00:00 · 2020-09-06 13:56:56 +03:00
parent 36ba8f0fcb
commit 8b6995e9ec
3 changed files with 36 additions and 14 deletions
--- a/cmd/gotk/create_kustomization.go
+++ b/cmd/gotk/create_kustomization.go
@@ -73,15 +73,17 @@ var createKsCmd = &cobra.Command{
 }

 var (
-	ksSource        string
-	ksPath          string
-	ksPrune         bool
-	ksDependsOn     []string
-	ksValidation    string
-	ksHealthCheck   []string
-	ksHealthTimeout time.Duration
-	ksSAName        string
-	ksSANamespace   string
+	ksSource             string
+	ksPath               string
+	ksPrune              bool
+	ksDependsOn          []string
+	ksValidation         string
+	ksHealthCheck        []string
+	ksHealthTimeout      time.Duration
+	ksSAName             string
+	ksSANamespace        string
+	ksDecryptionProvider string
+	ksDecryptionSecret   string
 )

 func init() {
@@ -94,6 +96,8 @@ func init() {
 	createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied")
 	createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name")
 	createKsCmd.Flags().StringVar(&ksSANamespace, "sa-namespace", "", "service account namespace")
+	createKsCmd.Flags().StringVar(&ksDecryptionProvider, "decryption-provider", "", "enables secrets decryption, provider can be 'sops'")
+	createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
 	createCmd.AddCommand(createKsCmd)
 }

@@ -178,6 +182,21 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}

+	if ksDecryptionProvider != "" {
+		if !utils.containsItemString(supportedDecryptionProviders, ksDecryptionProvider) {
+			return fmt.Errorf("decryption provider %s is not supported, can be %v",
+				ksDecryptionProvider, supportedDecryptionProviders)
+		}
+
+		kustomization.Spec.Decryption = &kustomizev1.Decryption{
+			Provider: ksDecryptionProvider,
+		}
+
+		if ksDecryptionSecret != "" {
+			kustomization.Spec.Decryption.SecretRef = &corev1.LocalObjectReference{Name: ksDecryptionSecret}
+		}
+	}
+
 	if export {
 		return exportKs(kustomization)
 	}
--- a/cmd/gotk/main.go
+++ b/cmd/gotk/main.go
@@ -104,11 +104,12 @@ var (
 )

 var (
-	defaultComponents   = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
-	defaultVersion      = "latest"
-	defaultNamespace    = "gitops-system"
-	defaultNotification = "notification-controller"
-	supportedArch       = []string{"arm64", "amd64"}
+	defaultComponents            = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
+	defaultVersion               = "latest"
+	defaultNamespace             = "gitops-system"
+	defaultNotification          = "notification-controller"
+	supportedArch                = []string{"arm64", "amd64"}
+	supportedDecryptionProviders = []string{"sops"}
 )

 func init() {