Add decryption flags to create kustomization cmd

pull/209/head
stefanprodan 4 years ago
parent 36ba8f0fcb
commit 8b6995e9ec

@ -82,6 +82,8 @@ var (
ksHealthTimeout time.Duration ksHealthTimeout time.Duration
ksSAName string ksSAName string
ksSANamespace string ksSANamespace string
ksDecryptionProvider string
ksDecryptionSecret string
) )
func init() { func init() {
@ -94,6 +96,8 @@ func init() {
createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied") createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied")
createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name") createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name")
createKsCmd.Flags().StringVar(&ksSANamespace, "sa-namespace", "", "service account namespace") createKsCmd.Flags().StringVar(&ksSANamespace, "sa-namespace", "", "service account namespace")
createKsCmd.Flags().StringVar(&ksDecryptionProvider, "decryption-provider", "", "enables secrets decryption, provider can be 'sops'")
createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
createCmd.AddCommand(createKsCmd) createCmd.AddCommand(createKsCmd)
} }
@ -178,6 +182,21 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
} }
} }
if ksDecryptionProvider != "" {
if !utils.containsItemString(supportedDecryptionProviders, ksDecryptionProvider) {
return fmt.Errorf("decryption provider %s is not supported, can be %v",
ksDecryptionProvider, supportedDecryptionProviders)
}
kustomization.Spec.Decryption = &kustomizev1.Decryption{
Provider: ksDecryptionProvider,
}
if ksDecryptionSecret != "" {
kustomization.Spec.Decryption.SecretRef = &corev1.LocalObjectReference{Name: ksDecryptionSecret}
}
}
if export { if export {
return exportKs(kustomization) return exportKs(kustomization)
} }

@ -109,6 +109,7 @@ var (
defaultNamespace = "gitops-system" defaultNamespace = "gitops-system"
defaultNotification = "notification-controller" defaultNotification = "notification-controller"
supportedArch = []string{"arm64", "amd64"} supportedArch = []string{"arm64", "amd64"}
supportedDecryptionProviders = []string{"sops"}
) )
func init() { func init() {

@ -48,6 +48,8 @@ gotk create kustomization [name] [flags]
### Options ### Options
``` ```
--decryption-provider string enables secrets decryption, provider can be 'sops'
--decryption-secret string set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption
--depends-on stringArray Kustomization that must be ready before this Kustomization can be applied --depends-on stringArray Kustomization that must be ready before this Kustomization can be applied
--health-check stringArray workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>' --health-check stringArray workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'
--health-check-timeout duration timeout of health checking operations (default 2m0s) --health-check-timeout duration timeout of health checking operations (default 2m0s)

Loading…
Cancel
Save