From f9622a5b9ee704bb7a9b628913121ebc777808b2 Mon Sep 17 00:00:00 2001
From: leigh capili <leigh@null.net>
Date: Tue, 1 Jun 2021 10:17:05 -0600
Subject: [PATCH] Add /kbin/kubectl to _base integrations

Signed-off-by: leigh capili <leigh@null.net>
---
 .../_base/kubectl-patch.yaml                  | 32 +++++++++++++++++++
 .../_base/kustomization.yaml                  |  3 ++
 .../_cronjobs/_base/kubectl-patch.yaml        | 30 +++++++++++++++++
 .../_cronjobs/_base/kustomization.yaml        |  3 ++
 .../_base/kubectl-patch.yaml                  | 28 ++++++++++++++++
 .../_base/kustomization.yaml                  |  3 ++
 .../_cronjobs/_base/kubectl-patch.yaml        | 30 +++++++++++++++++
 .../_cronjobs/_base/kustomization.yaml        |  3 ++
 8 files changed, 132 insertions(+)
 create mode 100644 manifests/integrations/eventhub-credentials-sync/_base/kubectl-patch.yaml
 create mode 100644 manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kubectl-patch.yaml
 create mode 100644 manifests/integrations/registry-credentials-sync/_base/kubectl-patch.yaml
 create mode 100644 manifests/integrations/registry-credentials-sync/_cronjobs/_base/kubectl-patch.yaml

diff --git a/manifests/integrations/eventhub-credentials-sync/_base/kubectl-patch.yaml b/manifests/integrations/eventhub-credentials-sync/_base/kubectl-patch.yaml
new file mode 100644
index 00000000..65226a0f
--- /dev/null
+++ b/manifests/integrations/eventhub-credentials-sync/_base/kubectl-patch.yaml
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: credentials-sync-eventhub
+  namespace: flux-system
+spec:
+  template:
+    spec:
+      initContainers:
+        - image: bitnami/kubectl
+          securityContext:
+            privileged: false
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+          name: copy-kubectl
+          # it's okay to do this because kubectl is a statically linked binary
+          command:
+            - sh
+            - -ceu
+            - cp $(which kubectl) /kbin/
+          resources: {}
+          volumeMounts:
+            - name: kbin
+              mountPath: /kbin
+      containers:
+        - name: sync
+          volumeMounts:
+            - name: kbin
+              mountPath: /kbin
+      volumes:
+        - name: kbin
+          emptyDir: {}
diff --git a/manifests/integrations/eventhub-credentials-sync/_base/kustomization.yaml b/manifests/integrations/eventhub-credentials-sync/_base/kustomization.yaml
index dfd56766..72503148 100644
--- a/manifests/integrations/eventhub-credentials-sync/_base/kustomization.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/_base/kustomization.yaml
@@ -7,6 +7,9 @@ commonLabels:
 resources:
   - sync.yaml
 
+patchesStrategicMerge:
+  - kubectl-patch.yaml
+
 vars:
   - name: KUBE_SECRET
     objref:
diff --git a/manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kubectl-patch.yaml b/manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kubectl-patch.yaml
new file mode 100644
index 00000000..8d2164b1
--- /dev/null
+++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kubectl-patch.yaml
@@ -0,0 +1,30 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: credentials-sync-eventhub
+  namespace: flux-system
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          initContainers:
+          - image: bitnami/kubectl
+            name: copy-kubectl
+            # it's okay to do this because kubectl is a statically linked binary
+            command:
+            - sh
+            - -ceu
+            - cp $(which kubectl) /kbin/
+            resources: {}
+            volumeMounts:
+            - name: kbin
+              mountPath: /kbin
+          containers:
+          - name: sync
+            volumeMounts:
+            - name: kbin
+              mountPath: /kbin
+          volumes:
+          - name: kbin
+            emptyDir: {}
diff --git a/manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kustomization.yaml b/manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kustomization.yaml
index dfd56766..72503148 100644
--- a/manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kustomization.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/_base/kustomization.yaml
@@ -7,6 +7,9 @@ commonLabels:
 resources:
   - sync.yaml
 
+patchesStrategicMerge:
+  - kubectl-patch.yaml
+
 vars:
   - name: KUBE_SECRET
     objref:
diff --git a/manifests/integrations/registry-credentials-sync/_base/kubectl-patch.yaml b/manifests/integrations/registry-credentials-sync/_base/kubectl-patch.yaml
new file mode 100644
index 00000000..b054d7ce
--- /dev/null
+++ b/manifests/integrations/registry-credentials-sync/_base/kubectl-patch.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: credentials-sync
+  namespace: flux-system
+spec:
+  template:
+    spec:
+      initContainers:
+      - image: bitnami/kubectl
+        name: copy-kubectl
+        # it's okay to do this because kubectl is a statically linked binary
+        command:
+        - sh
+        - -ceu
+        - cp $(which kubectl) /kbin/
+        resources: {}
+        volumeMounts:
+        - name: kbin
+          mountPath: /kbin
+      containers:
+      - name: sync
+        volumeMounts:
+        - name: kbin
+          mountPath: /kbin
+      volumes:
+      - name: kbin
+        emptyDir: {}
diff --git a/manifests/integrations/registry-credentials-sync/_base/kustomization.yaml b/manifests/integrations/registry-credentials-sync/_base/kustomization.yaml
index c26a2c0a..2218f2b8 100644
--- a/manifests/integrations/registry-credentials-sync/_base/kustomization.yaml
+++ b/manifests/integrations/registry-credentials-sync/_base/kustomization.yaml
@@ -7,6 +7,9 @@ commonLabels:
 resources:
 - sync.yaml
 
+patchesStrategicMerge:
+  - kubectl-patch.yaml
+
 vars:
 - name: KUBE_SECRET
   objref:
diff --git a/manifests/integrations/registry-credentials-sync/_cronjobs/_base/kubectl-patch.yaml b/manifests/integrations/registry-credentials-sync/_cronjobs/_base/kubectl-patch.yaml
new file mode 100644
index 00000000..b4d83e22
--- /dev/null
+++ b/manifests/integrations/registry-credentials-sync/_cronjobs/_base/kubectl-patch.yaml
@@ -0,0 +1,30 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: credentials-sync
+  namespace: flux-system
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          initContainers:
+          - image: bitnami/kubectl
+            name: copy-kubectl
+            # it's okay to do this because kubectl is a statically linked binary
+            command:
+            - sh
+            - -ceu
+            - cp $(which kubectl) /kbin/
+            resources: {}
+            volumeMounts:
+            - name: kbin
+              mountPath: /kbin
+          containers:
+          - name: sync
+            volumeMounts:
+            - name: kbin
+              mountPath: /kbin
+          volumes:
+          - name: kbin
+            emptyDir: {}
diff --git a/manifests/integrations/registry-credentials-sync/_cronjobs/_base/kustomization.yaml b/manifests/integrations/registry-credentials-sync/_cronjobs/_base/kustomization.yaml
index c26a2c0a..2218f2b8 100644
--- a/manifests/integrations/registry-credentials-sync/_cronjobs/_base/kustomization.yaml
+++ b/manifests/integrations/registry-credentials-sync/_cronjobs/_base/kustomization.yaml
@@ -7,6 +7,9 @@ commonLabels:
 resources:
 - sync.yaml
 
+patchesStrategicMerge:
+  - kubectl-patch.yaml
+
 vars:
 - name: KUBE_SECRET
   objref: