skustomize is a kustomize wrapper and kubectl plugin that make secretGenerator generate secrets from encrypted resources on the fly.
-
kustomize is a tool to customize Kubernetes objects if install as wrapper of
kustomize
-
kubectl is the Kubernetes command-line tool if install as
kubectl
plugin -
yq is a lightweight and portable command-line YAML processor.
-
vals is a tool for managing configuration values and secrets form various sources.
It supports various backends:
- Install as
kubectl
plugin, requireskubectl
is installed
curl -sfLo /usr/local/bin/kubectl-skustomize https://raw.githubusercontent.com/joelee2012/skustomize/main/skustomize
chmod +x /usr/local/bin/kubectl-skustomize
kubectl skustomize -h
- Install as executable, requires
kustomize
is installed
curl -sfLo /usr/local/bin/skustomize https://raw.githubusercontent.com/joelee2012/skustomize/main/skustomize
chmod +x /usr/local/bin/skustomize
# optional
echo 'alias kustomize=skustomize' >> ~/.bashrc
source ~/.bashrc
Check tests as example
-
Create kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization secretGenerator: - name: test-secret files: - key=age/key.txt - privateKey=ref+sops://secrets.yaml#/privateKey literals: - publicKey=ref+sops://secrets.yaml#/publicKey configMapGenerator: - name: my-java-server-env-vars literals: - JAVA_HOME=/opt/java/jdk - JAVA_TOOL_OPTIONS=-agentlib:hprof
-
Create sops encrypted secrets.yaml files with content of ssh
-
Run
skustomize build tests
export SOPS_AGE_KEY_FILE=$PWD/tests/age/key.txt skustomize build tests
ARG ARGOCD_VERSION="v2.8.0"
FROM quay.io/argoproj/argocd:$ARGOCD_VERSION
ARG SOPS_VERSION=3.7.3
ARG VALS_VERSION=0.25.0
ARG YQ_VERSION=4.34.2
ENV KUSTOMIZE_BIN=/usr/local/bin/kustomize
USER root
RUN apt-get update && apt-get install -y \
curl \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& curl -fsSL https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux \
-o /usr/local/bin/sops && chmod +x /usr/local/bin/sops \
&& curl -fsSL https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz \
| tar xzf - -C /usr/local/bin/ vals && chmod +x /usr/local/bin/vals \
&& curl -fsSLo /usr/local/sbin/kustomize https://raw.githubusercontent.com/joelee2012/skustomize/main/skustomize \
&& chmod +x /usr/local/sbin/kustomize \
&& curl -fsSL https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 -o /usr/local/bin/yq \
&& chmod +x /usr/local/bin/yq
USER $ARGOCD_USER_ID