Skip to content

A kustomize warpper that generate secrets from sources

License

Notifications You must be signed in to change notification settings

joelee2012/skustomize

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CI codecov

skustomize

About

skustomize is a kustomize wrapper and kubectl plugin that make secretGenerator generate secrets from encrypted resources on the fly.

Installation

Prerequisites

Install skustomize

  • Install as kubectl plugin, requires kubectl is installed
curl -sfLo /usr/local/bin/kubectl-skustomize https://raw.githubusercontent.com/joelee2012/skustomize/main/skustomize
chmod +x /usr/local/bin/kubectl-skustomize
kubectl skustomize -h
  • Install as executable, requires kustomize is installed
curl -sfLo /usr/local/bin/skustomize https://raw.githubusercontent.com/joelee2012/skustomize/main/skustomize
chmod +x /usr/local/bin/skustomize
# optional
echo 'alias kustomize=skustomize' >> ~/.bashrc
source ~/.bashrc

Usage

Check tests as example

  • Create kustomization.yaml

    apiVersion: kustomize.config.k8s.io/v1beta1
    kind: Kustomization
    secretGenerator:
    - name: test-secret
        files:
        - key=age/key.txt
        - privateKey=ref+sops://secrets.yaml#/privateKey
        literals:
        - publicKey=ref+sops://secrets.yaml#/publicKey
    configMapGenerator:
    - name: my-java-server-env-vars
        literals:
        - JAVA_HOME=/opt/java/jdk
        - JAVA_TOOL_OPTIONS=-agentlib:hprof
  • Create sops encrypted secrets.yaml files with content of ssh

  • Run skustomize build tests

    export SOPS_AGE_KEY_FILE=$PWD/tests/age/key.txt
    skustomize build tests

ArgoCD support

Custom Docker Image

ARG ARGOCD_VERSION="v2.8.0"
FROM quay.io/argoproj/argocd:$ARGOCD_VERSION
ARG SOPS_VERSION=3.7.3
ARG VALS_VERSION=0.25.0
ARG YQ_VERSION=4.34.2

ENV KUSTOMIZE_BIN=/usr/local/bin/kustomize

USER root

RUN apt-get update && apt-get install -y \
    curl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
    && curl -fsSL https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux \
    -o /usr/local/bin/sops && chmod +x /usr/local/bin/sops \
    && curl -fsSL https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz \
    | tar xzf - -C /usr/local/bin/ vals && chmod +x /usr/local/bin/vals \
    && curl -fsSLo /usr/local/sbin/kustomize https://raw.githubusercontent.com/joelee2012/skustomize/main/skustomize \
    && chmod +x /usr/local/sbin/kustomize \
    && curl -fsSL https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 -o /usr/local/bin/yq \
    && chmod +x /usr/local/bin/yq

USER $ARGOCD_USER_ID

Releases

No releases published

Packages

No packages published