From 4b45b05e8e4875d396b6ef70c0b770817a773b4a Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Mon, 23 Jun 2025 11:16:41 +0000
Subject: [PATCH] feat: move kubectl config setup to init-container

---
 Dockerfile                                            | 11 +++++------
 ...-cmp-server-wrapper.sh => create-kubectl-config.sh |  4 ++--
 2 files changed, 7 insertions(+), 8 deletions(-)
 rename argocd-cmp-server-wrapper.sh => create-kubectl-config.sh (82%)

diff --git a/Dockerfile b/Dockerfile
index 8dc6341..4889609 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/argoproj/argocd:v3.0.6
+FROM quay.io/argoproj/argocd:v3.0.9
 
 # renovate: datasource=github-releases depName=sops packageName=getsops/sops
 ARG SOPS_VERSION=v3.10.2
@@ -17,7 +17,7 @@ ENV HELM_SECRETS_BACKEND="vals" \
     HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH=true \
     HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL=false \
     HELM_SECRETS_WRAPPER_ENABLED=true \
-    KUBECONFIG=/tmp/kubectl.config
+    KUBECONFIG=/home/argocd/cmp-server/plugins/kubectl.config
 
 # Optionally, set default gpg key for sops files
 # ENV HELM_SECRETS_LOAD_GPG_KEYS=/path/to/gpg.key
@@ -44,11 +44,10 @@ RUN mkdir -p /home/argocd/.local/share/helm/plugins && \
     | tar -C /home/argocd/.local/share/helm/plugins -xzf- && \
     chown -R root: /home/argocd/.local/share/helm && \
     ln -sf /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh /usr/local/sbin/helm && \
-    sed -i -e 's/secrets/secrets --evaluate-templates/' /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh && \
-    rm -f /usr/local/bin/argocd-cmp-server
+    sed -i -e 's/secrets/secrets --evaluate-templates/' /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh
 
-# replace argocd-cmp-server with wrapper to install kubectl config
-ADD argocd-cmp-server-wrapper.sh /usr/local/bin/argocd-cmp-server
+# Add tools scripts for the init-container
+ADD create-kubectl-config.sh /usr/local/bin/create-kubectl-config.sh
 
 # register vals "cmp plugin"
 ADD plugin.yaml /home/argocd/cmp-server/config/plugin.yaml
diff --git a/argocd-cmp-server-wrapper.sh b/create-kubectl-config.sh
similarity index 82%
rename from argocd-cmp-server-wrapper.sh
rename to create-kubectl-config.sh
index 409ba7e..9dea5fb 100755
--- a/argocd-cmp-server-wrapper.sh
+++ b/create-kubectl-config.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-KUBECONFIG=/tmp/kubectl.config
+KUBECONFIG=/home/argocd/cmp-server/plugins/kubectl.config
 SA_NAME=argo-argocd-repo-server
 
 CA64=$(cat /run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 -w0)
@@ -28,4 +28,4 @@ EOF
 
 chmod 600 $KUBECONFIG
 
-ARGOCD_BINARY_NAME=argocd-cmp-server /usr/local/bin/argocd $@
+# ARGOCD_BINARY_NAME=argocd-cmp-server /usr/local/bin/argocd $@