From e2b67b72a5d14d199810ebd24313772e50b3da8e Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Thu, 20 Mar 2025 19:43:23 +0000
Subject: [PATCH] Revert "feat: remove sa2kubeconfig.sh aas vals support
 inCluster now"

This reverts commit 1a7f4722dfa91f496c5c43d3385e4283c7c917c5.
---
 Dockerfile       |  3 +++
 sa2kubeconfig.sh | 29 +++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100755 sa2kubeconfig.sh

diff --git a/Dockerfile b/Dockerfile
index 4d0955a..9e7f3cb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,6 +39,9 @@ RUN curl -fsSL https://github.com/helmfile/vals/releases/download/${VALS_VERSION
 
 RUN ln -sf "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh" /usr/local/sbin/helm
 
+# Add init script to convert SA token into kubeconfig for vals
+ADD sa2kubeconfig.sh /usr/local/bin/sa2kubeconfig.sh
+
 USER ${ARGOCD_USER_ID}
 
 RUN helm plugin install --version ${HELM_SECRETS_VERSION#v} https://github.com/jkroepke/helm-secrets
diff --git a/sa2kubeconfig.sh b/sa2kubeconfig.sh
new file mode 100755
index 0000000..bde4194
--- /dev/null
+++ b/sa2kubeconfig.sh
@@ -0,0 +1,29 @@
+#!/bin/sh -e
+
+KUBECONFIG=$1
+SA_NAME=argo-argocd-repo-server
+
+CA64=$(cat /run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 -w0)
+TOKEN=$(cat /run/secrets/kubernetes.io/serviceaccount/token)
+
+cat > $KUBECONFIG << EOF
+apiVersion: v1
+kind: Config
+clusters:
+- name: local
+  cluster:
+    server: https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT_HTTPS
+    certificate-authority-data: $CA64
+users:
+- name: $SA_NAME
+  user:
+    token: "$TOKEN"
+contexts:
+- name: ${SA_NAME}_context
+  context:
+    cluster: local
+    user: $SA_NAME
+current-context: ${SA_NAME}_context
+EOF
+
+chmod 600 $KUBECONFIG