3 changed files with 7 additions and 43 deletions
--- a/17
+++ b/17
@ -1,9 +1,9 @@
-FROM quay.io/argoproj/argocd:v2.14.9
+FROM quay.io/argoproj/argocd:v2.14.5

 # renovate: datasource=github-releases depName=sops packageName=getsops/sops
-ARG SOPS_VERSION=v3.10.1
+ARG SOPS_VERSION=v3.9.4
 # renovate: datasource=github-releases depName=vals packageName=helmfile/vals
-ARG VALS_VERSION=v0.40.1
+ARG VALS_VERSION=v0.39.3
 # renovate: datasource=github-releases depName=helm-secrets packageName=jkroepke/helm-secrets
 ARG HELM_SECRETS_VERSION=v4.6.3

@ -16,8 +16,7 @@ ENV HELM_SECRETS_BACKEND="vals" \
    HELM_SECRETS_VALUES_ALLOW_SYMLINKS=false \
    HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH=true \
    HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL=false \
-    HELM_SECRETS_WRAPPER_ENABLED=true \
-    KUBECONFIG=/tmp/kubectl.config
+    HELM_SECRETS_WRAPPER_ENABLED=true

 # Optionally, set default gpg key for sops files
 # ENV HELM_SECRETS_LOAD_GPG_KEYS=/path/to/gpg.key
@ -38,13 +37,9 @@ RUN curl -fsSL https://github.com/helmfile/vals/releases/download/${VALS_VERSION
    | tar xzf - -C /usr/local/bin/ vals \
    && chmod +x /usr/local/bin/vals

-RUN ln -sf "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh" /usr/local/sbin/helm && \
-    rm -f /usr/local/bin/argocd-repo-server
-
-# replace argocd-repo-server with wrapper to install kubectl config
-ADD argocd-repo-server-wrapper.sh /usr/local/bin/argocd-repo-server
+RUN ln -sf "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh" /usr/local/sbin/helm

 USER ${ARGOCD_USER_ID}

 RUN helm plugin install --version ${HELM_SECRETS_VERSION#v} https://github.com/jkroepke/helm-secrets
-RUN sed -i -e 's/secrets/secrets --evaluate-templates/' "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh"
+RUN mkdir -p /home/argocd/.kube && sed -i -e 's/secrets/secrets --evaluate-templates/' "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh"
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@ Customized ArgoCD image for KubeZero
 ## Changes
 - added sops, helm-secrets and vals binaries
 - configured helm-secrets to use vals backend
- argocd-repo-server wrapper script to allow vals to access the local cluster Kube API using Argo's SA account to eg. lookup values from a central secret
+- init script to allow vals to access the local cluster Kube API using Argo's SA account to eg. lookup values from a central secret

 ## Credits:
 - https://github.com/jkroepke/helm-secrets/wiki/ArgoCD-Integration#option-1-custom-docker-image
--- a/argocd-repo-server-wrapper.sh
+++ b/argocd-repo-server-wrapper.sh
@ -1,31 +0,0 @@
-#!/bin/sh
-
-KUBECONFIG=/tmp/kubectl.config
-SA_NAME=argo-argocd-repo-server
-
-CA64=$(cat /run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 -w0)
-TOKEN=$(cat /run/secrets/kubernetes.io/serviceaccount/token)
-
-cat > $KUBECONFIG << EOF
-apiVersion: v1
-kind: Config
-clusters:
- name: local
-  cluster:
-    server: https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT_HTTPS
-    certificate-authority-data: $CA64
-users:
- name: $SA_NAME
-  user:
-    token: "$TOKEN"
-contexts:
- name: ${SA_NAME}_context
-  context:
-    cluster: local
-    user: $SA_NAME
-current-context: ${SA_NAME}_context
-EOF
-
-chmod 600 $KUBECONFIG
-
-ARGOCD_BINARY_NAME=argocd-repo-server /usr/local/bin/argocd $@