FROM quay.io/argoproj/argocd:v2.13.0 # renovate: datasource=github-releases depName=sops packageName=getsops/sops ARG SOPS_VERSION="3.9.1" # renovate: datasource=github-releases depName=vals packageName=helmfile/vals ARG VALS_VERSION="0.37.6" # renovate: datasource=github-releases depName=helm-secrets packageName=jkroepke/helm-secrets ARG HELM_SECRETS_VERSION="4.6.2" ARG ARGOCD_USER_ID="999" # set Vals ENV HELM_SECRETS_BACKEND="vals" \ HELM_SECRETS_HELM_PATH=/usr/local/bin/helm \ HELM_PLUGINS="/home/argocd/.local/share/helm/plugins/" \ HELM_SECRETS_VALUES_ALLOW_SYMLINKS=false \ HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH=true \ HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL=false \ HELM_SECRETS_WRAPPER_ENABLED=true # Optionally, set default gpg key for sops files # ENV HELM_SECRETS_LOAD_GPG_KEYS=/path/to/gpg.key USER root RUN apt-get update && \ apt-get install -y \ curl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # sops (use via vals!) RUN curl -fsSL https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.amd64 \ -o /usr/local/bin/sops && chmod +x /usr/local/bin/sops # vals backend installation RUN curl -fsSL https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz \ | tar xzf - -C /usr/local/bin/ vals \ && chmod +x /usr/local/bin/vals RUN ln -sf "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh" /usr/local/sbin/helm # Add init script to convert SA token into kubeconfig for vals ADD sa2kubeconfig.sh /usr/local/bin/sa2kubeconfig.sh USER ${ARGOCD_USER_ID} RUN helm plugin install --version ${HELM_SECRETS_VERSION} https://github.com/jkroepke/helm-secrets RUN mkdir -p /home/argocd/.kube && sed -i -e 's/secrets/secrets --evaluate-templates/' "$(helm env HELM_PLUGINS)/helm-secrets/scripts/wrapper/helm.sh"