diff --git a/cmd/gotk/create_kustomization.go b/cmd/gotk/create_kustomization.go
index 4c6d3d120c94ac46588854b61ff27dccc603ee15..d2eb02cb8966d14da11158a186f1d73d2c4b7ee3 100644
--- a/cmd/gotk/create_kustomization.go
+++ b/cmd/gotk/create_kustomization.go
@@ -73,15 +73,17 @@ var createKsCmd = &cobra.Command{
}
var (
- ksSource string
- ksPath string
- ksPrune bool
- ksDependsOn []string
- ksValidation string
- ksHealthCheck []string
- ksHealthTimeout time.Duration
- ksSAName string
- ksSANamespace string
+ ksSource string
+ ksPath string
+ ksPrune bool
+ ksDependsOn []string
+ ksValidation string
+ ksHealthCheck []string
+ ksHealthTimeout time.Duration
+ ksSAName string
+ ksSANamespace string
+ ksDecryptionProvider string
+ ksDecryptionSecret string
)
func init() {
@@ -94,6 +96,8 @@ func init() {
createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied")
createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name")
createKsCmd.Flags().StringVar(&ksSANamespace, "sa-namespace", "", "service account namespace")
+ createKsCmd.Flags().StringVar(&ksDecryptionProvider, "decryption-provider", "", "enables secrets decryption, provider can be 'sops'")
+ createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
createCmd.AddCommand(createKsCmd)
}
@@ -178,6 +182,21 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
}
}
+ if ksDecryptionProvider != "" {
+ if !utils.containsItemString(supportedDecryptionProviders, ksDecryptionProvider) {
+ return fmt.Errorf("decryption provider %s is not supported, can be %v",
+ ksDecryptionProvider, supportedDecryptionProviders)
+ }
+
+ kustomization.Spec.Decryption = &kustomizev1.Decryption{
+ Provider: ksDecryptionProvider,
+ }
+
+ if ksDecryptionSecret != "" {
+ kustomization.Spec.Decryption.SecretRef = &corev1.LocalObjectReference{Name: ksDecryptionSecret}
+ }
+ }
+
if export {
return exportKs(kustomization)
}
diff --git a/cmd/gotk/main.go b/cmd/gotk/main.go
index cad7015be8f005617752348260728d711b912fce..03e1afbcb1839039c26d499bbd72334977619e32 100644
--- a/cmd/gotk/main.go
+++ b/cmd/gotk/main.go
@@ -104,11 +104,12 @@ var (
)
var (
- defaultComponents = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
- defaultVersion = "latest"
- defaultNamespace = "gitops-system"
- defaultNotification = "notification-controller"
- supportedArch = []string{"arm64", "amd64"}
+ defaultComponents = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
+ defaultVersion = "latest"
+ defaultNamespace = "gitops-system"
+ defaultNotification = "notification-controller"
+ supportedArch = []string{"arm64", "amd64"}
+ supportedDecryptionProviders = []string{"sops"}
)
func init() {
diff --git a/docs/cmd/gotk_create_kustomization.md b/docs/cmd/gotk_create_kustomization.md
index 171f6c0f37c3e4b2dacf10613ad04e7e87ea53b8..78893d7104460acbcbd71ab7d71d49121065e203 100644
--- a/docs/cmd/gotk_create_kustomization.md
+++ b/docs/cmd/gotk_create_kustomization.md
@@ -48,6 +48,8 @@ gotk create kustomization [name] [flags]
### Options
```
+ --decryption-provider string enables secrets decryption, provider can be 'sops'
+ --decryption-secret string set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption
--depends-on stringArray Kustomization that must be ready before this Kustomization can be applied
--health-check stringArray workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'
--health-check-timeout duration timeout of health checking operations (default 2m0s)