argocd-gh-gpg-sync

command module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

README

argocd-gh-gpg-sync

cobalthq DockerHub

This simple application runs as a CronJob inside your ArgoCD-enabled Kubernetes cluster to synchronize all GPG keys from your GitHub organization into ArgoCD. It will add the GPG keys to ArgoCD as well as set them as signature keys on a project.

With this you can enable GPG signature verification but not require your developers to add their keys in two places.

Usage

Deploy the cobalthq/argocd-gh-gpg-sync image as a CronJob anywhere in your cluster. You can use the following manifest as an example. Note that it depends on a secret for the GitHub token.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: argocd-gh-gpg-sync
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: argocd-gh-gpg-sync
subjects:
- kind: ServiceAccount
  name: argocd-gh-gpg-sync
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: argocd-gh-gpg-sync
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: argocd-gh-gpg-sync
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - patch
  - apiGroups:
      - argoproj.io
    resources:
      - appprojects
    verbs:
      - patch
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: argocd-gh-gpg-sync
spec:
  schedule: "*/15 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: argocd-gh-gpg-sync
          containers:
            - name: sync
              image: cobaltlabs/argocd-gh-gpg-sync:v0.1.0
              imagePullPolicy: Always
              env:
                - name: GITHUB_ORGANIZATION
                  value: cobalthq
                - name: GITHUB_TOKEN
                  valueFrom:
                    secretKeyRef:
                      name: argocd-github-creds # You will need to provide this secret!
                      key: GITHUB_TOKEN
          restartPolicy: OnFailure
Environment Variables
Variable Purpose
GITHUB_TOKEN A GitHub personal access token used to read the members of your organization
GITHUB_ORGANIZATION Which organization should be imported
ARGOCD_NAMESPACE Namespace that ArgoCD resides in (default 'argocd')
ARGOCD_CONFIGMAP_NAME Name of ArgoCD's GPG key configmap (default 'argocd-gpg-keys-cm')
ARGOCD_PROJECT_NAME Name of project to import keys to (default 'default')

Limitations

  • Keys can only be imported to one project.
  • All GitHub organization members, regardless of team, will be imported.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.