-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile
54 lines (43 loc) · 2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
FROM quay.io/argoproj/argocd:v2.13.3
ARG TARGETARCH
# renovate: datasource=github-releases depName=getsops/sops
ARG SOPS_VERSION="3.9.3"
# renovate: datasource=github-releases depName=helmfile/vals
ARG VALS_VERSION="0.38.0"
# renovate: datasource=github-releases depName=jkroepke/helm-secrets
ARG HELM_SECRETS_VERSION="4.6.2"
# renovate: datasource=github-releases depName=aslafy-z/helm-git
ARG HELM_GIT_VERSION="1.3.0"
# renovate: datasource=github-releases depName=kubernetes/kubernetes
ARG KUBECTL_VERSION="1.32.0"
ENV HELM_SECRETS_BACKEND="sops" \
HELM_SECRETS_HELM_PATH=/usr/local/bin/helm \
HELM_PLUGINS="/home/argocd/.local/share/helm/plugins/" \
HELM_SECRETS_VALUES_ALLOW_SYMLINKS=false \
HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH=false \
HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL=false \
HELM_SECRETS_WRAPPER_ENABLED=false
USER root
RUN apt-get update && \
apt-get install -y curl jq && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# kubectl installation
RUN curl -fsSL https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \
-o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl
# sops backend installation
RUN curl -fsSL https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.${TARGETARCH} \
-o /usr/local/bin/sops \
&& chmod +x /usr/local/bin/sops
# vals backend installation
RUN curl -fsSL https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_${TARGETARCH}.tar.gz \
| tar xzf - -C /usr/local/bin/ vals \
&& chmod +x /usr/local/bin/vals
RUN ln -sf /usr/local/bin/helm-vault-k8s-auth-wrapper.sh /usr/local/sbin/helm
USER $ARGOCD_USER_ID
# helm-secrets installation
RUN helm plugin install --version ${HELM_SECRETS_VERSION} https://github.com/jkroepke/helm-secrets
# helm-git installation
RUN helm plugin install --version ${HELM_GIT_VERSION} https://github.com/aslafy-z/helm-git
COPY helm-vault-k8s-auth-wrapper.sh /usr/local/bin/