From 66d6fe44265e1eb51b89cf833900b836ab14276d Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Thu, 16 Dec 2021 22:40:36 +0100
Subject: [PATCH] Add secrets store gopass provider

---
 bin/update.sh                                 |  3 ++
 .../provider-gopass-installer.yaml            | 42 +++++++++++++++++++
 tasks/secrets-store.yml                       | 10 ++++-
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 files/secrets-provider-gopass/provider-gopass-installer.yaml

diff --git a/bin/update.sh b/bin/update.sh
index 7c2a587..6f068e4 100755
--- a/bin/update.sh
+++ b/bin/update.sh
@@ -36,6 +36,9 @@ for i in do-block-storage-StorageClass.yaml do-block-storage-VolumeSnapshotClass
 done
 rm -fr files/digitalocean.old
 
+if [ ! -d files/secrets-provider-gopass ]; then mkdir files/secrets-provider-gopass; fi
+wget https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass/raw/master/deployment/provider-gopass-installer.yaml && \
+  \mv provider-gopass-installer.yaml files/secrets-provider-gopass/
 
 
 #https://github.com/scaleway/scaleway-csi
diff --git a/files/secrets-provider-gopass/provider-gopass-installer.yaml b/files/secrets-provider-gopass/provider-gopass-installer.yaml
new file mode 100644
index 0000000..74e1e90
--- /dev/null
+++ b/files/secrets-provider-gopass/provider-gopass-installer.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: csi-secrets-store-provider-gopass
+  name: csi-secrets-store-provider-gopass
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: csi-secrets-store-provider-gopass
+  template:
+    metadata:
+      labels:
+        app: csi-secrets-store-provider-gopass
+    spec:
+      tolerations:
+      containers:
+        - name: provider-gopass-installer
+          image: camptocamp/secrets-store-csi-driver-provider-gopass:0.0.1
+          imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          env:
+            # set TARGET_DIR env var and mount the same directory to to the container
+            - name: TARGET_DIR
+              value: "/etc/kubernetes/secrets-store-csi-providers"
+          volumeMounts:
+            - mountPath: "/etc/kubernetes/secrets-store-csi-providers"
+              name: providervol
+      volumes:
+        - name: providervol
+          hostPath:
+              path: "/etc/kubernetes/secrets-store-csi-providers"
+      nodeSelector:
+        beta.kubernetes.io/os: linux
diff --git a/tasks/secrets-store.yml b/tasks/secrets-store.yml
index 589ec22..00acb6f 100644
--- a/tasks/secrets-store.yml
+++ b/tasks/secrets-store.yml
@@ -26,10 +26,18 @@
       name: csi-secrets-store
       chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
 
+  # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
+  - name: Deploy Secrets Store CSI driver provider gopass
+    kubernetes.core.k8s:
+      state: "{{ storage_secrets_store_state }}"
+      context: "{{ my_context }}"
+      namespace: "{{ storage_localpath_namespace }}"
+      apply: true
+      resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
+
   tags:
     - storage
     - secrets-store
 
-# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
 # https://github.com/hashicorp/vault-csi-provider
 # https://github.com/Azure/secrets-store-csi-driver-provider-azure