Add secrets store gopass provider

2021-12-16 22:40:36 +01:00 · 2021-12-16 22:40:36 +01:00 · 66d6fe4426
commit 66d6fe4426
parent db9867f3c9
3 changed files with 54 additions and 1 deletions
--- a/bin/update.sh
+++ b/bin/update.sh
@ -36,6 +36,9 @@ for i in do-block-storage-StorageClass.yaml do-block-storage-VolumeSnapshotClass
 done
 rm -fr files/digitalocean.old

+if [ ! -d files/secrets-provider-gopass ]; then mkdir files/secrets-provider-gopass; fi
+wget https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass/raw/master/deployment/provider-gopass-installer.yaml && \
+  \mv provider-gopass-installer.yaml files/secrets-provider-gopass/


 #https://github.com/scaleway/scaleway-csi
--- a/files/secrets-provider-gopass/provider-gopass-installer.yaml
+++ b/files/secrets-provider-gopass/provider-gopass-installer.yaml
@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: csi-secrets-store-provider-gopass
+  name: csi-secrets-store-provider-gopass
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: csi-secrets-store-provider-gopass
+  template:
+    metadata:
+      labels:
+        app: csi-secrets-store-provider-gopass
+    spec:
+      tolerations:
+      containers:
+        - name: provider-gopass-installer
+          image: camptocamp/secrets-store-csi-driver-provider-gopass:0.0.1
+          imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          env:
+            # set TARGET_DIR env var and mount the same directory to to the container
+            - name: TARGET_DIR
+              value: "/etc/kubernetes/secrets-store-csi-providers"
+          volumeMounts:
+            - mountPath: "/etc/kubernetes/secrets-store-csi-providers"
+              name: providervol
+      volumes:
+        - name: providervol
+          hostPath:
+              path: "/etc/kubernetes/secrets-store-csi-providers"
+      nodeSelector:
+        beta.kubernetes.io/os: linux
--- a/tasks/secrets-store.yml
+++ b/tasks/secrets-store.yml
@ -26,10 +26,18 @@
      name: csi-secrets-store
      chart_ref: secrets-store-csi-driver/secrets-store-csi-driver

+  # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
+  - name: Deploy Secrets Store CSI driver provider gopass
+    kubernetes.core.k8s:
+      state: "{{ storage_secrets_store_state }}"
+      context: "{{ my_context }}"
+      namespace: "{{ storage_localpath_namespace }}"
+      apply: true
+      resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
+
  tags:
    - storage
    - secrets-store

-# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
 # https://github.com/hashicorp/vault-csi-provider
 # https://github.com/Azure/secrets-store-csi-driver-provider-azure