Skip to content
This repository has been archived by the owner on Nov 21, 2023. It is now read-only.

cobalthq/argocd-gh-gpg-sync

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.circleci
.circleci
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

argocd-gh-gpg-sync

cobalthq DockerHub

This simple application runs as a CronJob inside your ArgoCD-enabled Kubernetes cluster to synchronize all GPG keys from your GitHub organization into ArgoCD. It will add the GPG keys to ArgoCD as well as set them as signature keys on a project.

With this you can enable GPG signature verification but not require your developers to add their keys in two places.

Usage

Deploy the cobaltlabs/argocd-gh-gpg-sync image as a CronJob anywhere in your cluster. You can use the following manifest as an example. Note that it depends on a secret for the GitHub token.

Keep in mind ALL EXISTING GPG KEYS WILL BE REMOVED!

apiVersion: v1
kind: ServiceAccount
metadata:
  name: argocd-gh-gpg-sync
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: argocd-gh-gpg-sync
subjects:
- kind: ServiceAccount
  name: argocd-gh-gpg-sync
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: argocd-gh-gpg-sync
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: argocd-gh-gpg-sync
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - patch
  - apiGroups:
      - argoproj.io
    resources:
      - appprojects
    verbs:
      - patch
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: argocd-gh-gpg-sync
spec:
  schedule: "*/15 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: argocd-gh-gpg-sync
          containers:
            - name: sync
              image: cobaltlabs/argocd-gh-gpg-sync:0.1.0
              imagePullPolicy: Always
              env:
                - name: GITHUB_ORGANIZATION
                  value: cobalthq
                - name: GITHUB_TOKEN
                  valueFrom:
                    secretKeyRef:
                      name: argocd-github-creds # You will need to provide this secret!
                      key: GITHUB_TOKEN
          restartPolicy: OnFailure

Environment Variables

Variable Purpose
GITHUB_TOKEN A GitHub personal access token used to read the members of your organization
GITHUB_ORGANIZATION Which organization should be imported
ARGOCD_NAMESPACE Namespace that ArgoCD resides in (default 'argocd')
ARGOCD_CONFIGMAP_NAME Name of ArgoCD's GPG key configmap (default 'argocd-gpg-keys-cm')
ARGOCD_PROJECT_NAME Name of project to import keys to (default 'default')

Limitations

  • Keys can only be imported to one project.
  • All GitHub organization members, regardless of team, will be imported.

About

Synchronizes GPG keys from GitHub to ArgoCD

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages