Handling KSOPS (kustomize-sops) with a stub plugin #394
mpeterson
started this conversation in
Show and tell
Replies: 2 comments 1 reply
-
|
@mpeterson Thanks for sharing this 🚀 Would you be interested in adding this as a documentation example for others to reuse? If yes, we suggest adding it to:
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I opened a PR to add this to the docs: #395 It covers the stub plugin approach from this discussion, plus a complementary workaround for stripping |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I use KSOPS as a kustomize exec plugin to generate Secrets from SOPS-encrypted files. In CI, the SOPS decryption key isn't available, so all kustomize apps with KSOPS generators fail with:
Even after enabling alpha plugins via
values.yaml, they fail with SOPS decryption errors — which causes the entire run to fail.Solution: Install a fake
ksopsstub that returns an empty ResourceList. Kustomize is happy (the generator "runs" successfully), and all other resources (Deployments, Services, ConfigMaps, etc.) render correctly. Since both branches get the same stub, secrets are consistently absent from the diff — only non-secret changes show up.The
values.yamlmounted at--argocd-config-dir:This could also be adapted for other kustomize exec plugins that depend on external secrets or credentials not available in CI.
Beta Was this translation helpful? Give feedback.
All reactions