X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=deploy%2Fcluster%2Fcluster.sh;h=85fa2f146f9e750d7ea63fdfb8806d5b37261baf;hb=8fcb874a6e5ec52b4a6ac80cb7f34c7baccd8c17;hp=7bbc46fd9a30d91dfaabdf87a867ad925f17cb38;hpb=7f5b95aaf15bca22ac6506ac5e1b5db0d0437222;p=icn.git

diff --git a/deploy/cluster/cluster.sh b/deploy/cluster/cluster.sh
index 7bbc46f..85fa2f1 100755
--- a/deploy/cluster/cluster.sh
+++ b/deploy/cluster/cluster.sh
@@ -30,6 +30,17 @@ EOF
     # The name "sync" must be sorted after "flux-system" to ensure
     # Flux CRDs are instantiated first
     cat <<'EOF' >${SCRIPTDIR}/addons/sync.yaml
+{{- if .Values.flux.decryptionSecret }}
+---
+apiVersion: v1
+type: Opaque
+kind: Secret
+metadata:
+  name: {{ .Values.flux.repositoryName }}-{{ .Values.flux.branch }}-sops-gpg
+  namespace: flux-system
+data:
+  sops.asc: {{ .Values.flux.decryptionSecret | b64enc }}
+{{- end }}
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
@@ -56,6 +67,12 @@ spec:
   sourceRef:
     kind: GitRepository
     name: {{ .Values.flux.repositoryName }}
+{{- if .Values.flux.decryptionSecret }}
+  decryption:
+    provider: sops
+    secretRef:
+      name: {{ .Values.flux.repositoryName }}-{{ .Values.flux.branch }}-sops-gpg
+{{- end }}
 EOF
     cat <<EOF >${SCRIPTDIR}/templates/flux-addon.yaml
 {{- if .Values.flux }}