昨天提到sops和kustomize的結合，免不了的我們也要讓argo CD可以利用sops generator來讓argo cd有能力部署我們加密過的kustomize檔

首先我們要把gcp service account的credential放入gke中，
在IAM我們有設定過service account然後下載key，然後下以下command

kubectl create secret generic gcp-credential --from-file <your gcp credential name>.json -n argo

然後我們更改data/argo-value.yaml

server:
  config:
    kustomize.buildOptions: "--enable-alpha-plugins"
  replicas: 2

repoServer:
  replicas: 2
  volumes:
    - name: custom-tools
      emptyDir: {}
    - name: gcp-credential
      secret:
        secretName: gcp-credential
  volumeMounts:
    - mountPath: /.config/kustomize/plugin/goabout.com/v1beta1/sopssecretgenerator/SopsSecretGenerator
      name: custom-tools
      subPath: SopsSecretGenerator
    - mountPath: /.secrets/gcp/ServiceAccount.json
      name: gcp-credential
      subPath: key.json
  env:
    - name: XDG_CONFIG_HOME
      value: /.config
    - name: GOOGLE_APPLICATION_CREDENTIALS
      value: /.secrets/gcp/ServiceAccount.json

  initContainers:
    - name: install-goaboutsops
      image: alpine:3.11.3
      command: ["/bin/sh", "-c"]
      args:
        - echo "Installing goabout kustomize sops...";
          set -e;
          set -x;
          wget -O /custom-tools/SopsSecretGenerator https://github.com/goabout/kustomize-sopssecretgenerator/releases/download/v${VERSION}/SopsSecretGenerator_${VERSION}_${PLATFORM}_${ARCH};
          chmod -v +x /custom-tools/SopsSecretGenerator;
          set +x;
          echo "Done.";
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools
      env:
        - name: VERSION
          value: 1.6.0
        - name: PLATFORM
          value: linux
        - name: ARCH
          value: amd64

之後 terraform apply就可以看到repo server deployment的變動