Implemented automatic fetching ACR password from Azure KeyVault

2025-05-12 20:52:29 +00:00
parent 7b12088952
commit 0c02c20995
2 changed files with 37 additions and 9 deletions
--- a/argo-workflows/build.yaml
+++ b/argo-workflows/build.yaml
@ -23,6 +23,13 @@ spec:
      resources:
        requests:
          storage: 128Mi
+  volumes:
+  - name: secrets-store
+    csi:
+      driver: secrets-store.csi.k8s.io
+      readOnly: true
+      volumeAttributes:
+        secretProviderClass: azure-keyvault
  templates:

  # 🔁 Main steps sequence
@ -112,21 +119,14 @@ spec:
          ./dgoss run -e SQLALCHEMY_DATABASE_URI=sqlite:///:memory: $DOCKER_IMAGE > /workspace/goss_junit.xml
          
          echo "===> Logging into ACR"
+          ACR_PASSWORD=$(cat /mnt/secrets/acr-password)
          echo "$ACR_PASSWORD" | docker login {{workflow.parameters.registry_server}} -u $ACR_USERNAME --password-stdin

          echo "===> Pushing image to ACR"
          docker push $DOCKER_IMAGE
      env:
        - name: ACR_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: acr-creds
-              key: username
-        - name: ACR_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: acr-creds
-              key: password
+          value: marcin00
      securityContext:
        privileged: true
      volumeMounts:
@ -134,6 +134,9 @@ spec:
          mountPath: /workspace
        - name: docker-library
          mountPath: /var/lib/docker
+        - name: secrets-store
+          mountPath: "/mnt/secrets"
+          readOnly: true
    volumes:
      - name: docker-library
        emptyDir: {}