Add SSH agent sidecar to ArgoCD repo-server

- Create ssh-agent sidecar container to provide SSH_AUTH_SOCK
- Share socket via emptyDir volume at /tmp/ssh-agent
- Add SSH key from argocd-git-ssh-key secret to agent
- Fixes 'SSH agent requested but SSH_AUTH_SOCK not-specified' errors

1 files changed, 29 insertions, 1 deletions

diff --git a/f3s/argocd/values.yaml b/f3s/argocd/values.yaml
index 3b4c511..b2b7500 100644
--- a/f3s/argocd/values.yaml
+++ b/f3s/argocd/values.yaml
@@ -61,13 +61,41 @@ repoServer:
     - name: repo-server-data
       persistentVolumeClaim:
         claimName: argocd-repo-server-pvc
+    - name: ssh-agent-socket
+      emptyDir: {}
+    - name: git-ssh-key
+      secret:
+        secretName: argocd-git-ssh-key
+        defaultMode: 0400
   volumeMounts:
     - name: repo-server-data
       mountPath: /home/argocd/repo-cache
-  # Configure repo-server to use the persistent cache directory
+    - name: ssh-agent-socket
+      mountPath: /tmp/ssh-agent
+  # SSH agent sidecar to provide SSH_AUTH_SOCK for git operations
+  extraContainers:
+    - name: ssh-agent
+      image: alpine:3.19
+      command:
+        - sh
+        - -c
+        - |
+          apk add --no-cache openssh
+          eval $(ssh-agent -s -a /tmp/ssh-agent/socket)
+          ssh-add /tmp/ssh-key/sshPrivateKey
+          # Keep agent running
+          while true; do sleep 3600; done
+      volumeMounts:
+        - name: ssh-agent-socket
+          mountPath: /tmp/ssh-agent
+        - name: git-ssh-key
+          mountPath: /tmp/ssh-key
+  # Configure repo-server to use the persistent cache directory and SSH agent
   env:
     - name: XDG_CACHE_HOME
       value: /home/argocd/repo-cache
+    - name: SSH_AUTH_SOCK
+      value: /tmp/ssh-agent/socket
   # Resource limits
   resources:
     limits: