argocd-vault-plugin
argo
argocd-vault-plugin | argo | |
---|---|---|
9 | 43 | |
761 | 14,314 | |
1.3% | 0.9% | |
7.3 | 9.8 | |
10 days ago | 3 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
argocd-vault-plugin
-
GitOps and Kubernetes – Secure Handling of Secrets
ArgoCD supports SOPS with the vault Plugin.
-
Injecting secrets from Vault into Helm charts with ArgoCD
repoServer: rbac: - verbs: - get - list - watch apiGroups: - '' resources: - secrets - configmaps initContainers: - name: download-tools image: registry.access.redhat.com/ubi8 env: - name: AVP_VERSION value: 1.11.0 command: [sh, -c] args: - >- curl -L https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64 -o argocd-vault-plugin && chmod +x argocd-vault-plugin && mv argocd-vault-plugin /custom-tools/ volumeMounts: - mountPath: /custom-tools name: custom-tools extraContainers: - name: avp-helm command: [/var/run/argocd/argocd-cmp-server] image: quay.io/argoproj/argocd:v2.4.8 securityContext: runAsNonRoot: true runAsUser: 999 volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: tmp-dir - mountPath: /home/argocd/cmp-server/config name: cmp-plugin - name: custom-tools subPath: argocd-vault-plugin mountPath: /usr/local/bin/argocd-vault-plugin volumes: - configMap: name: cmp-plugin name: cmp-plugin - name: custom-tools emptyDir: {} - name: tmp-dir emptyDir: {} # If you face issue with ArgoCD CRDs installation, then uncomment below section to disable it #crds: # install: false
- K8s and HIPPA/PHI compliant systems - Need advice!
-
Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?
argoproj-labs/argocd-vault-plugin
-
Best solution to use Argocd with helm and manage secrets ? Don't say flux !
We’re using https://github.com/argoproj-labs/argocd-vault-plugin which allows you to define secrets in git (works with more backends than just hashicorp vault despite the name). The documentation took me a bit to figure out, but so far it works.
-
Best Practices for Argo CD
Argo CD Vault plugin
- Removing replication count, resource, tolerations, pvc when app is onboarded using ArgoCD
- Gotta love gitops
-
Best/Secure way to add a secret for ArgoCD Helm Chart?
I used argocd vault plugin https://github.com/IBM/argocd-vault-plugin
argo
-
StackStorm – IFTTT for Ops
Like Argo Workflows?
https://github.com/argoproj/argo-workflows
-
Creators of Argo CD Release New OSS Project Kargo for Next Gen Gitops
Dagger looks more comparable to Argo Workflows: https://argoproj.github.io/argo-workflows/ That's the first of the Argo projects, which can run multi-step workflows within containers on Kubernetes.
For what it's worth, my colleagues and I have had great luck with Argo Workflows and wrote up a blog post about some of its advantages a few years ago: https://www.interline.io/blog/scaling-openstreetmap-data-wor...
-
Practical Tips for Refactoring Release CI using GitHub Actions
Despite other alternatives like Circle CI, Travis CI, GitLab CI or even self-hosted options using open-source projects like Tekton or Argo Workflow, the reason for choosing GitHub Actions was straightforward: GitHub Actions, in conjunction with the GitHub ecosystem, offers a user-friendly experience and access to a rich software marketplace.
-
(Not) to Write a Pipeline
author seems to be describing the kind of patterns you might make with https://argoproj.github.io/argo-workflows/ . or see for example https://github.com/couler-proj/couler , which is an sdk for describing tasks that may be submitted to different workflow engines on the backend.
it's a little confusing to me that the author seems to object to "pipelines" and then equate them with messaging-queues. for me at least, "pipeline" vs "workflow-engine" vs "scheduler" are all basically synonyms in this context. those things may or may not be implemented with a message-queue for persistence, but the persistence layer itself is usually below the level of abstraction that $current_problem is really concerned with. like the author says, eventually you have to track state/timestamps/logs, but you get that from the beginning if you start with a workflow engine.
i agree with author that message-queues should not be a knee-jerk response to most problems because the LoE for edge-cases/observability/monitoring is huge. (maybe reach for a queue only if you may actually overwhelm whatever the "scheduler" can handle.) but don't build the scheduler from scratch either.. use argowf, kubeflow, or a more opinionated framework like airflow, mlflow, databricks, aws lamda or step-functions. all/any of these should have config or api that's robust enough to express rate-limit/retry stuff. almost any of these choices has better observability out-of-the-box than you can easily get from a queue. but most importantly.. they provide idioms for handling failure that data-science folks and junior devs can work with. the right way to structure code is just much more clear and things like structuring messages/events, subclassing workers, repeating/retrying tasks, is just harder to mess up.
-
what technologies are people using for job scheduling in/with k8s?
Argo Workflows + Argo Events
-
What are some good self-hosted CI/CD tools where pipeline steps run in docker containers?
Drone, or Tekton, Argo Workflows if you’re on k8s
-
job scheduling for scientific computing on k8s?
Check out Argo Workflows.
- Orchestration poll
- What's the best way to inject a yaml file into an Argo workflow step?
-
Which build system do you use?
go-git has a lot of bugs and is not actively maintained. The bug even affects Argo Workflow, which caused our data pipeline to fail unexpectedly (reference: https://github.com/argoproj/argo-workflows/issues/10091)
What are some alternatives?
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
temporal - Temporal service
kustomize-sops - KSOPS - A Flexible Kustomize Plugin for SOPS Encrypted Resources
keda - KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
Airflow - Apache Airflow - A platform to programmatically author, schedule, and monitor workflows
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
flyte - Scalable and flexible workflow orchestration platform that seamlessly unifies data, ML and analytics stacks.
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
StackStorm - StackStorm (aka "IFTTT for Ops") is event-driven automation for auto-remediation, incident responses, troubleshooting, deployments, and more for DevOps and SREs. Includes rules engine, workflow, 160 integration packs with 6000+ actions (see https://exchange.stackstorm.org) and ChatOps. Installer at https://docs.stackstorm.com/install/index.html
vault-creds - Sidecar container for requesting dynamic Vault database secrets
n8n - Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services.