argocd-vault-plugin
argo-helm
argocd-vault-plugin | argo-helm | |
---|---|---|
9 | 17 | |
761 | 1,554 | |
1.3% | 2.9% | |
7.3 | 9.5 | |
9 days ago | 2 days ago | |
Go | Mustache | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
argocd-vault-plugin
-
GitOps and Kubernetes – Secure Handling of Secrets
ArgoCD supports SOPS with the vault Plugin.
-
Injecting secrets from Vault into Helm charts with ArgoCD
repoServer: rbac: - verbs: - get - list - watch apiGroups: - '' resources: - secrets - configmaps initContainers: - name: download-tools image: registry.access.redhat.com/ubi8 env: - name: AVP_VERSION value: 1.11.0 command: [sh, -c] args: - >- curl -L https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64 -o argocd-vault-plugin && chmod +x argocd-vault-plugin && mv argocd-vault-plugin /custom-tools/ volumeMounts: - mountPath: /custom-tools name: custom-tools extraContainers: - name: avp-helm command: [/var/run/argocd/argocd-cmp-server] image: quay.io/argoproj/argocd:v2.4.8 securityContext: runAsNonRoot: true runAsUser: 999 volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp name: tmp-dir - mountPath: /home/argocd/cmp-server/config name: cmp-plugin - name: custom-tools subPath: argocd-vault-plugin mountPath: /usr/local/bin/argocd-vault-plugin volumes: - configMap: name: cmp-plugin name: cmp-plugin - name: custom-tools emptyDir: {} - name: tmp-dir emptyDir: {} # If you face issue with ArgoCD CRDs installation, then uncomment below section to disable it #crds: # install: false
- K8s and HIPPA/PHI compliant systems - Need advice!
-
Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?
argoproj-labs/argocd-vault-plugin
-
Best solution to use Argocd with helm and manage secrets ? Don't say flux !
We’re using https://github.com/argoproj-labs/argocd-vault-plugin which allows you to define secrets in git (works with more backends than just hashicorp vault despite the name). The documentation took me a bit to figure out, but so far it works.
-
Best Practices for Argo CD
Argo CD Vault plugin
- Removing replication count, resource, tolerations, pvc when app is onboarded using ArgoCD
- Gotta love gitops
-
Best/Secure way to add a secret for ArgoCD Helm Chart?
I used argocd vault plugin https://github.com/IBM/argocd-vault-plugin
argo-helm
-
Introducing ArgoCD: A GitOps Approach to Continuous Deployment
kubectl create namespace argocd helm repo add argo https://argoproj.github.io/argo-helm helm repo update helm install argocd argo/argo-cd --namespace argocd
-
2- Your first ARGO-CD
We will use Helm to install Argo CD with the community-maintained chart from argoproj/argo-helm because The Argo project doesn't provide an official Helm chart. We will render thier helm chart for argocd locally on our side, manipulate it and overrides its default values, and also we can helm lint the chart and templating to see if there is some errors or not, We gonna use the chart version 5.50.0 which matches appVersion: v2.8.6 you can find all details for the chart and also we gonna override some values @ default-values.yaml
-
Having an issue connecting to git repo configured through helm using ssh private key
resource "helm_release" "argocd" { name = "${var.environment}-argocd" namespace = "${var.environment}-argocd" create_namespace = true repository = "https://argoproj.github.io/argo-helm" version = "${var.helm_version}" chart = "argo-cd" set { name = "server.service.type" value = "LoadBalancer" } set { name = "server.service.loadBalancerIP" value = "${var.loadBalancerIP}" } values = [ <<-YAML --- global: image: tag: "${var.image_tag}" configs: repositories: gitops-homelab: url: [email protected]:myprivaterepo/gitops-homelab.git name: private-repo type: git sshPrivateKey: file("${path.module}/sa_keys/private/${var.environment}_id_rsa") server: extraArgs: - --insecure YAML ] } output "file_location" { value = file("${path.module}/sa_keys/private/${var.environment}_id_rsa") }
-
Issue with helm_release on terraform destroy
"argo-cd" = { repository = "https://argoproj.github.io/argo-helm", chart = "argo-cd", namespace = "argocd" values_file = templatefile("./values/argocd.yml", { ingress_scheme = "internal" #internet-facing or internal elb_name = aws_lb.this["${local.name}-int-a"].name })
-
How to Install ArgoCD using Helm through Terraform
repository = "https://argoproj.github.io/argo-helm" chart = "argo-cd" namespace = "argo" version = "5.34.5"
- How to determine ordering in a bunch of helm sub charts?
-
Dump Kustomize with 20 lines of TypeScript
I think your example with the ArgoCD Helm chart says it all. It can get incredibly complicated, and I had tremendous trouble getting it working, it broke all the time, getting the indentation right was a nightmare ... very unpleasant experience. I mean look at that chart, the authors have to constantly specify the indentation level everywhere.
-
Can I use a values.yaml file with my argocd application?
plugin: name: argocd-vault-helm env: - name: release_name value: argocd - name: chart_name value: argo-cd - name: chart_repo value: https://argoproj.github.io/argo-helm - name: chart_version value: 5.17.1 - name: chart_values value: -f applicationset.yaml -f configs.yaml -f controller.yaml -f dex.yaml -f redis.yaml -f reposerver.yaml -f server.yaml -f notifications.yaml - name: args value: --include-crds
-
Templating the Matrix
Another folder I want to discuss shortly is the Terraform folder. This project was installed by terraform basically but it can deployed easily with simple helm installation of ArgoCD . In the next attachment we can see the relevant values neccesary to apply our ArgoCD system : values-override.tpl
-
Injecting secrets from Vault into Helm charts with ArgoCD
Finally, we have to install ArgoCD from the official Helm Chart but with extra configuration that provides modifications required to install Vault plugin via sidecar container.
What are some alternatives?
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
charts - Public helm charts
kustomize-sops - KSOPS - A Flexible Kustomize Plugin for SOPS Encrypted Resources
cp-helm-charts - The Confluent Platform Helm charts enable you to deploy Confluent Platform services on Kubernetes for development, test, and proof of concept environments.
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
argo-cd - Declarative Continuous Deployment for Kubernetes
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
helm-charts - OpenSourced Helm charts
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
charts - OpenEBS Helm Charts and other utilities
vault-creds - Sidecar container for requesting dynamic Vault database secrets
cloudnative-pg - CloudNativePG is a comprehensive platform designed to seamlessly manage PostgreSQL databases within Kubernetes environments, covering the entire operational lifecycle from initial deployment to ongoing maintenance