Comments (4)
I can't figure out how to add a volume mount and an init container during the setup process though. If you try to modify the
argocd-repo-server
after the creation is overwritten since it's managed by argocd. It would be nice to be able to add those instead of having to build a manual image.
Casey, you have to utilize the custom image which is built and pushed to a registry, then specify when building your ACD. In other words, in the ACD configuration, you can specify a custom image on initial creation.
I haven't used the plugin in quite a while (since starting to use external-secrets). Speaking with complete transparency, I've spent a bit testing and evaluating tools since the original article, external-secrets in my opinion, it's a better overall approach to managing secrets and utilizing with ArgoCD/Git/Gitops Operator. There is an additional writeup here that walks us through it. :External Secrets Demo
from gitops-operator.
@pbmoses I haven't looked into external secrets yet so I will give that a shot. Thank you for the recommendation!
from gitops-operator.
This should be possible, see the following article from RedHat (under the "ArgoCD Installation and Configuration" section):
https://cloud.redhat.com/blog/how-to-use-hashicorp-vault-and-argo-cd-for-gitops-on-openshift
Create a Dockerfile
FROM argoproj/argocd:latest
# Switch to root for the ability to perform install
USER root
# Install tools needed for your repo-server to retrieve & decrypt secrets, render manifests
# (e.g. curl, awscli, gpg, sops)
RUN apt-get update && \
apt-get install -y \
curl \
awscli \
gpg && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install the AVP plugin (as root so we can copy to /usr/local/bin)
RUN curl -L -o argocd-vault-plugin https://github.com/IBM/argocd-vault-plugin/releases/download/v0.7.0/argocd-v
ault-plugin_0.7.0_linux_amd64
RUN chmod +x argocd-vault-plugin
RUN mv argocd-vault-plugin /usr/local/bin
# Switch back to non-root user
USER argocd
Build your image and push the image to your preferred image registry
podman build -t pmo-argovault:v1.0 .
podman push localhost/pmo-argovault:v1.0 quay.io/pbmoses/pmo-argovault:v1.0
After the image is built and pushed to the registry,we will need to build a new ArgoCD instance including our custom repo image. You can utilize the ArgoCD create GUI or apply a manifest you have available. There area few things to note which need to be included in your manifest:
*Our repo will need “mountsatoken” present and the SA we created earlier
repo:
mountsatoken: true
serviceaccount: vplugin
*The image will be that which was pushed in the previous steps
image: quay.io/pbmoses/pmo-argovault
Version: v1.0
*Our config management plugin will need to be defined
configManagementPlugins: |-
- name: argocd-vault-plugin
generate:
command: ["argocd-vault-plugin"]
args: ["generate", "./"]
You set those configuration values up in the operator configuration when creating your ArgoCD instance.
from gitops-operator.
I can't figure out how to add a volume mount and an init container during the setup process though. If you try to modify the argocd-repo-server
after the creation is overwritten since it's managed by argocd. It would be nice to be able to add those instead of having to build a manual image.
from gitops-operator.
Related Issues (20)
- RBAC Error to reconciler controller.argo HOT 2
- Default Github.com RSA key no longer matches upstream, causing errors HOT 3
- Enable ignored e2e tests
- Fix Kam Image reconcliation during upgrades HOT 1
- Add Siddhesh Ghadi as Reviewer on all the Supported branches
- NodePlacement or Toleration/NodeSelector not working HOT 1
- Operator stuck on 1.7.2 and can't upgrade it HOT 14
- Server ingress not setting `ingressClassName` once ArgoCD instance gets updated with the field HOT 1
- (Extra)VolumeMount for appset controller
- Cant install operator 1.10.1 on OKD 4.14 HOT 1
- ArgoCD object should use argocd-server-tls secret in openshift-gitops namespace for TLS cert HOT 1
- resource.customizations.ignoreDifferences doesn't save configuration
- Resource requests for default instance are excessive for small use cases
- Diffs not being detected
- Allow Volumes/VolumeMounts to pass through to the Deployment HOT 8
- Can't set any Proxy for SCMProvider Generator in my ApplicationSet
- ApplicationSets CRD cannot be watched / listed by argocd-server SA HOT 1
- Adding cluster via ArgoCD CLI HOT 2
- Ignore differences when using the catalog source image template annotation
- Update to ArgoCD 2.11.x HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitops-operator.