ARGOCD : Patch plugin vault

Créer le fichier argocd-repo-server-patch.yaml 

apiVersion: apps/v1

kind: Deployment

metadata:

  name: argocd-repo-server

spec:

  template:

    spec:

      containers:

        - name: repo-server

          env:

            - name: AWS_REGION

              value: AWS_REGION_VALUE   #A changer

            - name: AVP_TYPE

              value: awssecretsmanager

            - name: AWS_ACCESS_KEY_ID

              value: AWS_ACCESS_KEY_ID_VALUE   #A changer

            - name: AWS_SECRET_ACCESS_KEY

              value: AWS_SECRET_ACCESS_KEY_VALUE   #A changer

          volumeMounts:

            - name: custom-tools

              mountPath: /usr/local/bin/argocd-vault-plugin

              subPath: argocd-vault-plugin

      volumes:

        - name: custom-tools

          emptyDir: {}

      initContainers:

        - name: download-tools

          image: alpine:3.8

          command: [sh, -c]

          # Don't forget to update this to whatever the stable release version is

          # Note the lack of the `v` prefix unlike the git tag

          env:

            - name: AVP_VERSION

              value: "1.16.0"

          args:

            - >-

              wget -O argocd-vault-plugin

              https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v${AVP_VERSION}/argocd-vault-plugin_${AVP_VERSION}_linux_amd64 &&

              chmod +x argocd-vault-plugin &&

              mv argocd-vault-plugin /custom-tools/

          volumeMounts:

            - mountPath: /custom-tools

              name: custom-tools

      automountServiceAccountToken: true 

Attention : Il faut adapter le nom du deployment, le nom du container et les values AWS

Lancer la commande suivante :

kubectl patch deployment argo-repo-server -n argocd --patch-file argocd-repo-server-patch.yaml

/!\ : le nom du container repo-server peut changer. A adapter

Créer le fichier argocd-cm-patch.yaml

apiVersion: v1

kind: ConfigMap

metadata:

  name: argocd-cm

data:

  configManagementPlugins: |

    - name: argocd-vault-plugin

      generate:

        command: ["argocd-vault-plugin"]

        args: ["generate", "./"]

    - name: argocd-vault-plugin-helm

      generate:

        command: ["sh", "-c"]

        args: ["helm template . | argocd-vault-plugin generate -"]

    # This lets you pass args to the Helm invocation as described here: https://argocd-vault-plugin.readthedocs.io/en/stable/usage/#with-helm

    - name: argocd-vault-plugin-helm-with-args

      generate:

        command: ["sh", "-c"]

        args: ["helm template ${helm_args} . | argocd-vault-plugin generate -"]

    - name: argocd-vault-plugin-kustomize

      generate:

        command: ["sh", "-c"]
args: ["kustomize build . | argocd-vault-plugin generate -"]

Lancer la commande suivante :

kubectl patch configmap argocd-cm -n argocd --patch-file argocd-cm-patch.yaml