ArgoCD Vault Plugin error connection reset by peer

[KameshMunusamy]

I am trying to connect the Enterprise version of Hashicorp vault using the ArgoCD Vault plugin (hosted in AKS).

InvalidSpecError: Unable to generate manifests in .: rpc error: code = Unknown desc = argocd-vault-plugin generate ./ failed exit status 1: Error: Get "https://my-vault.com/v1/secrets/data/test": read tcp 10.x.x.x:38716->10.x.x.x:443: read: connection reset by peer

I am followed the Vault plugin installation as per documentation. I assumption here is, my vault website expects the client certificate for TLS handshake, which is not present in the AKS, thats the reason it throwing the error.

I have also tried defining the VAULT_CACERT environment variable in applicaiton manifest, still it is not working. But the same is working in the CLI.

Kindly let me know, where i can have CA root pem file or ca cert and key mount to use for this connection to be established.

Application.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: testing-vault
spec:
  destination:
    name: ''
    namespace: test
    server: 'https://kubernetes.default.svc'
  source:
    path: .
    plugin:
      name: argocd-vault-plugin
    repoURL: 'https://bitbucket.org/test/test-vault.git'
    targetRevision: HEAD
  project: test-proj
  syncPolicy:
    automated:
      prune: false
      selfHeal: false

Secerts.yaml

kind: Secret
apiVersion: v1
metadata:
  name: example-secret
  annotations:
    avp.kubernetes.io/path: "secrets/data/test"
type: Opaque
stringData:
  sample-secret: <hello>

[werne2j]

What auth type are you using?