AVP installed by ArgoCD Helm chart and AWS Secret Manager issue

Describe the bug

I would like to install the AVP by the ArgoCD Helm chart on my Amazon EKS cluster and make it working with AWS Secret Manager.

As somebody already mentioned in this issue https://github.com/argoproj-labs/argocd-vault-plugin/issues/474, the installation of AVP by ArgoCD Helm chart is not described properly in the official AVP documentation so here is the way how I did it, but at the end I was not able to make it working:

Create Secret in AWS Secret Manager, Policy, IRSA, ... - I'll skip it and put here just output of the kubectl showing the pre created ServiceAccount argocd-repo-server with role:

$ kubectl describe serviceaccount -n argocd argocd-repo-server
Name:                argocd-repo-server
Namespace:           argocd
Labels:              app.kubernetes.io/managed-by=eksctl
Annotations:         eks.amazonaws.com/role-arn: arn:aws:iam::7xxxxxxxxxx7:role/eksctl-k01-irsa-argocd
Image pull secrets:  <none>
Mountable secrets:   <none>
Tokens:              <none>
Events:              <none>

AVP + ArgoCD Helm Installation (there is probably something "wrong"):

export CLUSTER_FQDN="k01.k8s.mylabs.dev"

helm repo add argo https://argoproj.github.io/argo-helm
cat > "helm_values-argocd.yml" << EOF
global:
  logging:
    level: debug
configs:
  params:
    server.insecure: true
  cmp:
    create: true
    plugins:
      avp-kustomize:
        allowConcurrency: true
        discover:
          find:
            command:
              - find
              - "."
              - -name
              - kustomization.yaml
        generate:
          command:
            - sh
            - "-c"
            - "kustomize build . | argocd-vault-plugin generate --verbose-sensitive-output -"
        lockRepo: false
      avp-helm:
        allowConcurrency: true
        discover:
          find:
            command:
              - sh
              - "-c"
              - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
        generate:
          command:
            - sh
            - "-c"
            - |
              helm template \$ARGOCD_APP_NAME -n \$ARGOCD_APP_NAMESPACE -f <(echo "\$ARGOCD_ENV_helm_values") . |
              argocd-vault-plugin generate --verbose-sensitive-output -
        lockRepo: false
      avp:
        allowConcurrency: true
        discover:
          find:
            command:
              - sh
              - "-c"
              - "find . -name '*.yaml' | xargs -I {} grep \\"<path\\\\|avp\\\\.kubernetes\\\\.io\\" {} | grep ."
        generate:
          command:
            - argocd-vault-plugin
            - generate
            - "--verbose-sensitive-output"
            - "."
        lockRepo: false
repoServer:
  env:
    - name: AVP_TYPE
      value: awssecretsmanager
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
  serviceAccount:
    create: false
    name: argocd-repo-server
  initContainers:
  - name: download-tools
    image: alpine:latest
    command: [sh, -c]
    env:
    - name: AVP_VERSION
      value: 1.14.0
    - name: AVP_ARCHITECTURE
      value: arm64
    args:
    - >-
      wget -O argocd-vault-plugin
      https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v\${AVP_VERSION}/argocd-vault-plugin_\${AVP_VERSION}_linux_\${AVP_ARCHITECTURE} &&
      chmod +x argocd-vault-plugin &&
      mv argocd-vault-plugin /custom-tools/
    volumeMounts:
    - mountPath: /custom-tools
      name: custom-tools
  extraContainers:
    - name: avp
      command: [/var/run/argocd/argocd-cmp-server]
      image: quay.io/argoproj/argocd:v2.7.2
      securityContext:
        runAsNonRoot: true
        runAsUser: 999
      volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          subPath: avp.yaml
          name: argocd-cmp-cm
        - name: custom-tools
          subPath: argocd-vault-plugin
          mountPath: /usr/local/bin/argocd-vault-plugin
    - name: avp-helm
      command: [/var/run/argocd/argocd-cmp-server]
      image: quay.io/argoproj/argocd:v2.7.2
      securityContext:
        runAsNonRoot: true
        runAsUser: 999
      volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          subPath: avp-helm.yaml
          name: argocd-cmp-cm
        - name: custom-tools
          subPath: argocd-vault-plugin
          mountPath: /usr/local/bin/argocd-vault-plugin
    - name: avp-kustomize
      command: [/var/run/argocd/argocd-cmp-server]
      image: quay.io/argoproj/argocd:v2.7.2
      securityContext:
        runAsNonRoot: true
        runAsUser: 999
      volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          subPath: avp-kustomize.yaml
          name: argocd-cmp-cm
        - name: custom-tools
          subPath: argocd-vault-plugin
          mountPath: /usr/local/bin/argocd-vault-plugin
  volumes:
    - configMap:
        name: argocd-cmp-cm
      name: argocd-cmp-cm
    - name: custom-tools
      emptyDir: {}
EOF
helm upgrade --install --version "5.34.3" --namespace argocd --create-namespace --wait --values "helm_values-argocd.yml" argo-cd argo/argo-cd

The I installed two apps where I used <path: with secret which should be taken from the AWS Secret Manager:

First is using the secret as a helm parameter - the secret should be injected into the installed helm chart.
Second is using kustomize and should inject the secret into the annotation.

argocd login --core --name "${CLUSTER_FQDN}"
kubectl config set-context --current --namespace=argocd

cat > "helm_values-podinfo.yml" << EOF
ui:
  message: "<path:${CLUSTER_FQDN}-PodinfoSecret#podinfo_secret_message>"
EOF

argocd app create podinfo \
  --repo https://stefanprodan.github.io/podinfo --helm-chart podinfo --revision 6.3.6 \
  --dest-namespace podinfo --dest-server https://kubernetes.default.svc \
  --auto-prune --sync-option CreateNamespace=true --sync-policy auto \
  --values-literal-file "helm_values-podinfo.yml"

argocd app create podinfo2 \
  --repo https://github.com/stefanprodan/podinfo.git --path kustomize \
  --dest-namespace podinfo2 --dest-server https://kubernetes.default.svc \
  --kustomize-common-annotation "secret-test=<path:${CLUSTER_FQDN}-PodinfoSecret#podinfo_secret_message>" \
  --auto-prune --sync-option CreateNamespace=true --sync-policy auto

Unfortunately the <path:... was not replaced by the password from the AWS Secret Manager as you can see it by checking the k8s objects:

❯ kubectl get pod -n podinfo -o yaml | grep -B2 '<path:'                                                                                                         ⎈ k01/argocd
      env:
      - name: PODINFO_UI_MESSAGE
        value: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>

❯ kubectl get pod -n podinfo2 -o yaml | grep '<path:'                                                                                                              ⎈ k01/argocd
      secret-test: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>
      secret-test: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>

I'm adding here the ArgoCD logs and few more details which may be handy. I was not able to find anything in the logs related to AVP :-( - it looks like AVP was not "properly" installed by the Helm Chart...

❯ kubectl stern -n argocd .                                                                                                                      ✘ INT  4s ⎈ k01/argocd
+ argo-cd-argocd-server-fb568f96d-4h4ng › server
+ argo-cd-argocd-applicationset-controller-588b76448-k2pdf › applicationset-controller
+ argo-cd-argocd-repo-server-54d8954bfd-mctbl › avp-helm
+ argo-cd-argocd-repo-server-54d8954bfd-mctbl › avp
+ argo-cd-argocd-repo-server-54d8954bfd-mctbl › avp-kustomize
+ argo-cd-argocd-repo-server-54d8954bfd-mctbl › repo-server
+ argo-cd-argocd-dex-server-56ffbf9fc8-ktz8n › dex-server
+ argo-cd-argocd-notifications-controller-7749b5c5b4-gb5wf › notifications-controller
+ argo-cd-argocd-application-controller-0 › application-controller
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="ArgoCD API Server is starting" built="2023-05-12T13:43:25Z" commit=cbee7e6011407ed2d1066c482db74e97e0cc6bdb namespace=argocd port=8080 version=v2.7.2+cbee7e6.dirty
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Starting configmap/secret informers"
+ argo-cd-argocd-redis-86b6c546db-hrcfv › redis
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Configmap/secret informer synced"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:26:52Z" level=info msg="ArgoCD ApplicationSet Controller is starting" built="2023-05-12T13:43:25Z" commit=cbee7e6011407ed2d1066c482db74e97e0cc6bdb namespace=argocd version=v2.7.2+cbee7e6.dirty
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:26:53Z" level=info msg="Starting configmap/secret informers"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:26:53Z" level=info msg="Configmap/secret informer synced"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Initialized server signature"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Initialized admin password"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:26:53Z" level=info msg="Starting webhook server"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Starting configmap/secret informers"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="configmap informer cancelled"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:26:53Z" level=info msg="Starting manager"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:27:52Z" level=debug msg="received create event from owning an application"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=warning msg="Unable to parse updated settings: server.secretkey is missing"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Configmap/secret informer synced"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="secrets informer cancelled"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Starting configmap/secret informers"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="configmap informer cancelled"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Configmap/secret informer synced"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="secrets informer cancelled"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:27:55Z" level=debug msg="received update event from owning an application"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="argocd v2.7.2+cbee7e6.dirty serving on port 8080 (url: , tls: false, namespace: argocd, sso: false)"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Enabled application namespace patterns: argocd"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="0x4000c29f80 subscribed to settings updates"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:27:55Z" level=debug msg="requeue: false caused by application podinfo\n"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="Starting rbac config informer"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:26:51Z" level=info msg="RBAC ConfigMap 'argocd-rbac-cm' added"
argo-cd-argocd-server-fb568f96d-4h4ng server time="2023-06-03T11:27:18Z" level=info msg="Notifying 1 settings subscribers: [0x4000c29f80]"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:27:55Z" level=debug msg="received update event from owning an application"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:27:55Z" level=debug msg="requeue: false caused by application podinfo\n"
...
...
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo-5986769856-pnz46 of type v1/Pod"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Refreshing app status (controller refresh requested), level (0)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="No status changes. Skipping patch" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" fields.level=0 time_ms=3
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo-5986769856 of type apps/v1/ReplicaSet"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo-zknc6 of type discovery.k8s.io/v1/EndpointSlice"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Refreshing app status (controller refresh requested), level (0)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="No status changes. Skipping patch" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" fields.level=0 time_ms=2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Refreshing app status (controller refresh requested), level (0)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="No status changes. Skipping patch" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" fields.level=0 time_ms=2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo of type apps/v1/Deployment"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Refreshing app status (controller refresh requested), level (1)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Comparing app state (cluster: https://kubernetes.default.svc, namespace: podinfo2)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=debug msg="Generating Manifest for source {https://github.com/stefanprodan/podinfo.git kustomize  nil &ApplicationSourceKustomize{NamePrefix:,NameSuffix:,Images:[],CommonLabels:map[string]string{},Version:,CommonAnnotations:map[string]string{secret-test: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>,},ForceCommonLabels:false,ForceCommonAnnotations:false,Namespace:,CommonAnnotationsEnvsubst:false,Replicas:[]KustomizeReplica{},} nil nil  } revision 073f1ec5aff930bd3411d33534e91cbe23302324"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="getRepoObjs stats" application=argocd/podinfo2 build_options_ms=0 helm_ms=0 plugins_ms=0 repo_ms=0 time_ms=12 unmarshal_ms=12 version_ms=0
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=debug msg="Retrieved live manifests" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Skipping auto-sync: application status is Synced" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="No status changes. Skipping patch" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:30Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dedup_ms=0 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" diff_ms=12 fields.level=1 git_ms=12 health_ms=0 live_ms=0 settings_ms=0 sync_ms=0 time_ms=31
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:32Z" level=debug msg="Successfully saved info of 1 clusters"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo-5986769856 of type apps/v1/ReplicaSet"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Refreshing app status (controller refresh requested), level (0)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="No status changes. Skipping patch" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" fields.level=0 time_ms=2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo of type apps/v1/Deployment"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Refreshing app status (controller refresh requested), level (1)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Comparing app state (cluster: https://kubernetes.default.svc, namespace: podinfo2)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=debug msg="Generating Manifest for source {https://github.com/stefanprodan/podinfo.git kustomize  nil &ApplicationSourceKustomize{NamePrefix:,NameSuffix:,Images:[],CommonLabels:map[string]string{},Version:,CommonAnnotations:map[string]string{secret-test: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>,},ForceCommonLabels:false,ForceCommonAnnotations:false,Namespace:,CommonAnnotationsEnvsubst:false,Replicas:[]KustomizeReplica{},} nil nil  } revision 073f1ec5aff930bd3411d33534e91cbe23302324"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="getRepoObjs stats" application=argocd/podinfo2 build_options_ms=0 helm_ms=0 plugins_ms=0 repo_ms=0 time_ms=9 unmarshal_ms=9 version_ms=0
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=debug msg="Retrieved live manifests" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Skipping auto-sync: application status is Synced" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Updated health status: Progressing -> Healthy" application=podinfo2 dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" reason=ResourceUpdated type=Normal
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Update successful" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dedup_ms=0 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" diff_ms=14 fields.level=1 git_ms=9 health_ms=0 live_ms=0 settings_ms=0 sync_ms=0 time_ms=65
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo of type autoscaling/v2/HorizontalPodAutoscaler"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Refreshing app status (controller refresh requested), level (1)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Comparing app state (cluster: https://kubernetes.default.svc, namespace: podinfo2)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=debug msg="Generating Manifest for source {https://github.com/stefanprodan/podinfo.git kustomize  nil &ApplicationSourceKustomize{NamePrefix:,NameSuffix:,Images:[],CommonLabels:map[string]string{},Version:,CommonAnnotations:map[string]string{secret-test: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>,},ForceCommonLabels:false,ForceCommonAnnotations:false,Namespace:,CommonAnnotationsEnvsubst:false,Replicas:[]KustomizeReplica{},} nil nil  } revision 073f1ec5aff930bd3411d33534e91cbe23302324"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="getRepoObjs stats" application=argocd/podinfo2 build_options_ms=0 helm_ms=0 plugins_ms=0 repo_ms=0 time_ms=9 unmarshal_ms=9 version_ms=0
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=debug msg="Retrieved live manifests" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Skipping auto-sync: application status is Synced" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Update successful" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:33Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dedup_ms=0 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" diff_ms=11 fields.level=1 git_ms=9 health_ms=0 live_ms=0 settings_ms=0 sync_ms=0 time_ms=36
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:42Z" level=debug msg="Successfully saved info of 1 clusters"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=debug msg="Refreshing app argocd/podinfo2 for change in cluster of object podinfo2/podinfo of type autoscaling/v2/HorizontalPodAutoscaler"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=info msg="Refreshing app status (controller refresh requested), level (1)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=info msg="Comparing app state (cluster: https://kubernetes.default.svc, namespace: podinfo2)" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=debug msg="Generating Manifest for source {https://github.com/stefanprodan/podinfo.git kustomize  nil &ApplicationSourceKustomize{NamePrefix:,NameSuffix:,Images:[],CommonLabels:map[string]string{},Version:,CommonAnnotations:map[string]string{secret-test: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>,},ForceCommonLabels:false,ForceCommonAnnotations:false,Namespace:,CommonAnnotationsEnvsubst:false,Replicas:[]KustomizeReplica{},} nil nil  } revision 073f1ec5aff930bd3411d33534e91cbe23302324"
argo-cd-argocd-repo-server-54d8954bfd-mctbl repo-server time="2023-06-03T11:28:48Z" level=debug msg="getting manifests cache" appName=podinfo2 appSrc="{\"appSrc\":{\"repoURL\":\"\",\"path\":\"kustomize\",\"kustomize\":{\"commonAnnotations\":{\"secret-test\":\"\\u003cpath:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message\\u003e\"}}},\"srcRefs\":{}}" clusterInfo="1.25+|acme.cert-manager.io/v1,acme.cert-manager.io/v1/Challenge,acme.cert-manager.io/v1/Order,admissionregistration.k8s.io/v1,admissionregistration.k8s.io/v1/MutatingWebhookConfiguration,admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration,apiextensions.k8s.io/v1,apiextensions.k8s.io/v1/CustomResourceDefinition,apiregistration.k8s.io/v1,apiregistration.k8s.io/v1/APIService,apps/v1,apps/v1/ControllerRevision,apps/v1/DaemonSet,apps/v1/Deployment,apps/v1/ReplicaSet,apps/v1/StatefulSet,argoproj.io/v1alpha1,argoproj.io/v1alpha1/AppProject,argoproj.io/v1alpha1/Application,argoproj.io/v1alpha1/ApplicationSet,autoscaling/v1,autoscaling/v1/HorizontalPodAutoscaler,autoscaling/v2,autoscaling/v2/HorizontalPodAutoscaler,autoscaling/v2beta2,autoscaling/v2beta2/HorizontalPodAutoscaler,batch/v1,batch/v1/CronJob,batch/v1/Job,cert-manager.io/v1,cert-manager.io/v1/Certificate,cert-manager.io/v1/CertificateRequest,cert-manager.io/v1/ClusterIssuer,cert-manager.io/v1/Issuer,certificates.k8s.io/v1,certificates.k8s.io/v1/CertificateSigningRequest,coordination.k8s.io/v1,coordination.k8s.io/v1/Lease,crd.k8s.amazonaws.com/v1alpha1,crd.k8s.amazonaws.com/v1alpha1/ENIConfig,discovery.k8s.io/v1,discovery.k8s.io/v1/EndpointSlice,events.k8s.io/v1,events.k8s.io/v1/Event,flowcontrol.apiserver.k8s.io/v1beta1,flowcontrol.apiserver.k8s.io/v1beta1/FlowSchema,flowcontrol.apiserver.k8s.io/v1beta1/PriorityLevelConfiguration,flowcontrol.apiserver.k8s.io/v1beta2,flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema,flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration,forecastle.stakater.com/v1alpha1,forecastle.stakater.com/v1alpha1/ForecastleApp,karpenter.k8s.aws/v1alpha1,karpenter.k8s.aws/v1alpha1/AWSNodeTemplate,karpenter.sh/v1alpha5,karpenter.sh/v1alpha5/Provisioner,monitoring.coreos.com/v1,monitoring.coreos.com/v1/Alertmanager,monitoring.coreos.com/v1/PodMonitor,monitoring.coreos.com/v1/Probe,monitoring.coreos.com/v1/Prometheus,monitoring.coreos.com/v1/PrometheusRule,monitoring.coreos.com/v1/ServiceMonitor,monitoring.coreos.com/v1/ThanosRuler,monitoring.coreos.com/v1alpha1,monitoring.coreos.com/v1alpha1/AlertmanagerConfig,networking.k8s.io/v1,networking.k8s.io/v1/Ingress,networking.k8s.io/v1/IngressClass,networking.k8s.io/v1/NetworkPolicy,node.k8s.io/v1,node.k8s.io/v1/RuntimeClass,policy/v1,policy/v1/PodDisruptionBudget,rbac.authorization.k8s.io/v1,rbac.authorization.k8s.io/v1/ClusterRole,rbac.authorization.k8s.io/v1/ClusterRoleBinding,rbac.authorization.k8s.io/v1/Role,rbac.authorization.k8s.io/v1/RoleBinding,scheduling.k8s.io/v1,scheduling.k8s.io/v1/PriorityClass,storage.k8s.io/v1,storage.k8s.io/v1/CSIDriver,storage.k8s.io/v1/CSINode,storage.k8s.io/v1/CSIStorageCapacity,storage.k8s.io/v1/StorageClass,storage.k8s.io/v1/VolumeAttachment,storage.k8s.io/v1beta1,storage.k8s.io/v1beta1/CSIStorageCapacity,v1,v1/ConfigMap,v1/Endpoints,v1/Event,v1/LimitRange,v1/Namespace,v1/Node,v1/PersistentVolume,v1/PersistentVolumeClaim,v1/Pod,v1/PodTemplate,v1/ReplicationController,v1/ResourceQuota,v1/Secret,v1/Service,v1/ServiceAccount,vpcresources.k8s.aws/v1beta1,vpcresources.k8s.aws/v1beta1/SecurityGroupPolicy" namespace=podinfo2 reason="GenerateManifest API call" revision=073f1ec5aff930bd3411d33534e91cbe23302324 trackingKey=argocd.argoproj.io/instance
argo-cd-argocd-repo-server-54d8954bfd-mctbl repo-server time="2023-06-03T11:28:48Z" level=info msg="manifest cache hit: &ApplicationSource{RepoURL:https://github.com/stefanprodan/podinfo.git,Path:kustomize,TargetRevision:,Helm:nil,Kustomize:&ApplicationSourceKustomize{NamePrefix:,NameSuffix:,Images:[],CommonLabels:map[string]string{},Version:,CommonAnnotations:map[string]string{secret-test: <path:k01.k8s.mylabs.dev-PodinfoSecret#podinfo_secret_message>,},ForceCommonLabels:false,ForceCommonAnnotations:false,Namespace:,CommonAnnotationsEnvsubst:false,Replicas:[]KustomizeReplica{},},Directory:nil,Plugin:nil,Chart:,Ref:,}/073f1ec5aff930bd3411d33534e91cbe23302324"
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=info msg="getRepoObjs stats" application=argocd/podinfo2 build_options_ms=0 helm_ms=0 plugins_ms=0 repo_ms=0 time_ms=11 unmarshal_ms=10 version_ms=0
argo-cd-argocd-repo-server-54d8954bfd-mctbl repo-server time="2023-06-03T11:28:48Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=GenerateManifest grpc.service=repository.RepoServerService grpc.start_time="2023-06-03T11:28:48Z" grpc.time_ms=1.513 span.kind=server system=grpc
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=debug msg="Retrieved live manifests" application=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=info msg="Skipping auto-sync: application status is Synced" application=argocd/podinfo2
argo-cd-argocd-notifications-controller-7749b5c5b4-gb5wf notifications-controller time="2023-06-03T11:28:48Z" level=info msg="Start processing" resource=argocd/podinfo2
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:28:48Z" level=debug msg="received update event from owning an application"
argo-cd-argocd-applicationset-controller-588b76448-k2pdf applicationset-controller time="2023-06-03T11:28:48Z" level=debug msg="requeue: false caused by application podinfo2\n"
argo-cd-argocd-notifications-controller-7749b5c5b4-gb5wf notifications-controller time="2023-06-03T11:28:48Z" level=debug msg="SyncStatus up-to-date (FinishedAt=2023-06-03 11:28:03 +0000 UTC, ReconciledAt=2023-06-03 11:28:03 +0000 UTC, Observed=0001-01-01 00:00:00 +0000 UTC" app=podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=info msg="Update successful" application=argocd/podinfo2
argo-cd-argocd-notifications-controller-7749b5c5b4-gb5wf notifications-controller time="2023-06-03T11:28:48Z" level=info msg="Processing completed" resource=argocd/podinfo2
argo-cd-argocd-application-controller-0 application-controller time="2023-06-03T11:28:48Z" level=info msg="Reconciliation completed" application=argocd/podinfo2 dedup_ms=0 dest-name= dest-namespace=podinfo2 dest-server="https://kubernetes.default.svc" diff_ms=11 fields.level=1 git_ms=11 health_ms=0 live_ms=0 settings_ms=0 sync_ms=0 time_ms=41

❯ kubectl get configmaps -n argocd argocd-cmp-cm -o yaml                                                                                                    ⎈ k01/argocd
apiVersion: v1
data:
  avp-helm.yaml: |
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: avp-helm
    spec:
      allowConcurrency: true
      discover:
        find:
          command:
          - sh
          - -c
          - find . -name 'Chart.yaml' && find . -name 'values.yaml'
      generate:
        command:
        - sh
        - -c
        - |
          helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE -f <(echo "$ARGOCD_ENV_helm_values") . |
          argocd-vault-plugin generate --verbose-sensitive-output -
      lockRepo: false
  avp-kustomize.yaml: |
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: avp-kustomize
    spec:
      allowConcurrency: true
      discover:
        find:
          command:
          - find
          - .
          - -name
          - kustomization.yaml
      generate:
        command:
        - sh
        - -c
        - kustomize build . | argocd-vault-plugin generate --verbose-sensitive-output -
      lockRepo: false
  avp.yaml: |
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: avp
    spec:
      allowConcurrency: true
      discover:
        find:
          command:
          - sh
          - -c
          - find . -name '*.yaml' | xargs -I {} grep "<path\|avp\.kubernetes\.io" {} | grep
            .
      generate:
        command:
        - argocd-vault-plugin
        - generate
        - --verbose-sensitive-output
        - .
      lockRepo: false
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: argo-cd
    meta.helm.sh/release-namespace: argocd
  creationTimestamp: "2023-06-03T11:26:42Z"
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: argocd-cmp-cm
    app.kubernetes.io/part-of: argocd
    helm.sh/chart: argo-cd-5.34.3
  name: argocd-cmp-cm
  namespace: argocd
  resourceVersion: "45517"
  uid: a2f85e36-1624-4c12-ad9a-81f5403d89a0

❯ kubectl get deployments.apps -n argocd argo-cd-argocd-repo-server -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
    meta.helm.sh/release-name: argo-cd
    meta.helm.sh/release-namespace: argocd
  creationTimestamp: "2023-06-03T11:26:44Z"
  generation: 1
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: argocd-repo-server
    app.kubernetes.io/part-of: argocd
    helm.sh/chart: argo-cd-5.34.3
  name: argo-cd-argocd-repo-server
  namespace: argocd
  resourceVersion: "45891"
  uid: 39374828-f8f4-4aff-b0ef-0cb2ac300fd2
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/instance: argo-cd
      app.kubernetes.io/name: argocd-repo-server
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        checksum/cmd-params: 1cb5093b9ad60f5b922cd45344817a68602339c21fd7f5f34f94327f03920a1a
      creationTimestamp: null
      labels:
        app.kubernetes.io/component: repo-server
        app.kubernetes.io/instance: argo-cd
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: argocd-repo-server
        app.kubernetes.io/part-of: argocd
        helm.sh/chart: argo-cd-5.34.3
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchLabels:
                  app.kubernetes.io/name: argocd-repo-server
              topologyKey: kubernetes.io/hostname
            weight: 100
      containers:
      - args:
        - /usr/local/bin/argocd-repo-server
        - --port=8081
        - --metrics-port=8084
        env:
        - name: AVP_TYPE
          value: awssecretsmanager
        - name: ARGOCD_RECONCILIATION_TIMEOUT
          valueFrom:
            configMapKeyRef:
              key: timeout.reconciliation
              name: argocd-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_LOGFORMAT
          valueFrom:
            configMapKeyRef:
              key: reposerver.log.format
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_LOGLEVEL
          valueFrom:
            configMapKeyRef:
              key: reposerver.log.level
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
          valueFrom:
            configMapKeyRef:
              key: reposerver.parallelism.limit
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_DISABLE_TLS
          valueFrom:
            configMapKeyRef:
              key: reposerver.disable.tls
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_TLS_MIN_VERSION
          valueFrom:
            configMapKeyRef:
              key: reposerver.tls.minversion
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_TLS_MAX_VERSION
          valueFrom:
            configMapKeyRef:
              key: reposerver.tls.maxversion
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_TLS_CIPHERS
          valueFrom:
            configMapKeyRef:
              key: reposerver.tls.ciphers
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_CACHE_EXPIRATION
          valueFrom:
            configMapKeyRef:
              key: reposerver.repo.cache.expiration
              name: argocd-cmd-params-cm
              optional: true
        - name: REDIS_SERVER
          valueFrom:
            configMapKeyRef:
              key: redis.server
              name: argocd-cmd-params-cm
              optional: true
        - name: REDIS_COMPRESSION
          valueFrom:
            configMapKeyRef:
              key: redis.compression
              name: argocd-cmd-params-cm
              optional: true
        - name: REDISDB
          valueFrom:
            configMapKeyRef:
              key: redis.db
              name: argocd-cmd-params-cm
              optional: true
        - name: REDIS_USERNAME
          valueFrom:
            secretKeyRef:
              key: redis-username
              name: argo-cd-argocd-redis
              optional: true
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              key: redis-password
              name: argo-cd-argocd-redis
              optional: true
        - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
          valueFrom:
            configMapKeyRef:
              key: reposerver.default.cache.expiration
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
          valueFrom:
            configMapKeyRef:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
          valueFrom:
            configMapKeyRef:
              key: reposerver.max.combined.directory.manifests.size
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
          valueFrom:
            configMapKeyRef:
              key: reposerver.plugin.tar.exclusions
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
          valueFrom:
            configMapKeyRef:
              key: reposerver.allow.oob.symlinks
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
          valueFrom:
            configMapKeyRef:
              key: reposerver.streamed.manifest.max.tar.size
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
          valueFrom:
            configMapKeyRef:
              key: reposerver.streamed.manifest.max.extracted.size
              name: argocd-cmd-params-cm
              optional: true
        - name: ARGOCD_GIT_MODULES_ENABLED
          valueFrom:
            configMapKeyRef:
              key: reposerver.enable.git.submodule
              name: argocd-cmd-params-cm
              optional: true
        - name: HELM_CACHE_HOME
          value: /helm-working-dir
        - name: HELM_CONFIG_HOME
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
        image: quay.io/argoproj/argocd:v2.7.2
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz?full=true
            port: metrics
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: repo-server
        ports:
        - containerPort: 8081
          name: repo-server
          protocol: TCP
        - containerPort: 8084
          name: metrics
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: metrics
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /app/config/ssh
          name: ssh-known-hosts
        - mountPath: /app/config/tls
          name: tls-certs
        - mountPath: /app/config/gpg/source
          name: gpg-keys
        - mountPath: /app/config/gpg/keys
          name: gpg-keyring
        - mountPath: /app/config/reposerver/tls
          name: argocd-repo-server-tls
        - mountPath: /helm-working-dir
          name: helm-working-dir
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
      - command:
        - /var/run/argocd/argocd-cmp-server
        image: quay.io/argoproj/argocd:v2.7.2
        imagePullPolicy: IfNotPresent
        name: avp
        resources: {}
        securityContext:
          runAsNonRoot: true
          runAsUser: 999
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          name: argocd-cmp-cm
          subPath: avp.yaml
        - mountPath: /usr/local/bin/argocd-vault-plugin
          name: custom-tools
          subPath: argocd-vault-plugin
      - command:
        - /var/run/argocd/argocd-cmp-server
        image: quay.io/argoproj/argocd:v2.7.2
        imagePullPolicy: IfNotPresent
        name: avp-helm
        resources: {}
        securityContext:
          runAsNonRoot: true
          runAsUser: 999
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          name: argocd-cmp-cm
          subPath: avp-helm.yaml
        - mountPath: /usr/local/bin/argocd-vault-plugin
          name: custom-tools
          subPath: argocd-vault-plugin
      - command:
        - /var/run/argocd/argocd-cmp-server
        image: quay.io/argoproj/argocd:v2.7.2
        imagePullPolicy: IfNotPresent
        name: avp-kustomize
        resources: {}
        securityContext:
          runAsNonRoot: true
          runAsUser: 999
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          name: argocd-cmp-cm
          subPath: avp-kustomize.yaml
        - mountPath: /usr/local/bin/argocd-vault-plugin
          name: custom-tools
          subPath: argocd-vault-plugin
      dnsPolicy: ClusterFirst
      initContainers:
      - command:
        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
        image: quay.io/argoproj/argocd:v2.7.2
        imagePullPolicy: IfNotPresent
        name: copyutil
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
      - args:
        - wget -O argocd-vault-plugin https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v${AVP_VERSION}/argocd-vault-plugin_${AVP_VERSION}_linux_${AVP_ARCHITECTURE}
          && chmod +x argocd-vault-plugin && mv argocd-vault-plugin /custom-tools/
        command:
        - sh
        - -c
        env:
        - name: AVP_VERSION
          value: 1.14.0
        - name: AVP_ARCHITECTURE
          value: arm64
        image: alpine:latest
        imagePullPolicy: Always
        name: download-tools
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: argocd-repo-server
      serviceAccountName: argocd-repo-server
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          defaultMode: 420
          name: argocd-cmp-cm
        name: argocd-cmp-cm
      - emptyDir: {}
        name: custom-tools
      - emptyDir: {}
        name: helm-working-dir
      - emptyDir: {}
        name: plugins
      - emptyDir: {}
        name: var-files
      - emptyDir: {}
        name: tmp
      - configMap:
          defaultMode: 420
          name: argocd-ssh-known-hosts-cm
        name: ssh-known-hosts
      - configMap:
          defaultMode: 420
          name: argocd-tls-certs-cm
        name: tls-certs
      - configMap:
          defaultMode: 420
          name: argocd-gpg-keys-cm
        name: gpg-keys
      - emptyDir: {}
        name: gpg-keyring
      - name: argocd-repo-server-tls
        secret:
          defaultMode: 420
          items:
          - key: tls.crt
            path: tls.crt
          - key: tls.key
            path: tls.key
          - key: ca.crt
            path: ca.crt
          optional: true
          secretName: argocd-repo-server-tls
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2023-06-03T11:27:15Z"
    lastUpdateTime: "2023-06-03T11:27:15Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2023-06-03T11:26:44Z"
    lastUpdateTime: "2023-06-03T11:27:15Z"
    message: ReplicaSet "argo-cd-argocd-repo-server-54d8954bfd" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

Thank you...

argoproj-labs / argocd-vault-plugin

AVP installed by ArgoCD Helm chart and AWS Secret Manager issue #515