Feed Helm values to Applications from Secrets

[raphink]

Summary

It would be useful to be able to dynamical pass multiple value files to ArgoCD applications via dynamic Secrets.

Motivation

Currently, the only ways to pass dynamic values to Applications is to use:

• parameters
• values

Both of these require to gather all values in a single scope (and potentially merge them since values is a string without support for YAML document streams).

Passing values from multiple scopes would be very useful.

Proposal

The proposal is to allow dynamic Secrets to be considered as value files based on labels. For example using these two Secrets:

kind: Secret
metadata:
  name: "foo-defaults"
  labels:
    argocd.argoproj.io/secret-type: helm-values
data:
  application: "foo"
  order: "01"
  values: |
    mykey: "myvalue"
    myotherkey: ["some", "values"]
---
kind: Secret
metadata:
  name: "foo-overrides"
  labels:
    argocd.argoproj.io/secret-type: helm-values
stringData:
  application: "foo"
  order: "70"
  values: |
    myotherkey: ["other", "value"]

would result in passing two additional value files 01_foo-defaults.yaml and 70_foo-overrides.yaml to the Helm template command.

In pseudo code, the logic could be equivalent to an ArgoCD Config management plugin doing something like:

list all secrets with label argocd.argoproj.io/secret-type="helm-values" | each $sec
  $app = $sec.data["application"]
  $order = $sec.data["order"] || 50

  cat $sec.data["values"] > values/${app}/${order}_${cm.name}.yaml
done

for each $app
  helm template . --name-template $ARGOCD_APP_NAME --namespace $ARGOCD_APP_NAMESPACE $HELM_ARGS -f 
  values/${app}/*.yaml -f - --include-crds"
done

[phajduk]

@raphink is it a dupe of https://github.com/argoproj/argo-cd/issues/1786 ?

[raphink]

Not really, as this proposal is for dynamic secrets based on a label, so these secrets don't need to be referenced in the Application.

[shanproofpoint]

This is very useful... one of the helm charts i am using requires data that is dynamically changing