Open fredcb opened 3 years ago
This should be possible, see the following article from RedHat (under the "ArgoCD Installation and Configuration" section): https://cloud.redhat.com/blog/how-to-use-hashicorp-vault-and-argo-cd-for-gitops-on-openshift
FROM argoproj/argocd:latest
# Switch to root for the ability to perform install
USER root
# Install tools needed for your repo-server to retrieve & decrypt secrets, render manifests
# (e.g. curl, awscli, gpg, sops)
RUN apt-get update && \
apt-get install -y \
curl \
awscli \
gpg && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install the AVP plugin (as root so we can copy to /usr/local/bin)
RUN curl -L -o argocd-vault-plugin https://github.com/IBM/argocd-vault-plugin/releases/download/v0.7.0/argocd-v
ault-plugin_0.7.0_linux_amd64
RUN chmod +x argocd-vault-plugin
RUN mv argocd-vault-plugin /usr/local/bin
# Switch back to non-root user
USER argocd
podman build -t pmo-argovault:v1.0 .
podman push localhost/pmo-argovault:v1.0 quay.io/pbmoses/pmo-argovault:v1.0
After the image is built and pushed to the registry,we will need to build a new ArgoCD instance including our custom repo image. You can utilize the ArgoCD create GUI or apply a manifest you have available. There area few things to note which need to be included in your manifest:
*Our repo will need “mountsatoken” present and the SA we created earlier
repo:
mountsatoken: true
serviceaccount: vplugin
*The image will be that which was pushed in the previous steps
image: quay.io/pbmoses/pmo-argovault
Version: v1.0
*Our config management plugin will need to be defined
configManagementPlugins: |-
- name: argocd-vault-plugin
generate:
command: ["argocd-vault-plugin"]
args: ["generate", "./"]
You set those configuration values up in the operator configuration when creating your ArgoCD instance.
I can't figure out how to add a volume mount and an init container during the setup process though. If you try to modify the argocd-repo-server
after the creation is overwritten since it's managed by argocd. It would be nice to be able to add those instead of having to build a manual image.
I can't figure out how to add a volume mount and an init container during the setup process though. If you try to modify the
argocd-repo-server
after the creation is overwritten since it's managed by argocd. It would be nice to be able to add those instead of having to build a manual image.
Casey, you have to utilize the custom image which is built and pushed to a registry, then specify when building your ACD. In other words, in the ACD configuration, you can specify a custom image on initial creation.
I haven't used the plugin in quite a while (since starting to use external-secrets). Speaking with complete transparency, I've spent a bit testing and evaluating tools since the original article, external-secrets in my opinion, it's a better overall approach to managing secrets and utilizing with ArgoCD/Git/Gitops Operator. There is an additional writeup here that walks us through it. :External Secrets Demo
@pbmoses I haven't looked into external secrets yet so I will give that a shot. Thank you for the recommendation!
Is your feature request related to a problem? Please describe. I'd like to find a way to add custom tools to Argo CD when using this operator. Describe the solution you'd like In Argo CD one can add extra custom tools as described here: https://argoproj.github.io/argo-cd/operator-manual/custom_tools/ I'd like to be able to do that when using the Red Hat operator version of Argo CD
Describe alternatives you've considered Either done by configuration at install time or be providing the ability to change path to the repo image to point to a customized image