In this Article I will show about how to install ArgoCD and use plugin for keep and render secret for vault in somewhere.
Objective
- Create GKE Cluster
- Install ArgoCD
- Expose ArgoCD with external LoadBalancer
- Install ArgoCD Valut Plugin on local machine
- Render secret from Google Secret Manager
- Install ArgoCD Valut Plugin on ArgoCD via configmap
- Create ArgoCD Application for self healing and updating
- Configure plugin via sidecar
- Install application
Prerequisite
- helm3
Create GKE Cluster
kubectl get nodes
Install ArgoCD
git clone https://github.com/dounpct/argocd-deployment.git- check version argocd
helm repo add argo-cd https://argoproj.github.io/argo-helm
helm repo update
helm search repo argo-cd/argo-cd
NAME CHART VERSION APP VERSION DESCRIPTION
argo-cd/argo-cd 5.16.13 v2.5.5 A Helm chart for Argo CD, a declarative, GitOps...- now version 5.16.13
structure
we will deploy ArgoCD with helm that will extend original argo-cd chart
- create main folder argocd-deployment
- create sub folder argocd
- in folder argocd have folder templates values and file Chart.yaml value.yaml and so on
- Chart.yaml
apiVersion: v2
name: helm-argocd-cicd
description: A Helm chart for Kubernetes
type: application
version: 1.0.1
appVersion: 1.16.0
dependencies:
- name: argo-cd
version: 5.16.13
repository: https://argoproj.github.io/argo-helm- cd into folder argocd
- test rendor helm from argo-cd chart
helm dep update
helm template argocd -n argocd .
- we can deploy ArgoCD with default value but we will have extend more value file
- create values.yaml in folder values this values.yaml will override https://github.com/argoproj/argo-helm/blob/argo-cd-5.16.12/charts/argo-cd/values.yaml or we can show value
helm show values argo-cd/argo-cd
values/values.yaml
fullnameOverride: argocd- render helm with override values.yaml
helm template argocd -n argocd . -f values/values.yaml- create namespace argocd
kubectl create ns argocd- deploy helm with override values.yaml
helm template argocd -n argocd . -f values/values.yaml | kubectl -n argocd apply -f -
- check resource
kubectl get all -n argocd
- get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d- expose service via port-forward
kubectl port-forward service/argocd-server -n argocd 3333:80
- open browser url: localhost:3333
- login with admin and password
Expose ArgoCD with external LoadBalancer
- first your need to look into helm value with parameter about server and about service in https://github.com/argoproj/argo-helm/blob/argo-cd-5.16.12/charts/argo-cd/values.yaml
- add service type LoadBalancer in values/values.yaml
argo-cd:
server:
service:
type: LoadBalancer
- test render and apply
helm template argocd -n argocd . -f values/values.yaml
helm template argocd -n argocd . -f values/values.yaml | kubectl -n argocd apply -f -- check service
kubectl get svc -n argocd- wait for GKE give external ip to service
- now you can access ArgoCD not only with external-ip but also domain name that point to this ip
Note: you can also install ingress such Nginx ingress and route to service
Install ArgoCD Valut Plugin on local machine
ArgoCD Valut Plugin retrieve secrets from various Secret Management tools HashiCorp Vault ,Google Secrets Manager, AWS Secrets Manager, etc. and inject them into Kubernetes resources
curl -Lo argocd-vault-plugin https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.13.1/argocd-vault-plugin_1.13.1_linux_amd64
chmod +x argocd-vault-plugin
sudo mv argocd-vault-plugin /usr/local/binRender secret from Google Secret Manager
- in this example I will keep secret in Google Secrets Manager
- in GCP Project select product → Security → Secret Manager
- create test secret
- secret will create with secret path projects/362159383816/secrets/test_secret
- test render secret
- create test.yaml in folder values
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: test-secret1
stringdata:
key1: <path:projects/362159383816/secrets/test_secret#test_secret>
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: test-secret2
data:
key1: <path:projects/362159383816/secrets/test_secret#test_secret | base64encode>
export GOOGLE_APPLICATION_CREDENTIALS="path-to-your-google-service-account-key/key.json"
export AVP_TYPE=gcpsecretmanagerargocd-vault-plugin generate ./values/test.yam
Install ArgoCD Valut Plugin on ArgoCD via ConfigMap
- create secret in Secret Manager
name : google_credentials_json
and upload file google json secret
- create secret.yaml in folder templates
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: argocd-vault-profiles
data:
google_credentials.json: <path:projects/362159383816/secrets/google_credentials_json#google_credentials_json | base64encode>
- test render secret
argocd-vault-plugin generate ./templates/secret.yaml
- test chart with templates
helm template argocd -n argocd . -f values/values.yaml | argocd-vault-plugin generate -
- test chart with templates only secret in folder templates
helm template argocd -n argocd . -f values/values.yaml -s templates/secret.yaml | argocd-vault-plugin generate -
- deploy ArgoCD
helm template argocd -n argocd . -f values/values.yaml | argocd-vault-plugin generate - | kubectl -n argocd apply -f -- check secret be deployed
kubectl get secret/argocd-vault-profiles -n argocd -o yaml
- update repoServer in folder values/values.yaml for install argocd-vault-plugin
step
- pod repoServer create share volumes name custom-tools-avp with emptyDir
- pod repoServer mount share volumes to path /usr/local/bin/argocd-vault-plugin
- initContainers mount share volumesto path /custom-tools-avp
- initContainers download argocd-vault-plugin and move to /custom-tools-avp
- it mean in repoServer can run argocd-vault-plugin command anywhere
repoServer:
volumes:
- name: custom-tools-avp
emptyDir: {}
initContainers:
- name: download-tools-avp
image: alpine:3.8
command: [sh, -c]
args:
- >-
wget -O argocd-vault-plugin
https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.13.1/argocd-vault-plugin_1.13.1_linux_amd64 &&
chmod +x argocd-vault-plugin &&
mv argocd-vault-plugin /custom-tools-avp/
volumeMounts:
- mountPath: /custom-tools-avp
name: custom-tools-avp
volumeMounts:
- name: custom-tools-avp
mountPath: /usr/local/bin/argocd-vault-plugin
subPath: argocd-vault-plugin- update repoServer in folder values/values.yaml for install argocd-vault-plugin
step
- pod repoServer create volumes name argocd-vault-profiles from secret argocd-vault-profiles that we already created
- pod repoServer mount volumes to path /app/config/avp
- inject env AVP_TYPE for setting argocd-vault-plugin to connect secret with google secret manager
- inject env GOOGLE_APPLICATION_CREDENTIALS for having credential to connect google cloud resource
repoServer:
volumes:
- name: argocd-vault-profiles
secret:
secretName: argocd-vault-profiles
volumeMounts:
- mountPath: /app/config/avp
name: argocd-vault-profiles
readOnly: true
env:
- name: "GODEBUG"
value: "x509ignoreCN=0"
- name: "AVP_TYPE"
value: "gcpsecretmanager"
- name: "GOOGLE_APPLICATION_CREDENTIALS"
value: "/app/config/avp/google_credentials.json"- create configmap in pod argocd server to use ArgoCD Vault Plugin.
configs:
cm:
configManagementPlugins: |-
- name: avp-gsm-git
init:
command: ["/bin/sh", "-c"]
args: ["$ARGOCD_ENV_INIT_ARGS"]
generate:
command: [sh, -c]
args: ["$ARGOCD_ENV_ARG_PARAMETERS | argocd-vault-plugin generate - "]
- name: avp-gsm-yaml
generate:
command: [sh, -c]
args: ["argocd-vault-plugin generate ./ "] - so we have 2 plugin name
- avp-gsm-git use for render helm repo
- avp-gsm-yaml use for render yaml manifest
- now all values/values.yaml
fullnameOverride: argocd
argo-cd:
server:
service:
type: LoadBalancer
configs:
cm:
configManagementPlugins: |-
- name: avp-gsm-git
init:
command: ["/bin/sh", "-c"]
args: ["$ARGOCD_ENV_INIT_ARGS"]
generate:
command: [sh, -c]
args: ["$ARGOCD_ENV_ARG_PARAMETERS | argocd-vault-plugin generate - "]
- name: avp-gsm-yaml
generate:
command: [sh, -c]
args: ["argocd-vault-plugin generate ./ "]
repoServer:
volumes:
- name: custom-tools-avp
emptyDir: {}
- name: argocd-vault-profiles
secret:
secretName: argocd-vault-profiles
initContainers:
- name: download-tools-avp
image: alpine:3.8
command: [sh, -c]
args:
- >-
wget -O argocd-vault-plugin
https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.13.1/argocd-vault-plugin_1.13.1_linux_amd64 &&
chmod +x argocd-vault-plugin &&
mv argocd-vault-plugin /custom-tools-avp/
volumeMounts:
- mountPath: /custom-tools-avp
name: custom-tools-avp
volumeMounts:
- name: custom-tools-avp
mountPath: /usr/local/bin/argocd-vault-plugin
subPath: argocd-vault-plugin
- mountPath: /app/config/avp
name: argocd-vault-profiles
readOnly: true
env:
- name: "GODEBUG"
value: "x509ignoreCN=0"
- name: "AVP_TYPE"
value: "gcpsecretmanager"
- name: "GOOGLE_APPLICATION_CREDENTIALS"
value: "/app/config/avp/google_credentials.json"
- test chart with updated values
helm template argocd -n argocd . -f values/values.yaml | argocd-vault-plugin generate -
- deploy ArgoCD
helm template argocd -n argocd . -f values/values.yaml | argocd-vault-plugin generate - | kubectl -n argocd apply -f -
- check pod Server and repoServer running
kubectl get pod -n argocd
- test plugin in pod argocd-repo-server
kubectl exec -it -n argocd argocd-repo-server-5dfd9f9d46-284b9 -c repo-server argocd-vault-plugin
Create ArgoCD Application for self healing and updating
- create projects.yaml in folder templates with all permission
{{- range .Values.projects }}
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: {{ .projectName }}
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
destinations:
- namespace: '*'
server: '*'
sourceRepos:
- '*'
{{- end -}}- create applications.yaml in folder templates
{{- range .Values.applications }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .applicationName }}
spec:
{{- .settings | toYaml | nindent 2 -}}
{{- end -}}- add project and applications in values/values.yaml
projects:
- projectName: root-applications
description: Manage ArgoCD Project and Applications
- projectName: argocd
description: ArgoCD Project
applications:
- applicationName: app-of-apps-global
settings:
project: root-applications
source:
repoURL: 'https://github.com/dounpct/argocd-deployment.git'
path: 'applications'
targetRevision: master
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
- in root folder create folder applications and create file apps-argocd.yaml
- create Application argocd-cicd
step
- project argocd
- have destination incluster and namespace argocd
- repo contain ArgoCD chart that we already install
- use plugin name avp-gsm-git
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd-cicd
spec:
project: argocd
destination:
namespace: argocd
server: 'https://kubernetes.default.svc'
source:
path: 'argocd'
repoURL: 'https://github.com/dounpct/argocd-deployment.git'
targetRevision: master
plugin:
name: avp-gsm-git
env:
- name: INIT_ARGS
value: "helm dep update"
- name: ARG_PARAMETERS
value: "helm template argocd -n argocd . -f values/values.yaml "
syncPolicy: {}- test chart with updated values
helm template argocd -n argocd . -f values/values.yaml | argocd-vault-plugin generate -
- deploy ArgoCD
helm template argocd -n argocd . -f values/values.yaml | argocd-vault-plugin generate - | kubectl -n argocd apply -f -
- check Application in ArgoCD
- SYNC
- Note argocd-cm plugins (CMPs) are deprecated (now version v2.5.5)
ArgoCD in our office use CMP since v2.2.5 up until now v2.5.5
Starting with Argo CD v2.5, installing config management plugins (CMPs) via the argocd-cm ConfigMap is deprecated. Support will be removed in v2.6.
Sidecar plugins are significantly more secure. So let move to Sidecar 😐
ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.4-2.5/
Configure plugin via sidecar
- in folder template create cmp.yaml for configmap that will have step to create plugin data
- plugin-helm that will use render helm custom helm charts and application will use that plugin when have values.yaml in folder values
- plugin-yaml that will use render only yaml manifests and application will use that plugin when have *.yaml in at application repository
- we can create more plugin such as for kustomize , other style of generate yaml manifest , connect to vault , connect with different team credential that we need to have more sidecar too
apiVersion: v1
kind: ConfigMap
metadata:
name: cmp-plugin
data:
plugin-helm: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: cmp-plugin-helm
spec:
version: v1.0
init:
command: [/bin/sh, -c, "$ARGOCD_ENV_INIT_ARGS"]
generate:
command: [sh, -c, "$ARGOCD_ENV_ARG_PARAMETERS | argocd-vault-plugin generate - "]
discover:
find:
command: [sh, -c, find ./values -name values.yaml]
plugin-yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: cmp-plugin-yaml
spec:
version: v1.0
generate:
command: [sh, -c, "argocd-vault-plugin generate ."]
discover:
find:
command: [sh, -c, find . -name *.yaml]4. Anothor example of discover: for all plain yaml
plugin-yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: cmp-plugin-yaml
spec:
version: v1.0
generate:
command: [sh, -c, "argocd-vault-plugin generate ."]
discover:
find:
command: [sh, -c, find ./plugin -name cmp-plugin-yaml.yaml]
- in values/values
- disable cfm in server
- create 2 sidecar cmp-helm that will point to plugin-helm and mountPath to custom-tools-avp and have env to connect to Google Secret Manager
fullnameOverride: argocd
argo-cd:
server:
service:
type: LoadBalancer
##### change from argocd-cm plugins to sidecar
# configs:
# cm:
# configManagementPlugins: |-
# - name: avp-gsm-git
# init:
# command: ["/bin/sh", "-c"]
# args: ["$ARGOCD_ENV_INIT_ARGS"]
# generate:
# command: [sh, -c]
# args: ["$ARGOCD_ENV_ARG_PARAMETERS | argocd-vault-plugin generate - "]
# - name: avp-gsm-yaml
# generate:
# command: [sh, -c]
# args: ["argocd-vault-plugin generate . "]
repoServer:
volumes:
- name: custom-tools-avp
emptyDir: {}
- name: argocd-vault-profiles
secret:
secretName: argocd-vault-profiles
- configMap:
name: cmp-plugin
name: cmp-plugin
- emptyDir: {}
name: cmp-tmp
initContainers:
- name: download-tools-avp
image: alpine:3.8
command: [sh, -c]
args:
- >-
wget -O argocd-vault-plugin
https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.13.1/argocd-vault-plugin_1.13.1_linux_amd64 &&
chmod +x argocd-vault-plugin &&
mv argocd-vault-plugin /custom-tools-avp/
volumeMounts:
- mountPath: /custom-tools-avp
name: custom-tools-avp
extraContainers:
- name: cmp-helm
command: [/var/run/argocd/argocd-cmp-server] # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server
image: quay.io/argoproj/argocd:v2.5.5 # I test with busybox image then error about connect to google secret manager with X509
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
# Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
- mountPath: /home/argocd/cmp-server/config/plugin.yaml
subPath: plugin-helm
name: cmp-plugin
- mountPath: /tmp
name: cmp-tmp
- name: custom-tools-avp
mountPath: /usr/local/bin/argocd-vault-plugin
subPath: argocd-vault-plugin
- mountPath: /app/config/avp
name: argocd-vault-profiles
readOnly: true
env:
- name: "GODEBUG"
value: "x509ignoreCN=0"
- name: "AVP_TYPE"
value: "gcpsecretmanager"
- name: "GOOGLE_APPLICATION_CREDENTIALS"
value: "/app/config/avp/google_credentials.json"
- name: cmp-yaml
command: [/var/run/argocd/argocd-cmp-server] # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server
image: quay.io/argoproj/argocd:v2.5.5 # I test with busybox image then error about connect to google secret manager with X509
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
# Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
- mountPath: /home/argocd/cmp-server/config/plugin.yaml
subPath: plugin-yaml
name: cmp-plugin
- mountPath: /tmp
name: cmp-tmp
- name: custom-tools-avp
mountPath: /usr/local/bin/argocd-vault-plugin
subPath: argocd-vault-plugin
- mountPath: /app/config/avp
name: argocd-vault-profiles
readOnly: true
env:
- name: "GODEBUG"
value: "x509ignoreCN=0"
- name: "AVP_TYPE"
value: "gcpsecretmanager"
- name: "GOOGLE_APPLICATION_CREDENTIALS"
value: "/app/config/avp/google_credentials.json"
projects:
- projectName: root-applications
description: Manage ArgoCD Project and Applications
- projectName: argocd
description: ArgoCD Project
- projectName: dev-app
description: dev-app Project
applications:
- applicationName: app-of-apps-global
settings:
project: root-applications
source:
repoURL: 'https://github.com/dounpct/argocd-deployment.git'
path: 'applications'
targetRevision: master
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=trueNote: if you need to connect to Hashicorp Vault you need to change
env:
- name: "GODEBUG"
value: "x509ignoreCN=0"
- name: "AVP_TYPE"
value: "gcpsecretmanager"
- name: "GOOGLE_APPLICATION_CREDENTIALS"
value: "/app/config/avp/google_credentials.json"to
env:
- name: "GODEBUG"
value: "x509ignoreCN=0"
- name: "VAULT_ADDR"
value: "https://xxxx.com"
- name: "AVP_TYPE"
value: "vault"
- name: "AVP_AUTH_TYPE"
value: "approle"
- name: "VAULT_NAMESPACE"
value: "devops"
envFrom:
- secretRef:
name: vault-roleid-secretidDo not direct use roleid and secretid from render of ArgoCD vault plugin
to env because it will reveal credential when you render with ArgoCD
on ArgoCD UI. use create from secret vault-roleid-secretid is better
- for sidecar we don’t have plugin name in Application because we have discover to check what application use each plugin
- add more apps-dev-app.yaml in folder applications that will render to folder dev-app
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dev-app
spec:
project: dev-app
source:
repoURL: 'https://github.com/dounpct/argocd-deployment.git'
path: dev-app
targetRevision: master
plugin: {}
destination:
server: 'https://kubernetes.default.svc'
namespace: dev-app
syncPolicy:
syncOptions:
- CreateNamespace=true- create dev-app folder and simple secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: secret-dev-app
data:
test_secret: <path:projects/362159383816/secrets/test_secret#test_secret | base64encode>
test_secret2: <path:projects/362159383816/secrets/test_secret#test_secret | base64encode>
test_secret3: <path:projects/362159383816/secrets/test_secret#test_secret | base64encode>
- in this structure it show argocd will use sidecar cmp-helm and dev-app will use sidecar cmp-yaml
- deploy argocd again
helm template argocd -n argocd . -f values/values.yaml | argocd-vault-plugin generate - | kubectl -n argocd apply -f -- restart repo server
kubectl rollout restart deployment.apps/argocd-repo-server -n argocd- check pod create
watch kubectl get pod -n argocd
Install application
in this example I will setup Promethus with Argocd
- create project.yaml in folder applications
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: monitoring
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
destinations:
- namespace: prometheus
server: https://kubernetes.default.svc
sourceRepos:
- '*'
---- create apps-monitoring.yaml in folder applications
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus
spec:
project: monitoring
source:
path: 'prometheus'
repoURL: 'https://github.com/dounpct/argocd-deployment.git'
targetRevision: master
plugin:
env:
- name: INIT_ARGS
value: "helm dep update"
- name: ARG_PARAMETERS
value: "helm template prometheus -n prometheus . -f values/values.yaml "
destination:
server: https://kubernetes.default.svc
namespace: prometheus
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
# we can override value from production prometheus
- name: ARG_PARAMETERS
value: "helm template prometheus -n prometheus . -f values/values.yaml -f values/values-production.yaml"- create forlder prometheus that have same structure with folder argocd , templates , values/vaules.yaml , Chart.yaml values.yaml
- check version charts prometheus
helm repo add prometheus https://prometheus-community.github.io/helm-charts
helm repo update
helm search repo prometheus/prometheus
prometheus/prometheus 19.2.2 v2.41.0 Prometheus is a monitoring system and time seri...- Chart.yaml
apiVersion: v2
name: helm-prometheus
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 1.16.0
dependencies:
- name: prometheus
version: 19.2.2
repository: https://prometheus-community.github.io/helm-chartscd prometheus
helm dep update
- add vaules/values.yaml
prometheus:
server:
persistentVolume:
size: 20Gi
retention: "1000d"
strategy:
type: Recreate
extraFlags:
- storage.tsdb.retention.size=2GB
- web.enable-lifecycle- test render prometheus in same concept with ArgoCD and should no error
helm template prometheus -n prometheus . -f values/values.yaml | argocd-vault-plugin generate -
- commit code to git and let ArgoCD deploy
Note : for my experience in ArgoCD
- I have deploy both GCP RKE Openshift4 that all is well
- I have nonprod and prod cluster
- each cluster have each ArgoCD but use same repo of ArgoCD Manifest
- I use value.yaml for value that will use all environment and in folder values I have value-dev.yaml value-alpha.yaml value.preprod.yaml and vaule-prod.yaml but some easy application have only one value.yaml
- I use develop branch for update Application in dev alpha preprod and master branch for update Application in prod
- I use application set for iteration
- I have create RBAC for limit authority of each team from project
- I have connect with LDAP
- when ArgoCD error about manifest let back to test render on local machine to verify that can render with not miss something such no path secret in vault
- I love ArgoCD
I will share more experience and concept about ArgoCD or Application that install with ArgoCD in the future
more reference : https://github.com/argoproj-labs/argocd-vault-plugin/tree/main/manifests/cmp-sidecar
— — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Credit : TrueDigitalGroup
— — — — — — — — — — — — — — — — — — — — — — — — — — — — —
