Description
Hello,
I have a question regarding using the the image updater together with the argocd-vault-plugin.
The image updater can update argocd values directly if used in the following way:
project: project1
source:
repoURL: 'repo URL'
path: path
targetRevision: main
helm:
valueFiles:
- values.yaml
parameters:
- name: image.tag
value: v1
forceString: true
- name: image.repository
value: repo/image
- name: image.credentials
value: <path:secret-name#password>
values: 'ingress: testurl.com'
destination:
server: 'https://mycluster.com'
namespace: test
syncPolicy: {}
The annotations for image updater just need to "know" which parameter to replace.
I have opened a similar issue in the argo-vault-plugin github:
argoproj-labs/argocd-vault-plugin#333
Since the plugin allows to use the entire helm chart as an ENV value (so that the plugin command can replace the secrets values in the helm templating). Is there an option for the image updater to replace the values directly in the yaml manifest and not by parameter?
The plugin configuration is the following one:
- name: argocd-vault-plugin
init:
command: [sh, -c]
args: ["helm dependency build"]
generate:
command: ["bash", "-c"]
args: ['helm template "$ARGOCD_APP_NAME" -f <(echo "$HELM_VALUES") . | argocd-vault-plugin generate -s <namespace>:<secret with plugin configurations> -']
So we can have something similar to the following:
source:
repoURL: repo
targetRevision: 1.0.0
plugin:
name: test
env:
- name: HELM_VALUES
value: |
image.tag=v1
image.repository=repo/image
image.credentials=<path:secret-name#password>
In this case the image updater would crawl those HELM_VALUES and look for the corresponding entry to replace, for example the image.repository.
If the values are replaced, the argo-vault-plugin would still be able to helm template the values file to replace the needed secrets, but with this time with the latest image digest replaced by the image updater for example.
Thank you very much for the help