Skip to content

matrix-org/docker-argocd

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Argo CD Docker Image

This Argo CD Docker Image contains the necessary tools to make use of Helm value files encrypted using Sops.

The following tools have been added to the image:

Helm Sops is installed to transparently wrap Helm. This way, there is no need to configure a custom tool in Argo CD and native Helm functionalities can still be used (such as valueFiles or values).

Argo CD repository server binary is wrapped by a shell script which can import a GPG private key if it exists. The key must be located at /app/config/gpg/privkey.asc.

Usage

Encrypting Helm value files

Read Helm Sops documentation to start using Helm encrypted value files.

Deploying Argo CD using the Helm chart

Using the custom image

To use this custom image when deploying Argo CD using the Helm chart, add the following lines to the chart value file:

global:
  image:
    repository: "camptocamp/argocd"
    tag: "v2.3.4_c2c.1"

Using Sops with a GPG key

In order to use Sops with a GPG key, add the following lines to the chart value file:

global:
  securityContext:
    fsGroup: 2000

repoServer:
  volumes:
    - name: "gpg-private-key"
      secret:
        secretName: "argocd-secret"
        items:
          - key: "gpg.privkey.asc"
            path: "privkey.asc"
        defaultMode: 0600
  volumeMounts:
    - name: "gpg-private-key"
      mountPath: "/app/config/gpg/privkey.asc"
      subPath: "privkey.asc"

and add the following lines to an encrypted value file (the GPG private key can be exported by running gpg --export-secret-keys --armor <key ID>:

configs:
  secret:
    extra:
      gpg.privkey.asc: |
        -----BEGIN PGP PRIVATE KEY BLOCK-----
        
        ...
        -----END PGP PRIVATE KEY BLOCK-----

Using Sops with an AWS KMS key

In order to use Sops with an AWS KMS key and if instance profiles cannot be used, add the following lines to the chart value file:

repoServer:
  env:
    - name: "AWS_ACCESS_KEY_ID"
      valueFrom:
        secretKeyRef:
          name: "argocd-secret"
          key: "aws.accessKeyId"
    - name: "AWS_SECRET_ACCESS_KEY"
      valueFrom:
        secretKeyRef:
          name: "argocd-secret"
          key: "aws.secretAccessKey"

and add the following lines to an encrypted value file (create a dedicated IAM Access Key):

configs:
  secret:
    extra:
      aws.accessKeyId: <Access Key ID>
      aws.secretAccessKey: <Secret Access Key>

Example application

An example application as well as an example Argo CD setup to deploy it can be found here.

About

No description, website, or topics provided.

Resources

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Languages

  • Shell 80.2%
  • Dockerfile 19.8%