1

We are trying to create an environment using crossplane and argocd. Once Crossplane generates the database and saves the credentials to a secret on the management cluster. After we are deploying the credentials from management cluster to our destination cluster to a secret.

Now we need to pass the credentials from secret a to secret B which the application knows about. The issue starts when argo do not use helm install but template thus lookup function don't work. We thought about using vault as a middle man but we are not sure how to load values from secret to vault.

Anyway if you encounter such an issue or have some sort of a solution we'll be very happy to hear. Thank you

guyl
  • 2,158
  • 4
  • 32
  • 58
  • 1
    Argo is really meant for GitOps, meaning your secret should be declarative. If your secret is generated by an application (dynamically), its not a great fit for replication via Argo bc you would need to commit it to git after its initialized. you should look towards `kubed` for secret replication! – LostJon Sep 10 '21 at 12:00

1 Answers1

0

You need to commit the (encrypted) secrets somewhere for ArgoCD to pick them up. That is the whole point of GitOps.

Alternatively you can try using https://argo-cd.readthedocs.io/en/stable/user-guide/parameters/ but this is considered a temporary workaround

kazanaki
  • 7,988
  • 8
  • 52
  • 79