Docker and helm-charts for ArgoCD with helm-secrets support
inspired by
- https://faun.pub/handling-kubernetes-secrets-with-argocd-and-sops-650df91de173
- https://github.com/ventx/argocd-helm-secrets/blob/master/Dockerfile
Version is equal to used arcocd base image.
Releases at https://hub.docker.com/r/evermind/argocd-helm-secrets
Use image evermind/argocd-helm-secrets:{version}
for your deployment.
- based on official docker from https://github.com/argoproj/argo-cd/
- support SOPS encrypted files in helm charts
- export gpg key
gpg --export-secret-keys YOUR_ID_HERE > private.key
- mount private key inside container to /home/argocd/gpg/gpg.asc
- argocd
- helm secrets plugin https://github.com/jkroepke/helm-secrets
- gpg
- sops https://github.com/mozilla/sops/releases/tag/v3.7.1
- Argocd creates seperate helm environment per call or deployment. So plugins installed by Dockerfile arn´t used. Set $HELM_PLUGINS in Dockerfile prevents this problem.
- Argocd uses the same image for various roles (server, repoServer ...). Helm secrets is needed in repoServer. So there also mounted gpg secrets required.
values.yaml
global:
# different repo for integration of helm secrets plugin
image:
repository: evermind/argocd-helm-secrets
tag: "latest"
imagePullPolicy: Always
[...]
repoServer:
extraArgs:
- --repo-cache-expiration 12h
## Additional volumeMounts for gpg key import
volumeMounts:
- name: gpg-secret
mountPath: /home/argocd/gpg
volumes:
- name: gpg-secret
secret:
secretName: gpg-key