-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How does the iam_role_arn get injected into the application template? #1
Comments
It is from the cluster generator. The cluster generator will use the secret object for the cluster it is generating the application from. If you have cluster A and cluster B both have the label saying they want this addon, it'll generate out the application with that context. You can read more about it here https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/ |
Ahhh, thanks. So the flow is like this, in order from top to bottom: An ArgoCD application yaml file is hardcoded in gitops-bridge-dev repo. This will be used for gitops_bridge_bootstrap later. Is there any other way to template out custom values into ArgoCD applications that you know of? I'm curious if the Cluster Generator is the only way or if I have other options. Relevant: argoproj/argo-cd#7189 |
Hi @Almenon, Thanks for looking at the gitops-bridge project Currently the argocd secret that stores the metadata in annotations, and triggers in labels is done from terraform, it really doesn't matter how the data is added to the cluster secret. You can also take the secret and have argocd deployed it if you put the argocd secret as yaml file in this location with the cluster name as folder if will be deploy then you can edit in git https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template/tree/main/clusters You can also store the metadata in git and extract with git generator. There are other methods people have use like a argocd plugin and the recent applicationset plugin For the first implementation of examples I wanted to use the most basic method that doesn't required a 3rd party plugin (enterprise customers sometimes can't use 3rd party dependencies) There is proposal to implement in argocd Proposal to introduce dynamic application parameter this is will be similar to the current method of extracting from cluster secret but instead from any secret/configmap |
The main question was answered |
In bootstrap/control-plane/addons/aws/addons-aws-csi-fsx-driver-appset.yaml there is a line of code
eks.amazonaws.com/role-arn: {{metadata.annotations.aws_fsx_csi_driver_iam_role_arn}}
. I know the metadata comes from the secret created by the gitops-bridge-bootstrap module, but I'm unclear on how argocd knows to use that secret when templating outmetadata.annotations.aws_fsx_csi_driver_iam_role_arn
.The text was updated successfully, but these errors were encountered: