lilly/argocd-kustomize-pass
1
0
Fork 0
Code Issues Pull requests Releases Packages Wiki Activity
ArgoCD with kustomize-pass plugin preinstalled
144 commits 1 branch 0 tags 136 KiB
Find a file
Exact
Renovate Bot bf5d69bbff Update quay.io/argoproj/argocd Docker tag to v3.2.1
2025-11-30 12:15:42 +00:00
.woodpecker fix typo in CI log 2025-06-26 17:27:25 +02:00
.gitignore add misc files 2022-06-21 16:38:54 +02:00
.pre-commit-config.yaml add pre-commit config 2022-06-24 16:12:08 +02:00
Dockerfile Update quay.io/argoproj/argocd Docker tag to v3.2.1 2025-11-30 12:15:42 +00:00
LICENSE add misc files 2022-06-21 16:38:54 +02:00
README.md remove special kustomize5 binary 2025-06-27 13:42:07 +02:00
renovate.json configure renovatebot 2022-06-21 16:46:43 +02:00

README.md

ArgoCD with kustomize-pass

This is a build-your-own-image of ArgoCD with the kustomize-pass plugin preinstalled. This effectively enables ArgoCD users to extract secrets from pass transparently and have them deployed by ArgoCD.

Supported ArgoCD Versions

The latest ArgoCD release is automatically rebuilt and published to the GitHub image registry. However, this really only includes the latest ArgoCD release. If you or your organisation needs another version, you will have to build the image yourself or use one of the older image tags if GitHub hasn't deleted it yet.

Usage

  1. This repository contains the source Dockerfile to build an image derived from quay.io/argoproj/argocd. You can either use the Dockerfile to build your own image or use the provided image from ghcr.io/lilioid/argocd-kustomize-pass.

    This repository does not contain helm charts or other ArgoCD related manifests. This means that, in order to use this, you will have to follow the upstream ArgoCD instructions in order to deploy it but instead of using the normal image, you will have to use this repositories image instead for the argocd-repo-server deployment.

  2. Additionally, you will need to configure ArgoCD a bit to allow kustomize-pass to work correctly:

    1. Create a gpg secret key and provide it to ArgoCD inside its gpg-keys volume. The file must be named like the key fingerprint. On startup, ArgoCD will automatically load all key files (public and secret) from here into a keyring.
    2. Set the environment variable XDG_DATA_HOME to some place that kustomize-pass can write files. This is required because the ArgoCD manifests run the container with a read-only filesystem by default. A possible value would be XDG_DATA_HOME=/tmp/data.
    3. Se the environment variable GNUPGHOME=/app/config/gpg/keys because that is where ArgoCD accumulates all keys during startup.

Usage Example

This project is used by Viva con Agua to deploy its ArgoCD. You can view the deployment configuration at the Viva-con-Agua/argocd-deploy repository.