Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm values from secrets and configmaps #12060

Open
mkjpryor opened this issue Jan 20, 2023 · 10 comments
Open

helm values from secrets and configmaps #12060

mkjpryor opened this issue Jan 20, 2023 · 10 comments
Labels
enhancement New feature or request

Comments

@mkjpryor
Copy link

mkjpryor commented Jan 20, 2023
edited

Summary

I would like to be able to specify a configmap/secret and key containing Helm values for my application.

Motivation

I am using Argo to install Helm applications from a Helm repository, not a git repository, and am specifying values using the spec.source.helm.values field. However when my Helm values contain secrets, I would like to be able to keep them in a secret and reference the secret here instead.

More generally, it would be good to be able to specify multiple values sources from configmaps, secrets and inline blocks that are passed to Helm in the order they are defined.

Because of the way I am using ArgoCD as a backend for a user-facing system, it is not practical to use files in a git repository for this.

Proposal

I propose a new field spec.source.helm.valuesSources that can hold references to a configmap, secret or inline block, e.g.:

spec:
  source:
    helm:
      valuesSources:
        - configMap:
            name: my-configmap
            key: values
        - secret:
            name: my-secret
            key: values
        - inline: |
            inline:
              values: here

These values would be used at the same precedence as the current spec.source.helm.values block.
@mkjpryor mkjpryor added the enhancement New feature or request label Jan 20, 2023
@mkjpryor mkjpryor changed the title helm values from secret helm values from secrets and configmaps Jan 20, 2023
@blakepettersson
Copy link
Member

This could be addressed with #12050

@crenshaw-dev
Copy link
Collaborator

Personally I'd want to add HTTPS and auth for both repo-server and Redis before enabling this. Those should be bare minimum protections for services which serve secrets.

@mkjpryor
Copy link
Author

@crenshaw-dev Agreed, those things would be nice. However at the moment the only option for a case like this with no associated Git repo is to put secret data in plain-text in the Argo Application spec which is also not ideal.

@infa-msheik
Copy link

+1
need this feature ASAP.

@JordanYefet
Copy link

+1
It would be incredibly useful to have the ability to pass dynamic values from an external resource, such as Terraform (TF). Currently, we are creating ConfigMaps (CMs) and secrets with values from TF resources and utilizing a mid-script to place them inside Argo applications. However, this process is not very convenient.

@patrostkowski
Copy link

+1 this would be incredibly useful!

@AnhQuanTrl
Copy link

This feature is a must haves for bridging the gap between ArgoCD and Terraform resoures.

@matmitch
Copy link

+1 this feature would be so useful !

@vijaySamanuri
Copy link

Is this Addressed?

@AnhQuanTrl
Copy link

Currently I am using the Argocd Vault Plugin. From terraform I created a secret in the argocd namespace that contains all the terraform values that I want to export. Then in ArgoCD git repository, I use this plugin to reference these values in my yaml. It works fine for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@crenshaw-dev @mkjpryor @blakepettersson @vijaySamanuri @AnhQuanTrl @JordanYefet @patrostkowski @infa-msheik @matmitch