Templating secret values into metadata #1671
Description
We ran into this issue when migrating from KES to ESO.
Describe the solution you'd like
Short: we need the values of the secret also in plaintext in the metadata of the secret.
When we provision an EKS cluster in AWS we have some values (eg awsAccountId, cluster endpoint) we need in ArgoCD for templating over there: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/
So we use the AWS Secret Manager, we fill a secret with values when deploying the environment and use KES to get the secret to our k8s cluster and use the labels and annotations in the metadata of the secret in ArgoCD.
In KES templating this was possible but atm in ESO it is not and this breaks our migration to ESO.
What is the added value?
Getting variables of our env into our ArgoCD environment so we can use those in templates/helm charts for our applications.
Example KES secret:
template:
metadata:
labels:
argocd.argoproj.io/secret-type: cluster
environment: <%= data.environment %>
annotations:
AwsAccountId: <%= data.AwsAccountId %>
Cert: <%= data.wildcardCertAcmArn %>
OidcUrl: <%= data.OidcUrl %>
VpcId: <%= data.VpcId %>
Result:
Name: secretname
Namespace: argo-cd
Labels: argocd.argoproj.io/secret-type=cluster
environment=dev
Annotations:
AwsAccountId: 1234567890
Cert: arn:aws:acm:eu-west-1:1234567890:certificate/1234
OidcUrl: oidc.eks.eu-west-1.amazonaws.com/id/1234567890
VpcId: vpc-1234567890
Type: Opaque
Data
====
wildcardCertAcmArn: 83 bytes
AwsAccountId: 12 bytes
VpcId: 21 bytes
OidcUrl: 68 bytes
environment: 3 bytes
If you need additional information, please let me know.