Argo CD
How to install and use the CloudTruth Argo CD Plugin
This walkthrough shows you how to use CloudTruth parameters and secrets in Argo CD directly from our Argo CD plugin.
The CloudTruth plugin solves how to handle secrets management with Argo CD. When the plugin is installed in your application it will replace any references following the format
<parameter>
in your GitOps yaml files.You can run an automated installer that will install the plugin in your Argo CD installation.
curl -s https://raw.githubusercontent.com/cloudtruth/argocd-cloudtruth-plugin/main/install/setup.sh | sh
Provide the installer with the following CloudTruth parameters:
Parameter | Value |
---|---|
Provides access to your CloudTruth org | |
Specifies a targeted Environment | |
Specifies a targeted project | |
Specifies a targeted tag |
The installer will perform the following to configure the plugin in your Argo CD installation:
- 1.Create a K8s
secret
with the provided parameters in the Argo namespace. - 2.
- 3.Restart the Argo CD repo server to pick up the changes.
Now that the plugin is installed, you can reference CloudTruth config in your app config files. The plugin is enabled for your argocd application in a gitops fashion by creating the file
.argocd-cloudtruth-plugin
in the root of your Application's repo, or in a subdirectory if you qualify that repo with a path. The file can be empty or contain a yaml dictionary to override the plugin's configuration for that repo.The new plugin sidecar mechanism prevents one from using the UI or CLI to enable a plugin if the gitops style enablement is in place. If the gitops style is not for you, you can still force enablement by manually defining the Application manifest.

With the new sidecar plugin scheme, the Argo CLI does not allow you to create apps with the plugin enabled, however, you can create an app and the plugin will automatically be enabled for it if the repo contains the trigger file
.argocd-cloudtruth-plugin
The following are a few examples of using the CloudTruth plugin with the Argo CLI.argocd app create YOUR_APP --repo https://github.com/YOUR_REPO --path cloudtruth-plugin --dest-server YOUR_K8S_SERVER --dest-namespace default
Create an application and specify a specific project:
argocd app create YOUR_APP --repo https://github.com/YOUR_REPO --path cloudtruth-plugin --dest-server YOUR_K8S_SERVER --dest-namespace default --plugin-env CLOUDTRUTH_PROJECT=YOUR_CLOUDTRUTH_PROJECT
Create an application and specify a specific project and environment:
argocd app create YOUR_APP --repo https://github.com/YOUR_REPO --path cloudtruth-plugin --dest-server YOUR_K8S_SERVER --dest-namespace default --plugin-env CLOUDTRUTH_PROJECT=YOUR_CLOUDTRUTH_PROJECT --plugin-env CLOUDTRUTH_ENVIRONMENT=YOUR_CLOUDTRUTH_ENVIRONMENT
Add the plugin to existing apps by adding the trigger file
.argocd-cloudtruth-plugin
to your Application's repo:To update a plugin parameter value to existing app:
argocd app set YOUR_APP --plugin-env CLOUDTRUTH_ENVIRONMENT=YOUR_CLOUDTRUTH_ENVIRONMENT
Here is an example use case with the Argo CD plugin that populates a ConfigMap with values pulled from CloudTruth while deploying an application in a GitOps workflow.
The ConfigMap substitutes data values from CloudTruth using the default substitution format
<YOUR_PARAM_NAME>
.kind: ConfigMap
apiVersion: v1
metadata:
name: flask-map
data:
FLASK_APP: "<FLASK_APP>"
FLASK_ENV: "<FLASK_ENV>"
FLASK_MESSAGE: "<FLASK_MESSAGE>"
FLASK_RUN_HOST: "<FLASK_RUN_HOST>"
FLASK_RUN_PORT: "<FLASK_RUN_PORT>"
IMAGE: "<IMAGE>"
cloudtruth projects set flask
cloudtruth --project flask parameters set FLASK_APP -v "flaskdemo.py"
cloudtruth --project flask parameters set FLASK_DEBUG -v "True"
cloudtruth --project flask parameters set FLASK_ENV -v "development"
cloudtruth --project flask parameters set FLASK_MESSAGE -v "Configuration Management for default"
cloudtruth --project flask parameters set FLASK_RUN_HOST -v "0.0.0.0"
cloudtruth --project flask parameters set FLASK_RUN_PORT -v "3000"
cloudtruth --project flask parameters set IMAGE -v CloudTruth.jpg
Deploy the app with the following Argo CLI command:
argocd app create flask --repo https://github.com/cloudtruth/blog-examples --path argo-flask/cloudtruth-plugin --dest-server https://kubernetes.default.svc --dest-namespace default --plugin-env CLOUDTRUTH_ENVIRONMENT=production
The
argocd app create
is broken down into the following commands. The --plugin-env
commands specify the CloudTruth environment to get values from. The project name for the plugin is read from the .argocd-cloudtruth-plugin
file in the repo.Command | Value |
---|---|
--repo | |
--path | argo-flask/cloudtruth-plugin |
--dest-server | https://kubernetes.default.svc |
--dest-namespace | default |
--plugin-env | CLOUDTRUTH_ENVIRONMENT=production |
Verify the ConfigMap has values from the configured CloudTruth project with the
manifests
command:argocd app manifests flask
---
apiVersion: v1
data:
FLASK_APP: flaskdemo.py
FLASK_ENV: development
FLASK_MESSAGE: Configuration Management for default
FLASK_RUN_HOST: 0.0.0.0
FLASK_RUN_PORT: "3000"
IMAGE: CloudTruth.jpg
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: flask
name: flask-map
namespace: default
Deploy by synching the app:
argocd app sync flask
You can also deploy and verify the app health in the Argo UI.
%20(1).png?alt=media)
Last modified 14d ago