Files
argocd-apps/apps/base/argocd-image-updater/vaultstaticsecret.yaml
T
unkinben f03eb6f651 feat: deploy argocd-image-updater via Helm
Deploys ArgoCD Image Updater into the argocd-image-updater namespace.
Vault-managed secrets provide registry credentials for git.unkin.net
and an ArgoCD API token.

Prerequisites before syncing:
- Create Vault role argocd-image-updater in k8s/au/syd1
- Populate kv/service/argocd-image-updater/registry-creds (key: creds, value: <user>:<token>)
- Create ArgoCD local user image-updater and store token at kv/service/argocd-image-updater/argocd-token
2026-05-10 22:53:06 +10:00

41 lines
1.1 KiB
YAML

---
# Credentials for polling the git.unkin.net container registry.
# Vault KV path: kv/service/argocd-image-updater/registry-creds
# Required key: creds — value format: "<username>:<token>"
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: registry-creds
namespace: argocd-image-updater
spec:
destination:
create: true
name: registry-creds
overwrite: true
hmacSecretData: true
mount: kv
path: service/argocd-image-updater/registry-creds
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
---
# ArgoCD API token for image updater to discover and update Applications.
# Vault KV path: kv/service/argocd-image-updater/argocd-token
# Required key: token — generate via: argocd account generate-token --account image-updater
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: argocd-token
namespace: argocd-image-updater
spec:
destination:
create: true
name: argocd-token
overwrite: true
hmacSecretData: true
mount: kv
path: service/argocd-image-updater/argocd-token
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default