DEV Community

Ola
Ola

Posted on

Creating private repositories in ArgoCD using Kubernetes secrets and Terraform.

This article assumes that you have already set up argocd, terraform, and your kubernetes cluster.

Image description

ArgoCD is a continuous delivery tool that can be used to automate the deployment of applications to Kubernetes clusters. One way to use ArgoCD is to set up private Git repositories for your applications, which can be accessed using secrets.

To use secrets to create private repositories in ArgoCD, you will need to create a secret in your Kubernetes cluster that contains the credentials required to access the repository. This can typically be done using a personal access token (PAT) or SSH key, depending on the authentication method used by the repository.

Once the secret has been created, you can use it to grant ArgoCD access to the private repository by specifying the secret in the application’s deployment configuration. This allows ArgoCD to pull the application code from the repository and deploy it to the cluster.

Using secrets to create private repositories in ArgoCD helps to ensure that the credentials required to access the repository are stored in a secure manner and are only accessible to authorized users and applications. It also allows you to easily update the credentials if needed, without having to update the application’s code or configuration.

To use secrets to create private repositories in ArgoCD, you will need to follow these steps:

  1. Store your secret in a secret vault or wherever terraform can access it. In this case, our secret (ssh-private-key) is stored in AWS SSM parameter store.

  2. Create a terraform “kubernetes_secret” resource..

Lets get down to it.

For the purpose of this example, let’s assume that our secret stored in AWS SSM is located at /secrets/ssh/private_key, and we can retrieve it using a terraform data lookup.

data "aws_ssm_parameter" "ssh_private_key" {
  name = "secrets/ssh/private_key"
}
Enter fullscreen mode Exit fullscreen mode

The following code demonstrates how to use terraform to create an argocd secret. Be sure to carefully review the labels block

resource "kubernetes_secret" "ssh_key" {
  metadata {
    name      = "private-repo"
    namespace = "argocd" 
    labels = {
      "argocd.argoproj.io/secret-type" = "repository"
    }
  }

  type = "Opaque"

  data = {
    "sshPrivateKey" = data.aws_ssm_parameter.ssh_private_key.value
    "type"          = "git"
    "url"           = "git@gitlab.com:your/repo.git"
    "name"          = "gitlab"
    "project"       = "*"
  }
}
Enter fullscreen mode Exit fullscreen mode

To ensure that argocd reads the secret, you need to include the labels block. Without this, argocd will not be able to access the secret. The data block allows you to specify the key and other relevant parameters.

Using secrets to create private repositories in ArgoCD allows you to automate the deployment of applications from private repositories, while keeping the credentials required to access the repository secure. It is an important aspect of continuous delivery with ArgoCD, and can help streamline the process of deploying and managing applications in a Kubernetes cluster.

Have Fun!

Top comments (0)