Skip to content

[DPE-1435] install external secret manager with helm #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
linglp wants to merge 15 commits into
base: main
Choose a base branch
from
Draft

[DPE-1435] install external secret manager with helm #71

linglp wants to merge 15 commits into from

Conversation

@linglp
Copy link
Contributor

@linglp linglp commented Aug 8, 2025
edited
Loading

Problem:

Related to: https://sagebionetworks.jira.com/browse/DPE-1435
I want to add my fork repository to argo CD to deploy amp-als. When I deployed argocd locally, I added my fork repo using:

kubectl create secret generic github-app-creds \
  -n argocd \
  --from-literal=appId=123456 \
  --from-literal=installationId=7891011 \
  --from-file=privateKey=path/to/github-app-private-key.pem

and then modify argoCD configMap by hand. But the process of creating secrets and modifying configMap couldn't be tracked by Github.

Since we install argoCD through helm, I could try:

configs:
  cm:
    repository.credentials: |
      - url: https://github.com/your-org
        githubAppIDSecret:
          name: github-app-creds
          key: appId
        githubAppInstallationIDSecret:
          name: github-app-creds
          key: installationId
        githubAppPrivateKeySecret:
          name: github-app-creds
          key: privateKey

To populate the github-app-creds Secret in the argocd namespace, I can either create it manually using the command line as shown above, or manage it declaratively through the External Secrets Operator.

Depends on #72

Solution:

  • Just like airflow, deploy external secret operator as an ArgoCD application

Testing:

@thomasyu888
Copy link
Contributor

thomasyu888 commented Aug 8, 2025
edited
Loading

Question for discussion : should these operators be deployed as part of individual services or cluster wide?

Edit: NVM - is this to store secrets that argocd uses during deployment?

@linglp
Copy link
Contributor Author

linglp commented Aug 8, 2025

Question for discussion : should these operators be deployed as part of individual services or cluster wide?

Edit: NVM - is this to store secrets that argocd uses during deployment?

Yes. I need to add my secrets to the AWS secret manager and based on the documentation here, we could either configure a "seal" secret or an External Secrets Operator.

@linglp linglp changed the title install external secret manager with helm [DPE-1435] install external secret manager with helm Aug 11, 2025
@dpulls
Copy link

dpulls bot commented Sep 4, 2025

🎉 All dependencies have been resolved !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@linglp @thomasyu888