argocd-vault-plugin: [Issue] Manifest generation error
Hi all
I follow the instruction .
When i deploy a simply like below
kind: Secret
apiVersion: v1
metadata:
name: example-secret
annotations:
avp_path: "path/to/mysecret"
type: Opaque
stringData:
mykey_invault: <mykey_invault>
Argo side appear error shows…
rpc error: code = Unknown desc = Manifest generation error (cached): argocd-vault-plugin generate ./
failed exit status 1: Error: Must provide a supported Vault Type Usage: argocd-vault-plugin generate <path> [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD) Must provide a supported Vault Type
What i am missing ? any hints?
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 3
- Comments: 17 (6 by maintainers)
Hi everybody, I have followed the instruction on How to Use HashiCorp Vault and Argo CD for GitOps on OpenShift and Solving ArgoCD Secret Management with the argocd-vault-plugint
The secret is:
kind: Secret apiVersion: v1 metadata: name: argocd-vault-plugin-credentials namespace: argocd type: Opaque stringData: AVP_VAULT_ADDR: 'http://vault:8200' AVP_VAULT_TOKEN: 'root' AVP_TYPE: 'vault' AVP_AUTH_TYPE: 'token'
Threre are all environment variables on argocd-repo-server, but I have the following error:
rpc error: code = Unknown desc = Manifest generation error (cached): argocd-vault-plugin generate ./ failed exit status 1: (0x1682740,0xc0004ec6b0)Error: ToYAML: could not convert replaced template into : error unmarshaling JSON: while decoding JSON: Object 'Kind' is missing in '{"resources":["example-secret.yaml"]}' Usage: argocd-vault-plugin generate <path> [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD) ToYAML: could not convert replaced template into : error unmarshaling JSON: while decoding JSON: Object 'Kind' is missing in '{"resources":["example-secret.yaml"]}'
example-secret.yam is:
kind: Secret apiVersion: v1 metadata: name: example-secret annotations: avp_path: "secret/data/vplugin/supersecret" type: Opaque stringData: username: <username> password: <password>
Can anyone help me?
@yaochaoutokyo that error happens when the plugin does not get a valid AVP_TYPE. So make sure you are providing a type we support, and make sure that environment variable exists in the repo server or in a secret that Argo CD can read. If you have any new problems please create a new issue so we can better help.
Hi, I have the same issue: Unable to create application: application spec is invalid: InvalidSpecError: Unable to generate manifests in ira: rpc error: code = Unknown desc =
argocd-vault-plugin generate ./
failed exit status 1: Error: Must provide a supported Vault Type Usage: argocd-vault-plugin generate <path> [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD)I ran the following manually on argocd-repo-server pod: argocd@argocd-repo-server-6bc4999f9-7pt9x:~$ argocd-vault-plugin generate ./ Error: Must provide a supported Vault Type Usage: argocd-vault-plugin generate <path> [flags]
Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD)
I have AVP_TYPE and all other required env on the repo-server pod: argocd@argocd-repo-server-6bc4999f9-7pt9x:~$ printenv | grep AVP AVP_SECRET_ID=c4… AVP_TYPE=vault AVP_AUTH_TYPE=approle AVP_ROLE_ID=73…