ArgoCD configuration for the gomplate-based config management plugin. This repository contains the Helm values and plugin configuration needed to enable dynamic, template-based application deployments.
This configuration adds a custom plugin to ArgoCD that processes Helm charts with gomplate templating, enabling environment-specific configurations without duplicating directory structures.
Part of the ArgoCD ApplicationSet Pattern:
- Main pattern repository: argocd-applicationset-pattern
- Container image repository: argocd-gomplate
- This repository: ArgoCD configuration with plugin setup
values.yaml- ArgoCD Helm values with plugin configuration- Plugin sidecar container configuration
- Plugin script that processes templates
- Example cluster credentials with labels
- ArgoCD installed via Helm
- Access to pull from
ghcr.io/arturo-builds-infra/argocd-gomplate(public image, no credentials needed)
helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
helm install argocd argo/argo-cd \
--namespace argocd \
--create-namespace \
-f values.yamlhelm upgrade argocd argo/argo-cd \
--namespace argocd \
-f values.yamlThe plugin is configured as a sidecar container in the repo-server that:
- Checks for
application.yaml.tpl(ApplicationSet pattern) - Detects Helm chart type (OCI vs HTTPS)
- Processes
.tplfiles with gomplate - Renders Helm charts with processed values
- Concatenates pre, helm, and post manifests
Cluster labels are exposed as environment variables to templates. Configure them when registering clusters:
kubectl label secret <cluster-secret> -n argocd \
alias=banks-meowster \
environment=prod \
awsAccount=123456789012 \
awsRegion=us-west-2Add or modify labels in values.yaml under configs.clusterCredentials for the in-cluster configuration.
Note: These credential configurations are only needed if you are deploying applications that use private Helm charts or pull from private Git repositories. The plugin container image itself is public and requires no credentials.
For applications using private Helm chart registries (OCI registries, private Helm repos), create a Docker config secret. The Docker config file can contain multiple registry configurations, allowing access to different private registries (Docker Hub, GHCR, ECR, etc.) with a single mounted file.
kubectl create secret generic ghcr-docker-config \
--namespace argocd \
--from-file=.dockerconfigjson=$HOME/.docker/config.json \
--type=kubernetes.io/dockerconfigjsonOr create it manually with multiple registry auths:
apiVersion: v1
kind: Secret
metadata:
name: ghcr-docker-config
namespace: argocd
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: <base64-encoded-docker-config>Example Docker config with multiple registries:
{
"auths": {
"ghcr.io": {
"auth": "<base64-encoded-username:token>"
},
"registry.example.com": {
"auth": "<base64-encoded-username:password>"
},
"123456789012.dkr.ecr.us-west-2.amazonaws.com": {
"auth": "<base64-encoded-aws-token>"
}
}
}The secret is mounted to the plugin sidecar with proper read permissions and used for Helm registry authentication across all configured registries.
For private Git repositories containing your application code and templates, use ArgoCD's built-in repository credential management. These are configured separately from Helm registry credentials.
Create repository credentials via kubectl:
kubectl create secret generic repo-credentials \
--namespace argocd \
--from-literal=type=git \
--from-literal=url=https://github.com/your-org/your-repo \
--from-literal=password=<personal-access-token> \
--from-literal=username=git
kubectl label secret repo-credentials -n argocd argocd.argoproj.io/secret-type=repositoryOr add them through the ArgoCD UI under Settings > Repositories.
For SSH access:
kubectl create secret generic repo-credentials \
--namespace argocd \
--from-literal=type=git \
--from-literal=url=git@github.com:your-org/your-repo.git \
--from-file=sshPrivateKey=/path/to/private/key
kubectl label secret repo-credentials -n argocd argocd.argoproj.io/secret-type=repositoryThe plugin script processes applications in this order:
- ApplicationSet pattern: If
application.yaml.tplexists, render it and exit - Helm values: Process
values.yaml.tplwith gomplate - Pre-deployment: If
pre.yaml.tplexists, render and output it - Helm chart: Render the Helm chart with processed values
- Post-deployment: If
post.yaml.tplexists, render and output it
All .tpl files have access to:
- Environment variables via
{{ .Env.VARIABLE_NAME }} - Override data via
{{ ds "env" }}(ifoverrides.yamlexists) - All gomplate functions and data sources
Add environment variables to the plugin container in values.yaml:
repoServer:
extraContainers:
- name: argocd-gomplate
env:
- name: CUSTOM_VAR
value: "custom-value"The plugin logic is defined in configs.cmp.plugins.argocd-gomplate.generate. Modify the script to change how templates are processed.
Add any additional ArgoCD configuration to values.yaml as needed:
- RBAC policies
- User accounts
- Repository credentials
- SSO configuration
- Notifications
Once configured, use the plugin in your applications:
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
source:
plugin:
name: argocd-gomplate
env:
- name: HELM_CHART_URL
value: "https://charts.example.com"
- name: HELM_CHART_NAME
value: "my-chart"
- name: HELM_CHART_VERSION
value: "1.0.0"For the complete application pattern, see argocd-applicationset-pattern.
kubectl logs -n argocd -l app.kubernetes.io/name=argocd-repo-server -c argocd-gomplatekubectl exec -n argocd -it <argocd-repo-server-pod> -- ls /home/argocd/cmp-server/config/Should show plugin.yaml.
Create a test application and check the repo-server logs to see the rendered output.
Apache 2.0