ArgoCD and Vault Integration Issue: Unresolved Error in Admin Interface

555 views Asked by At

I'm deploying this 'classic' infrastructure using Terraform https://github.com/openfun/kubic

I've been trying to understand why ArgoCD is not working with Vault for the second day already. I followed all the instructions. On the last step, I set up the infrastructure using bin/terraform-apply.sh scaleway. I successfully obtained the load balancer's IP and linked it to the domains. Next, I followed the Vault setup instructions. I generated cluster-keys.json and was able to access the Vault admin interface using the root_token from this file. However, I still see an error on the ArgoCD admin page:

rpc error: code = Unknown desc = Manifest generation error (cached): plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: sh -c "helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} --include-crds . |\nargocd-vault-plugin generate - -s ${ARGOCD_ENV_AVP_SECRET}\n" failed exit status 1: Error: Error making API request. URL: PUT https://vault-st.my_site.io/v1/auth/kubernetes/login Code: 403. Errors: * service account name not authorized Usage: argocd-vault-plugin generate [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret in the argocd namespace containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD). The namespace can be overridden by using the format : --verbose-sensitive-output enable verbose mode for detailed info to help with debugging. Includes sensitive data (credentials), logged to stderr

I tried reinstalling ArgoCD with Vault already configured (commented out the contents of argocd.tf, did a plan and apply, and then uncommented and did a plan and apply), but it didn't help. I keep seeing this error. What am I doing wrong? Are there any additional steps that may be required?

1

There are 1 answers

0
Роман Сергеевич On BEST ANSWER

I simply didn't complete the last step of the vault setup, which is done through Terraform. I was thrown off by the note that said 'This part is not mandatory.', and I just skipped it. However, it's a crucial step, as without it, no application in ArgoCD will work