From f95c27758645900ec1fb1379451861f98355fc0a Mon Sep 17 00:00:00 2001 From: Travis Leeden Date: Wed, 3 Jun 2026 16:25:39 +1000 Subject: [PATCH] Added examples --- .../argo-cd/instances/aws-managed-argo-cd.md | 61 ++++++++++++++++++- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/src/pages/docs/argo-cd/instances/aws-managed-argo-cd.md b/src/pages/docs/argo-cd/instances/aws-managed-argo-cd.md index 0fec02a688..21202fe87a 100644 --- a/src/pages/docs/argo-cd/instances/aws-managed-argo-cd.md +++ b/src/pages/docs/argo-cd/instances/aws-managed-argo-cd.md @@ -1,7 +1,7 @@ --- layout: src/layouts/Default.astro pubDate: 2026-03-13 -modDate: 2026-03-13 +modDate: 2026-06-03 title: AWS Managed Argo CD description: Install Argo CD Gateway on EKS with Argo CD Capability navOrder: 10 @@ -16,7 +16,28 @@ AWS managed Argo CD instances differ from standard self-hosted installations in ### Authentication -AWS enforces a maximum lifetime of 12 hours for account tokens due to this project role authentication tokens must be used instead. The majority of the APIs that the Argo CD Gateway calls are project-scoped. However, if the Gateway needs to make a request to an API that is not project-scoped it will choose the first available authentication token, if you would like to provide a specific token to be used for these calls you can add it to the value `gateway.argocd.projectAuthentication` using the project name `octo-gateway-unscoped` +AWS enforces a maximum lifetime of 12 hours for account tokens due to this project role authentication tokens must be used instead. The majority of the APIs that the Argo CD Gateway calls are project-scoped. However, if the Gateway needs to make a request to an API that is not project-scoped it will choose the first available authentication token, if you would like to provide a specific token to be used for these calls you can add it to the value `gateway.argocd.projectAuthentication` using the project name `octo-gateway-unscoped`. + +The project auth tokens can also be provided using a external secret, for example: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + # Pass this name to gateway.argocd.projectAuthenticationSecretName + name: octopus-argocd-project-tokens + # Must be the same namespace your Helm release is installed into + namespace: octo-argo-gateway-local-dev +type: Opaque +stringData: + # One key per Argo CD AppProject. + # Key format: PROJECT_AUTH_TOKEN_ + # Env at runtime: OCTOPUS_ARGOCD_PROJECT_AUTH_TOKEN_ (chart adds OCTOPUS_ARGOCD_ prefix via envFrom) + PROJECT_AUTH_TOKEN_default: "" + PROJECT_AUTH_TOKEN_my-project: "" +``` + +This secret can then be passed to the helm chart by setting the value `gateway.argocd.projectAuthenticationSecretName`. ### External URL @@ -62,3 +83,39 @@ helm install --atomic \ \ oci://registry-1.docker.io/octopusdeploy/octopus-argocd-gateway-chart ``` + +Alternatively using a values file + +```yaml +registration: + octopus: + name: "" + serverApiUrl: "https://your-instance.octopus.app/" + serverAccessToken: "API-XXXXXXXXXXXXXXXX" + spaceId: "Spaces-1" + environments: + - dev +gateway: + octopus: + serverGrpcUrl: "grpc://your-instance.octopus.app:8443" + argocd: + serverGrpcUrl: "grpc://xxxxxxxx.eks-capabilities..amazonaws.com" + grpcWeb: "true" + insecure: "false" + plaintext: "false" + projectAuthenticationSecretName: + projectAuthentication: + - project: project-1 + token: + - project: project-2 + token: +``` + +```bash +helm install --atomic \ +--create-namespace --namespace octo-argo-gateway- \ +--version "*.*" \ +-f "my-values.yaml" \ + \ +oci://registry-1.docker.io/octopusdeploy/octopus-argocd-gateway-chart +```