argoproj-labs
Question/Problem: Can I use AVP with multiple vault Instance Endpoints for different Openshift/K8s Clusters
Is your feature request related to a problem? Please describe. Hello, I'm facing a issue with multiple vault environments and multiple Open shift clusters where I'm tasked to make certain clusters point to a non-prod vault instance and rest of the clusters to point prod vault instance. Environment separation I suppose. Currently we have few clusters and ArgoCD with AVP runs outside these "environment separated" cluster called ACM. AVP is configured to prod-vault environment
I was able to configure a non-prod cluster to point non-prod Vault instance/Env via vault-agent-injector, but when I sync an argo app that needs to be deployed in this non-prod cluster, I get the sync error: Error making api request because AVP/argocd is configured to prod-vault environment which makes sense.
My question is can AVP be configured to talk to different vault environments(different vault end points etc)?
Describe the solution you'd like A solution where vault-agent injector is already configured but gitops can switch between vault environments based on argo app configuration somewhere.
Describe alternatives you've considered
Additional context I looked into this: https://argocd-vault-plugin.readthedocs.io/en/stable/config/#passing-avp-configuration-as-environment-variables-in-the-app-manifest but I cant be sure if it is the solution
I would use vault namespaces istead of multiple instances or just more vault sidecars with each configurations for each instance. Or you using the env for configure the avp.
