Kubechecks ArgoCD API Token

Kubechecks requires an ArgoCD API token for authentication. The account is defined in argocd-cm, but the token itself is created manually through the ArgoCD UI or CLI.

Declare the account

In k8s/infrastructure/controllers/argocd/values.yaml the account is configured:

configs:
  cm:
    accounts.kubechecks: apiKey

Provide a static token

Generate a token in ArgoCD for the kubechecks account and save it to Bitwarden. The Kubechecks deployment pulls this token directly from Bitwarden via kubechecks-secret-external.yaml.

Consuming the token

kubechecks-secret-external.yaml pulls the Bitwarden item into a Kubernetes secret:

- secretKey: argocd_api_token
  remoteRef:
    key: app-kubechecks-argocd-api-token

The secret is referenced by the Kubechecks Helm chart so the token never lives in the repository.

Declare the account​

Provide a static token​

Consuming the token​

Declare the account

Provide a static token

Consuming the token