Extra credit for Workshop 3

Add secrets support to Argo CD on the next slide
Read the (short) troubleshooting tools for setup/config on this Argo CD docs page
Setup Argo CD notifications (supports Slack, Teams, Email, Opsgenie, Pagerduty, etc)
Watch some Videos from the ArgoCon 2022 YouTube playlist
- Argo CD security: attack and defense
- Securing GitOps Supply Chain with Sigstore and Kyverno (I recommend both tools!)
- Best practices for organizing GitOps repos

Secrets in Argo CD

Argo CD itself needs secrets
- keys for app git repos
- keys for its own config repo
- Web UI TLS certs (If you don’t use K8s Certificates Manager)
Read up on Argo CD’s options for Secrets Management
Argo CD needs to deploy your apps secrets too (GHA Secrets aren’t an option)
Tool options I would consider include:
- Sealed Secrets in Git. Great for small teams with only a few clusters. Hard to scale across dozens of clusters
- Argo CD Vault Plugin is a specific solution in Argo CD that avoids CRDs (simpler deployment) but only has "all or nothing" access for humans (Supports Vault,AWS,GCP,Azure,SOPS,1Password,Yandex,Keeper,IBM)
- External Secrets Operator I learned about at GitOpsCon in At KubeCon 2022. Seems great for all.

The goal is to add one