Single container argocd-vault-plugin

argocd-helm-application.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: helm-app
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: my-service
    name: my-service
  project: my-project
  sources:
    - repoURL: 'https://github.com/your/values/repo'
      path: path/to/folder/containing/values
      targetRevision: main
      plugin: # we just use the plugin source, the plugin script will do the helm pull and template
        env: #set the variables needed 
          - name: HELM_VALUES_FILES
            value: "values.yaml"
          - name: HELM_REPO_URL
            value: "oci://registry-1.docker.io/bitnamicharts"
          - name: HELM_CHART_NAME
            value: "redis" # took the most popular bitnami chart
          - name: HELM_CHART_VERSION
            value: "17.16.0"
          - name: HELM_RELEASE_NAME
            value: "redis"
# you can also add raw yaml values using HELM_VALUES env var, look at the configuration in https://argocd-vault-plugin.readthedocs.io/en/stable/usage/#with-an-inline-values-file

argocd-values.yaml

repoServer:
  replicas: 1
  volumes:
  # Mount the avp volume
    - configMap:
        name: avp-plugin
      name: avp-plugin
    - name: custom-tools
      emptyDir: { }
  initContainers:
    - name: download-tools
      image: registry.access.redhat.com/ubi8
      env:
        - name: AVP_VERSION
          value: 1.16.0
      command: [ sh, -c ]
      # download avp
      args:
        - >-
          curl -L https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64 -o argocd-vault-plugin &&
          chmod +x argocd-vault-plugin &&
          mv argocd-vault-plugin /custom-tools/
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools
  extraContainers:
  # creates a single argocd vault plugin for kustomize, raw yaml and helm
    - name: arocd-vault-plugin
      command: [ /var/run/argocd/argocd-cmp-server ]
      image: quay.io/argoproj/argocd:v2.7.9
      securityContext:
        runAsNonRoot: true
        runAsUser: 999
      volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        # Register plugins into sidecar
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          subPath: avp.yaml
          name: avp-plugin
        - mountPath: /home/argocd/cmp-server/avp-check.sh
          subPath: avp-check.sh
          name: avp-plugin
        - mountPath: /home/argocd/cmp-server/avp-generate.sh
          subPath: avp-generate.sh
          name: avp-plugin

        # Important: Mount tools into $PATH
        - name: custom-tools
          subPath: argocd-vault-plugin
          mountPath: /usr/local/bin/argocd-vault-plugin

vault-plugin-cm.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: avp-plugin
data:
  avp-check.sh: |
    #!/bin/bash
    set -Eeuo pipefail

    BASE_DIR="."

    APP_HELM_REPO_URL="${ARGOCD_ENV_HELM_REPO_URL:-}"
    APP_HELM_CHART_URL="${ARGOCD_ENV_HELM_CHART_URL:-}"

    if find $BASE_DIR -maxdepth 1 -name 'Chart.yaml' | grep -q .
    then
      echo "helm chart"
    elif [ -n "$APP_HELM_REPO_URL" ]
    then
      echo "helm url"
    elif find $BASE_DIR -maxdepth 1 -name kustomization.yaml -o -name kustomization.yml -o -name Kustomization | grep -q .
    then
      echo "kustomize"
    elif grep -q --include  "*.yaml" "<path:\|avp\.kubernetes\.io" ./*
    then
      echo "yaml"
    fi
    exit 0

  avp-generate.sh: |
    #!/bin/bash
    set -Eeuo pipefail
    shopt -s inherit_errexit

    exit_error() {
      >&2 echo $@ && exit 1
    }

    BASE_DIR="$(pwd)"

    APP_NAME="${ARGOCD_APP_NAME:-}"
    APP_NAMESPACE="${ARGOCD_APP_NAMESPACE:-}"
    APP_HELM_VALUES_FILES="${ARGOCD_ENV_HELM_VALUES_FILES:-}"
    APP_HELM_VALUES="${ARGOCD_ENV_HELM_VALUES:-}"
    APP_HELM_REPO_URL="${ARGOCD_ENV_HELM_REPO_URL:-}"
    APP_HELM_CHART_NAME="${ARGOCD_ENV_HELM_CHART_NAME:-}"
    APP_HELM_RELEASE_NAME="${ARGOCD_ENV_HELM_RELEASE_NAME:-$APP_NAME}"
    APP_HELM_CHART_VERSION="${ARGOCD_ENV_HELM_CHART_VERSION:-}"

    GENERATE_FUNCTION_NAME=generate_plain_yaml

    if find $BASE_DIR -maxdepth 1 -name 'Chart.yaml' | grep -q .
    then
      GENERATE_FUNCTION_NAME=generate_helm
    elif [ ! -z "$APP_HELM_REPO_URL" ]
    then
      GENERATE_FUNCTION_NAME=generate_helm
    elif find $BASE_DIR -maxdepth 1 -name kustomization.yaml -o -name kustomization.yml -o -name Kustomization | grep -q .
    then
      GENERATE_FUNCTION_NAME=generate_kustomize
    fi

    generate_helm() {
      CHART_NAME=""
      APP_HELM_FILES=()

      if [ -n "$APP_HELM_REPO_URL" ]; then
        [ -f "$BASE_DIR/Chart.yaml" ] && exit_error "ERROR: 'Chart.yaml' file found in local repo and HELM_REPO_URL variable is defined"
        [ -d "$BASE_DIR/templates" ] && exit_error "ERROR: 'templates' directory found in local repo and HELM_REPO_URL variable is defined"

        TMP_DIR=$(mktemp -d -p "$BASE_DIR")
        version_option=""
        if [ -n "$APP_HELM_CHART_VERSION" ]; then
          version_option="--version=$APP_HELM_CHART_VERSION"
        fi;
        helm pull "$APP_HELM_REPO_URL/$APP_HELM_CHART_NAME" $version_option --untar -d "$TMP_DIR"

        mv "$TMP_DIR/$APP_HELM_CHART_NAME" "$BASE_DIR" && rmdir "$TMP_DIR"
      fi

      if [ -n "$APP_HELM_VALUES_FILES" ]; then
        IFS=';' read -ra FILES <<< "$APP_HELM_VALUES_FILES"
        for i in "${FILES[@]}"; do
          APP_HELM_FILES+=(" -f $i")
        done
      fi
      helm dependency build "$BASE_DIR/$APP_HELM_CHART_NAME" 1>&2
      INLINE_VALUES_FILE=$(mktemp -p "$BASE_DIR")
      echo "$APP_HELM_VALUES" >  "$INLINE_VALUES_FILE"

      # we need APP_HELM_FILES to be word splitted to separate the -f and the file names, disable check
      # shellcheck disable=SC2068
      helm template "$APP_HELM_RELEASE_NAME" "$BASE_DIR/$APP_HELM_CHART_NAME" -n "$APP_NAMESPACE" ${APP_HELM_FILES[@]} -f "$INLINE_VALUES_FILE"
    }

    generate_kustomize() {
      kustomize build "$BASE_DIR"
    }

    generate_plain_yaml() {
      for each in "$BASE_DIR"/*.yaml; do cat "$each"; echo "---"; done
    }

    MANIFESTS=$($GENERATE_FUNCTION_NAME)

    echo "$MANIFESTS" | argocd-vault-plugin generate -s your-avp-secret-here -

  avp.yaml: |
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: argocd-vault-plugin
    spec:
      allowConcurrency: true
      discover:
        find:
          command:
            - bash
            - /home/argocd/cmp-server/avp-check.sh
      generate:
        command:
          - bash
          - /home/argocd/cmp-server/avp-generate.sh
      lockRepo: false

Heavily based off @amorozkin' https://github.com/amorozkin/argocd-vault-plugin-wrapper/blob/main/argocd-vault-plugin-wrapper.sh
This allows to use helm registries with private value files, hosted in different places.
Also allows for a single container configuration for AVP, the doc shows how to configure 3 different sidecars, which mostly duplicate a lot of yaml.
The example ArgoCD application shows how to use the plugin with Helm, passing env vars to configure the behaviour of the plugin.

Don't forget to replace your-avp-secret-here with your AVP configuration secret instead.