search

argoproj-labs / argocd-vault-plugin

An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
https://argocd-vault-plugin.readthedocs.io
Apache License 2.0
811 stars 190 forks source link

Private helm repository - 401 Unauthorized #613

Open jirimedved opened 6 months ago

jirimedved commented 6 months ago

Hello, I have a problem with vault-plugin, if I use helm chart from private repository. I have the private repository set in ArgoCD including credentials.

% argocd repo list
TYPE  NAME                 REPO                                                  INSECURE  OCI    LFS    CREDS  STATUS      MESSAGE  PROJECT
helm  dockerhub-powerflow  https://dockerhub.xxxxx.cloud/chartrepo/powerflow     false     false  false  true   Successful

I use a plugin as a sidecar ( avp - v0.17.0, argocd 2.4.17 ).

My settings for avp plugin:

apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
  name: argocd-vault-plugin-helm
spec:
  allowConcurrency: true

   # Note: this command is run _before_ any Helm templating is done, therefore the logic is to check
  # if this looks like a Helm chart
  discover:
    find:
      command:
        - sh
        - "-c"
        - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
  init:
    command:
      - sh
      - "-c"
      - "helm dependency build"
  generate:
    command:
      - sh
      - "-c"
      - |
        helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} . |
        argocd-vault-plugin generate -s argocd-system:vault-configuration -
  lockRepo: false

Part of the deployment argocd-repo-server

containers:
- command:
  - /var/run/argocd/argocd-cmp-server
  image: quay.io/argoproj/argocd:v2.4.17
  name: avp-helm
  securityContext:
    runAsNonRoot: true
    runAsUser: 999
  volumeMounts:
  - mountPath: /var/run/argocd
    name: var-files
  - mountPath: /home/argocd/cmp-server/plugins
    name: plugins
  - mountPath: /tmp
    name: tmp
  - mountPath: /home/argocd/cmp-server/config/plugin.yaml
    name: cmp-plugin
    subPath: avp-helm.yaml
  - mountPath: /usr/local/bin/argocd-vault-plugin
    name: custom-tools
    subPath: argocd-vault-plugin

I get this error when refreshing or syncing

ComparisonError: rpc error: code = Unknown desc = Manifest generation error (cached): plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: `sh -c helm dependency build` failed exit status 1: Error: no cached repository for helm-manager-af8c372997109c698e4340e7b89856ada47975c4a7e047bb9ed5665cb2fb2d86 found. (try 'helm repo update'): open /home/argocd/.cache/helm/repository/helm-manager-af8c372997109c698e4340e7b89856ada47975c4a7e047bb9ed5665cb2fb2d86-index.yaml: no such file or directory
rpc error: code = Unknown desc = plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: `sh -c helm dependency build` failed exit status 1: Error: could not find : chart artemismq not found in
https://dockerhub.xxxxx.cloud/chartrepo/powerflow:
looks like "
[https://dockerhub.xxxxx.cloud/chartrepo/powerflow"](https://dockerhub.xxxxx.cloud/chartrepo/powerflow%22)
is not a valid chart repository or cannot be reached: failed to fetch
https://dockerhub.xxxxx.cloud/chartrepo/powerflow/index.yaml
: 401 Unauthorized
jirimedved commented 6 months ago

Can you help me? How to use private repositories?

ebuildy commented 3 weeks ago

Please read documentation at https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#helm-chart-repositories