search

argoproj-labs / argocd-vault-plugin

An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
https://argocd-vault-plugin.readthedocs.io
Apache License 2.0
812 stars 190 forks source link

helm dependency update with inline helm values file #642

Closed foster-rh closed 3 months ago

foster-rh commented 4 months ago

Hi guys

I am using the following cm plugin config map with my side car to access hashi vault to get secrets for my helm charts.

  avp-helm.yaml: |
    ---
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: argocd-vault-plugin-helm
    spec:
      allowConcurrency: true
      discover:
        find:
          command:
            - sh
            - "-c"
            - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
      generate:
        command:
          - bash
          - "-c"
          - |
            helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE -f <(echo "$ARGOCD_ENV_HELM_VALUES") . |
            argocd-vault-plugin generate --verbose-sensitive-output -
      lockRepo: false

Its not working obviously as it doesnt do the dependency update - and I cant figure out how I cd down the path to the folder do the dependancy update and then do the helm templating with the inline variables from the argocd application.

I can use a simpler helm chart with no dependancies and no requirements for inline arguements and its working fine.

foster-rh commented 4 months ago

sorted it all out.

obeyler commented 4 months ago

I used to have a similar pb

Unable to save changes: application spec for myApp is invalid: InvalidSpecError: Unable to generate manifests in applications/vault/helm: rpc error: code = Unknown desc = plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: `sh -c "helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} . |\nargocd-vault-plugin generate -\n"` failed exit status 1: Error: An error occurred while checking for chart dependencies. You may need to run `helm dependency build` to fetch missing dependencies: found in Chart.yaml, but missing in charts/ directory: vault Error: Must provide a supported Vault Type, received Usage: argocd-vault-plugin generate <path> [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret in the argocd namespace containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD). The namespace can be overridden by using the format <namespace>:<name> --verbose-sensitive-output enable verbose mode for detailed info to help with debugging. Includes sensitive data (credentials), logged to stderr`

In fact It was a side effect of argocd upgrade with use of sidecar

Before for a helm chart application located in : applications/app/helm

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app
  namespace: argocd
spec:
  destination:
    namespace: myapp
    server: https://kubernetes.default.svc
  project: myapp
  source:
    path: applications/app/helm
    repoURL: https://xxx.myrepo.git
    targetRevision: main

works but it doesn't work anymore you must be more precise to avoid kustomise vault plugin:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app
  namespace: argocd
spec:
  destination:
    namespace: myapp
    server: https://kubernetes.default.svc
  project: myapp
  source:
    helm:                                     // <====== specify that it's a helm
      parameter: []                      // <====== specify that it's a helm
      releaseName : myapp        // <====== specify that it's a helm
      valueFiles:                           // <====== specify that it's a helm
      - values.yaml                       // <====== specify that it's a helm
    path: applications/app/helm
    repoURL: https://xxx.myrepo.git
    targetRevision: main