search

argoproj-labs / argocd-vault-plugin

An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
https://argocd-vault-plugin.readthedocs.io
Apache License 2.0
806 stars 191 forks source link

argocd vault plugin issues with helm chart not able to deploy #653

Closed Zoli8501 closed 1 month ago

Zoli8501 commented 2 months ago

Describe the bug Using sh or bash the same error is shown by using helm chart:

$ helm dependency update Error: cannot load irregular file /home/argocd/cmp-server/plugins/argocd-vault-plugin-helm.sock as it has file mode type bits set $ $ helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE --include-crds . | argocd-vault-plugin generate -s vault-kubernetes - Error: cannot load irregular file /home/argocd/cmp-server/plugins/argocd-vault-plugin-helm.sock as it has file mode type bits set

Vault plugin configured as sidecar: configmap cmp-plugin: apiVersion: v1 kind: ConfigMap metadata: name: cmp-plugin namespace: argocd data: avp.yaml: | apiVersion: argoproj.io/v1alpha1 kind: ConfigManagementPlugin metadata: name: argocd-vault-plugin spec: allowConcurrency: true discover: find: command:

Expected behavior with avp.yaml able to fetch password from vault, but deploying helm chart it is not possible. avp-helm.yaml configuration set according to documentation.

Screenshots/Verbose output image

Additional context In argocd if sync is working, the resources are not reachable, currently following error is shown: image

Zoli8501 commented 2 months ago

Hi, basically the plugin doesn't see the manifest: $ /usr/local/bin/helm dependency update walk.go:74: found symbolic link in path: /usr/local/bin/argocd-application-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-applicationset-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-cmp-server resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-dex resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-k8s-auth resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-notifications resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-repo-server resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-server resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/uid_entrypoint.sh resolves to /usr/local/bin/entrypoint.sh. Contents of linked file included and used Error: Chart.yaml file is missing $ $ /usr/local/bin/helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE --include-crds . | argocd-vault-plugin generate -s vault-kubernetes -> /bin/sh: 14: argocd-vault-plugin: not found walk.go:74: found symbolic link in path: /usr/local/bin/argocd-application-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-applicationset-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-cmp-server resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-dex resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-k8s-auth resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-notifications resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-repo-server resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/argocd-server resolves to /usr/local/bin/argocd. Contents of linked file included and used walk.go:74: found symbolic link in path: /usr/local/bin/uid_entrypoint.sh resolves to /usr/local/bin/entrypoint.sh. Contents of linked file included and used Error: Chart.yaml file is missing $ $ find . -name 'Chart.yaml' && find . -name 'values.yaml' $

What additional settings needs to be done to have the manifest fetched and synchronised in ArgoCD? Thank you

zs-ko commented 1 month ago

@Zoli8501 if you are using multi source applications and shared the folder structure with other types of deployments like pure yaml resources or kustomization files then the find command in the plugin returns values and non zero exit code and triggers the helm plugin when it should use another plugin or none.

edit: changed command to return zero output and return code on missing files

try to use this instead for the find command

discover:
        find:
          command:
            - sh
            - "-c"
            - "[ -f 'Chart.yaml' ] && [ -f 'values.yaml' ] && (ls Chart.yaml && ls values.yaml) || return 0"
zs-ko commented 1 month ago

@Zoli8501 lookin closer, argocd says helm command not found. is helm installed in the sidecar?

Zoli8501 commented 1 month ago

Finally I got it.../home/argocd was ro, so it had to be mounted apart from / and rw permission was added, now everything seems to be working now, resources are reachable for the plugin. Vault couldn't cache token from /home/argocd/.avp

I will close the issue. Thank you