Config Management Plugin not addressable by name

[christianhuth]

Describe the bug

I have defined the Argo Vault Plugin as a CMP via the new Sidecar-Approach according the ArgoCD documentation and the Argo Vault Plugin for Helm documentation.

When adding the plugin name to my application spec I receive the following error:

rpc error: code = Unknown desc = config management plugin not supported. plugin name argocd-vault-plugin-helm

To Reproduce

The Application containing the reference to the CMP:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: <SOME_APPLICATION_NAME>
spec:
  project: <SOME_PROJECT>
  source:
    repoURL: '<GIT_REPOSITORY>'
    path: <PATH_IN_GIT_REPOSITORY>
    targetRevision: <BRANCH_IN_GIT_REPOSITORY>
    plugin:
      name: argocd-vault-plugin-helm
      env:
        - name: AVP_K8S_ROLE
          value: <VAULT_ROLE>
        - name: HELM_ARGS
          value: '-f values.yaml'
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: <SOME_NAMESPACE>

The ConfigMap containing the definition of my CMP:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-config-management-plugin
data:
  avp-helm.yaml: |
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: argocd-vault-plugin-helm
    spec:
      allowConcurrency: true
      discover:
        find:
          command:
            - sh
            - "-c"
            - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
      generate:
        command: [sh, -c]
        args: ["helm template $ARGOCD_APP_NAME --include-crds -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} . | argocd-vault-plugin generate -"]
      init:
        command: [sh, -c]
        args: ["helm dependency update"]
      lockRepo: false

The Pod specification of the Repo Server using this CMP as Sidecar (only relevant sections are shown):

apiVersion: v1
kind: Pod
metadata:
  name: argocd-clb01-repo-server
spec:
  containers:
    - name: avp-helm
      image: registry.access.redhat.com/ubi8
      command: [/var/run/argocd/argocd-cmp-server]
      env:
        - name: VAULT_ADDR
          value: <VAULT_URL>
        - name: AVP_TYPE
          value: vault
        - name: AVP_AUTH_TYPE
          value: k8s
        - name: AVP_K8S_MOUNT_PATH
          value: <VAULT_MOUNT_PATH>
        - name: HELM_CACHE_HOME
          value: /tmp/helm/cache
        - name: HELM_CONFIG_HOME
          value: /tmp/helm/config
      volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
          name: tmp
        - mountPath: /home/argocd/cmp-server/config/plugin.yaml
          name: argocd-config-management-plugin
          subPath: avp-helm.yaml
        - mountPath: /usr/local/bin/argocd-vault-plugin
          name: custom-tools
          subPath: argocd-vault-plugin
        - mountPath: /usr/local/bin/helm
          name: custom-helm
          subPath: helm
  initContainers:
    - name: copyutil
      image: registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3a0f7d98d98ae8fb3ab53506577e9647130e55c900952ed751ce08ef727a682f
      command: ["cp", "-n", "/usr/local/bin/argocd", "/var/run/argocd/argocd-cmp-server"]
      volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
    - name: download-tools
      image: 'quay.io/linuxserver.io/baseimage-alpine:3.8'
      command: ["sh", "-c"]
      args: ["wget -O /custom-tools/argocd-vault-plugin https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.13.1/argocd-vault-plugin_1.13.1_linux_amd64 && chmod +x /custom-tools/argocd-vault-plugin"]
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools
    - name: custom-helm
      image: 'quay.io/linuxserver.io/baseimage-alpine:3.8'
      command: ["sh", "-c"]
      args: ["wget -O /custom-helm/helm.tar.gz https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz && cd /custom-helm &&  tar -xzvf ./helm.tar.gz && chmod +x /custom-helm/linux-amd64/helm && mv /custom-helm/linux-amd64/helm /custom-helm/helm"]
      volumeMounts:
        - mountPath: /custom-helm
          name: custom-helm
  volumes:
    - name: tmp
      emptyDir: {}
    - name: var-files
      emptyDir: {}
    - name: plugins
      emptyDir: {}
    - name: custom-tools
      emptyDir: {}
    - name: custom-helm
      emptyDir: {}
    - name: argocd-config-management-plugin
      configMap:
        name: argocd-config-management-plugin

If I remove the name of the CMP inside the Application spec everything works as expected.

Expected behavior

The newly installed CMP can be referenced with the name attribute inside the source section of the Application spec.

Version

• RedHat OpenShift GitOps Operator: v1.7.2
• ArgoCD Version: v2.5.11
• Argo Vault Plugin: v1.13.1
• Helm Version: v.3.11.1

$ argocd version
argocd: v2.5.11+unknown
  BuildDate: 2023-02-13T09:50:50Z
  GitCommit: 
  GitTreeState: clean
  GoVersion: go1.18.7
  Compiler: gc
  Platform: linux/amd64

[crenshaw-dev]

Sidecar plugins only became addressable by name starting in 2.6. Before that, matching applications to sidecar plugins was done only via discovery rules.

[christianhuth]

@crenshaw-dev: Thanks for your reply. But the same behavior with ArgoCD v2.6.0 and v2.6.6.

config management plugin not supported. plugin name argocd-vault-plugin-helm

Application spec:

source:
  plugin:
    name: argocd-vault-plugin-helm

I tried to define the CMP with and without the discover section.

[cmakara]

We experienced the same behaviour in v2.6.4.

[dee-kryvenko]

If I look in my cmp plugin sidecar logs, I can see:

time="2023-05-07T05:50:18Z" level=info msg="argocd-cmp-server v2.6.7+5bcd846 serving on /home/argocd/cmp-server/plugins/pc-argocd-cmp-clusters-v1.0.sock"

pc-argocd-cmp-clusters is my plugin name, but it appends -v1.0 to the socket name, which I assume comes from version: v1.0 in my plugin.yaml.

And there it is https://github.com/argoproj/argo-cd/blob/v2.7.1/cmpserver/plugin/config.go#L100

The error then comes from https://github.com/argoproj/argo-cd/blob/v2.7.1/util/app/discovery/discovery.go#L101-L104 because it can't open the socket.

It appears to be a documentation issue, this is not clear from https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ what the version is for, does it identify my plugin version or is it some internal argocd API version (version of the config spec). Therefore I left it v1 as in the doc and didn't touch, but if I do so - I then need to include that version in my plugin name on the application side.

    plugin:
      name: pc-argocd-cmp-clusters-v1.0

I guess I will just remove version from the plugin.yaml - although it doesn't seem to be documented if it is required or not - https://github.com/argoproj/argo-cd/blob/v2.7.1/cmpserver/plugin/config.go#L99 seem to check for it.

[matthewhembree]

@dee-kryvenko Does this help? https://argo-cd.readthedocs.io/en/release-2.6/operator-manual/config-management-plugins/#using-a-config-management-plugin-with-an-application

You may leave the name field empty in the plugin section for the plugin to be automatically matched with the Application based on its discovery rules. If you do mention the name make sure it is either - if version is mentioned in the ConfigManagementPlugin spec or else just . When name is explicitly specified only that particular plugin will be used iff its discovery pattern/command matches the provided application repo.

[matthewhembree]

Sidecar plugins only became addressable by name starting in 2.6. Before that, matching applications to sidecar plugins was done only via discovery rules.

@crenshaw-dev I wonder if it would be beneficial to back port this into the 2.5 docs. I ran into this today. It's possible that I'm the only one still on 2.5, so you won't hurt my feelings if it's reject:wont-do. I'm in a good state now and my workaround is to just create a special file in the discovery to hint the repo server.

[chris-ng-scmp]

Have the same issue with migrating plugins by using sidecar in v2.6.7

apiVersion: v1
kind: ConfigMap
metadata:
  name: cmp-plugin-envsubst-kustomize
  namespace: argocd
data:
  plugin.yaml: |
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: envsubst-kustomize
    spec:
      generate:
        command: ["sh", "-c" ]
        args: ["envsubst-kustomize-deploy.sh"]
      lockRepo: true

The plugin has no version specified, but still have error:

ComparisonError
rpc error: code = Unknown desc = plugin sidecar failed. couldn't find cmp-server plugin with name envsubst-kustomize supporting the given repository

[chris-ng-scmp]

Have the same issue with migrating plugins by using sidecar in v2.6.7

apiVersion: v1
kind: ConfigMap
metadata:
  name: cmp-plugin-envsubst-kustomize
  namespace: argocd
data:
  plugin.yaml: |
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: envsubst-kustomize
    spec:
      generate:
        command: ["sh", "-c" ]
        args: ["envsubst-kustomize-deploy.sh"]
      lockRepo: true

The plugin has no version specified, but still have error:

ComparisonError
rpc error: code = Unknown desc = plugin sidecar failed. couldn't find cmp-server plugin with name envsubst-kustomize supporting the given repository

I can see the repo-server contains correct plugin socket, but with the ComparisonError

[crenshaw-dev]

My guess is that the "couldn't find cmp-server plugin with name" is not important for most of y'all (except the ones who were missing -<version>). I bet "supporting the given repository" is the more relevant part. In other words, I think the repo-server probably is finding your plugin, but that it's hitting an error when running the plugin.

I'd recommend inspecting the logs of both the repo-server and the sidecar.

We've improved sidecar plugin logs a lot since 2.6. v2.8 should provide much better info.