search

flux-subsystem-argo / flamingo

Flux Subsystem for Argo
https://flux-subsystem-argo.github.io/website/
Apache License 2.0
638 stars 41 forks source link

Private git repo credentials #56

Closed vvarga007 closed 7 months ago

vvarga007 commented 7 months ago

Hi,

I cannot pull artifacts from a private repo. This is how my Argo application looks like

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: podinfo-ks
  namespace: argocd
  labels:
    app.kubernetes.io/managed-by: flamingo
    flamingo/workload-name: podinfo
    flamingo/workload-type: "Kustomization"
    flamingo/destination-namespace: "podinfo-kustomize"
spec:
  destination:
    namespace: podinfo-kustomize
    server: https://kubernetes.default.svc
  project: default
  source:
    path: config/podinfo-kustomize
    repoURL: https://xxx.xxx/yyyy/argocd-app-config.git
    targetRevision: master
  syncPolicy:
    automated:
      prune: true
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - FluxSubsystem=true
      - AutoCreateFluxResources=true

When I deploy this application, it creates a Flux resource:

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"source.toolkit.fluxcd.io/v1beta2","kind":"GitRepository","metadata":{"annotations":{},"name":"podinfo-ks","namespace":"podinfo-kustomize"},"spec":{"interval":"10m","ref":{"branch":"master"},"url":"https://xxxx/yyyy/argocd-app-config.git"}}
  creationTimestamp: '2024-02-22T20:08:30Z'
  finalizers:
    - finalizers.fluxcd.io
  generation: 1
  name: podinfo-ks
  namespace: podinfo-kustomize
  resourceVersion: '81798'
  uid: 04e92dcc-aa76-47e2-84c0-0cefefd9b8c6
spec:
  interval: 10m
  ref:
    branch: master
  timeout: 60s
  url: 'https://xxxxx/yyyyy/argocd-app-config.git'

However, it is a private repo, so authentication is needed, hence the error message "failed to checkout and determine revision: unable to clone 'https://xxxxxargocd-app-config.git': authentication required"

How can I tell Argo to add ".spec.secretRef.name" to this GitRepository resource so authentication can be done properly?

Thanks,

chanwit commented 7 months ago

Hi @vvarga007

We do not support specifying credentials for generated Flux manifests from UI. To authenticate your Git repository, please follow the standard Flux procedure by creating a Secret. Instead of creating the application via UI, please use flamingo gen-app command to generate the ArgoCD application.

chanwit commented 7 months ago

Quick update with some good news @vvarga007 We have a new patch on the FSA image to allow specify spec blocks for Kustomizations and HelmReleases. This new feature would solve your problem.

Here: https://github.com/flux-subsystem-argo/fsa/issues/15

vvarga007 commented 7 months ago

That is great! I will test it.

Thank you very much!

chanwit commented 7 months ago

I close this issue for now. please feel free to reopen if the annotations don't work for you.