Support for ArgoCD v2.5.1

[Coder63]

Do you expect this to work as sidecar option too ? With v2.5.1 configmap is deprecated . Any pointer to make it work for sidecar option ...

[travisghansen]

It has been on my list to look into what the new interface is but I haven’t had a chance :( I do intend to make update to the newer style when I can however.

[joshuasimon-taulia]

Maybe https://github.com/lucj/argocd-helmfile-plugin should be consolidated with this project

[Coder63]

Maybe https://github.com/lucj/argocd-helmfile-plugin should be consolidated with this project

@joshuasimon-taulia : Did it work for you ? It did not work for me and says WIP too

[joshuasimon-taulia]

haven't tried it yet. it just seems like duplicate effort

[travisghansen]

I'm happy to collaborate. He never reached out unfortunately :(

[lucj]

Hi @joshuasimon-taulia did you try my repo but did not managed to have it working fine ? @travisghansen I would be happy to collaborate 👍

[travisghansen]

@lucj I think that would be great! I haven’t had time to investigate the sidecar approach yet and likely will be another couple of weeks before I can really dig in (time consuming life events going on atm). If it makes sense we could fire up a new github org and formalize things a bit more.

[lucj]

@travisghansen no problem at all. In the meantime I'll update the instructions a bit so it's easier to give it a try. My repo is currently a WIP so that will make sense to formalize the things later on, totally agree on that.

[armenr]

@travisghansen @lucj - Huge fan of both of your repos. Since I started rebuilding our entire workflow (helmfile + sops + argocd), both of your repos have been a huge help.

Having you both here, selfishly...I need to ask one thing:

I once saw a post (online or in a GitHub issue) that explained how to tweak your argocd + helmfile set up so that you could see the values for the chart, directly in the ArgoCD UI...just the same way that any generic helm chart installed through ArgoCD will display in the ArgoCD UI.

Unfortunately, I did a very bad of job of keeping track of that particular information.

Do either of you know/have any idea how to achieve that? It seemed to be a straightforward implementation...I just can't recall it.

[armenr]

I can also confirm that a slightly tweaked version of @lucj 's implementation definitely works.

[lucj]

Thanks @armenr for this feedback. Could you tell me more regarding the tweak ?

[samba1112]

Any update on updating Documentation for sidecar method with Argocd helm values

[travisghansen]

OK, finally have some time to look into this. @lucj you want to sync up and collaborate at all?

[travisghansen]

OK team, I have built images of this now so you should be able to try it as the sidecar setup (I haven't ran it yet personally but probably will try in the next week or so). For anyone wanting to give it a go it should be pretty simple:

containers:
- name: cmp
  image: travisghansen/argo-cd-helmfile:latest
  securityContext:
    runAsNonRoot: true
    runAsUser: 999
  volumeMounts:
    - mountPath: /var/run/argocd
      name: var-files
    - mountPath: /home/argocd/cmp-server/plugins
      name: plugins
    # mitigate path traversal attacks.
    - mountPath: /tmp
      name: cmp-tmp
volumes:
  - emptyDir: {}
    name: cmp-tmp

I would recommend adding any custom tools via the init process into the/a shared dir and then setting the PATH env of the container to something like:

PATH=/custom-tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

The discovery process has been implemented so it should pick that up ok. Generally following the instructions here should get you going: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/#3-register-the-plugin-sidecar

[lucj]

Hi @travisghansen did you have a chance to try this approach ? https://github.com/lucj/argocd-helmfile-plugin Do not hesitate to give me feedback and tell how you think we could collaborate on this.

[travisghansen]

Hey @lucj I did take a look at your project! I cannot lose the functionality I've built into mine and so wouldn't be able to use what you've put together. Looking at the repo however helped me better understand how the sidecar plugins are supposed to work (I frankly don't love the approach and overhead, I feel like on large repos the git data being sent over grpc would blow up badly and introduces some nasty overhead...when I give it a try I'll know better though).

Happy to collaborate however if you feel something is needed! From what I can tell this project currently allows far more control of the behavior of helmfile.

[travisghansen]

I should note, the guts of my setup are the same whether you do sidecar or not so my intent is currently to continue to work with both styles, both execute the same script and generally function exactly the same...just how the script is executed is slightly different.

Honestly, the custom images I've built are really entirely unecessary, it would be easy to download the scripts from this project via an init container (same as the 'old' style setup) and place them in the custom-tools directory and just let everything run on a busybox image. But I already did the work so I'll just leave it for now :)

[joshuasimon-taulia]

I should note, the guts of my setup are the same whether you do sidecar or not so my intent is currently to continue to work with both styles, both execute the same script and generally function exactly the same...just how the script is executed is slightly different.

Honestly, the custom images I've built are really entirely unecessary, it would be easy to download the scripts from this project and place them in the custom-tools directory and just let everything run on a busybox image. But I already did the work so I'll just leave it for now :)

imo, pulling a docker image is a little more stable than curl or wget in a busybox container. i try to avoid futzing with curl retry logic in an initContainer whenever possible

[travisghansen]

That's fair enough. If you have other binaries needed (ie: sops, age, jq, yq, helm plugins, etc) then you'll need an init container to download those as well. I just don't currently want all those bundled up in the repo-server image nor the image for this project.

My plugin images do contain helm and helmfile binaries so basic usage should work right away.

[travisghansen]

With this new feature I will ‘all in’ on this which will make it much more accessible I believe: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/parameterized-config-management-plugins.md

Good stuff coming!

[travisghansen]

I’m making progress on this. Anyone care to shout out specific binaries or apps they feel should be included in the image? I currently have helmfile and helm binaries, jq, yq, sops, age, and helm secrets plugin.

[travisghansen]

Ready for some testing/validation: https://github.com/travisghansen/argo-cd-helmfile#sidecar

I've upgraded some non-critical installations on my end to use the sidecar setup and they seem to be working fine thus far.