search

viaduct-ai / kustomize-sops

KSOPS - A Flexible Kustomize Plugin for SOPS Encrypted Resources
Apache License 2.0
643 stars 82 forks source link

KSOPS Config With Argo Values.yaml - Unable to find plugin root #207

Closed TitanRob16 closed 12 months ago

TitanRob16 commented 12 months ago

There seems to be some info missing from the README regarding the ksops installation via the values.yaml file.

I have the following in my values.yaml file:

server:
...
  config:
    kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"
repoServer:
...
  volumes:
    - name: custom-tools
      emptyDir: {}
  initContainers:
    - name: install-ksops
      image: viaductoss/ksops:v4.2.4
      command: ["/bin/sh", "-c"]
      args:
        - echo "Installing KSOPS...";
          mv ksops /custom-tools/;
          mv kustomize /custom-tools/;
          echo "Done.";
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools
  volumeMounts:
    - mountPath: /usr/local/bin/kustomize
      name: custom-tools
      subPath: kustomize
    - mountPath: /usr/local/bin/ksops
      name: custom-tools
      subPath: ksops

However, when I try to create an application via Argo CD's GUI, I get the error:

Unable to create application: application spec for gitops-argocd-sops is invalid: InvalidSpecError: Unable to generate manifests in base: rpc error: code = Unknown desc = `kustomize build <path to cached source>/base --enable-alpha-plugins --enable-exec` failed exit status 1: Error: loading generator plugins: failed to load generator: unable to find plugin root - tried: ('<no value>'; homed in $KUSTOMIZE_PLUGIN_HOME), ('/usr/local/bin/kustomize/plugin'; homed in $XDG_CONFIG_HOME), ('/home/argocd/.config/kustomize/plugin'; homed in default value of $XDG_CONFIG_HOME), ('/home/argocd/kustomize/plugin'; homed in home directory)

Some older blogs say to use a config like this instead:

      # 1. Define an emptyDir volume which will hold the custom binaries
      volumes:
        - name: custom-tools
          emptyDir: {}
      # 2. Use an init container to download/copy custom binaries into the emptyDir
      initContainers:
        - name: install-ksops
          # Match Argo CD Go version
          image: viaductoss/ksops:v2.1.1-go-1.14
          command: ["/bin/sh", "-c"]
          args:
            - echo "Installing KSOPS...";
              export PKG_NAME=ksops;
              mv ${PKG_NAME}.so /custom-tools/;
              mv $GOPATH/bin/kustomize /custom-tools/;
              echo "Done.";
          volumeMounts:
            - mountPath: /custom-tools
              name: custom-tools
      # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
      serviceAccountName: gke-argocd-demo
      containers:
        - name: argocd-repo-server
          volumeMounts:
            - mountPath: /usr/local/bin/kustomize
              name: custom-tools
              subPath: kustomize
              # Verify this matches a XDG_CONFIG_HOME=/.config env variable
            - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops.so
              name: custom-tools
              subPath: ksops.so
          # 4. Set the XDG_CONFIG_HOME env variable to allow kustomize to detect the plugin
          env:
            - name: XDG_CONFIG_HOME
              value: /.config

But this also doesn't work.

There's very clearly a problem with the plugin location; how should the values.yaml be configured?

dosubot[bot] commented 12 months ago

πŸ€–

Hello,

Based on the error message you're seeing, it seems like the KSOPS plugin is not being correctly located by Argo CD. This could be due to a misconfiguration in your values.yaml file or an issue with the Argo CD environment.

From the issues I found in the KSOPS repository, there are a few things you could try:

  1. Change the location of sops-age volume mount in the deployment manifest. The current configuration might be overriding the KSOPS mount and deleting the KSOPS plugin. You can find more details in this issue.

  2. Correct the environment variables in Argo CD. XDG_CONFIG_HOME should be set to /.config not ~/.config. You can find more details in this issue.

  3. Use the correct patch for KSOPS v4.2.4. The patch should look like:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argocd-repo-server
spec:
  template:
    spec:
      volumes:
        - name: custom-tools
          emptyDir: {}
      initContainers:
        - name: install-ksops
          image: viaductoss/ksops:v4.2.4
          command: ["/bin/sh", "-c"]
          args:
            - echo "Installing KSOPS...";
              mv ksops /custom-tools/;
              mv kustomize /custom-tools/;
              echo "Done.";
          volumeMounts:
            - mountPath: /custom-tools
              name: custom-tools
      containers:
        - name: argocd-repo-server
          volumeMounts:
            - mountPath: /usr/local/bin/kustomize
              name: custom-tools
              subPath: kustomize
            - mountPath: /usr/local/bin/ksops
              name: custom-tools
              subPath: ksops

You can apply this patch to your Argo CD deployment with the following command:

kubectl patch deployment argocd-repo-server -n argocd -p "$(cat argo-cd-repo-server-ksops-patch.yaml)"

Alternatively, you can create a custom Argo CD Docker image with KSOPS. You can find the steps to do this in the KSOPS README.

Lastly, remember to enable Kustomize Alpha Plugins via Argo CD ConfigMap, which is required for KSOPS:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
data:
  kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"

I hope this helps! If you have any other questions or if the issue persists, please let me know.

Sources

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a πŸ‘ if this is helpful and πŸ‘Ž if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

devstein commented 12 months ago

Hey @TitanRob16 sorry that you are running into issues. Can you share your generator manifest?

Given the error it looks like you're using the legacy style exec plugins, which like the blog suggests, requires XDG_CONFIG_HOME to be set. It'll look something like this (notice no .so after ksops)

      containers:
        - name: argocd-repo-server
          volumeMounts:
            - mountPath: /usr/local/bin/kustomize
              name: custom-tools
              subPath: kustomize
              # Verify this matches a XDG_CONFIG_HOME=/.config env variable
            - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops
              name: custom-tools
              subPath: ksops
          # 4. Set the XDG_CONFIG_HOME env variable to allow kustomize to detect the plugin
          env:
            - name: XDG_CONFIG_HOME
              value: /.config
TitanRob16 commented 12 months ago

Thanks, @devstein - setting those values got me over that initial error. You mention I'm using the legacy style exec plugins; is there a better, non-legacy method available? Much of what I've read is from 3/4 years ago.

devstein commented 12 months ago

@TitanRob16 Glad to hear.

The kustomize ecosystem is migrating to "KRM-style" plugins. The KSOPS resource looks like this.

With that said, they have been "migrating" for several years now and it's unclear what the timeline is to actually dropping support for the old exec plugins. I'd say use whatever work πŸ˜„

TitanRob16 commented 12 months ago

Thanks very much, @devstein!

valkiriaaquatica commented 1 month ago

Thanks very much, @devstein!

Hey, did you finally resolve the issue? I'm stuck on the same error you were having :(

Using helm values + and ksops config as you showed on the first message, but still the error