Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

argocd vault plugin issues with helm chart not able to deploy #653

Closed
Zoli8501 opened this issue Jul 9, 2024 · 4 comments
Closed

argocd vault plugin issues with helm chart not able to deploy #653

Zoli8501 opened this issue Jul 9, 2024 · 4 comments

Comments

@Zoli8501
Copy link

Zoli8501 commented Jul 9, 2024

Describe the bug
Using sh or bash the same error is shown by using helm chart:

$ helm dependency update
Error: cannot load irregular file /home/argocd/cmp-server/plugins/argocd-vault-plugin-helm.sock as it has file mode type bits set
$
$ helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE --include-crds . | argocd-vault-plugin generate -s vault-kubernetes -
Error: cannot load irregular file /home/argocd/cmp-server/plugins/argocd-vault-plugin-helm.sock as it has file mode type bits set

Vault plugin configured as sidecar:
configmap cmp-plugin:
apiVersion: v1
kind: ConfigMap
metadata:
name: cmp-plugin
namespace: argocd
data:
avp.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: argocd-vault-plugin
spec:
allowConcurrency: true
discover:
find:
command:
- sh
- "-c"
- "find . -name '*.yaml' | xargs -I {} grep "<path\|avp\.kubernetes\.io" {} | grep ."
generate:
command:
- argocd-vault-plugin
- generate
- "."
- "-s"
- "vault-kubernetes"
lockRepo: false

avp-helm.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: argocd-vault-plugin-helm
spec:
allowConcurrency: true

  # Note: this command is run _before_ any Helm templating is done, therefore the logic is to check
  # if this looks like a Helm chart
  discover:
    find:
      command:
        - sh
        - "-c"
        - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
  init:
    command:
      - bash
      - "-c"
      - "helm dependency update"
  generate:
    command:
      - bash
      - "-c"
      - |
        helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE --include-crds . |
        argocd-vault-plugin generate -s vault-kubernetes -
  lockRepo: false

Expected behavior
with avp.yaml able to fetch password from vault, but deploying helm chart it is not possible.
avp-helm.yaml configuration set according to documentation.

Screenshots/Verbose output
image

Additional context
In argocd if sync is working, the resources are not reachable, currently following error is shown:
image
@Zoli8501
Copy link
Author

Hi,
basically the plugin doesn't see the manifest:
$ /usr/local/bin/helm dependency update
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-application-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-applicationset-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-cmp-server resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-dex resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-k8s-auth resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-notifications resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-repo-server resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-server resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/uid_entrypoint.sh resolves to /usr/local/bin/entrypoint.sh. Contents of linked file included and used
Error: Chart.yaml file is missing
$
$ /usr/local/bin/helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE --include-crds . |
argocd-vault-plugin generate -s vault-kubernetes ->
/bin/sh: 14: argocd-vault-plugin: not found
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-application-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-applicationset-controller resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-cmp-server resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-dex resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-k8s-auth resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-notifications resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-repo-server resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/argocd-server resolves to /usr/local/bin/argocd. Contents of linked file included and used
walk.go:74: found symbolic link in path: /usr/local/bin/uid_entrypoint.sh resolves to /usr/local/bin/entrypoint.sh. Contents of linked file included and used
Error: Chart.yaml file is missing
$
$ find . -name 'Chart.yaml' && find . -name 'values.yaml'
$

What additional settings needs to be done to have the manifest fetched and synchronised in ArgoCD?
Thank you

@zs-ko
Copy link

zs-ko commented Jul 25, 2024
edited
Loading

@Zoli8501 if you are using multi source applications and shared the folder structure with other types of deployments like pure yaml resources or kustomization files then the find command in the plugin returns values and non zero exit code and triggers the helm plugin when it should use another plugin or none.

edit: changed command to return zero output and return code on missing files

try to use this instead for the find command

discover:
        find:
          command:
            - sh
            - "-c"
            - "[ -f 'Chart.yaml' ] && [ -f 'values.yaml' ] && (ls Chart.yaml && ls values.yaml) || return 0"

@zs-ko
Copy link

zs-ko commented Jul 25, 2024

@Zoli8501 lookin closer, argocd says helm command not found. is helm installed in the sidecar?

@Zoli8501
Copy link
Author

Finally I got it.../home/argocd was ro, so it had to be mounted apart from / and rw permission was added,
now everything seems to be working now, resources are reachable for the plugin.
Vault couldn't cache token from /home/argocd/.avp

I will close the issue.
Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Zoli8501 @zs-ko