Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to use Argo Vault Plugin as Sidecar with ArgoCD Helm Chart - Documentation Request #474

Open
ayeks opened this issue Mar 10, 2023 · 12 comments
Open

How to use Argo Vault Plugin as Sidecar with ArgoCD Helm Chart - Documentation Request #474

ayeks opened this issue Mar 10, 2023 · 12 comments

Comments

@ayeks
Copy link

ayeks commented Mar 10, 2023

Hey everyone,

first of all: Thanks a lot for this awesome plugin. It helps a lot!

Because argocd-cm plugins are deprecated, and support will be removed in v2.7 I looked into the sidecar installation of argo-vault-plugin. After some hours where I tried to wrap my head around the documentation I am a bit lost. I am looking for the best way to integrate in into the repoServer configuration of the official ArgoCD Helm Chart. The official Argo CMP documentation is also not super clear to me on how everything works together.

However, the documentation just tells you that I should replace the repo server deployment with the one in the documentation. I don't think that this is the best to do this when one is deploying ArgoCD with Helm, right? Is anyone around who already has a working configuration and can just share the repoServer: part of your values.yaml definition?

I will be the first to contribute a working Helm config to the vault plugin docu, once I get it working. :)

Best regards
Lars
@carslen
Copy link

carslen commented Mar 14, 2023

Maybe the latest Chart release (5.26.0) will answer your question? They just added CMP with sidecar to the helm chart.

@s7an-it
Copy link

s7an-it commented Mar 15, 2023

Simple example is definitely needed.

@ayeks
Copy link
Author

ayeks commented Mar 16, 2023

So I had some time to do look into that. To me it seems that the AVP docs are only describing the soon to be deprecated ConfigMap plugin way to install a plugin and not the sidecar plugin. This issue is related to: #464

In another issue someone already switched to the sidecar plugin but has some different problems: #460 However, I will see how far I can reuse his setup.

@carslen
Copy link

carslen commented Mar 16, 2023

The usage page describe the old configMap and the sidecar implementation. Be careful with the variable names, on that page there is a mix of upper and lower case var names used (ARGOCD_ENV_HELM_ARGS in pluginconfiguration vs helm_args in Argo App definition). User either upper or lower but do not mix it. Also, do not add name: argocd-vault-plugin-helm to your app, this will print a depricated waring in WebUI.

@werne2j
Copy link
Member

werne2j commented Mar 21, 2023

Yes, you can find some sidecar docs here https://argocd-vault-plugin.readthedocs.io/en/stable/installation/#initcontainer-and-configuration-via-sidecar but since AVP is just the binary following the official guide is recommended https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#sidecar-plugin. And you can then swap out the init, generate and discover to follow our docs https://argocd-vault-plugin.readthedocs.io/en/stable/usage/#with-helm

@perebaj
Copy link

perebaj commented Apr 14, 2023

I'm also confused about the documentation. In my case, I want to export secrets from GCP using AVP, and my Argo service is deployed in a K8s cluster using the official Helm chart. However, I have doubts about how Argo will access the secrets inside my GCP organization, and how to install the plugin with Helm.

@werne2j
Copy link
Member

werne2j commented Apr 14, 2023

@perebaj the docs for GCP are here https://argocd-vault-plugin.readthedocs.io/en/stable/backends/#gcp-secret-manager and here is the values for cmp in the helm chart https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml#L349 hope that helps

@ruzickap ruzickap mentioned this issue Jun 3, 2023
Open
@alexvaque
Copy link

I wrote a tutorial for HELM AVP installations with sidecar and non sidecar installation.. Please , correct me if I made something wrong in the explanation, thank you very much

https://www.cloudadmins.org/argo-vault-plugin-avp/

however, finally what worked 100% good without any issue and easy way for me, it was the Installation via argocd-cm ConfigMap using Helm

Hope that I could give a small contribution to the community.

@yair-segal
Copy link

yair-segal commented Jun 5, 2023
edited
Loading

@alexvaque I think your tutorial is great.
There is no place to comment on the tutorial itself - so I'll abuse this thread to add my comment :)
While I agree that using "argocd-cm" is the "easiest installation method out of the two", it is important to mention that this option is planned to be removed - "drop support for argocd-cm Config Management Plugins in favor of sidecars" argoproj/argo-cd#8117
(so even though you put hard work into this option, it may be worth to simplify your tutorial and focus only on the sidecar option...)
According to the official "Installing a config management plugin" docs - "ConfigMap plugin (this method is deprecated and will be removed in a future version)"

@alexvaque
Copy link

alexvaque commented Jun 8, 2023
edited
Loading

yes, thanks for your comment , it is very useful and I am agree on that . For timing and some blockers that I found installing the sidecar , we are using the argocd-cm but it is on our mind to be replaced in a while for the sidecar option . I was thinking to move my tutorial in another place for the comments , EDITED: done-> https://medium.com/@alexvaque/argo-vault-plugin-avp-installation-via-helm-7de7fe5e95a4

@alexvaque alexvaque mentioned this issue Jun 8, 2023
Closed
@thieugiatri4492
Copy link

I face the problem while install with Sidecar: When i chose avp plugin in argocd, i create external-dns application, it throws this error:
"error": "application spec for external-dns is invalid: InvalidSpecError: Unable to generate manifests in : rpc error: code = Unknown desc = Manifest generation error (cached): plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: sh -c \"helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} . |\\nargocd-vault-plugin generate -\\n\" failed exit status 127: /usr/local/bin/argocd-vault-plugin: 1: Not: not found"

@rothbauer
Copy link

I face the problem while install with Sidecar: When i chose avp plugin in argocd, i create external-dns application, it throws this error: "error": "application spec for external-dns is invalid: InvalidSpecError: Unable to generate manifests in : rpc error: code = Unknown desc = Manifest generation error (cached): plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: sh -c \"helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} . |\\nargocd-vault-plugin generate -\\n\" failed exit status 127: /usr/local/bin/argocd-vault-plugin: 1: Not: not found"

I saw this error when I tried to run argocd-vault-plugin generate manually in the avp-helm container... I think I fixed it by editing cmp-plugin configMap, where data."avp-helm.yaml" key was a one-liner string with newline characters in it. If it's also your case, then delete all the comments from the configMap definition and fix it.

Anyways, I agree it's not very well documented. In my case it looks like the plugin (I use sidecar variant) is never called by argocd-repo-server. Don't know why yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@s7an-it @ayeks @werne2j @yair-segal @thieugiatri4492 @alexvaque @carslen @perebaj @rothbauer