Plugin prevents Kustomize to work #5613

antonionappi88 · 2021-02-25T17:24:33Z

antonionappi88
Feb 25, 2021

Hello,
I'm new to ArgoCD and I'm facing a strange issue.

I'm using a custom plugin to get secret from Vault and produce a K8s secret.

This is my application:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: prometheus-self
  namespace: argocd
  labels:
    app: prometheus
    component: self
spec:
  destination:
    namespace: argocd
    server: https://kubernetes.default.svc
  project: default
  source:
    path: overlays/qa/clusters/my-cluster
    repoURL: https://myrepo.com
    targetRevision: HEAD
    plugin:
      name: argocd-vault-plugin

In my repository at path overlays/qa/clusters/my-cluster I have:

├── kustomization.yaml
├── patches
│   ├── alertmanager_patch.yaml
│   ├── grafana_patch.yaml
│   ├── ingress_controller_patch.yaml
│   ├── prometheus_operator_patch.yaml
│   └── pushgateway_patch.yaml
├── remote_secrets
│   └── my_secret.yaml
├── self.yaml

and this is my kustomation.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../base/prometheus
- ./remote_secrets/my_secret.yaml
- ./self.yaml

If I use the plugin in my application, it isn't able to create other resource then ./remote_secrets/my_secret.yaml.
If instead I don't specify the plugin and let kustomize to work, the secret isn't update with the value from Vault.

Is this a bug or is it suppose to work like that ?

Thanks,
Antonio

Answered by jgwest

Feb 25, 2021

Hi Antonio, I believe this would be a question for the maintainers of the argocd-vault-plugin. When specifying a custom management plugin, the generation of YAML is delegated by Argo CD to the configured plugin, and so the behaviour would be dependent on that plugin's behaviour.

With that said, it looks to me like that tool doesn't use Kustomize to process the YAML, after the secret substitution has taken place, so that would explain why the Kustomize resources are ignored. They would need to add Kustomize support directly in order to handle this.

View full answer

jgwest · 2021-02-25T18:33:27Z

jgwest
Feb 25, 2021
Maintainer

Hi Antonio, I believe this would be a question for the maintainers of the argocd-vault-plugin. When specifying a custom management plugin, the generation of YAML is delegated by Argo CD to the configured plugin, and so the behaviour would be dependent on that plugin's behaviour.

With that said, it looks to me like that tool doesn't use Kustomize to process the YAML, after the secret substitution has taken place, so that would explain why the Kustomize resources are ignored. They would need to add Kustomize support directly in order to handle this.

1 reply

antonionappi88 Feb 26, 2021
Author

Hi Jonathan,
thanks for the quick reply. Yes I opened an issue with the owner of the plugin. I'll follow up there: argoproj-labs/argocd-vault-plugin#74

Thanks,
Antonio

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Plugin prevents Kustomize to work #5613

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Plugin prevents Kustomize to work #5613

antonionappi88 Feb 25, 2021

Replies: 1 comment · 1 reply

jgwest Feb 25, 2021 Maintainer

antonionappi88 Feb 26, 2021 Author

antonionappi88
Feb 25, 2021

Replies: 1 comment 1 reply

jgwest
Feb 25, 2021
Maintainer

antonionappi88 Feb 26, 2021
Author