diff --git a/apps/argocd/base/vault-plugin/argo-repo-server-sidecars.yaml b/apps/argocd/base/vault-plugin/argo-repo-server-sidecars.yaml index 6d7850c0..3299486e 100644 --- a/apps/argocd/base/vault-plugin/argo-repo-server-sidecars.yaml +++ b/apps/argocd/base/vault-plugin/argo-repo-server-sidecars.yaml @@ -8,7 +8,6 @@ spec: app.kubernetes.io/name: argocd-repo-server template: spec: - # Mount SA token for Kubernets auth # Note: In 2.4.0 onward, there is a dedicated SA for repo-server (not default) # Note: This is not fully supported for Kubernetes < v1.19 @@ -22,7 +21,7 @@ spec: - name: custom-tools emptyDir: {} - name: cmp-tmp - emptyDir: { } + emptyDir: {} # Download tools initContainers: @@ -118,29 +117,29 @@ spec: mountPath: /usr/local/bin/argocd-vault-plugin # argocd-vault-plugin with Kustomize and Helm - - name: avp-helm-kustomize - command: [ /var/run/argocd/argocd-cmp-server ] - image: quay.io/argoproj/argocd:v2.7.13 - securityContext: - runAsNonRoot: true - runAsUser: 999 - volumeMounts: - - mountPath: /var/run/argocd - name: var-files - - mountPath: /home/argocd/cmp-server/plugins - name: plugins - - mountPath: /tmp - name: cmp-tmp - - # Register plugins into sidecar - - mountPath: /home/argocd/cmp-server/config/plugin.yaml - subPath: avp-helm-kustomize.yaml - name: cmp-plugin - - # Important: Mount tools into $PATH - - name: custom-tools - subPath: argocd-vault-plugin - mountPath: /usr/local/bin/argocd-vault-plugin +# - name: avp-helm-kustomize +# command: [ /var/run/argocd/argocd-cmp-server ] +# image: quay.io/argoproj/argocd:v2.7.13 +# securityContext: +# runAsNonRoot: true +# runAsUser: 999 +# volumeMounts: +# - mountPath: /var/run/argocd +# name: var-files +# - mountPath: /home/argocd/cmp-server/plugins +# name: plugins +# - mountPath: /tmp +# name: cmp-tmp +# +# # Register plugins into sidecar +# - mountPath: /home/argocd/cmp-server/config/plugin.yaml +# subPath: avp-helm-kustomize.yaml +# name: cmp-plugin +# +# # Important: Mount tools into $PATH +# - name: custom-tools +# subPath: argocd-vault-plugin +# mountPath: /usr/local/bin/argocd-vault-plugin # argocd-vault-plugin with plain YAML - name: avp diff --git a/apps/argocd/base/vault-plugin/vault-plugin-cm.yaml b/apps/argocd/base/vault-plugin/vault-plugin-cm.yaml index 8bd437b9..313f32d5 100644 --- a/apps/argocd/base/vault-plugin/vault-plugin-cm.yaml +++ b/apps/argocd/base/vault-plugin/vault-plugin-cm.yaml @@ -3,26 +3,12 @@ kind: ConfigMap metadata: name: cmp-plugin data: - avp-kustomize.yaml: | - --- - apiVersion: argoproj.io/v1alpha1 - kind: ConfigManagementPlugin - metadata: - name: argocd-vault-plugin-kustomize - spec: - allowConcurrency: true - discover: - find: - command: [sh, -c, "find . -name kustomization.yaml"] - generate: - command: [sh, -c, "kustomize build . | argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret"] - lockRepo: false - avp-helm-kustomize.yaml: | + avp-helm-args.yaml: | --- apiVersion: argoproj.io/v1alpha1 kind: ConfigManagementPlugin metadata: - name: argocd-vault-plugin-kustomize-helm-args + name: argocd-vault-plugin-helm-args spec: allowConcurrency: true discover: @@ -31,29 +17,28 @@ data: - sh - "-c" - | - if [ -n "$(find . -name 'values.yaml' | head -1)" ] && - [ -n "$(find . -name 'Chart.yaml' | head -1)" ] && - [ -n "$(find . -name 'kustomization.yaml' | head -1)" ] && - [ -n "${ARGOCD_ENV_helm_args}" ]; then - echo "Hit!" + if [ -n "$(find . -name 'Chart.yaml')" ] && # if find output is nonzero + [ -n "$(find . -name 'values.yaml')" ] && # if find output is nonzero + [ -n "${ARGOCD_ENV_helm_args}" ]; # if var ARGOCD_ENV_helm_args is defined and nonzero + then + echo "ARGOCD_ENV_helm_args!" fi init: - command: [sh, -c, "helm dependency update"] + command: [ sh, -c, "helm dependency update" ] generate: command: - - sh + - bash - "-c" - - >- - helm template $ARGOCD_APP_NAME --include-crds -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_helm_args} . > manifest.yaml && - kustomize build | + - | + helm template $ARGOCD_APP_NAME --include-crds -n $ARGOCD_APP_NAMESPACE $ARGOCD_ENV_helm_args . | argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret lockRepo: false - avp-helm-args.yaml: | + avp-helm-values.yaml: | --- apiVersion: argoproj.io/v1alpha1 kind: ConfigManagementPlugin metadata: - name: argocd-vault-plugin-helm-args + name: argocd-vault-plugin-helm-values spec: allowConcurrency: true discover: @@ -61,54 +46,36 @@ data: command: - sh - "-c" - - >- - if [ -n "$(find . -name 'values.yaml' | head -1)" ] && - [ -z "$(find . -name 'kustomization.yaml')" ] && - [ -n "$(find . -name 'Chart.yaml' | head -1)" ] && - [ -n "${ARGOCD_ENV_helm_args}" ]; then - echo "Hit!" + - | + if [ -n "$(find . -name 'Chart.yaml')" ] && + [ -n "$(find . -name 'values.yaml')" ] && + [ -n "${ARGOCD_ENV_HELM_VALUES}" ]; + then + echo "ARGOCD_ENV_HELM_VALUES" fi init: - command: [sh, -c, "helm dependency update"] + command: [ sh, -c, "helm dependency update" ] generate: command: - bash - "-c" - - >- - helm template $ARGOCD_APP_NAME --include-crds -n $ARGOCD_APP_NAMESPACE $ARGOCD_ENV_helm_args . | + - | + helm template --include-crds $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE -f <(echo "$ARGOCD_ENV_HELM_VALUES") . | argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret lockRepo: false - avp-helm-values.yaml: | + avp-kustomize.yaml: | --- apiVersion: argoproj.io/v1alpha1 kind: ConfigManagementPlugin metadata: - name: argocd-vault-plugin-helm + name: argocd-vault-plugin-kustomize spec: allowConcurrency: true discover: find: - command: - - sh - - "-c" - - >- - if [ -n "$(find . -name 'values.yaml' | head -1)" ] && - [ -n "$(find . -name 'Chart.yaml' | head -1)" ] && - [ -n "$(find . -name '*.yaml' | xargs -I {} grep '- - helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE -f <(echo "$ARGOCD_ENV_HELM_VALUES") . | - argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret + command: [ sh, -c, "kustomize build . | argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret" ] lockRepo: false avp.yaml: | apiVersion: argoproj.io/v1alpha1 @@ -123,12 +90,11 @@ data: - sh - "-c" - >- - if [ -z "$(find . -name 'Chart.yaml')" ] && - [ -z "$(find . -name 'kustomization.yaml')" ] && - [ -n "$(find . -name '*.yaml')" ] && + if [ -z "${ARGOCD_ENV_helm_args}" ] && + [ -z "${ARGOCD_ENV_HELM_VALUES}" ] && [ -n "$(find . -name '*.yaml' | xargs -I {} grep '