Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: refactor avp setup #426

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

chore: refactor avp setup #426

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 24 additions & 25 deletions apps/argocd/base/vault-plugin/argo-repo-server-sidecars.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ spec:
app.kubernetes.io/name: argocd-repo-server
template:
spec:

# Mount SA token for Kubernets auth
# Note: In 2.4.0 onward, there is a dedicated SA for repo-server (not default)
# Note: This is not fully supported for Kubernetes < v1.19
Expand All @@ -22,7 +21,7 @@ spec:
- name: custom-tools
emptyDir: {}
- name: cmp-tmp
emptyDir: { }
emptyDir: {}

# Download tools
initContainers:
Expand Down Expand Up @@ -118,29 +117,29 @@ spec:
mountPath: /usr/local/bin/argocd-vault-plugin

# argocd-vault-plugin with Kustomize and Helm
- name: avp-helm-kustomize
command: [ /var/run/argocd/argocd-cmp-server ]
image: quay.io/argoproj/argocd:v2.7.13
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: cmp-tmp

# Register plugins into sidecar
- mountPath: /home/argocd/cmp-server/config/plugin.yaml
subPath: avp-helm-kustomize.yaml
name: cmp-plugin

# Important: Mount tools into $PATH
- name: custom-tools
subPath: argocd-vault-plugin
mountPath: /usr/local/bin/argocd-vault-plugin
# - name: avp-helm-kustomize
# command: [ /var/run/argocd/argocd-cmp-server ]
# image: quay.io/argoproj/argocd:v2.7.13
# securityContext:
# runAsNonRoot: true
# runAsUser: 999
# volumeMounts:
# - mountPath: /var/run/argocd
# name: var-files
# - mountPath: /home/argocd/cmp-server/plugins
# name: plugins
# - mountPath: /tmp
# name: cmp-tmp
#
# # Register plugins into sidecar
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
# subPath: avp-helm-kustomize.yaml
# name: cmp-plugin
#
# # Important: Mount tools into $PATH
# - name: custom-tools
# subPath: argocd-vault-plugin
# mountPath: /usr/local/bin/argocd-vault-plugin

# argocd-vault-plugin with plain YAML
- name: avp
Expand Down
92 changes: 29 additions & 63 deletions apps/argocd/base/vault-plugin/vault-plugin-cm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,26 +3,12 @@ kind: ConfigMap
metadata:
name: cmp-plugin
data:
avp-kustomize.yaml: |
---
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: argocd-vault-plugin-kustomize
spec:
allowConcurrency: true
discover:
find:
command: [sh, -c, "find . -name kustomization.yaml"]
generate:
command: [sh, -c, "kustomize build . | argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret"]
lockRepo: false
avp-helm-kustomize.yaml: |
avp-helm-args.yaml: |
---
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: argocd-vault-plugin-kustomize-helm-args
name: argocd-vault-plugin-helm-args
spec:
allowConcurrency: true
discover:
Expand All @@ -31,84 +17,65 @@ data:
- sh
- "-c"
- |
if [ -n "$(find . -name 'values.yaml' | head -1)" ] &&
[ -n "$(find . -name 'Chart.yaml' | head -1)" ] &&
[ -n "$(find . -name 'kustomization.yaml' | head -1)" ] &&
[ -n "${ARGOCD_ENV_helm_args}" ]; then
echo "Hit!"
if [ -n "$(find . -name 'Chart.yaml')" ] && # if find output is nonzero
[ -n "$(find . -name 'values.yaml')" ] && # if find output is nonzero
[ -n "${ARGOCD_ENV_helm_args}" ]; # if var ARGOCD_ENV_helm_args is defined and nonzero
then
echo "ARGOCD_ENV_helm_args!"
fi
init:
command: [sh, -c, "helm dependency update"]
command: [ sh, -c, "helm dependency update" ]
generate:
command:
- sh
- bash
- "-c"
- >-
helm template $ARGOCD_APP_NAME --include-crds -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_helm_args} . > manifest.yaml &&
kustomize build |
- |
helm template $ARGOCD_APP_NAME --include-crds -n $ARGOCD_APP_NAMESPACE $ARGOCD_ENV_helm_args . |
argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret
lockRepo: false
avp-helm-args.yaml: |
avp-helm-values.yaml: |
---
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: argocd-vault-plugin-helm-args
name: argocd-vault-plugin-helm-values
spec:
allowConcurrency: true
discover:
find:
command:
- sh
- "-c"
- >-
if [ -n "$(find . -name 'values.yaml' | head -1)" ] &&
[ -z "$(find . -name 'kustomization.yaml')" ] &&
[ -n "$(find . -name 'Chart.yaml' | head -1)" ] &&
[ -n "${ARGOCD_ENV_helm_args}" ]; then
echo "Hit!"
- |
if [ -n "$(find . -name 'Chart.yaml')" ] &&
[ -n "$(find . -name 'values.yaml')" ] &&
[ -n "${ARGOCD_ENV_HELM_VALUES}" ];
then
echo "ARGOCD_ENV_HELM_VALUES"
fi
init:
command: [sh, -c, "helm dependency update"]
command: [ sh, -c, "helm dependency update" ]
generate:
command:
- bash
- "-c"
- >-
helm template $ARGOCD_APP_NAME --include-crds -n $ARGOCD_APP_NAMESPACE $ARGOCD_ENV_helm_args . |
- |
helm template --include-crds $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE -f <(echo "$ARGOCD_ENV_HELM_VALUES") . |
argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret
lockRepo: false
avp-helm-values.yaml: |
avp-kustomize.yaml: |
---
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: argocd-vault-plugin-helm
name: argocd-vault-plugin-kustomize
spec:
allowConcurrency: true
discover:
find:
command:
- sh
- "-c"
- >-
if [ -n "$(find . -name 'values.yaml' | head -1)" ] &&
[ -n "$(find . -name 'Chart.yaml' | head -1)" ] &&
[ -n "$(find . -name '*.yaml' | xargs -I {} grep '<path\|avp\.kubernetes\.io' {})" ] &&
[ -z "$(find . -name 'kustomization.yaml')" ] &&
[ -z "${ARGOCD_ENV_helm_args}" ];
then
echo "Hit!"
fi
init:
command: [sh, -c, "helm dependency update"]
command: [ sh, -c, "find . -name kustomization.yaml" ]
generate:
command:
- bash
- "-c"
- >-
helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE -f <(echo "$ARGOCD_ENV_HELM_VALUES") . |
argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret
command: [ sh, -c, "kustomize build . | argocd-vault-plugin generate - -s $ARGOCD_APP_NAMESPACE:vault-secret" ]
lockRepo: false
avp.yaml: |
apiVersion: argoproj.io/v1alpha1
Expand All @@ -123,12 +90,11 @@ data:
- sh
- "-c"
- >-
if [ -z "$(find . -name 'Chart.yaml')" ] &&
[ -z "$(find . -name 'kustomization.yaml')" ] &&
[ -n "$(find . -name '*.yaml')" ] &&
if [ -z "${ARGOCD_ENV_helm_args}" ] &&
[ -z "${ARGOCD_ENV_HELM_VALUES}" ] &&
[ -n "$(find . -name '*.yaml' | xargs -I {} grep '<path\|avp\.kubernetes\.io' {})" ];
then
echo "Hit!"
echo "PLAIN_AVP"
fi
generate:
command:
Expand Down