Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to use secretref+k8s to fetch secrets from Kubernetes Secret object in ArgoCD within same namespace argo #445

Closed
workwithprashant opened this issue Mar 13, 2024 · 1 comment
Closed

Not able to use secretref+k8s to fetch secrets from Kubernetes Secret object in ArgoCD within same namespace argo #445

workwithprashant opened this issue Mar 13, 2024 · 1 comment
Labels
bug Something isn't working Stale

Comments

@workwithprashant
Copy link

workwithprashant commented Mar 13, 2024
edited
Loading

Current Behavior

Cross referencing travisghansen/argo-cd-helmfile#58

When I use secretref+k8s to fetch secrets from Kubernetes Secret object within same namespace argo while creating app in ArgoCD, it throws an error.

Unable to create application: application spec for delete is invalid: InvalidSpecError: 

Unable to generate manifests in sample-app: rpc error: code = Unknown desc = plugin sidecar failed. 

error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: `argo-cd-helmfile.sh init` failed exit status 1: helm version v3.14.2+gc309b6f helmfile version 0.162.0 

starting init vals-k8s: Unable to get a valid kubeConfig path: No path was found in any of the following: kubeContext URI param, KUBECONFIG environment variable, or default path /tmp/__argo-cd-helmfile.sh__/apps/delete/.kube/config does not exist. 

vals-k8s: Unable to get a valid kubeConfig path: No path was found in any of the following: kubeContext URI param, KUBECONFIG environment variable, or default path /tmp/__argo-cd-helmfile.sh__/apps/delete/.kube/config does not exist. in ./helmfile.yaml: 

error during helmfile.yaml.part.0 parsing: template: stringTemplate:3:10: executing "stringTemplate" at <fetchSecretValue (.StateValues | get "C3SP_HELM_REPO_URL" "secretref+k8s://v1/Secret/argo/argo-server-sso/helm-repo-url")>: error calling fetchSecretValue: expand k8s://v1/Secret/argo/argo-server-sso/helm-repo-url: 

No path was found in any of the following: kubeContext URI param, KUBECONFIG environment variable, or default path /tmp/__argo-cd-helmfile.sh__/apps/delete/.kube/config does not exist.

Expected Behavior

When I use secretref+k8s to fetch secrets from Kubernetes Secret object within same namespace argo while creating app in ArgoCD, it should fetch the secrets from Kubernetes Secret object and process the Helmfile.

Steps To Reproduce

**Private Repository in Helmfile.yaml**

repositories:
- name: C3SP-Helm-Charts
  url: {{ fetchSecretValue (.StateValues | get "C3SP_HELM_REPO_URL" "secretref+k8s://v1/Secret/argo/argo-server-sso/helm-repo-url") }}
  username: {{ fetchSecretValue (.StateValues | get "C3SP_HELM_REPO_USER" "secretref+k8s://v1/Secret/argo/argo-server-sso/helm-repo-user") }}
  password: {{ fetchSecretValue (.StateValues | get "C3SP_HELM_REPO_PWD" "secretref+k8s://v1/Secret/argo/argo-server-sso/helm-repo-pwd") }}

ArgoCD Setup

# Source: argo-cd/templates/argocd-repo-server/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: argo-cd-argocd-repo-server
  namespace: "argo"
  labels:
    helm.sh/chart: argo-cd-6.7.1
    app.kubernetes.io/name: argocd-repo-server
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: argocd
    app.kubernetes.io/version: "v2.10.2"
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
---
# Source: argo-cd/templates/argocd-repo-server/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: argo-cd-argocd-repo-server
  namespace: "argo"
  labels:
    helm.sh/chart: argo-cd-6.7.1
    app.kubernetes.io/name: argocd-repo-server
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: argocd
    app.kubernetes.io/version: "v2.10.2"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: argo-cd-argocd-repo-server
subjects:
- kind: ServiceAccount
  name: argo-cd-argocd-repo-server
  namespace: argo

Confirmed that argo-cd-argocd-repo-server is able to access argo-server-sso from kubernetes Secret

argocd@argo-cd-argocd-repo-server-6644b58d8f-rqf69:~$ kubectl get Secret argo-server-sso
NAME              TYPE     DATA   AGE
argo-server-sso   Opaque   5      103d



### Environment

- Helm Version: 3.14.2
- Helm Secrets Version: 4.6.0
- ArgoCD Version: 2.10.2
- OS: Ubuntu 22.04.4 LTS
- Shell: GNU Bash
- Using argocd-helmfile-plugin: v0.3.10

### Anything else?

[Refer to same issue posted in another GitHub repo](https://github.com/travisghansen/argo-cd-helmfile/issues/58)
@workwithprashant workwithprashant added the bug Something isn't working label Mar 13, 2024
@workwithprashant workwithprashant mentioned this issue Mar 13, 2024
Open
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Apr 13, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@workwithprashant