Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sops + gcp kms with Argocd multi source #475

Closed
stephaneetje opened this issue Oct 7, 2024 · 10 comments
Closed

Sops + gcp kms with Argocd multi source #475

stephaneetje opened this issue Oct 7, 2024 · 10 comments
Labels
bug Something isn't working

Comments

@stephaneetje
Copy link

stephaneetje commented Oct 7, 2024
edited
Loading

Hello

I'm using sops backend with gcp kms (with workload identity) with argocd and it's working perfectly for non multi source apps.

I followed the instructions, added HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH and HELM_SECRETS_WRAPPER_ENABLED to repoServer.

I'm getting errors related to unfound values, it looks like it is reading encrypted values. Same values file unencrypted is accepted.

I was thinking it should work outofBox as it should be called the same way for multi or non multi app (on helm secrets side i mean). But documentation about multi source only talks about GPG, so is there a possibility using KMS would not be suported ?

Environment

  • Helm Secrets Version: 4.6.1
  • ArgoCD Version: 2.10.7
@stephaneetje stephaneetje added the bug Something isn't working label Oct 7, 2024
@jkroepke
Copy link
Owner

jkroepke commented Oct 7, 2024

Could you please run the following command on your argocd-repo-server?

ls -lah $(which helm)

@stephaneetje
Copy link
Author

stephaneetje commented Oct 7, 2024
edited
Loading 

$ ls -lah $(which helm)
-rwxr-xr-x 1 root root 51M Sep 26 06:39 /usr/local/bin/helm

@jkroepke
Copy link
Owner

jkroepke commented Oct 7, 2024

That means the helm wrapper is not active. Just set HELM_SECRETS_WRAPPER_ENABLED to true is not fully sufficient.

Please follow precisely the documentation at https://github.com/jkroepke/helm-secrets/wiki/ArgoCD-Integration#step-1-customize-argocd-repo-server.

At the end, a /usr/local/sbin/helm file should exists and it should be a shell script.

@stephaneetje
Copy link
Author

Oh thanks!

I'm using init container, i do see how you link /usr/local/sbin/helm with the wrapper script in the Docker Documentation, but i don't find the equivalent for container init. Am i missing something?

@jkroepke
Copy link
Owner

jkroepke commented Oct 7, 2024

Check volumeMount

  volumeMounts:
    - mountPath: /usr/local/sbin/helm
      subPath: helm
      name: gitops-tools

Please also check, if /usr/local/sbin/ is part of the PATH env echo $PATH

@stephaneetje
Copy link
Author

How could i miss that, thank you so much!

@jkroepke
Copy link
Owner

jkroepke commented Oct 7, 2024

Any recommendation to the docs?

@stephaneetje
Copy link
Author

Maybe in the multi source doc i would add in requirements that /usr/local/sbin must be a symlink to helm-wrapper.sh.

@jkroepke jkroepke mentioned this issue Oct 8, 2024
Open
@jkroepke
Copy link
Owner

jkroepke commented Oct 8, 2024

@stephaneetje I saw you post on the ArgoCD issue as well. Would mind to link to solution that other people with similar issues having a solution?

Thanks!

@stephaneetje stephaneetje mentioned this issue Oct 8, 2024
Open
3 tasks
@stephaneetje
Copy link
Author

No problem, just did it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkroepke @stephaneetje