Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: support multiple sources for an Application #8322

Merged
merged 10 commits into from
Apr 8, 2022
Merged

proposal: support multiple sources for an Application #8322

merged 10 commits into from
Apr 8, 2022

Conversation

ishitasequeira
Copy link
Member

This is a proposal for supporting multiple sources for an Application.

Related issues:

Signed-off-by: ishitasequeira isequeir@redhat.com

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • Optional. My organization is added to USERS.md.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).

@codecov
Copy link

codecov bot commented Jan 31, 2022

Codecov Report

Merging #8322 (70431e9) into master (3659b7b) will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #8322      +/-   ##
==========================================
- Coverage   44.96%   44.92%   -0.05%     
==========================================
  Files         212      212              
  Lines       25264    25264              
==========================================
- Hits        11361    11350      -11     
- Misses      12296    12310      +14     
+ Partials     1607     1604       -3     
Impacted Files Coverage Δ
applicationset/services/scm_provider/github.go 63.52% <0.00%> (-17.65%) ⬇️
applicationset/services/scm_provider/utils.go 88.50% <0.00%> (+4.59%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3659b7b...70431e9. Read the comment docs.

@ishitasequeira ishitasequeira marked this pull request as ready for review January 31, 2022 15:36
Copy link
Member

@crenshaw-dev crenshaw-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, looks great! Most comments are just looking for clarification. I think the most interesting part is around the details of what Helm+external values will look like.

docs/proposals/multiple-sources-for-applications.md Outdated Show resolved Hide resolved
docs/proposals/multiple-sources-for-applications.md Outdated Show resolved Hide resolved
docs/proposals/multiple-sources-for-applications.md Outdated Show resolved Hide resolved
docs/proposals/multiple-sources-for-applications.md Outdated Show resolved Hide resolved
docs/proposals/multiple-sources-for-applications.md Outdated Show resolved Hide resolved
docs/proposals/multiple-sources-for-applications.md Outdated Show resolved Hide resolved
docs/proposals/multiple-sources-for-applications.md Outdated Show resolved Hide resolved
@tgruenert
Copy link

Just a hint - not sure about this is within the scope of this proposal.
As a user i´d like to see that encryption via sops is already supported with multiple application sources in same kind like it is now. Personal I use sops / helm-plugin to encrypt secrets within helm values.yaml files.

@romuduck
Copy link

romuduck commented Feb 8, 2022

Stupid questions:

  • will this option ignoreMissingValueFiles be available to externalValueFiles?
  • UI wise, what will be displayed under last sync result?
  • UI wise, in an application tree view for example, will it be visible which resource comes from which source?
  • playing with sync waves, it seems we could artificially rollout source per source by setting proper weights on resources globally... is it correct?

thanks

@ishitasequeira
Copy link
Member Author

Stupid questions:

  • will this option ignoreMissingValueFiles be available to externalValueFiles?
  • UI wise, what will be displayed under last sync result?
  • UI wise, in an application tree view for example, will it be visible which resource comes from which source?
  • playing with sync waves, it seems we could artificially rollout source per source by setting proper weights on resources globally... is it correct?

thanks

Please find my comments on the respective questions:

  • Yes, we would want to have ignoreMissingValueFiles with externalValueFiles.
  • We have not included UI in this proposal and would have a separate proposal for UI changes.
  • For Sync waves, I guess yes, it should be possible to play around with Sync waves.

@romuduck
Copy link

Hello all,
Are we confident it will meet v2.4 as planned? I'm especially interested by the #2789 issue for which 8322 could be an answer...
But given the additional complexity and the fact UI won't be covered i wonder if we LL be able to use it in the next couple of months.
Should not we reconsider #2789 to be a separate topic as it looks much simpler to address.

Thanks

@todaywasawesome todaywasawesome added this to the v2.4 milestone Mar 17, 2022
@todaywasawesome
Copy link
Contributor

@romuduck We discussed in the contributor experience meeting today and the team was fairly confident in meeting the 2.4 release for this one. There's some more design work they wanted to do. I marked it for the 2.4 milestone which is slated for May.

chart: elasticsearch
```

### Add `externalValues` field in helm section of Application Spec
Copy link
Collaborator

@alexmt alexmt Mar 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless I'm missing something, the proposed design allows using additional sources only with Helm. However I think we have two common use cases here that can be useful for any config management tool:

  • Provide additional set of file that are needed to generate manifests ( like values.yaml for helm template )
  • Create an application that is combined with several helm charts/kustomizes. Right now users are forced to create several apps or use some config management tool to combine two sources.

First use case is easier. We just let use define multiple sources. In this case Argo CD would generate manifests from all sources and merge them in one list:

spec:
  # application that consists of MongoDB and ElasticSearch resources
  sources:
    - repoURL: https://github.com/helm/charts
      targetRevision: master
      path: incubator/mongodb
    - repoURL: https://github.com/helm/charts
      targetRevision: master
      path: incubator/elasticsearch

To enable the second use case I propose to make path/chart field optional: if it is missing then manifests are not generated for the source. In order to make repo files accessible for other sources user would have to provide a ref that might be referenced in other sources.

spec:
  sources:
    - repoURL: https://github.com/my-org/my-repo # path is missing so no manifests are generated
      targetRevision: master
      ref: myRepo                                 # repo is available via symlink "my-repo"
    - repoURL: https://github.com/helm/charts
      targetRevision: master
      path: incubator/elasticsearch               # path "incubator/elasticsearch" is used to generate manifests
      helm:
        valueFiles:
          - $myRepo/values.yaml                   # values.yaml is located in source with reference name $myRepo

This way we can cover Helm use-case without introducing Helm specific settings and other use cases as well. WDYT?

Copy link
Member Author

@ishitasequeira ishitasequeira Mar 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @alexmt, the idea above sounds good. I just had a small question.

For the second use case, I was thinking how adding multiple files would work. For example, (expanding on your example above)

spec:
  sources:
    - repoURL: https://github.com/my-org/my-repo # path is missing so no manifests are generated
      targetRevision: master
      ref: myRepo                                 # repo is available via symlink "my-repo"
    - repoURL: https://github.com/helm/charts
      targetRevision: master
      path: incubator/elasticsearch               # path "incubator/elasticsearch" is used to generate manifests
      ref: repoES
      helm:
        valueFiles:
          - $myRepo/values.yaml                   # values.yaml is located in source with reference name $myRepo
          - gen_values.yaml                       # values file present in the current source
          - $repoES/esValues.yaml                 # values file present in the current source

Would we support adding values files from current source using it's ref $repoES (e.g. $repoES/esValues.yaml) and also without it's ref (e.g. gen_values.yaml)?

Also, would the referenced source (for e.g. $myRepo) need to be declared before using them in other sources?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking the Argo CD would just resolve $<refName> to the absolute path where the repo is cloned. To reference values file from current source user would just use a relative path (same as now). The source needs reference only if some other source needs to use file from it.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be REALLY nice if value file "pointers" also could have a branch (like the application itself has) - so for development f.ex. - you'd point an application at a 'testing' branc - and the values file then also to an equivalent testing branch in its repo.
Thats how we typicly test applications before we merge them - by adding them - pointing to the devel branch for testing via argocd - but today - our values files HAVE to be in master branch - as we use the path hack from above (where the repo is in /tmp/.../ - because its a repo we already have added).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@KlavsKlavsen this should be covered by the targetRevision field. The only caveat is that it won't be possible to reference two revisions of the same branch. This limitation will be removed after switching to Config Management Plugins though.

ishitasequeira and others added 8 commits April 1, 2022 13:19
Signed-off-by: ishitasequeira <isequeir@redhat.com>
Signed-off-by: ishitasequeira <isequeir@redhat.com>
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* add to approvers

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* watch opts move to struct

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* watch opts move to struct

Signed-off-by: pashavictorovich <pavel@codefresh.io>
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* chore: fix imports

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: fix unit test

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: keep changes minimal

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: fix another test

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* add to approvers

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* print tables additional tests

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* move to %q

Signed-off-by: pashavictorovich <pavel@codefresh.io>
Signed-off-by: ishitasequeira <isequeir@redhat.com>
Signed-off-by: rishabh625 <rishabhmishra625@gmail.com>
Signed-off-by: ishitasequeira <isequeir@redhat.com>
@ishitasequeira ishitasequeira requested a review from wtam2018 April 4, 2022 12:23
sources:
- repoURL: https://github.com/my-org/my-repo # path is missing so no manifests are generated
targetRevision: master
ref: myRepo # repo is available via symlink "my-repo"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the connection done via symlink, or via a variable which Argo CD will populate in some set of fields?

Symlink is simple and easy to understand, but I'm not sure whether all relevant Helm/Kustomize features will permit out-of-bound symlinking.

Variables make sense, we just need to make sure our sensitive-path sanitization logic is working correctly.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest using variables because we are doing it already. Users can specify the env variable e.g. in helm file params etc and Argo CD performs substitution:

resolvedPath, _, err := pathutil.ResolveFilePath(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes())

Copy link
Member

@crenshaw-dev crenshaw-dev Apr 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That same env variable gets used for --set and --set-string, so I think it would be trivial to leak the randomized repo paths.

We could augment env with the path variable. But that would be a Helm-specific solution. We'd have to write additional features to support Kustomize, and we'd have to ask CMP authors to please use the variables responsibly and avoid leaking the values to users.

Copy link
Collaborator

@alexmt alexmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ishitasequeira
Copy link
Member Author

Hi @crenshaw-dev, are we good to merge the PR?

@crenshaw-dev
Copy link
Member

@ishitasequeira I have some concerns that only apply if we plan to use $refVars anywhere besides valueFiles. If we're limiting them to valueFiles (at least for the initial implementation), then I'm good.

@dracowf
Copy link

dracowf commented Apr 8, 2022

Its sounds so good! We were waiting this for decades! 🤝

@alexmt
Copy link
Collaborator

alexmt commented Apr 8, 2022

@crenshaw-dev I'm assuming you are concerned about security, right? I agree. We should not allow resolving references in every spec field. Let's limit it to valueFiles and additionally in spec.source.helm.fileParameters (since it is exact same use-case as valueFiles). Sounds good?

@crenshaw-dev
Copy link
Member

Yep! With that limitation, I think security should be fine. Will approve/merge.

@crenshaw-dev crenshaw-dev merged commit 89c9c62 into argoproj:master Apr 8, 2022
ashutosh16 pushed a commit to ashutosh16/argo-cd that referenced this pull request Apr 9, 2022
* proposal: support multiple sources for an Application

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* addressed PR comments

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* update summary

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* feat: move watch params to struct  (argoproj#8819)

* add to approvers

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* watch opts move to struct

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* watch opts move to struct

Signed-off-by: pashavictorovich <pavel@codefresh.io>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* Merge pull request from GHSA-2f5v-8r3f-8pww

* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* chore: fix imports and unit tests (argoproj#8857)

* chore: fix imports

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: fix unit test

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: keep changes minimal

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: fix another test

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* feat: operation result and history table tests (argoproj#8887)

* add to approvers

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* print tables additional tests

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* move to %q

Signed-off-by: pashavictorovich <pavel@codefresh.io>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* fix: corrected applicationset binary name in manifests (argoproj#8954)

Signed-off-by: rishabh625 <rishabhmishra625@gmail.com>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* Update proposed design to add 'ref' field instead of externalValuesField

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* remove unwanted changes from PR added while rebase

Signed-off-by: ishitasequeira <isequeir@redhat.com>

Co-authored-by: pasha-codefresh <pavel@codefresh.io>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Co-authored-by: jannfis <jann@mistrust.net>
Co-authored-by: Michael Crenshaw <michael@crenshaw.dev>
Co-authored-by: rishabh625 <43094970+rishabh625@users.noreply.github.com>
Signed-off-by: asingh51 <Ashutosh_Singh@intuit.com>
@romuduck
Copy link

Can't wait .. thanks contributors

wojtekidd pushed a commit to wojtekidd/argo-cd that referenced this pull request Apr 25, 2022
* proposal: support multiple sources for an Application

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* addressed PR comments

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* update summary

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* feat: move watch params to struct  (argoproj#8819)

* add to approvers

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* watch opts move to struct

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* watch opts move to struct

Signed-off-by: pashavictorovich <pavel@codefresh.io>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* Merge pull request from GHSA-2f5v-8r3f-8pww

* fix: application resource APIs must enforce project restrictions

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* Fix unit tests

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: jannfis <jann@mistrust.net>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* chore: fix imports and unit tests (argoproj#8857)

* chore: fix imports

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: fix unit test

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: keep changes minimal

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* chore: fix another test

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* feat: operation result and history table tests (argoproj#8887)

* add to approvers

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* print tables additional tests

Signed-off-by: pashavictorovich <pavel@codefresh.io>

* move to %q

Signed-off-by: pashavictorovich <pavel@codefresh.io>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* fix: corrected applicationset binary name in manifests (argoproj#8954)

Signed-off-by: rishabh625 <rishabhmishra625@gmail.com>
Signed-off-by: ishitasequeira <isequeir@redhat.com>

* Update proposed design to add 'ref' field instead of externalValuesField

Signed-off-by: ishitasequeira <isequeir@redhat.com>

* remove unwanted changes from PR added while rebase

Signed-off-by: ishitasequeira <isequeir@redhat.com>

Co-authored-by: pasha-codefresh <pavel@codefresh.io>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Co-authored-by: jannfis <jann@mistrust.net>
Co-authored-by: Michael Crenshaw <michael@crenshaw.dev>
Co-authored-by: rishabh625 <43094970+rishabh625@users.noreply.github.com>
Signed-off-by: wojtekidd <wojtek.cichon@protonmail.com>
@chenfli
Copy link

chenfli commented May 11, 2022

is PR-6280 will be part of the new multiple sources for an application?
Or is this going to be postponed to 2.5 ?

@crenshaw-dev
Copy link
Member

@chenfli that PR had some shortcomings which this proposal addressed. We do expect that this feature will be in 2.5.

@KlavsKlavsen
Copy link

Is there a PR for this feature yet?

@crenshaw-dev
Copy link
Member

@KlavsKlavsen not yet. Will post on the main issue thread when that happens!

@romuduck
Copy link

romuduck commented Jul 1, 2022

Hello @ishitasequeira , is the feature available in v2.4? I saw another PR related to this proposal marked for 2.5. While v2.4 release note mentions it.
++
Thanks

@crenshaw-dev
Copy link
Member

@romuduck it will not be available until 2.5. Ishita has a draft PR open for it.

@romuduck
Copy link

Thanks @crenshaw-dev and @ishitasequeira ... Enjoy holidays in case :-)

@wmgroot
Copy link
Contributor

wmgroot commented Aug 30, 2022

PR is here for those following.
#10432

@rnpaiva
Copy link

rnpaiva commented Nov 8, 2022

is it released for v2.5.1 ?
I'm trying something like this :

spec:
  project: default
  source:
  - repoURL: 'git@github.com:myrepository/infrastructure.git'
    path: apps/authelia
    targetRevision: main
    ref: myRepo
  - repoURL: 'https://charts.authelia.com'
    chart: authelia
    targetRevision: 0.8.38
    helm:
      valuesFiles:
        - $myRepo/values-prod.yaml

It's failing , I followed an example that I saw above .

@blakepettersson
Copy link
Member

It's targeted for 2.6.

@fabhuebner
Copy link

is it released for v2.5.1 ? I'm trying something like this :

spec:
  project: default
  source:
  - repoURL: 'git@github.com:myrepository/infrastructure.git'
    path: apps/authelia
    targetRevision: main
    ref: myRepo
  - repoURL: 'https://charts.authelia.com'
    chart: authelia
    targetRevision: 0.8.38
    helm:
      valuesFiles:
        - $myRepo/values-prod.yaml

It's failing , I followed an example that I saw above .

Note the singular/plural spelling of "source/sources" (also maps vs. array of maps):

For single source apps:

spec:
  project: default
  source:
    repoURL: 'git@github.com:myrepository/infrastructure.git'
    ...

For multi source apps:

spec:
  project: default
  sources:
    - repoURL: 'git@github.com:myrepository/infrastructure.git'
      ...
    - repoURL: 'git@github.com:myrepository/infrastructure_01.git'
      ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.