-
Notifications
You must be signed in to change notification settings - Fork 7.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No Declarative Plugins anymore! - And documentation is not reflecting newest version for CMP #235
Comments
It is also a big issue that there is no way to configure simple plugins in a declarative way anymore. Without a custom image... |
You can still make plugins work without a custom image. Just use the Argo image (or any other existing image) and load the plugin config in via a ConfigMap mount.
The given error could be due to a variety of problems. Can you post your plugin config? |
@crenshaw-dev the error recovered. It appeared when we upgraded to 2.7.11 version of argoCD where the argocd-cm cmp is disabled. But it recovered itself without anything on our side. The plugin is still defined in the argocd-cm Configmap. ---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-10"
data:
...
configManagementPlugins: |
- name: kustomize-build-with-helm
generate:
command: [ "sh", "-c" ]
args: [ "kustomize build --enable-helm" ] I think for our declarative approach it is not possible. As we do not have a "copy" of the argoCD installation manifests anywhere. We just install the following: #e.g.
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.8.0/manifests/install.yaml We always use stock defaults and this is perfect for our needs all "special configurations" we added through So from what I understood we would need to download the manifest https://raw.githubusercontent.com/argoproj/argo-cd/v2.8.0/manifests/install.yaml And modify the Configmap mounts to consume something like this: apiVersion: v1
kind: ConfigMap
metadata:
name: kustomize-build-with-helm
data:
plugin.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
# The name of the plugin must be unique within a given Argo CD instance.
name: kustomize-build-with-helm
spec:
version: v1.0
# The init command runs in the Application source directory at the beginning of each manifest generation. The init
# command can output anything. A non-zero status code will fail manifest generation.
init:
# Init always happens immediately before generate, but its output is not treated as manifests.
# This is a good place to, for example, download chart dependencies.
command: [sh]
args: [-c, 'echo "Initializing plugin..."']
# The generate command runs in the Application source directory each time manifests are generated. Standard output
# must be ONLY valid Kubernetes Objects in either YAML or JSON. A non-zero exit code will fail manifest generation.
# Error output will be sent to the UI, so avoid printing sensitive information (such as secrets).
generate:
command: [sh, -c]
args: [ "kustomize build --enable-helm" ]
# If set to `true` then the plugin receives repository files with original file mode. Dangerous since the repository
# might have executable files. Set to true only if you trust the CMP plugin authors.
preserveFileMode: false possible solutionWould the simplest solution not be a "default optional configmap" in the argoCD manifests? So we can just deploy this again with our argoapp but with a very specific name so the mount happens automatically instead. Very similar to the argocd-cm but just a argocd-cmp for example. |
So from the manifest the CMP-Server is running in the argocd-repo pod: ---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
spec:
...
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
automountServiceAccountToken: false
containers:
- args:
- /usr/local/bin/argocd-repo-server
env:
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
...
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
...
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins # PLUGIN MOUNT
name: plugins
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server # PLUGIN SERVER START?
image: quay.io/argoproj/argocd:v2.8.0
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
serviceAccountName: argocd-repo-server
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
...
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins # EMPTY DIR? Why not:
---
- name: plugins
configMap:
name: argocd-cmp
optional: true # mark the source ConfigMap as optional
--- |
I would just use a Kustomize overlay to patch the sidecar onto the repo-server. |
That is a possible workaround yes. But we did not plan to introduce a locally maintained kustomize. Are there any contributor guides for argoCD. Maybe I could create a PR to make the argocd-cmp configmap optional instead of an emptyDir? |
I think that's a mistake... if you're customizing things, it makes sense to build an overlay.
I'm not sure what you mean. How could the ConfigMap be optional?
There are, but they're all code focused. If you're just putting up a docs PR, it's as simple as fork, clone, edit, push, PR. :-) |
any simple method to allow the plugin in cm to be used in newest argocd version ? |
Sorry I did not have time to create a PR to apply the configMap change as default. You can use kustomize to overwrite the - name: plugins
configMap:
name: argocd-cmp
optional: true section it is currently just an empty - emptyDir: {}
name: plugins # EMPTY DIR? Why not: It would also be awesome if you share the kustomize patches since I am not sure when and if my proposed chenges would come :) |
Not sure if I'm understanding your solution well
how can I get this to work with the latest version of argocd which has plugins using configmaps deprecated |
CMP in configmap is deprecated since version 2.5.
https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/2.4-2.5/#argocd-cm-plugins-cmps-are-deprecated
Documentation example is not reflecting newest version:
argocd-example-apps/plugins/kustomized-helm/README.md
Line 11 in 53e28ff
https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
For example we use but this simple configuration will not work anymore in the future.
The text was updated successfully, but these errors were encountered: