Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Is it possible to use image updater together with argocd-vault-plugin #417

Open
ricardojdsilva87 opened this issue Apr 11, 2022 · 4 comments · May be fixed by #738
Open

[Question] Is it possible to use image updater together with argocd-vault-plugin #417

ricardojdsilva87 opened this issue Apr 11, 2022 · 4 comments · May be fixed by #738
Labels
enhancement New feature or request

Comments

@ricardojdsilva87
Copy link

Hello,
I have a question regarding using the the image updater together with the argocd-vault-plugin.
The image updater can update argocd values directly if used in the following way:

project: project1
source:
  repoURL: 'repo URL'
  path: path
  targetRevision: main
  helm:
    valueFiles:
      - values.yaml
    parameters:
      - name: image.tag
        value: v1
        forceString: true
      - name: image.repository
        value: repo/image
      - name: image.credentials
        value: <path:secret-name#password>
    values: 'ingress: testurl.com'
destination:
  server: 'https://mycluster.com'
  namespace: test
syncPolicy: {}

The annotations for image updater just need to "know" which parameter to replace.
I have opened a similar issue in the argo-vault-plugin github:
argoproj-labs/argocd-vault-plugin#333

Since the plugin allows to use the entire helm chart as an ENV value (so that the plugin command can replace the secrets values in the helm templating). Is there an option for the image updater to replace the values directly in the yaml manifest and not by parameter?

The plugin configuration is the following one:

      - name: argocd-vault-plugin
        init:
          command: [sh, -c]
          args: ["helm dependency build"]
        generate:
          command: ["bash", "-c"]
          args: ['helm template "$ARGOCD_APP_NAME" -f <(echo "$HELM_VALUES") . | argocd-vault-plugin generate -s <namespace>:<secret with plugin configurations> -']

So we can have something similar to the following:

source:
  repoURL: repo
  targetRevision: 1.0.0
  plugin:
    name: test
    env:
      - name: HELM_VALUES
        value: |
            image.tag=v1
            image.repository=repo/image
            image.credentials=<path:secret-name#password>

In this case the image updater would crawl those HELM_VALUES and look for the corresponding entry to replace, for example the image.repository.

If the values are replaced, the argo-vault-plugin would still be able to helm template the values file to replace the needed secrets, but with this time with the latest image digest replaced by the image updater for example.

Thank you very much for the help
@ricardojdsilva87 ricardojdsilva87 added the enhancement New feature or request label Apr 11, 2022
@ricardojdsilva87 ricardojdsilva87 mentioned this issue Apr 11, 2022
Closed
@jannfis
Copy link
Contributor

jannfis commented Apr 12, 2022

Hi, currently it is not possible to use argocd-image-updater with plugins. There is a workaround for Kustomize based plugins, when you are using Git write-back with a kustomization target. But I figure that argocd-vault-plugin is using Helm.

So, no, it's not possible as of as now to use argocd-vault-plugin with argocd-image-updater, unfortunately.

@mudassar-nazar-dbank
Copy link

@jannfis Is there a workaround to this problem?

@fivetran-arnaudvangelder
Copy link

I've made a proposal to mitigate this issue, which we are using in our own setup: #637

@chrisfel-dev
Copy link

@jannfis what's the workaround if using kustomize to be able to use argocd-vault-plugin with image updater?

@rpg600 rpg600 linked a pull request Jun 7, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for Plugin type applications with argocd write-back rpg600/argocd-image-updater
5 participants
@jannfis @ricardojdsilva87 @mudassar-nazar-dbank @fivetran-arnaudvangelder @chrisfel-dev