From bfaf559c549d699aaaeb6ca25803ef001875fcaa Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 16:35:30 +0200 Subject: [PATCH 01/13] bumping the chart version after updating some values.yaml docs --- charts/argocd-appset-secret-plugin/Chart.yaml | 2 +- charts/argocd-appset-secret-plugin/README.md | 8 ++++---- charts/argocd-appset-secret-plugin/values.yaml | 3 +++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/Chart.yaml b/charts/argocd-appset-secret-plugin/Chart.yaml index 30b3d08..6ed0a36 100644 --- a/charts/argocd-appset-secret-plugin/Chart.yaml +++ b/charts/argocd-appset-secret-plugin/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/argocd-appset-secret-plugin/README.md b/charts/argocd-appset-secret-plugin/README.md index 4d109aa..89baaeb 100644 --- a/charts/argocd-appset-secret-plugin/README.md +++ b/charts/argocd-appset-secret-plugin/README.md @@ -1,6 +1,6 @@ # argocd-appset-secret-plugin -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.1](https://img.shields.io/badge/AppVersion-0.1.1-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.1](https://img.shields.io/badge/AppVersion-0.1.1-informational?style=flat-square) A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets @@ -24,8 +24,8 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | image.repository | string | `"jessebot/appset-secret-generator-plugin"` | image repo to use for the docker container | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | +| nameOverride | string | `""` | override the autogenerated name of this helm chart release | +| nodeSelector | object | `{}` | deploy chart to a specific k8s node | | podAnnotations | object | `{}` | any additional annotations you'd like the pod to have | | podSecurityContext | object | `{}` | securityContext for the pod: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | replicaCount | int | `1` | number of replica pods to create | @@ -33,7 +33,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | securityContext | object | `{}` | securityContext for the container: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | service.port | int | `80` | service port to expose on the cluster | | service.targetPort | int | `4355` | service target port on the container | -| service.type | string | `"ClusterIP"` | | +| service.type | string | `"ClusterIP"` | type for the service, only ClusterIP is tested | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | diff --git a/charts/argocd-appset-secret-plugin/values.yaml b/charts/argocd-appset-secret-plugin/values.yaml index 2c13250..e80fded 100644 --- a/charts/argocd-appset-secret-plugin/values.yaml +++ b/charts/argocd-appset-secret-plugin/values.yaml @@ -14,6 +14,7 @@ image: tag: "" imagePullSecrets: [] +# -- override the autogenerated name of this helm chart release nameOverride: "" fullnameOverride: "" @@ -43,6 +44,7 @@ securityContext: {} # runAsUser: 1000 service: + # -- type for the service, only ClusterIP is tested type: ClusterIP # -- service port to expose on the cluster port: 80 @@ -69,6 +71,7 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +# -- deploy chart to a specific k8s node nodeSelector: {} tolerations: [] From 04168bf35d7d93462f70df623514f71848132124 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 16:43:08 +0200 Subject: [PATCH 02/13] fix a couple of secret related issues, namely: secrets are readOnly once mounted and the secret-vars volume mount is now optional for testing --- .../templates/deployment.yaml | 9 ++++++--- kustomize/manifests/deployment.yaml | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 7d36435..6a71ebd 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -41,9 +41,11 @@ spec: - name: token mountPath: "/var/run/argo/token" subPath: token - - name: allowed-env-vars + readOnly: true + - name: allowed-secret-vars mountPath: "/var/run/argo/secret_vars.yaml" subPath: secret_vars.yaml + readOnly: true livenessProbe: httpGet: path: / @@ -58,9 +60,10 @@ spec: - name: token secret: secretName: {{ include "argocd-appset-secret-plugin.fullname" . }}-token - - name: allowed-env-vars + - name: allowed-secret-vars secret: - secretName: argocd-env-vars + secretName: argocd-secret-vars + optional: true {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/kustomize/manifests/deployment.yaml b/kustomize/manifests/deployment.yaml index 41420d4..e12bb57 100644 --- a/kustomize/manifests/deployment.yaml +++ b/kustomize/manifests/deployment.yaml @@ -28,8 +28,8 @@ spec: mountPath: "/var/run/argocd/token" subPath: "token" - name: argocd-secret-vars - mountPath: "/var/run/argocd/secret-vars.yaml" - subPath: "secret-vars.yaml" + mountPath: "/var/run/argocd/secret_vars.yaml" + subPath: "secret_vars.yaml" volumes: - name: token secret: From f20e2f973293b528843858cfe1d34a3b9f721c55 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 16:51:31 +0200 Subject: [PATCH 03/13] =?UTF-8?q?typoed=20the=20docker=20image=20name=20?= =?UTF-8?q?=F0=9F=A4=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/argocd-appset-secret-plugin/README.md | 2 +- charts/argocd-appset-secret-plugin/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/README.md b/charts/argocd-appset-secret-plugin/README.md index 89baaeb..2655263 100644 --- a/charts/argocd-appset-secret-plugin/README.md +++ b/charts/argocd-appset-secret-plugin/README.md @@ -21,7 +21,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | autoscaling.targetCPUUtilizationPercentage | int | `80` | | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy for the main container | -| image.repository | string | `"jessebot/appset-secret-generator-plugin"` | image repo to use for the docker container | +| image.repository | string | `"jessebot/appset-secret-plugin"` | image repo to use for the docker container | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | | nameOverride | string | `""` | override the autogenerated name of this helm chart release | diff --git a/charts/argocd-appset-secret-plugin/values.yaml b/charts/argocd-appset-secret-plugin/values.yaml index e80fded..38a9f5e 100644 --- a/charts/argocd-appset-secret-plugin/values.yaml +++ b/charts/argocd-appset-secret-plugin/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: # -- image repo to use for the docker container - repository: jessebot/appset-secret-generator-plugin + repository: jessebot/appset-secret-plugin # -- image pullPolicy for the main container pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion. From c0a8e87d5ffc2e99c7a1c52c490b92aeee5d3559 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 17:00:40 +0200 Subject: [PATCH 04/13] =?UTF-8?q?fix=20yet=20AGAIN=20typoed=20docker=20rep?= =?UTF-8?q?o=20name=20=F0=9F=A4=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/argocd-appset-secret-plugin/README.md | 2 +- charts/argocd-appset-secret-plugin/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/README.md b/charts/argocd-appset-secret-plugin/README.md index 2655263..4b4f9ea 100644 --- a/charts/argocd-appset-secret-plugin/README.md +++ b/charts/argocd-appset-secret-plugin/README.md @@ -21,7 +21,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | autoscaling.targetCPUUtilizationPercentage | int | `80` | | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy for the main container | -| image.repository | string | `"jessebot/appset-secret-plugin"` | image repo to use for the docker container | +| image.repository | string | `"jessebot/argocd-appset-secret-plugin"` | image repo to use for the docker container | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | | nameOverride | string | `""` | override the autogenerated name of this helm chart release | diff --git a/charts/argocd-appset-secret-plugin/values.yaml b/charts/argocd-appset-secret-plugin/values.yaml index 38a9f5e..904b1d7 100644 --- a/charts/argocd-appset-secret-plugin/values.yaml +++ b/charts/argocd-appset-secret-plugin/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: # -- image repo to use for the docker container - repository: jessebot/appset-secret-plugin + repository: jessebot/argocd-appset-secret-plugin # -- image pullPolicy for the main container pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion. From 9c1b68e1105fb4531d243f6d593f1c727c12d8e6 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 17:17:30 +0200 Subject: [PATCH 05/13] base64 encoding and quoting our secret and setting it to type opaque --- .../argocd-appset-secret-plugin/templates/secret-token.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/templates/secret-token.yaml b/charts/argocd-appset-secret-plugin/templates/secret-token.yaml index a49e24d..7e657da 100644 --- a/charts/argocd-appset-secret-plugin/templates/secret-token.yaml +++ b/charts/argocd-appset-secret-plugin/templates/secret-token.yaml @@ -4,6 +4,6 @@ metadata: name: {{ include "argocd-appset-secret-plugin.fullname" . }}-token labels: {{- include "argocd-appset-secret-plugin.labels" . | nindent 4 }} +type: Opaque data: - token: {{ randAlphaNum 32 }} - + token: {{ randAlphaNum 32 | b64enc | quote }} From a6793c82d268af1d0e24d93e8961d6bdb61b1935 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 17:24:52 +0200 Subject: [PATCH 06/13] remove sub-path from volumeMounts for token --- charts/argocd-appset-secret-plugin/templates/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 6a71ebd..37d0697 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -40,7 +40,6 @@ spec: volumeMounts: - name: token mountPath: "/var/run/argo/token" - subPath: token readOnly: true - name: allowed-secret-vars mountPath: "/var/run/argo/secret_vars.yaml" From d08201ea762ea222c556d9184916a82a92ec63ee Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 17:25:59 +0200 Subject: [PATCH 07/13] fix secret pathing for deployment --- charts/argocd-appset-secret-plugin/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 37d0697..7f26130 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -39,10 +39,10 @@ spec: protocol: TCP volumeMounts: - name: token - mountPath: "/var/run/argo/token" + mountPath: "/var/run/argocd/token" readOnly: true - name: allowed-secret-vars - mountPath: "/var/run/argo/secret_vars.yaml" + mountPath: "/var/run/argocd/secret_vars.yaml" subPath: secret_vars.yaml readOnly: true livenessProbe: From be96b36accee41ed6d26a2de69f90aa1b5329d44 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 17:28:35 +0200 Subject: [PATCH 08/13] maybe fix the 'IsADirectoryError' by changing mountpath --- charts/argocd-appset-secret-plugin/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 7f26130..60b06c8 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: protocol: TCP volumeMounts: - name: token - mountPath: "/var/run/argocd/token" + mountPath: "/var/run/argocd" readOnly: true - name: allowed-secret-vars mountPath: "/var/run/argocd/secret_vars.yaml" From 8bca3eb556a3a792e9c1ed01546a09e89a4fa88a Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 20:24:51 +0200 Subject: [PATCH 09/13] try to change the pathing of secret vars to solve errors --- README.md | 9 +++++---- charts/argocd-appset-secret-plugin/README.md | 1 + .../templates/deployment.yaml | 9 ++++----- .../templates/test_ci_secret.yaml | 14 ++++++++++++++ charts/argocd-appset-secret-plugin/values.yaml | 4 ++++ docker/main.py | 2 +- example/appset_and_secret.yaml | 9 +++++---- 7 files changed, 34 insertions(+), 14 deletions(-) create mode 100644 charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml diff --git a/README.md b/README.md index 8e55802..86315f0 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,12 @@ metadata: namespace: argocd labels: app.kubernetes.io/part-of: argocd -type: Opaque +type: stringData data: - # The secret value must be base64 encoded **once**. - # This value corresponds to: `printf "beepboop" | base64`. - app_name: "YmVlcGJvb3A=" + secret_vars.yaml: | + # The secret value must be base64 encoded **once**. + # This value corresponds to: `printf "beepboop" | base64`. + app_name: "YmVlcGJvb3A=" ``` Here's an example ApplicationSet, using the secret plugin generator, to apply: diff --git a/charts/argocd-appset-secret-plugin/README.md b/charts/argocd-appset-secret-plugin/README.md index 4b4f9ea..5e5d1c6 100644 --- a/charts/argocd-appset-secret-plugin/README.md +++ b/charts/argocd-appset-secret-plugin/README.md @@ -30,6 +30,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | podSecurityContext | object | `{}` | securityContext for the pod: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | replicaCount | int | `1` | number of replica pods to create | | resources | object | `{}` | | +| secretVars.secretName | string | `"argocd-secret-vars"` | the name of the secret to use for your applicationSet parameters | | securityContext | object | `{}` | securityContext for the container: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | service.port | int | `80` | service port to expose on the cluster | | service.targetPort | int | `4355` | service target port on the container | diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 60b06c8..88b51ad 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -41,9 +41,8 @@ spec: - name: token mountPath: "/var/run/argocd" readOnly: true - - name: allowed-secret-vars - mountPath: "/var/run/argocd/secret_vars.yaml" - subPath: secret_vars.yaml + - name: secret-vars + mountPath: "/var/run/secret-plugin" readOnly: true livenessProbe: httpGet: @@ -59,9 +58,9 @@ spec: - name: token secret: secretName: {{ include "argocd-appset-secret-plugin.fullname" . }}-token - - name: allowed-secret-vars + - name: secret-vars secret: - secretName: argocd-secret-vars + secretName: {{ .Values.secretVars.secretName }} optional: true {{- with .Values.nodeSelector }} nodeSelector: diff --git a/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml new file mode 100644 index 0000000..8338bd7 --- /dev/null +++ b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml @@ -0,0 +1,14 @@ +{{- if eq .Values.secretVars.secretName "argocd-secret-vars-ci-test" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret-vars-ci-test + namespace: argocd + labels: + app.kubernetes.io/part-of: argocd +type: Opaque +data: + secret_vars.yaml: | + app_name: "cool_app" +{{- end }} diff --git a/charts/argocd-appset-secret-plugin/values.yaml b/charts/argocd-appset-secret-plugin/values.yaml index 904b1d7..405bf97 100644 --- a/charts/argocd-appset-secret-plugin/values.yaml +++ b/charts/argocd-appset-secret-plugin/values.yaml @@ -18,6 +18,10 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +secretVars: + # -- the name of the secret to use for your applicationSet parameters + secretName: argocd-secret-vars + serviceAccount: # -- Specifies whether a service account should be created create: true diff --git a/docker/main.py b/docker/main.py index 8cc6843..7d44cdb 100644 --- a/docker/main.py +++ b/docker/main.py @@ -13,7 +13,7 @@ with open("/var/run/argocd/token") as f: TOKEN = f.read().strip() -with open("/var/run/argocd/secret_vars.yaml") as yaml_file: +with open("/var/run/secret-plugin/secret_vars.yaml") as yaml_file: SECRET_VARS = yaml.safe_load(yaml_file) class Plugin(BaseHTTPRequestHandler): diff --git a/example/appset_and_secret.yaml b/example/appset_and_secret.yaml index d6d5d13..7b25b7b 100644 --- a/example/appset_and_secret.yaml +++ b/example/appset_and_secret.yaml @@ -2,15 +2,16 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-env-vars + name: argocd-secret-vars namespace: argocd labels: app.kubernetes.io/part-of: argocd type: Opaque data: - # The secret value must be base64 encoded **once**. - # This value corresponds to: `printf "beepboop" | base64`. - app_name: "YmVlcGJvb3A=" + secret_vars.yaml: | + # The secret value must be base64 encoded **once**. + # This value corresponds to: `printf "beepboop" | base64`. + app_name: "YmVlcGJvb3A=" --- apiVersion: argoproj.io/v1alpha1 From bf8dd6546209dffc3acab68db98dde3fb680f43b Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 20:37:29 +0200 Subject: [PATCH 10/13] bump version and add poetry file for main.py --- charts/argocd-appset-secret-plugin/Chart.yaml | 4 ++-- charts/argocd-appset-secret-plugin/README.md | 2 +- docker/pyproject.toml | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 docker/pyproject.toml diff --git a/charts/argocd-appset-secret-plugin/Chart.yaml b/charts/argocd-appset-secret-plugin/Chart.yaml index 6ed0a36..64f04c9 100644 --- a/charts/argocd-appset-secret-plugin/Chart.yaml +++ b/charts/argocd-appset-secret-plugin/Chart.yaml @@ -19,10 +19,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.1" +appVersion: "0.1.2" diff --git a/charts/argocd-appset-secret-plugin/README.md b/charts/argocd-appset-secret-plugin/README.md index 5e5d1c6..40d6525 100644 --- a/charts/argocd-appset-secret-plugin/README.md +++ b/charts/argocd-appset-secret-plugin/README.md @@ -1,6 +1,6 @@ # argocd-appset-secret-plugin -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.1](https://img.shields.io/badge/AppVersion-0.1.1-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.2](https://img.shields.io/badge/AppVersion-0.1.2-informational?style=flat-square) A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets diff --git a/docker/pyproject.toml b/docker/pyproject.toml new file mode 100644 index 0000000..b1d2779 --- /dev/null +++ b/docker/pyproject.toml @@ -0,0 +1,17 @@ +[tool.poetry] +name = "argocd-appset-secret-plugin" +version = "0.1.2" +description = "a K8s Secret Plugin Generator to ApplicationSets in Argo CD" +authors = ["jessebot "] +license = "Apache-2.0" +readme = "README.md" +packages = [{include = "argocd_appset_secret_plugin"}] + +[tool.poetry.dependencies] +python = "^3.11" +PyYAML = "^6.0.1" + + +[build-system] +requires = ["poetry-core"] +build-backend = "poetry.core.masonry.api" From cac535c52d7daf8ffaabfe24de2ed79a9ef6979c Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 5 Aug 2023 21:28:36 +0200 Subject: [PATCH 11/13] removing namespace from test secret and changing path of secret vars --- .../templates/deployment.yaml | 9 --------- .../templates/test_ci_secret.yaml | 4 +--- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 88b51ad..660d25e 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -44,14 +44,6 @@ spec: - name: secret-vars mountPath: "/var/run/secret-plugin" readOnly: true - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http resources: {{- toYaml .Values.resources | nindent 12 }} volumes: @@ -61,7 +53,6 @@ spec: - name: secret-vars secret: secretName: {{ .Values.secretVars.secretName }} - optional: true {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml index 8338bd7..34bf0f4 100644 --- a/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml +++ b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml @@ -4,11 +4,9 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret-vars-ci-test - namespace: argocd labels: app.kubernetes.io/part-of: argocd -type: Opaque -data: +stringData: secret_vars.yaml: | app_name: "cool_app" {{- end }} From 83260239046ae45f1512491f0d6783ce5265abac Mon Sep 17 00:00:00 2001 From: jessebot Date: Sun, 6 Aug 2023 10:58:42 +0200 Subject: [PATCH 12/13] fix all tests and use existing secrets for token and vars if passed in --- charts/argocd-appset-secret-plugin/README.md | 3 +- .../templates/_helpers.tpl | 34 ++++++++++++++++++- .../templates/deployment.yaml | 10 +++--- .../templates/secret-token.yaml | 3 ++ .../templates/test_ci_secret.yaml | 4 +-- .../templates/tests/test-configmap.yaml | 7 ++++ .../templates/tests/test-connection.yaml | 26 +++++++++++--- .../argocd-appset-secret-plugin/values.yaml | 8 +++-- docker/README.md | 6 ++-- 9 files changed, 84 insertions(+), 17 deletions(-) create mode 100644 charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml diff --git a/charts/argocd-appset-secret-plugin/README.md b/charts/argocd-appset-secret-plugin/README.md index 40d6525..7debffd 100644 --- a/charts/argocd-appset-secret-plugin/README.md +++ b/charts/argocd-appset-secret-plugin/README.md @@ -30,7 +30,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | podSecurityContext | object | `{}` | securityContext for the pod: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | replicaCount | int | `1` | number of replica pods to create | | resources | object | `{}` | | -| secretVars.secretName | string | `"argocd-secret-vars"` | the name of the secret to use for your applicationSet parameters | +| secretVars.existingSecret | string | `""` | the name of an existing secret to use for the secret keys to provide to applicationSets via the plugin generator | | securityContext | object | `{}` | securityContext for the container: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | service.port | int | `80` | service port to expose on the cluster | | service.targetPort | int | `4355` | service target port on the container | @@ -38,6 +38,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| token.existingSecret | string | `""` | the name of an existing secret to use for the token that argoCD and the plugin will use for communication | | tolerations | list | `[]` | | ---------------------------------------------- diff --git a/charts/argocd-appset-secret-plugin/templates/_helpers.tpl b/charts/argocd-appset-secret-plugin/templates/_helpers.tpl index 11ca070..4df22ee 100644 --- a/charts/argocd-appset-secret-plugin/templates/_helpers.tpl +++ b/charts/argocd-appset-secret-plugin/templates/_helpers.tpl @@ -56,7 +56,39 @@ Create the name of the service account to use {{- define "argocd-appset-secret-plugin.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} {{- default (include "argocd-appset-secret-plugin.fullname" .) .Values.serviceAccount.name }} +{{- end }} +{{- end }} + + +{{/* + +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $PLUGIN_TOKEN" -d \ +'{ + "applicationSetName": "fake-appset", + "input": { + "parameters": { + "secret_vars": ["param1"]} + } +}' + +http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H \"Content-type:application/json\" -H \"Authorization: Bearer $TOKEN\" --data-urlencode \"{\"applicationSetName\": \"fake-appset\", \"input\": {\"parameters\": {\"secret_vars\": [\"app_name\"]}}}\" +*/}} +{{- define "argocd-appset-secret-plugin.testCommand" -}} +http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H \"Authorization: Bearer $TOKEN\" -d \"{\"applicationSetName\": \"fake-appset\"}\" +{{- end }} + +{{- define "argocd-appset-secret-plugin.tokenSecret" -}} +{{- if not .Values.token.existingSecret }} +{{- printf "%s-token" (include "argocd-appset-secret-plugin.fullname" .) }} +{{- else }} +{{ .Values.token.existingSecret }} +{{- end }} +{{- end }} + +{{- define "argocd-appset-secret-plugin.varSecret" -}} +{{- if not .Values.secretVars.existingSecret }} +{{- printf "%s-secret-vars" (include "argocd-appset-secret-plugin.fullname" .) }} {{- else }} -{{- default "default" .Values.serviceAccount.name }} +{{ .Values.secretVars.existingSecret }} {{- end }} {{- end }} diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 660d25e..4a65054 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -39,20 +39,22 @@ spec: protocol: TCP volumeMounts: - name: token - mountPath: "/var/run/argocd" + mountPath: "/var/run/argocd/token" + subPath: "token" readOnly: true - name: secret-vars - mountPath: "/var/run/secret-plugin" + mountPath: "/var/run/secret-plugin/secret_vars.yaml" + subPath: "secret_vars.yaml" readOnly: true resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: token secret: - secretName: {{ include "argocd-appset-secret-plugin.fullname" . }}-token + secretName: "{{ include "argocd-appset-secret-plugin.tokenSecret" . }}" - name: secret-vars secret: - secretName: {{ .Values.secretVars.secretName }} + secretName: "{{ include "argocd-appset-secret-plugin.varSecret" . }}" {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argocd-appset-secret-plugin/templates/secret-token.yaml b/charts/argocd-appset-secret-plugin/templates/secret-token.yaml index 7e657da..b48431f 100644 --- a/charts/argocd-appset-secret-plugin/templates/secret-token.yaml +++ b/charts/argocd-appset-secret-plugin/templates/secret-token.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.token.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -7,3 +8,5 @@ metadata: type: Opaque data: token: {{ randAlphaNum 32 | b64enc | quote }} + +{{- end }} diff --git a/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml index 34bf0f4..cc5ce00 100644 --- a/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml +++ b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml @@ -1,9 +1,9 @@ -{{- if eq .Values.secretVars.secretName "argocd-secret-vars-ci-test" }} +{{- if not .Values.secretVars.existingSecret }} --- apiVersion: v1 kind: Secret metadata: - name: argocd-secret-vars-ci-test + name: {{ include "argocd-appset-secret-plugin.fullname" . }}-secret-vars labels: app.kubernetes.io/part-of: argocd stringData: diff --git a/charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml b/charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml new file mode 100644 index 0000000..86e2c6f --- /dev/null +++ b/charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-connection +data: + curl_script.sh: | + curl http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H "Content-type:application/json" -H "Authorization: Bearer $TOKEN" -d '{"applicationSetName": "fake-appset", "input": {"parameters": {"secret_vars": ["app_name"]}}}' diff --git a/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml b/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml index b4784b0..576a9f0 100644 --- a/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml +++ b/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml @@ -8,8 +8,26 @@ metadata: "helm.sh/hook": test spec: containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "argocd-appset-secret-plugin.fullname" . }}:{{ .Values.service.port }}'] + - name: curl + image: curlimages/curl + command: ['/bin/sh'] + args: + - "-c" + - "/testing/curl_script.sh" + env: + - name: "TOKEN" + valueFrom: + secretKeyRef: + name: '{{ include "argocd-appset-secret-plugin.tokenSecret" . }}' + key: token + volumeMounts: + - name: curl-script + mountPath: "/testing" + readOnly: false + volumes: + - name: curl-script + configMap: + name: test-connection + defaultMode: 0777 + restartPolicy: Never diff --git a/charts/argocd-appset-secret-plugin/values.yaml b/charts/argocd-appset-secret-plugin/values.yaml index 405bf97..d916a86 100644 --- a/charts/argocd-appset-secret-plugin/values.yaml +++ b/charts/argocd-appset-secret-plugin/values.yaml @@ -19,8 +19,12 @@ nameOverride: "" fullnameOverride: "" secretVars: - # -- the name of the secret to use for your applicationSet parameters - secretName: argocd-secret-vars + # -- the name of an existing secret to use for the secret keys to provide to applicationSets via the plugin generator + existingSecret: "" + +token: + # -- the name of an existing secret to use for the token that argoCD and the plugin will use for communication + existingSecret: "" serviceAccount: # -- Specifies whether a service account should be created diff --git a/docker/README.md b/docker/README.md index 7ab9362..a7d7e40 100644 --- a/docker/README.md +++ b/docker/README.md @@ -12,7 +12,7 @@ docker build . -t jessebot/argocd-appset-secret-plugin:dev Generate a fake token ```bash -openssl rand -base64 12 > token && export PLUGIN_TOKEN=`/bin/cat token` +openssl rand -base64 12 > token && export TOKEN=`/bin/cat token` ``` Create some test values you'd like to get in your fake ApplicationSet: @@ -25,7 +25,7 @@ Run the docker container: ```bash docker run \ - -v ./secret_vars.yaml:/var/run/argocd/secret_vars.yaml \ + -v ./secret_vars.yaml:/var/run/secret-plugin/secret_vars.yaml \ -v ./token:/var/run/argocd/token \ -p 4355:4355 \ jessebot/argocd-appset-secret-plugin:dev @@ -34,7 +34,7 @@ docker run \ Send a request for a vairable in your secret_vars.yaml: ```bash -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $PLUGIN_TOKEN" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $TOKEN" -d \ '{ "applicationSetName": "fake-appset", "input": { From 16e89b72ed8de022f3f2ebe46ac7527def2d2891 Mon Sep 17 00:00:00 2001 From: jessebot Date: Sun, 6 Aug 2023 11:23:34 +0200 Subject: [PATCH 13/13] clean up helpers to remove cruft and add more docs --- .../templates/_helpers.tpl | 22 +++++-------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/charts/argocd-appset-secret-plugin/templates/_helpers.tpl b/charts/argocd-appset-secret-plugin/templates/_helpers.tpl index 4df22ee..f287b37 100644 --- a/charts/argocd-appset-secret-plugin/templates/_helpers.tpl +++ b/charts/argocd-appset-secret-plugin/templates/_helpers.tpl @@ -59,24 +59,10 @@ Create the name of the service account to use {{- end }} {{- end }} - {{/* - -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $PLUGIN_TOKEN" -d \ -'{ - "applicationSetName": "fake-appset", - "input": { - "parameters": { - "secret_vars": ["param1"]} - } -}' - -http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H \"Content-type:application/json\" -H \"Authorization: Bearer $TOKEN\" --data-urlencode \"{\"applicationSetName\": \"fake-appset\", \"input\": {\"parameters\": {\"secret_vars\": [\"app_name\"]}}}\" +Create the name of the token secret to use: either from an existing secret +or the fullname of the chart + "-token" */}} -{{- define "argocd-appset-secret-plugin.testCommand" -}} -http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H \"Authorization: Bearer $TOKEN\" -d \"{\"applicationSetName\": \"fake-appset\"}\" -{{- end }} - {{- define "argocd-appset-secret-plugin.tokenSecret" -}} {{- if not .Values.token.existingSecret }} {{- printf "%s-token" (include "argocd-appset-secret-plugin.fullname" .) }} @@ -85,6 +71,10 @@ http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.e {{- end }} {{- end }} +{{/* +Create the name of the vars secret to use: either from an existing secret +or the fullname of the chart + "-secret-vars" +*/}} {{- define "argocd-appset-secret-plugin.varSecret" -}} {{- if not .Values.secretVars.existingSecret }} {{- printf "%s-secret-vars" (include "argocd-appset-secret-plugin.fullname" .) }}