Argo CD CMP (Config Management Plugin) for Helmfile
If you don't use helm-secrets to encrypt the values files, you can install Argo CD with this CMP as follows.
-
Create the values file
repoServer: extraContainers: - name: helmfile-plugin image: ghcr.io/logica0419/argocd-helmfile-plugin:latest securityContext: runAsNonRoot: true runAsUser: 999 volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins
-
Install Argo CD with Helm
helm repo add argo https://argoproj.github.io/argo-helm helm upgrade --install --create-namespace -n argocd argocd argo/argo-cd -f values.yaml
If you want to encrypt the values files with helm-secrets, follow the steps below.
-
Check the prerequisites
-
Create the private key & secret
First, create a private key for encrypting with age:
age-keygen -o keys.txt
Then, create a Kubernetes secret from this key:
kubectl -n argocd create secret generic age --from-file=key.txt
-
Install Argo CD
Create the values file:
repoServer: volumes: - name: age secret: secretName: age extraContainers: - name: helmfile-plugin image: ghcr.io/logica0419/argocd-helmfile-plugin:latest securityContext: runAsNonRoot: true runAsUser: 999 env: - name: SOPS_AGE_KEY_FILE value: /app/config/age/key.txt volumeMounts: - mountPath: /var/run/argocd name: var-files - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /app/config/age/ name: age
Finally, install Argo CD with Helm:
helm repo add argo https://argoproj.github.io/argo-helm helm upgrade --install --create-namespace -n argocd argocd argo/argo-cd -f values.yaml
Create an application with the helmfile.yaml path and an empty object in the plugin field.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: example-application
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ YOUR_GIT_REPO_URL }}
path: {{ YOUR_HELMFILE_PATH }}
targetRevision: main
plugin: {}
destination:
server: https://kubernetes.default.svc
namespace: example
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: trueThis CMP has two environment variables.
| Name | ENV_NAME |
ENABLE_LOOKUP |
|---|---|---|
| Description | The environment that Helmfile uses | Enable the "lookup" function in the helm chart (default: false) |
NOTE 1: The "lookup" function doesn't work with the "helmfile template" (actually "helm template") command by default.
See argoproj/argo-cd#5202.NOTE 2: You must provide the appropriate Role or ClusterRole to the repo-server to look up the resources with the "lookup" function.
You can configure them in the application manifest:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: example-application
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ YOUR_GIT_REPO_URL }}
path: {{ YOUR_HELMFILE_PATH }}
targetRevision: main
plugin:
env:
- name: ENABLE_LOOKUP
value: "true"
- name: ENV_NAME
value: development
destination:
server: https://kubernetes.default.svc
namespace: example
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: trueOr in the Argo CD values file:
repoServer:
extraContainers:
- name: helmfile-plugin
image: ghcr.io/logica0419/argocd-helmfile-plugin:latest
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
env:
- name: ENABLE_LOOKUP
value: "true"
- name: ENV_NAME
value: development
clusterRoleRules:
enabled: true
rules:
- apiGroups: [""]
resources:
- configmaps
- secrets
verbs:
- getPlease read the helm-secrets documentation to encrypt secrets or values files.
The Argo CD CMPs for Helmfile already exist.
Of course, they influenced this CMP so much.
However, these CMPs have some problems:
- The enormous amount of dependencies
- Helmfile has many dependencies, and these CMPs install them in the Dockerfile.
- This requires active & frequent maintenance and upgrade.
- The complexity of the codes & functionalities
- The codes are complex due to the dependencies and functionalities, making them hard to maintain.
- The too many customizable features make it hard to understand.
- The lack of the "lookup" function support
- The "lookup" function is a powerful feature in the Helm chart, but these CMPs don't support it.
This CMP solves these problems:
- Based on the Helmfile official Docker image
- It realizes the single dependency, making it easy to maintain.
- It also enables the auto version determination & upgrade.
- The Simple & minimal codes and functionalities
- The customizable settings are only
ENV_NAMEandENABLE_LOOKUP. - It has a short code length, making it much more readable.
- The customizable settings are only
- The "lookup" function support