From 81dbfa47648f310ffa65c2cf59a6aa15ed1a2c16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Mon, 15 May 2023 16:15:55 +0200 Subject: [PATCH] feat(cmp-subst): performance improvements (#37) * feat: lookup env ARGOCD_APP_NAME on empty secret name * docs: simple installation values * fix: drop subshell call for plugin --- README.md | 60 +++++++++++++++++++++++++++++++++++++++++++ argocd-cmp/Dockerfile | 2 +- argocd-cmp/cmp.yaml | 15 ++++++++--- pkg/config/config.go | 4 +++ 4 files changed, 76 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 142e287..1db693b 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,66 @@ Which will simply build the kustomize. ### ArgoCD +Install it with the [ArgoCD community chart](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd). These Values should work: + + +```yaml +... + repoServer: + enabled: true + clusterAdminAccess: + enabled: true + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 1001 + volumes: + - emptyDir: {} + name: subst-tmp + - emptyDir: {} + name: subst-kubeconfig + extraContainers: + - name: cmp-subst + args: [/var/run/argocd/argocd-cmp-server] + image: ghcr.io/buttahtoast/subst-cmp:v0.3.0-alpha1 + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 1001 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # mitigate path traversal attacks. + - mountPath: /tmp + name: subst-tmp + - mountPath: /etc/kubernetes/ + name: subst-kubeconfig +... +``` + +Change version accordingly. + + + diff --git a/argocd-cmp/Dockerfile b/argocd-cmp/Dockerfile index d9e854c..f482587 100644 --- a/argocd-cmp/Dockerfile +++ b/argocd-cmp/Dockerfile @@ -1,6 +1,6 @@ FROM bash:5 -ENV KUBECONFIG=/etc/kubernetes/kubeconfig +ENV ARGOCD_EXEC_TIMEOUT=90s COPY subst /subst COPY argocd-cmp/cmp.yaml /home/argocd/cmp-server/config/plugin.yaml COPY argocd-cmp/entrypoint.sh /entrypoint.sh diff --git a/argocd-cmp/cmp.yaml b/argocd-cmp/cmp.yaml index b9a09b5..4fb86ee 100644 --- a/argocd-cmp/cmp.yaml +++ b/argocd-cmp/cmp.yaml @@ -11,7 +11,14 @@ spec: fileName: ./kustomization.yaml generate: command: - - bash - - -c - - | - /subst render "." --secret-name "${ARGOCD_APP_NAME}" --secret-namespace "argocd" --env-regex "^ARGOCD_ENV_.*$" --must-decrypt --kubeconfig "/etc/kubernetes/kubeconfig" \ No newline at end of file + - /subst + args: + - render + - "." + - --secret-namespace + - "argocd" + - --env-regex + - "^ARGOCD_ENV_.*$" + - --must-decrypt + - --kubeconfig + - "/etc/kubernetes/kubeconfig" \ No newline at end of file diff --git a/pkg/config/config.go b/pkg/config/config.go index 678cfc9..c86eb24 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -77,6 +77,10 @@ func LoadConfiguration(cfgFile string, cmd *cobra.Command, directory string) (*C // Root Directory cfg.RootDirectory = directory + if cfg.SecretName == "" { + cfg.SecretName = os.Getenv("ARGOCD_APP_NAME") + } + if cfg.SecretName != "" { regex := regexp.MustCompile(`[^a-zA-Z0-9]+`) cfg.SecretName = regex.ReplaceAllString(cfg.SecretName, "-")