argo-cd: Sidecar CMP plugin cannot use private dependencies

Checklist:

I’ve searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
I’ve included steps to reproduce the bug.
I’ve pasted the output of argocd version.

Describe the bug

I cannot use my custom cmp sidecar plugin with private helm dependencies. It seems that the cached helm registry is not passed to the sidecar plugin. When I use the same Application without any plugin it works just fine. The plugin works when i’m not using private dependencies.

To Reproduce

With a custom sidecar cmp plugin try to use an Application with as source a git path containing an helm chart using private dependencies.

Application :

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: test-cmp-plugin
  namespace: argocd
spec:
  destination:
    namespace: test
    name: in-cluster
  project: default
  source:
    plugin: {}
    repoURL: https://private-repo/k8s
    path: path/application
    targetRevision: feature/debug-argo
  syncPolicy: {}

In private-repo/k8s/path/application

# Chart.yaml
apiVersion: v2
name: test
type: application
version: 0.1.0
appVersion: "0.1.0"

dependencies:
  - name: common
    repository: https://private-repo/helm/stable
    version: ">= 0.0.1"
    alias: test

---
# Values.yaml
test:
  name: test

Expected behavior

The helm chart fetch it’s dependencies with the credentials from the repo server.

Version

argocd: v2.4.8+844f79e
  BuildDate: 2022-07-29T17:01:39Z
  GitCommit: 844f79eb9d8f3ab96d4ce6f8df211c6093a660ba
  GitTreeState: clean
  GoVersion: go1.18.4
  Compiler: gc
  Platform: linux/amd64

Logs

# Sidecar cmp plugin logs
time="2022-08-10T09:25:43Z" level=info msg="sh -c find . -type f -name '*.test.*' | grep '.test' && find . -type f -name 'Chart.yaml' -o -name 'values.yaml'" dir=/tmp/_cmp_server/3c6ebfae-30b3-46f7-b796-956dff66cb7c execID=ce9cc
time="2022-08-10T09:25:43Z" level=info msg="finished streaming call with code OK" grpc.code=OK grpc.method=MatchRepository grpc.service=plugin.ConfigManagementPluginService grpc.start_time="2022-08-10T09:25:43Z" grpc.time_ms=3.965 span.kind=server system=grpc
time="2022-08-10T09:25:43Z" level=info msg="Generating manifests with no request-level timeout"
time="2022-08-10T09:25:43Z" level=info msg="sh -c helm dependency build" dir=/tmp/_cmp_server/ccc7bbab-0aac-431a-83f5-d08f788040af/path/application execID=acfbb
time="2022-08-10T09:25:43Z" level=error msg="`sh -c helm dependency build` failed exit status 1: Error: no cached repository for helm-manager-ac...c1 found. (try 'helm repo update'): open /home/argocd/.cache/helm/repository/helm-manager-ac...c1-index.yaml: no such file or directory" execID=acfbb
time="2022-08-10T09:25:43Z" level=error msg="finished streaming call with code Unknown" error="error generating manifests: `sh -c helm dependency build` failed exit status 1: Error: no cached repository for helm-manager-ac...c1 found. (try 'helm repo update'): open /home/argocd/.cache/helm/repository/helm-manager-ac...c1-index.yaml: no such file or directory" grpc.code=Unknown grpc.method=GenerateManifest grpc.service=plugin.ConfigManagementPluginService grpc.start_time="2022-08-10T09:25:43Z" grpc.time_ms=143.078 span.kind=server system=grpc


# Repo server logs
time="2022-08-10T09:25:43Z" level=info msg="manifest error cache miss: &ApplicationSource{RepoURL:https://private-repo/k8s,Path:path/application,TargetRevision:feature/debug-argo-helm,Helm:nil,Kustomize:nil,Directory:nil,Plugin:&ApplicationSourcePlugin{Name:,Env:[]*EnvEntry{},},Chart:,}/8312f8ce54862e79c883e155a55eaa01adc220aa"
time="2022-08-10T09:25:43Z" level=error msg="finished unary call with code Unknown" error="plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: `sh -c helm dependency build` failed exit status 1: Error: no cached repository for helm-manager-ac...c1 found. (try 'helm repo update'): open /home/argocd/.cache/helm/repository/helm-manager-ac...c1-index.yaml: no such file or directory" grpc.code=Unknown grpc.method=GenerateManifest grpc.service=repository.RepoServerService grpc.start_time="2022-08-10T09:25:42Z" grpc.time_ms=847.348 span.kind=server system=grpc

About this issue

Original URL
State: open
Created 2 years ago
Reactions: 2
Comments: 22 (3 by maintainers)

Most upvoted comments

I can confirm that was due to a missing folder. I am assuming that it is looking for the env var HELM_CACHE_HOME, HELM_CONFIG_HOME, HELM_DATA_HOME. The following works for me:

repoServer:
  replicas: 1
  extraContainers:
    - name: cmp
      command: ["/var/run/argocd/argocd-cmp-server"]
      # Use argocd as it contains helm and kustomize
      image: quay.io/argoproj/argocd:latest
      securityContext:
        runAsNonRoot: true
        runAsUser: 999
      env:
        - name: HELM_CACHE_HOME
          value: /helm-working-dir
        - name: HELM_CONFIG_HOME
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
      volumeMounts:
        - name: var-files
          mountPath: /var/run/argocd
        - name: plugins
          mountPath: /home/argocd/cmp-server/plugins
        - name: cmp-plugin
          mountPath: /home/argocd/cmp-server/config/plugin.yaml
          subPath: plugin.yaml
        - name: cmp-tmp
          mountPath: /tmp
        - name: helm-temp-dir
          mountPath: /helm-working-dir
  volumes:
    - name: cmp-plugin
      configMap:
        name: cmp-plugin
    - name: cmp-tmp
      emptyDir: {}
    # avoid to share the volume helm-working-dir
    - name: helm-temp-dir
      emptyDir: {}

I think the documentation should include an example for helm/kustomize usecases.

yellowhat on Nov 10, 2022

Are you referring to this location?

yellowhat on Nov 10, 2022

@crenshaw-dev Please don’t deprecate current plugin via configmap, as sidecars approach is not usable and incomplete.

mmalyska on Sep 30, 2022