The CloudTruth configuration management plugin for ArgoCD When attached to an argocd project, it replaces template (<templates.template_name>
), parameter and secret references (<parameter_name>
) with the values looked up from CloudTruth.
ArgoCD plugin installation is somewhat of a manual process, you can either use the install/*.yaml
files as a guide, or run install/setup.sh
to use kubectl patch to apply them:
curl -s https://raw.githubusercontent.com/cloudtruth/argocd-cloudtruth-plugin/main/install/setup.sh | sh
OR
git clone https://github.com/cloudtruth/argocd-cloudtruth-plugin
./argocd-cloudtruth-plugin/install/setup.sh
Current versions of this plugin (>= 0.7.0) only support ArgoCD v2.6 and newer due to the changes in the configuration management plugin. It gets installed as a sidecar container against the argocd-repo-server
.
After installing the plugin, create the file .argocd-cloudtruth-plugin
in your Application's repo(+path) to allow this plugin to be used for that Application. The file can be empty or contain a yaml dictionary to override the plugin's configuration for that repo. Since this CMP is defined as a sidecar, without creating this file, the plugin can only be enabled for a project by manually editing the Application manifest.
The configuration for using the plugin can be set and read in one of 4 ways (in order of priority - last wins):
- During install, the
CLOUDTRUTH_*
settings are added toSecret[argocd-cloudtruth-plugin]
and are made available as system environment variables with an envFrom mount toargocd-repo-server
. You can edit the Secret or re-run the installer to change them. - Application specific settings can be added to the plugin activation file (
.argocd-cloudtruth-plugin
containing yaml) that you check in to your repo to enable it to use the plugin. The keys in the file get transformed to look like environment variables in order to determine matches for priority, so a key in the file ofcloudtruth-project
will get compared to and override the environment variableCLOUDTRUTH_PROJECT
- Plugin specific environment variables can be set as part of its attachment to the argocd Application
- Plugin specific params can be set as part of its attachment to the argocd Application
The settings that control the plugin's behavior are as follows:
Parameter | Description | Type | Default | Required |
---|---|---|---|---|
CLOUDTRUTH_API_KEY | the api key for authenticating to the CloudTruth Rest API | string | n/a | yes |
CLOUDTRUTH_ENVIRONMENT | the CloudTruth environment to query against | string | default |
no |
CLOUDTRUTH_PROJECT | the CloudTruth project to query against | string | MyFirstProject |
yes |
CLOUDTRUTH_TAG | the CloudTruth tag to query against | string | "" |
no |
CLOUDTRUTH_REFERENCE_PATTERN | the pattern that indicates parameter references in the input files | string | <%s> |
no |
CLOUDTRUTH_FILE_PATTERN | the file pattern (glob) of the input files | array(string) delim=, | *.y*ml |
no |
CLOUDTRUTH_LOG_LEVEL | Enables more detailed log output in the plugin that goes to /tmp/argocd-cloudtruth-plugin.log in the sidecar container in argocd-repo-server. 0=warn,1=info,2=debug,3=trace,4=apitrace | int | 0 |
no |
Once the plugin has been enabled for an Application, you can change settings by visiting the plugin settings from the PARAMETERS tab in the App Details section of the Application:
Once enabled, the plugin will act upon the yaml files produced by the Argo project, performing substitutions of text like <PARAMETER_OR_SECRET_NAME>
or <templates.TEMPLATE_NAME>
with the lookup of the value of PARAMETER_OR_SECRET_NAME
or TEMPLATE_NAME
in CloudTruth for the given CLOUDTRUTH_PROJECT
, CLOUDTRUTH_ENVIRONMENT
and CLOUDTRUTH_TAG
To add The CLoudTruth plugin to your existing Application, create the .argocd-cloudtruth-plugin
trigger file in your Application's repo and Sync.
You can set the plugin environment parameters on create or set them after the app is deployed with the --plugin-env
option. This allows you to change app config settings on the next sync.
create
Note that one SHOULD NOT provide the --config-management-plugin
argument, as that only works for the deprecated ConfigMap structure for plugins
argocd app create YOUR_APP --repo https://github.com/YOUR_REPO --path YOUR_PATH_IN_REPO --dest-server YOUR_K8S_SERVER --dest-namespace default --config-management-plugin argocd-cloudtruth-plugin --plugin-env CLOUDTRUTH_PROJECT=YOUR_CLOUDTRUTH_PROJECT
set
argocd app set YOUR_APP --plugin-env CLOUDTRUTH_PROJECT=YOUR_CLOUDTRUTH_PROJECT
You can use docker to run the plugin against a directory tree as shown below:
docker run --platform linux/amd64 -v $(pwd):/data --workdir /data cloudtruth/argocd-cloudtruth-plugin /usr/bin/argocd-cloudtruth-plugin --environment production --project myProject --api-key ""
The plugin will also read configuration from a .argocd-cloudtruth-plugin
file if present. The --platform
is only neccessary if running on a non-intel platform (e.g. apple silicon)
After checking out the repo, run make
. To generate new client stubs, run make clean
before running make
In order to build and test the plugin against a local cluster, it needs to be compiled for the correct platform and the sidecar image pushed into the cluster to avoid having to push it to an external image repo.
- Add to argocd-repo-server cloudtruth plugin sidecar manifest: imagePullPolicy: Never
- Run installer (
install/seup.sh
) to add plugin to cluster - Set minikube docker env:
eval $(minikube docker-env)
- Run docker build against
Dockerfile.dev
within the same terminal as docker env:docker build -t cloudtruth/argocd-cloudtruth-plugin -f Dockerfile.dev .
- Restart argocd-server:
kubectl rollout restart -n argocd deployment/argocd-repo-server
Bug reports and pull requests are welcome on GitHub at https://github.com/cloudtruth/argocd-cloudtruth-plugin