我的书签
添加书签
移除书签Plugins
Argo CD allows integrating more config management tools using config management plugins.
Configure plugins via Argo CD configmap
Following changes are required to configure new plugin:
- Make sure required binaries are available in
argocd-repo-serverpod. The binaries can be added via volume mounts or using custom image (see custom_tools). - Register a new plugin in
argocd-cmConfigMap:
data:configManagementPlugins: |- name: pluginNameinit: # Optional command to initialize application source directorycommand: ["sample command"]args: ["sample args"]generate: # Command to generate manifests YAMLcommand: ["sample command"]args: ["sample args"]lockRepo: true # Defaults to false. See below.
The generate command must print a valid YAML stream to stdout. Both init and generate commands are executed inside the application source directory.
- Create an application and specify required config management plugin name.
argocd app create <appName> --config-management-plugin <pluginName>
More config management plugin examples are available in argocd-example-apps.
Repository locking
If your plugin makes use of git (e.g. git crypt), it is advised to set lockRepo to true so that your plugin will have exclusive access to the repository at the time it is executed. Otherwise, two applications synced at the same time may result in a race condition and sync failure.
Configure plugin via sidecar
As an effort to provide first-class support for additional plugin tools, we have enhanced the feature where an operator can configure additional plugin tool via sidecar to repo-server. Following changes are required to configure new plugin:
Register plugin sidecar
To install a plugin, simply patch argocd-repo-server to run config management plugin container as a sidecar, with argocd-cmp-server as it’s entrypoint. You can use either off-the-shelf or custom built plugin image as sidecar image. For example:
containers:- name: cmpcommand: [/var/run/argocd/argocd-cmp-server] # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-serverimage: busybox # This can be off-the-shelf or custom built imagesecurityContext:runAsNonRoot: truerunAsUser: 999volumeMounts:- mountPath: /var/run/argocdname: var-files- mountPath: /home/argocd/cmp-server/pluginsname: plugins- mountPath: /home/argocd/cmp-server/config/plugin.yaml # Plugin config file can either be volume mapped or baked into imagesubPath: plugin.yamlname: cmp-plugin- mountPath: /tmpname: tmpvolumes:- configMap:name: cmp-pluginname: cmp-plugin
- Make sure to use
/var/run/argocd/argocd-cmp-serveras an entrypoint. Theargocd-cmp-serveris a lightweight GRPC service that allows Argo CD to interact with the plugin. - Make sure that sidecar container is running as user 999
- Make sure that plugin configuration file is present at
/home/argocd/cmp-server/config/pluging.yaml. It can either be volume mapped via configmap or baked into image
Plugin configuration file
Plugins will be configured via a ConfigManagementPlugin manifest located inside the plugin container, placed at /home/argocd/cmp-server/config/plugin.yaml. Argo CD is agnostic to the mechanism of how the configuration file would be placed, but various options can be used on how to place this file, including:
- Baking the file into the plugin image as part of docker build.
- Volume mapping the file through a configmap.
apiVersion: argoproj.io/v1alpha1kind: ConfigManagementPluginmetadata:name: cmp-pluginspec:version: v1.0generate:command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"']discover:fileName: "./subdir/s*.yaml"allowConcurrency: truelockRepo: false
Note that, while the ConfigManagementPlugin looks like a Kubernetes object, it is not actually a custom resource. It only follows kubernetes-style spec conventions.
The generate command must print a valid YAML stream to stdout. Both init and generate commands are executed inside the application source directory.
The discover.fileName is used as matching pattern to determine whether application repository is supported by the plugin or not.
discover:find:command: [sh, -c, find . -name env.yaml]
If discover.fileName is not provided, the discover.find.command is executed in order to determine whether application repository is supported by the plugin or not. The find command should returns non-error response in case when application source type is supported.
If your plugin makes use of git (e.g. git crypt), it is advised to set lockRepo to true so that your plugin will have exclusive access to the repository at the time it is executed. Otherwise, two applications synced at the same time may result in a race condition and sync failure.
Volume map plugin configuration file via configmap
The plugin.yaml file can be delivered using a configmap. Create a Kubernetes config map and with the plugin.yaml key that holds the plugin configuration file:
apiVersion: v1kind: ConfigMapmetadata:name: cmp-plugindata:plugin.yaml: |apiVersion: argoproj.io/v1alpha1kind: ConfigManagementPluginmetadata:name: cmp-pluginspec:version: v1.0generate:command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"']discover:fileName: "./subdir/s*.yaml"allowConcurrency: truelockRepo: false
Environment
Commands have access to
- The system environment variables
- Standard build environment
- Variables in the application spec (References to system and build variables will get interpolated in the variables’ values):
v1.2
spec:source:plugin:env:- name: FOOvalue: bar- name: REVvalue: test-$ARGOCD_APP_REVISION
