v1.0.1 breaks dynamic Chart.yaml names about argocd-lovely-plugin HOT 14 CLOSED

So, this worked before Helmet 3.14.1 because the helm template expansion could work because it just didn't care about the name at that stage. It now cares about the name.

Template expansion happens before the vault substitution with lovely-vault out of the box. It "worked" because all the places the helm name were used inside your templates got substituted after expansion, and everything was doozy.

So, you have a couple of options:

• Pass the "name" in as some other variable in values.yaml, so helm doesn't complain. A pain to implement making your charts a bit non-standard.
• Use LOVELY_PREPROCESSORS to do the name substitution before helm gets invoked. If you have stronger bash skills you might be able to sanely do this in place, but in the interests of getting on with other stuff I'm going to suggest you have a Chart.tpl and do LOVELY_PREPROCESSORS: "argocd-vault-replacer < Chart.tpl > Chart.yaml". This suggestion comes to you completely untested. You're most welcome.

from argocd-lovely-plugin.

Is this an application part of an app of apps? You're running it through lovely-vault? I wonder if lovely-vault is broken - are there any logs from the container other than this?
The changelog is only for dependencies, so I can't see a likely candidate for breaking this.

from argocd-lovely-plugin.

yes - application is part of an app of apps.
yes - app of apps is using lovely-vault for deployment (I think that was the only way to get dynamic names to work)

I have also looked at the changelog and could not see anything incriminating. Maybe its the helm version changes in the dockerfile?

I have tried rolling forward and backwards couple of times and it always behaves the same.

These are the only logs from the lovely-plugin container.

10/06/2024, 13:21:21.650	
time="2024-06-10T12:21:21Z" level=info msg="Generating manifests with no request-level timeout"
	
	
10/06/2024, 13:21:21.650	
time="2024-06-10T12:21:21Z" level=info msg=argocd-lovely-plugin dir=/tmp/_cmp_server/7aa0ba20-e903-4243-99fb-ebfb381f4042/kubernetes/xxx execID=dca77
	
	
10/06/2024, 13:21:23.859	
time="2024-06-10T12:21:23Z" level=error msg="`argocd-lovely-plugin` failed exit status 1: 2024/06/10 12:21:23 exit status 1: Error: validation: chart.metadata.name \"xxx-<vault:xxx>-xxx\" is invalid" execID=dca77
	
	
10/06/2024, 13:21:23.865	
time="2024-06-10T12:21:23Z" level=error msg="finished streaming call with code Unknown" error="error generating manifests: `argocd-lovely-plugin` failed exit status 1: 2024/06/10 12:21:23 exit status 1: Error: validation: chart.metadata.name \"xxx-<vault:xxx>-xxx\" is invalid" grpc.code=Unknown grpc.method=GenerateManifest grpc.service=plugin.ConfigManagementPluginService grpc.start_time="2024-06-10T12:21:21Z" grpc.time_ms=2419.062 span.kind=server system=grpc

from argocd-lovely-plugin.

Seeing as I don't really know what is going on, can you see if 1.0.3 does any better for you?

from argocd-lovely-plugin.

Just tried 1.0.3 - same issue

from argocd-lovely-plugin.

Thanks for trying

from argocd-lovely-plugin.

I have done some trials with custom built image and it looks like upgrading helm dependency in the dockerfile to 3.14.1+ is what breaks the functionality.

ARG HELM_VERSION=v3.14.1

Helm change log for 3.14.1 just mentions a security fix, looks like they started validating chart names:

helm/helm@v3.14.0...v3.14.1

from argocd-lovely-plugin.

But this is an application, not a Chart.yaml?

from argocd-lovely-plugin.

you are right, it is also in the chart name

Chart.yaml

apiVersion: v2
name: xxx-<vault:xxx~xxx>-xxx
version: 0.0.1

from argocd-lovely-plugin.

So, the app-of-apps is a Chart in itself. Can you elaborate on the directory structure of this application, in particular where the Chart.yaml(s) are?

from argocd-lovely-plugin.

argocd application (/applications/argocd.yaml) which deploys app of apps (/argocd/yaml/app-of-apps.yaml) definition as part of itself
app-of-apps has an xxx-vault:xxx~xxx-xxx application (/applications/yyy.yaml)
xxx-vault:xxx~xxx-xxx application defines a chart (/yyy/Chart.yaml) named xxx-vault:xxx~xxx-xxx

is that a non recommended/supported way?

from argocd-lovely-plugin.

I only care about the application structure of the one application that is causing issues.

Is that a the last of these, or the app of apps?

The structure of the failing application has a Chart.yaml in the root directory with a vault substituted name in it?

from argocd-lovely-plugin.

correct, it is the yyy application that is causing the issue (not the app of apps)
yes, the failing application is just a Chart.yaml (with a vault substituted name) that has a dependency defined (the actual chart) + values.yaml in a directory

Chart.yaml

apiVersion: v2
name: xxx-<vault:xxx~xxx>-xxx
version: 0.0.1

dependencies:
  - name: zzz
    version: 1.2.3
    repository: zzz

from argocd-lovely-plugin.

Thanks, that seems to work even in 1.0.3.

I had to move the definitions from the root folder to ./chart folder for the pre-processor to work, but otherwise all good.

definition in the app if anyone ever encounters this:

    plugin:
      name: lovely-vault
      env:
        - name: LOVELY_PREPROCESSORS_YAML
          value: |-
            chart:
            - "argocd-vault-replacer < Chart.tpl > Chart.yaml"

from argocd-lovely-plugin.