Argo-cd: Support for jsonnet-bundler & jsonnet flags (like `-J` to include library paths)

Created on 1 Jun 2020  路  8Comments  路  Source: argoproj/argo-cd

Summary

This is a request to support jsonnet-bundler and jsonnet flags like -J which adds libraries to the "paths" for where import looks for files.

Motivation

My jsonnet files have external library dependencies that I don't want to check into my git repo. I use jsonnet-bundler in order to pull down those dependencies locally before calling jsonnet with-J vendor to automatically look for relevant libraries within the vendor directory.

In order to use ArgoCD I would need the same functionality.

Proposal

In an abstract way, it might be nice to support some sort of custom "post-clone"/"pre-sync" job/command.

Such that it might look like:

git clone...
<something here to generate files>
sync...
config-management enhancement usability
Source
picture wmcnamee-tunein
👍8

Most helpful comment

@wmcnamee-tunein @gaurav517 I have this working using a plugin. In addition to the plugin I had to add jb to a custom docker image for argo.

In our case, we're using jb and tanka, and got it to work like this:

Dockerfile:

FROM argoproj/argocd:v1.7.6

USER root
ADD https://github.com/jsonnet-bundler/jsonnet-bundler/releases/download/v0.4.0/jb-linux-amd64 /usr/bin/jb
ADD https://github.com/grafana/tanka/releases/download/v0.12.0/tk-linux-amd64 /usr/bin/tk
RUN chmod +x /usr/bin/jb /usr/bin/tk

USER argocd

Argo config:

    configManagementPlugins: |
      - name: tanka
        init:
          command: ["/bin/sh", "-c"]
          args: ["jb update"]
        generate:
          command: ["/bin/sh", "-c"]
          args: ['tk show environments/"$ENVIRONMENT" --dangerous-allow-redirect']

Then you can create an Argo app like this:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: test
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: infrastructure
  source:
    repoURL: [email protected]:<org>/<repo>.git
    targetRevision: dev
    path: test
    plugin:
      name: tanka
      env:
        - name: ENVIRONMENT
          value: default
  destination:
    server: https://kubernetes.default.svc
    namespace: default

I also got this working for private git repos by using HTTPS instead of SSH to authenticate and providing a PAT that had permission to reach both the GitOps repo as well as our jsonnet library repo.

picture jessebye on 21 Nov 2020
🎉2 👍2

All 8 comments

Did you find a workaround for this @wmcnamee-tunein ? We have a similar issue where our base jsonnet libraries are in different repo (shared by many other repos).
One idea is to keep all app manifest files in one repo only.. but we don't prefer that.

Also I got confused by prefixed by repoRoot in --jsonnet-libs stringArray Additional jsonnet libs (prefixed by repoRoot). Which repoRoot? library-repo-root? or app-repo-root?
Thanks.

gaurav517 picture gaurav517 on 25 Oct 2020

@wmcnamee-tunein @gaurav517 I have this working using a plugin. In addition to the plugin I had to add jb to a custom docker image for argo.

In our case, we're using jb and tanka, and got it to work like this:

Dockerfile:

FROM argoproj/argocd:v1.7.6

USER root
ADD https://github.com/jsonnet-bundler/jsonnet-bundler/releases/download/v0.4.0/jb-linux-amd64 /usr/bin/jb
ADD https://github.com/grafana/tanka/releases/download/v0.12.0/tk-linux-amd64 /usr/bin/tk
RUN chmod +x /usr/bin/jb /usr/bin/tk

USER argocd

Argo config:

    configManagementPlugins: |
      - name: tanka
        init:
          command: ["/bin/sh", "-c"]
          args: ["jb update"]
        generate:
          command: ["/bin/sh", "-c"]
          args: ['tk show environments/"$ENVIRONMENT" --dangerous-allow-redirect']

Then you can create an Argo app like this:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: test
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: infrastructure
  source:
    repoURL: [email protected]:<org>/<repo>.git
    targetRevision: dev
    path: test
    plugin:
      name: tanka
      env:
        - name: ENVIRONMENT
          value: default
  destination:
    server: https://kubernetes.default.svc
    namespace: default

I also got this working for private git repos by using HTTPS instead of SSH to authenticate and providing a PAT that had permission to reach both the GitOps repo as well as our jsonnet library repo.

jessebye picture jessebye on 21 Nov 2020
🎉2 👍2

where does ENVIRONMENT var get set from?

ghostsquad picture ghostsquad on 24 Nov 2020

@ghostsquad it's set in the Argo Application (I gave a full example in my previous comment):

...
spec:
  source:
    plugin:
      name: tanka
      env:
        - name: ENVIRONMENT
          value: default
jessebye picture jessebye on 24 Nov 2020

@jessebye thanks, ya I totally missed that! :)

ghostsquad picture ghostsquad on 25 Nov 2020
😄1

any idea why --dangerous-allow-redirect exists?

ghostsquad picture ghostsquad on 30 Dec 2020

@ghostsquad
"Redirection of the output of tk show is discouraged and disabled by default. Run tk show --dangerous-allow-redirect to enable."

The idea is that tanka users should use its built-in kubernetes context management, and using tk show bypasses that. Piping the output (as Argo CD does when it runs a generate) is disabled and you have to pass the --dangerous-allow-redirect flag to enable output. This is fine since Argo is handling the kubernetes context anyway.

See also https://github.com/grafana/tanka/issues/3

jessebye picture jessebye on 30 Dec 2020

thank you. This makes sense.

ghostsquad picture ghostsquad on 30 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jessesuen picture jessesuen  路  3Comments
nouseforaname picture nouseforaname  路  3Comments
moensch picture moensch  路  3Comments
rosscdh picture rosscdh  路  3Comments
peterbosalliandercom picture peterbosalliandercom  路  3Comments