Need to set HELM_PLUGIN for helm plugin support #1153
Comments
In case anyone is wondering why we do this, this is because Argo CD helm repository list dynamic, and the full list is supplied on-request for each GetManifests call. This allows the repo server to run without K8s service account & token. So if the repo-server is compromised (which will be more possible with custom templating), at least it cannot talk to the K8s API server. Here is helm docs on it's env vars: |
|
Should be now possible to do this with fix in #1306. Requires a custom repo server which sets HELM_PLUGIN environment variable. |
pnowy
added a commit
to pnowy/argo-cd
that referenced
this issue
Jun 13, 2020
argoproj#2558 Based on discussions from: argoproj#2558 argoproj#2789 argoproj#1105 argoproj#1153 I've spent a lot of time to put everything together to get integration with GCS working. I think it's worth to have documentation for it.
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Even if a user customizes their repo server through a custom Dockerfile, they will not benefit from installing helm plugins, because we create a temporary, throwaway HELM_HOME whenever we run
helm template. In order to support plugins, we should set HELM_PLUGIN to/home/argocd/.helm/pluginsso that HELM_HOME can be a temp directory, and HELM_PLUGIN will be the customized location.One approach might be to just change the Dockerfile to have the HELM_PLUGIN set to
home/argocd/.helm/pluginsand we inherit these environment variables when runninghelm template.Another approach is to just set the HELM_PLUGIN environment variable for all fork/execs.
The text was updated successfully, but these errors were encountered: