Initial Release

CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.0.0] - 2022-10-22
+### Added
+- Initial Release
+
+[Unreleased]: https://github.com/jkroepke/helm-kubectl/compare/v1.0.0...HEAD
+[0.0.1]: https://github.com/jkroepke/helm-kubectl/releases/tag/v1.0.0

README.md

@@ -1,2 +1,127 @@
 # helm-kubectl
 A helm plugin for ArgoCD to support the lookup function
+
+See https://github.com/argoproj/argo-cd/issues/5202 for upstream discussion.
+
+# Usage
+
+## Helm
+
+helm-kubectl can be only used as downloader plugin.
+
+```bash
+helm template <chart-name> --set-file=valuesKey=kubectl://<namespace>/<kind>/<name>/<output>
+```
+
+The file name `kubectl://<namespace>/<kind>/<name>/<output>` will be translated into `kubectl -n <namespace> <kind> <name> -o <output>`.
+
+Output transformation (like base64 for secrets) can be archived through helm template functions.
+
+For cluster-wide resources, omit the namespace but keep the slashes. For example:
+
+```bash
+helm template <chart-name> --set-file=valuesKey=--set-file=hello=kubectl:///namespace/default
+```
+
+To get a certain value form the kubernetes manifest, the output can be modified through `kubectl` output parameter. 
+You can use [JSONPath](https://kubernetes.io/docs/reference/kubectl/jsonpath/) to grab a specific key, e.g.
+
+```bash
+helm template <chart-name> --set-file=valuesKey=--set-file='hello=kubectl://default/secret/mysql/jsonpath={.data.rootPassword}'
+```
+
+### Ignore errors
+
+To ignore errors (e.g. not found), put a question mark after the protocol scheme, e.g.:
+
+`kubectl://?default/namespace/does-not-exists"`
+
+## ArgoCD
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: app
+spec:
+  source:
+    helm:
+      fileParameters:
+        - name: mysql.rootPassword
+          path: kubectl://?default/secret/mysql/jsonpath={.data.rootPassword}
+```
+
+
+# Installation
+
+## Local
+
+```bash
+helm plugin install https://github.com/jkroepke/helm-kubectl
+```
+
+## ArgoCD
+
+The given value file based on [argocd helm chart](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd). A initContainer will be used to install
+the helm plugin
+
+<details>
+<summary>values.yaml</summary>
+
+```yaml
+repoServer:
+  clusterAdminAccess:
+    enabled: true
+  env:
+    - name: HELM_PLUGINS
+      value: /custom-tools/helm-plugins/
+    - name: HELM_KUBECTL_KUBECTL_PATH
+      value: /custom-tools/kubectl
+
+  serviceAccount:
+    create: true
+
+  rbac:
+    - apiGroups:
+        - "*"
+      resources:
+        - "*"
+      verbs:
+        - list
+        - get
+
+  volumes:
+    - name: custom-tools
+      emptyDir: {}
+  volumeMounts:
+    - mountPath: /custom-tools
+      name: custom-tools
+
+  initContainers:
+    - name: download-tools
+      image: alpine:latest
+      command: [sh, -ec]
+      env:
+        - name: HELM_SECRETS_VERSION
+          value: "1.0.0"
+        - name: KUBECTL_VERSION
+          value: "1.24.3"
+      args:
+        - |
+          mkdir -p /custom-tools/helm-plugins
+          wget -qO- https://github.com/jkroepke/helm-kubectl/releases/download/v${HELM_SECRETS_VERSION}/helm-kubectl.tar.gz | tar -C /custom-tools/helm-plugins -xzf-;
+          wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
+
+          chmod +x /custom-tools/*
+      volumeMounts:
+        - mountPath: /custom-tools
+          name: custom-tools
+
+server:
+  config:
+    helm.valuesFileSchemes: >-
+      kubectl,
+      http,
+      https
+```
+</details>

artifacthub-repo.yml

@@ -0,0 +1,15 @@
+# Artifact Hub repository metadata file
+#
+# Some settings like the verified publisher flag or the ignored packages won't
+# be applied until the next time the repository is processed. Please keep in
+# mind that the repository won't be processed if it has not changed since the
+# last time it was processed. Depending on the repository kind, this is checked
+# in a different way. For Helm http based repositories, we consider it has
+# changed if the `index.yaml` file changes. For git based repositories, it does
+# when the hash of the last commit in the branch you set up changes. This does
+# NOT apply to ownership claim operations, which are processed immediately.
+#
+repositoryID: bc64e82e-e638-4cb0-8ed0-2428a34a94d5
+owners:
+  - name: jkroepke
+    email: [email protected]

plugin.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+
+set -euf
+
+if [ "${HELM_DEBUG:-}" = "1" ] || [ "${HELM_DEBUG:-}" = "true" ]; then
+    set -x
+fi
+
+fragments="${4##kubectl://}"
+
+ignore_errors=false
+
+namespace="$(echo "${fragments}" | cut -d/ -f1)"
+kind="$(echo "${fragments}" | cut -d/ -f2)"
+name="$(echo "${fragments}" | cut -d/ -f3)"
+output="$(echo "${fragments}" | cut -d/ -f4-)"
+
+if [ "${namespace##\?}" != "${namespace}" ]; then
+  namespace="${namespace##\?}"
+  ignore_errors=true
+fi
+
+if [ "${ignore_errors}" = "false" ]; then
+  exec "${HELM_KUBECTL_KUBECTL_PATH:-kubectl}" get ${namespace:+-n "${namespace}"} "${kind}" "${name}" -o "${output:-json}"
+else
+  if ! "${HELM_KUBECTL_KUBECTL_PATH:-kubectl}" get ${namespace:+-n "${namespace}"} "${kind}" "${name}" -o "${output:-json}" 2>/dev/null; then
+    :
+  fi
+fi

plugin.yaml

@@ -0,0 +1,8 @@
+name: "kubectl"
+version: "1.0.0"
+description: |-
+  Helm plugin to support the helm lookup function in ArgoCD
+downloaders:
+  - command: "plugin.sh"
+    protocols:
+      - "kubectl"