Problem statement
Argocd version: 2.7.3
Argocd Sidecar image is built using the following docker image
FROM alpine:latest
RUN mkdir -p /usr/local/bin
RUN wget -O /usr/local/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux
RUN chmod 755 /usr/local/bin/sops
RUN wget https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
RUN chmod 700 get-helm-3
RUN mv get-helm-3 get-helm-3.sh
RUN export VERIFY_CHECKSUM=false && sh get-helm-3.sh
RUN ["apk", "fix", "grep"]
RUN apk --no-cache add curl
RUN wget -O /usr/local/bin/argocd-vault-plugin https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.16.1/argocd-vault-plugin_1.16.1_linux_amd64
RUN chmod 755 /usr/local/bin/argocd-vault-plugin
Argocd side car configuration is as follows
plugin.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: plugin
spec:
discover:
fileName: '.yaml'
generate:
args:
- if [ "$ARGOCD_ENV_SOP_FILE" != "" ];then sops -d sop.yaml > secrets.yaml && helm
template -f values.yaml -f plainValues.yaml -f secrets.yaml -n $ARGOCD_APP_NAMESPACE
$ARGOCD_APP_NAME .; elif [ "$ARGOCD_ENV_VALUE_FILE" != "" ];then helm template
-f values.yaml -f plainValues.yaml -n $ARGOCD_APP_NAMESPACE $ARGOCD_APP_NAME .;
else helm template -n $ARGOCD_APP_NAMESPACE $ARGOCD_APP_NAME . ;fi
command:
- /bin/sh
- -c
init:
args:
- echo "$ARGOCD_ENV_VALUE_FILE" > plainValues.yaml && echo "$ARGOCD_ENV_SOP_FILE" > sop.yaml
command:
- /bin/sh
- -c
While trying to create an application using the following application.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gl-vmaas-bootstrapper
namespace: argocd
spec:
destination:
namespace: vmaas
server: https://kubernetes.default.svc
project: default
source:
chart: gl-vmaas-bootstrapper
repoURL: https://harbor.cgw-hpe.net/chartrepo/library
targetRevision: 1.0.86
plugin:
env:
- name: VALUE_FILE
value: {{ .Files.Get "gl-vmaas-bootstrapper/gl-vmaas-bootstrapper-values.yaml" | quote }}
- name: SOPS_KMS_ARN
value: XXXXXXXXXXXXXXXX
- name: SOP_FILE
value: {{ .Files.Get "gl-vmaas-bootstrapper/gl-vmaas-bootstrapper-secrets.yaml" | quote }}
syncPolicy:
automated:
prune: true
selfHeal: true
we are getting the following error both in argocd sidecar container and argocd repo server
"time="2024-04-21T07:34:30Z" level=error msg="finished unary call with code Unknown" error="plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: fork/exec /bin/sh: argument list too long" grpc.code=Unknown grpc.method=GenerateManifest grpc.service=repository.RepoServerService grpc.start_time="2024-04-21T07:34:30Z" grpc.time_ms=129.233 span.kind=server system=grpc"
Few more observation
1 We are encountering this issue when the size of plainvalues.yaml or secrets.yaml is greater than ~130kb.
2 The ARG_MAX parameter on the sidecar container is 128kb.
We expect the secrets.yaml/plainValues.yaml which can grow upto 5mb or even more also.
What is the recommendations in the scenario?
Problem statement
Argocd version: 2.7.3
Argocd Sidecar image is built using the following docker image
FROM alpine:latest
RUN mkdir -p /usr/local/bin
RUN wget -O /usr/local/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux
RUN chmod 755 /usr/local/bin/sops
RUN wget https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
RUN chmod 700 get-helm-3
RUN mv get-helm-3 get-helm-3.sh
RUN export VERIFY_CHECKSUM=false && sh get-helm-3.sh
RUN ["apk", "fix", "grep"]
RUN apk --no-cache add curl
RUN wget -O /usr/local/bin/argocd-vault-plugin https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v1.16.1/argocd-vault-plugin_1.16.1_linux_amd64
RUN chmod 755 /usr/local/bin/argocd-vault-plugin
Argocd side car configuration is as follows
plugin.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: plugin
spec:
discover:
fileName: '.yaml'
generate:
args:
- if [ "$ARGOCD_ENV_SOP_FILE" != "" ];then sops -d sop.yaml > secrets.yaml && helm
template -f values.yaml -f plainValues.yaml -f secrets.yaml -n $ARGOCD_APP_NAMESPACE
$ARGOCD_APP_NAME .; elif [ "$ARGOCD_ENV_VALUE_FILE" != "" ];then helm template
-f values.yaml -f plainValues.yaml -n $ARGOCD_APP_NAMESPACE $ARGOCD_APP_NAME .;
else helm template -n $ARGOCD_APP_NAMESPACE $ARGOCD_APP_NAME . ;fi
command:
- /bin/sh
- -c
init:
args:
- echo "$ARGOCD_ENV_VALUE_FILE" > plainValues.yaml && echo "$ARGOCD_ENV_SOP_FILE" > sop.yaml
command:
- /bin/sh
- -c
While trying to create an application using the following application.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gl-vmaas-bootstrapper
namespace: argocd
spec:
destination:
namespace: vmaas
server: https://kubernetes.default.svc
project: default
source:
chart: gl-vmaas-bootstrapper
repoURL: https://harbor.cgw-hpe.net/chartrepo/library
targetRevision: 1.0.86
plugin:
env:
- name: VALUE_FILE
value: {{ .Files.Get "gl-vmaas-bootstrapper/gl-vmaas-bootstrapper-values.yaml" | quote }}
- name: SOPS_KMS_ARN
value: XXXXXXXXXXXXXXXX
- name: SOP_FILE
value: {{ .Files.Get "gl-vmaas-bootstrapper/gl-vmaas-bootstrapper-secrets.yaml" | quote }}
syncPolicy:
automated:
prune: true
selfHeal: true
we are getting the following error both in argocd sidecar container and argocd repo server
"time="2024-04-21T07:34:30Z" level=error msg="finished unary call with code Unknown" error="plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: fork/exec /bin/sh: argument list too long" grpc.code=Unknown grpc.method=GenerateManifest grpc.service=repository.RepoServerService grpc.start_time="2024-04-21T07:34:30Z" grpc.time_ms=129.233 span.kind=server system=grpc"
Few more observation
1 We are encountering this issue when the size of plainvalues.yaml or secrets.yaml is greater than ~130kb.
2 The ARG_MAX parameter on the sidecar container is 128kb.
We expect the secrets.yaml/plainValues.yaml which can grow upto 5mb or even more also.
What is the recommendations in the scenario?