feat: support custom helm values file schemes #8535
Conversation
Codecov Report
@@ Coverage Diff @@
## master #8535 +/- ##
==========================================
+ Coverage 42.33% 42.44% +0.10%
==========================================
Files 176 176
Lines 22860 22889 +29
==========================================
+ Hits 9678 9715 +37
+ Misses 11799 11789 -10
- Partials 1383 1385 +2
Continue to review full report at Codecov.
|
|
If we make this configurable, should we also allow to forbid http and https (e.g. when |
|
I would agree with jannfis. Remove the hard-coded values. If http, https should allowed, they should be included in |
|
Yeah, probably keep http and https as the defaults for now. I was also wondering (apart from this change), whether we should introduce an URL allow list for this feature. |
docs/operator-manual/argocd-cm.yaml
Outdated
| @@ -216,6 +216,9 @@ data: | |||
| kustomize.version.v3.5.1: /custom-tools/kustomize_3_5_1 | |||
| kustomize.version.v3.5.4: /custom-tools/kustomize_3_5_4 | |||
|
|
|||
| # Comma delimited list of additional custom remote values file schemes (http are https are allowed by default) | |||
| helm.valuesFileSchemes: s3, git | |||
There was a problem hiding this comment.
Would helm.valuesFileSchemesEnabled or helm.valuesFileSchemesAllowed be better?
There was a problem hiding this comment.
For some reason, I like just helm.valuesFileSchemes. Boh enabled and allowed looks a little redundant to me because I cannot imagine any other option.
I might be wrong and don't have a strong opinion about it, to be honest. @terrytangyuan let me know please if you really think that some clarification is required and we should use helm.valuesFileSchemesEnabled/helm.valuesFileSchemesAllowed.
There was a problem hiding this comment.
Sounds good to me. No need to change.
alexmt
force-pushed
the
8397-helm-schemas
branch
from
7d185a5
to
e24b887
Compare
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
alexmt
force-pushed
the
8397-helm-schemas
branch
from
e24b887
to
293131f
Compare
|
Hi, is there a chance to backport this into the 2.2.x branch? In case if not, is there any release of ArgoCD 2.3 planned? |
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
|
Hello, is it resolved ? i see a merge but i added |
|
Anyone that successfully added the option ? |
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Im still having this issue, using @jkroepke - I have followed your guidance in https://github.com/jkroepke/helm-secrets/blob/88609fb95f79720f64268c317ef079dac90f75f3/docs/ArgoCD%20Integration.md |
|
silly me, i noticed |
|
Hey there. is it merged? the schema options still does not work for 2.3.2. |
|
@petr4 did you try to hard refresh your app? looks like it's cached error |
|
@rgeraskin Hy there, it works as well. In my case the issue was in wrong argocd service to apply configs. And yes - refresh apps definitely helps with correct works |
|
@rgeraskin @petr4 |
|
@amohamedhey Hey! Any changes should be reread from cm to pod, i guess restart can help, in my case i just have added helm |
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Signed-off-by: wojtekidd <wojtek.cichon@protonmail.com>
|
This PR has introduced a bug with the |
|
Hi. Did anyone solve this issue? |
It's a good idea to restart pods. |
Did you fix it with this? helm.valuesFileSchemes: http, https, secrets |
Signed-off-by: Alexander Matyushentsev AMatyushentsev@gmail.com
Closes #8397
It is not secure to allow any url scheme for a remote helm values file. The PR introduces are new setting in
argocd-cmConfigMap that allows user to configure allowed schemes: