New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support custom helm values file schemes #8535
Conversation
Codecov Report
@@ Coverage Diff @@
## master #8535 +/- ##
==========================================
+ Coverage 42.33% 42.44% +0.10%
==========================================
Files 176 176
Lines 22860 22889 +29
==========================================
+ Hits 9678 9715 +37
+ Misses 11799 11789 -10
- Partials 1383 1385 +2
Continue to review full report at Codecov.
|
If we make this configurable, should we also allow to forbid http and https (e.g. when |
I would agree with jannfis. Remove the hard-coded values. If http, https should allowed, they should be included in |
Yeah, probably keep http and https as the defaults for now. I was also wondering (apart from this change), whether we should introduce an URL allow list for this feature. |
docs/operator-manual/argocd-cm.yaml
Outdated
@@ -216,6 +216,9 @@ data: | |||
kustomize.version.v3.5.1: /custom-tools/kustomize_3_5_1 | |||
kustomize.version.v3.5.4: /custom-tools/kustomize_3_5_4 | |||
|
|||
# Comma delimited list of additional custom remote values file schemes (http are https are allowed by default) | |||
helm.valuesFileSchemes: s3, git |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would helm.valuesFileSchemesEnabled
or helm.valuesFileSchemesAllowed
be better?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For some reason, I like just helm.valuesFileSchemes
. Boh enabled
and allowed
looks a little redundant to me because I cannot imagine any other option.
I might be wrong and don't have a strong opinion about it, to be honest. @terrytangyuan let me know please if you really think that some clarification is required and we should use helm.valuesFileSchemesEnabled
/helm.valuesFileSchemesAllowed
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me. No need to change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
7d185a5
to
e24b887
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
e24b887
to
293131f
Compare
Hi, is there a chance to backport this into the 2.2.x branch? In case if not, is there any release of ArgoCD 2.3 planned? |
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Hello, is it resolved ? i see a merge but i added |
Anyone that successfully added the option ? |
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Im still having this issue, using
@jkroepke - I have followed your guidance in https://github.com/jkroepke/helm-secrets/blob/88609fb95f79720f64268c317ef079dac90f75f3/docs/ArgoCD%20Integration.md |
silly me, i noticed |
Hey there. is it merged? the schema options still does not work for 2.3.2. |
@petr4 did you try to hard refresh your app? looks like it's cached error |
@rgeraskin Hy there, it works as well. In my case the issue was in wrong argocd service to apply configs. And yes - refresh apps definitely helps with correct works |
@rgeraskin @petr4 |
@amohamedhey Hey! Any changes should be reread from cm to pod, i guess restart can help, in my case i just have added helm |
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Signed-off-by: wojtekidd <wojtek.cichon@protonmail.com>
This PR has introduced a bug with the |
Hi. Did anyone solve this issue? |
It's a good idea to restart pods. |
Did you fix it with this? helm.valuesFileSchemes: http, https, secrets |
Signed-off-by: Alexander Matyushentsev AMatyushentsev@gmail.com
Closes #8397
It is not secure to allow any url scheme for a remote helm values file. The PR introduces are new setting in
argocd-cm
ConfigMap that allows user to configure allowed schemes: