Support for extending Argo CD

Argo CD Extensions

To enable Extensions for your Argo CD cluster will require just a single kubectl apply.

Here we provide a way to extend Argo CD such that it can provide resource-specific visualizations, capabilities and interactions in the following ways:

  • Richer and context-sensitive UI components can be displayed in the user interface about custom resources.
  • Custom health checks can be configured to assess the health of the resource.
  • Custom actions could be performed to manipulate resources in predefined ways.

Motivation

Argo CD is commonly used as a dashboard to Kubernetes applications. The current UI is limited in that it only displays very general information about Kubernetes objects. Any special visualizations can currently only be done native Kubernetes kinds.

For custom resources, Argo CD does not by default have any special handling or understanding of CRs, such as how to assess health of the object or visualizations. When examining a resource, a user can only see a YAML view of the object, which is not helpful unless they are familiar with the object's spec and status information.

Note that Argo CD does currently have a resource customizations feature, which allows operators to define health checks and actions via lua scripts in the argocd-cm ConfigMap. However, the current mechanism of configuring resource customizations is difficult and highly error prone.

This proposal would allow operators to more easily configure Argo CD to understand custom resources, as well as provide more powerful visualization of objects.'

Goals

  • Enable new visualizations in the UI for resources that do not have baked-in support
  • Extensions can be configured by operators at runtime, without a feature being built directly into Argo CD, and with no need to recompile UI code.
  • Extensions should be easy to develop and install (via an ArgoCDExtension CR)
  • Replace current resource customizations in argocd-cm ConfigMap with extensions

Getting Started

The simplest way to install the extension controller is to use Kustomize to bundle Argo CD and the extensions controller manifests together:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
# base Argo CD components
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/ha/install.yaml

components:
# extensions controller component
- https://github.com/argoproj-labs/argocd-extensions/manifests

Store the YAML above into kustomization.yaml file and use the following command to install manifests:

kubectl create ns argocd && kustomize build . | kubectl apply -f - -n argocd
Owner
argoproj-labs
argoproj-labs
https://github.com/argoproj-labs/argocd-extensions
Comments
  • chores: separate crd and patch manifest files

    chores: separate crd and patch manifest files

    when we install multiple argocd instances within a cluster. CRDs are shared resources across argocd instances within a cluster. The crd has to be installed in one bootstrap namespace, and argocd-extension has to be installed on the remaining account of argocd. Due to this reason, we need to separate the crd manifest from the argocd-extension patch manifest.

  • Failed to load rollout extension: Something went wrong with Extension for Rollout

    Failed to load rollout extension: Something went wrong with Extension for Rollout

    Summary

    What happened/what you expected to happen?

    When clicking on the More tab on a rollout object, we are expected to see the rollout page, however it shows error: Something went wrong with Extension for Rollout instead Screenshot 2022-02-25 at 6 20 31 PM

    Diagnostics

    What Kubernetes provider are you using? GKE, 1.20

    What version of Argo CD and Argo CD Extensions are you running? ArgoCD v2.2.5+8f981cc ArgoCD Extensions v0.1.0 rollout extension v0.1.0

    # Paste the logs from the extensions controller

I0225 01:04:27.631432       1 request.go:665] Waited for 1.040301432s due to client-side throttling, not priority and fairness, request: GET:https://10.6.75.1:443/apis/networking.k8s.io/v1?timeout=32s
2022-02-25T01:04:27.835Z    INFO    setup    starting manager
2022-02-25T01:04:27.836Z    INFO    controller.argocdextension    Starting EventSource    {"reconciler group": "argoproj.io", "reconciler kind": "ArgoCDExtension", "source": "kind source: /, Kind="}
2022-02-25T01:04:27.836Z    INFO    controller.argocdextension    Starting Controller    {"reconciler group": "argoproj.io", "reconciler kind": "ArgoCDExtension"}
2022-02-25T01:04:27.937Z    INFO    controller.argocdextension    Starting workers    {"reconciler group": "argoproj.io", "reconciler kind": "ArgoCDExtension", "worker count": 1}
2022-02-25T01:04:27.938Z    INFO    controller.argocdextension    Sources has not been downloaded yet, redownloading...    {"reconciler group": "argoproj.io", "reconciler kind": "ArgoCDExtension", "name": "argo-rollouts", "namespace": "argocd"}
2022-02-25T01:04:29.346Z    INFO    controller.argocdextension    Successfully downloaded all sources.    {"reconciler group": "argoproj.io", "reconciler kind": "ArgoCDExtension", "name": "argo-rollouts", "namespace": "argocd"}

    Also seeing this error in developer tools: Screenshot 2022-02-25 at 6 26 50 PM

    Just a guess: could this be caused by the fact that we are using WorkloadRef ?

    Message from the maintainers:

    Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.

  • Integrate argocd-extensions into official argocd helm chart

    Integrate argocd-extensions into official argocd helm chart

    Summary

    Integrate argocd-extensions into official argocd helm chart (put it behind variable?)

    Use Cases

    Kustomize is PITA. Please make it easier to install extensions ;)

    Message from the maintainers:

    Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.

  • Arm64 : exec format error

    Arm64 : exec format error

    Summary

    I deploy the Argo-CD helm chart and enable extensions :

    server:
  extensions:
      enabled: true

    Diagnostics

    What Kubernetes provider are you using? k3s

    What version of Argo CD and Argo CD Extensions are you running?

      server:
    Container ID:  containerd://4fe6fba7f318b161c23df5098ebe98b7436a5fec9fbb1d2be3c11eef2d2461dc
    Image:         quay.io/argoproj/argocd:v2.4.14
    Image ID:      quay.io/argoproj/argocd@sha256:841adcd977c51c263aa29d3aa0cbe045c69abe7533c03c3fbbfd4dbd8ecff85f
    Ports:         8080/TCP, 8083/TCP
    Host Ports:    0/TCP, 0/TCP
    Command:
      argocd-server
      --insecure
    State:          Running
      Started:      Thu, 20 Oct 2022 13:11:41 +0200
    Ready:          True
    Restart Count:  0
    Limits:
      memory:  512Mi
    Requests:
      cpu:      100m
      memory:   128Mi
    Liveness:   http-get http://:8080/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
    Readiness:  http-get http://:8080/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
    Environment:
      ARGOCD_SERVER_INSECURE:                            <set to the key 'server.insecure' of config map 'argocd-cmd-params-cm'>                            Optional: true
      ARGOCD_SERVER_BASEHREF:                            <set to the key 'server.basehref' of config map 'argocd-cmd-params-cm'>                            Optional: true
      ARGOCD_SERVER_ROOTPATH:                            <set to the key 'server.rootpath' of config map 'argocd-cmd-params-cm'>                            Optional: true
      ARGOCD_SERVER_LOGFORMAT:                           <set to the key 'server.log.format' of config map 'argocd-cmd-params-cm'>                          Optional: true
      ARGOCD_REPO_SERVER_LOGLEVEL:                       <set to the key 'server.log.level' of config map 'argocd-cmd-params-cm'>                           Optional: true
      ARGOCD_SERVER_REPO_SERVER:                         <set to the key 'repo.server' of config map 'argocd-cmd-params-cm'>                                Optional: true
      ARGOCD_SERVER_DEX_SERVER:                          <set to the key 'server.dex.server' of config map 'argocd-cmd-params-cm'>                          Optional: true
      ARGOCD_SERVER_DISABLE_AUTH:                        <set to the key 'server.disable.auth' of config map 'argocd-cmd-params-cm'>                        Optional: true
      ARGOCD_SERVER_ENABLE_GZIP:                         <set to the key 'server.enable.gzip' of config map 'argocd-cmd-params-cm'>                         Optional: true
      ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS:         <set to the key 'server.repo.server.timeout.seconds' of config map 'argocd-cmd-params-cm'>         Optional: true
      ARGOCD_SERVER_X_FRAME_OPTIONS:                     <set to the key 'server.x.frame.options' of config map 'argocd-cmd-params-cm'>                     Optional: true
      ARGOCD_SERVER_CONTENT_SECURITY_POLICY:             <set to the key 'server.content.security.policy' of config map 'argocd-cmd-params-cm'>             Optional: true
      ARGOCD_SERVER_REPO_SERVER_PLAINTEXT:               <set to the key 'server.repo.server.plaintext' of config map 'argocd-cmd-params-cm'>               Optional: true
      ARGOCD_SERVER_REPO_SERVER_STRICT_TLS:              <set to the key 'server.repo.server.strict.tls' of config map 'argocd-cmd-params-cm'>              Optional: true
      ARGOCD_TLS_MIN_VERSION:                            <set to the key 'server.tls.minversion' of config map 'argocd-cmd-params-cm'>                      Optional: true
      ARGOCD_TLS_MAX_VERSION:                            <set to the key 'server.tls.maxversion' of config map 'argocd-cmd-params-cm'>                      Optional: true
      ARGOCD_TLS_CIPHERS:                                <set to the key 'server.tls.ciphers' of config map 'argocd-cmd-params-cm'>                         Optional: true
      ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION:  <set to the key 'server.connection.status.cache.expiration' of config map 'argocd-cmd-params-cm'>  Optional: true
      ARGOCD_SERVER_OIDC_CACHE_EXPIRATION:               <set to the key 'server.oidc.cache.expiration' of config map 'argocd-cmd-params-cm'>               Optional: true
      ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION:           <set to the key 'server.login.attempts.expiration' of config map 'argocd-cmd-params-cm'>           Optional: true
      ARGOCD_SERVER_STATIC_ASSETS:                       <set to the key 'server.staticassets' of config map 'argocd-cmd-params-cm'>                        Optional: true
      ARGOCD_APP_STATE_CACHE_EXPIRATION:                 <set to the key 'server.app.state.cache.expiration' of config map 'argocd-cmd-params-cm'>          Optional: true
      REDIS_SERVER:                                      <set to the key 'redis.server' of config map 'argocd-cmd-params-cm'>                               Optional: true
      REDISDB:                                           <set to the key 'redis.db' of config map 'argocd-cmd-params-cm'>                                   Optional: true
      REDIS_USERNAME:                                    <set to the key 'redis-username' in secret 'argo-cd-argocd-redis'>                                 Optional: true
      REDIS_PASSWORD:                                    <set to the key 'redis-password' in secret 'argo-cd-argocd-redis'>                                 Optional: true
      ARGOCD_DEFAULT_CACHE_EXPIRATION:                   <set to the key 'server.default.cache.expiration' of config map 'argocd-cmd-params-cm'>            Optional: true
      ARGOCD_MAX_COOKIE_NUMBER:                          <set to the key 'server.http.cookie.maxnumber' of config map 'argocd-cmd-params-cm'>               Optional: true
      ARGOCD_SERVER_OTLP_ADDRESS:                        <set to the key 'otlp.address' of config map 'argocd-cmd-params-cm'>                               Optional: true
    Mounts:
      /app/config/server/tls from argocd-repo-server-tls (rw)
      /app/config/ssh from ssh-known-hosts (rw)
      /app/config/tls from tls-certs (rw)
      /home/argocd from plugins-home (rw)
      /tmp from tmp-dir (rw)
      /tmp/extensions/ from extensions (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-hbqhz (ro)

    and

      argocd-extensions:
    Container ID:   containerd://7a3cdb1e50e70536183c2d192e5ebd9d313994034d45100e8a5659d80cfbf238
    Image:          ghcr.io/argoproj-labs/argocd-extensions:v0.1.0
    Image ID:       ghcr.io/argoproj-labs/argocd-extensions@sha256:df18de9c611684a95b1593d2a703f49fa6213b6fad92c550b34f55404f0b7568
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Thu, 20 Oct 2022 13:13:25 +0200
      Finished:     Thu, 20 Oct 2022 13:13:25 +0200
    Ready:          False
    Restart Count:  4
    Limits:
      memory:  128Mi
    Requests:
      cpu:        10m
      memory:     64Mi
    Environment:  <none>
    Mounts:
      /tmp/extensions/ from extensions (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-hbqhz (ro)

    Paste the logs from the extensions controller

    Logs for the entire controller:

    kubectl logs -n argocd deployment/argocd-extensions-controller

    kubectl -n argocd logs -f argo-cd-argocd-server-66b874fcd9-2zq7v -c argocd-extensions
exec /manager: exec format error

    Message from the maintainers:

    Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.

  • Add Container Security Context by Default

    Add Container Security Context by Default

    Summary

    Currently it seems that

    capabilites:
  drop:
    - ALL

    is missing from the container security context. If the container does not require those capabilities, would it be possible to drop them by default?

    Use Cases

    When would you use this?

    If this is implemented by default I believe that it would increase the security posture of every cluster that uses this.

    Message from the maintainers:

    Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.

  • Automate updating image tags

    Automate updating image tags

    Summary

    Automate updating image tags in the kustomization.yaml files.

    Use Cases

    Otherwise we'll forget. And when we don't forget, we have to manually do this: https://github.com/argoproj-labs/argocd-extensions/pull/22

    Message from the maintainers:

    Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.

  • Check downloaded resources integrity

    Check downloaded resources integrity

    When you pull a resource down, you should check the resources hash against a known good value, in case the third-party is compromised and an attacker replaces the resource (Javascript) with something bad.

    Basically this:

    https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

    <script src="https://example.com/example-framework.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

    Could be done like this:

    apiVersion: argoproj.io/v1alpha1
kind: ArgoCDExtension
metadata:
  name: hello-world
  finalizers:
    - extensions-finalizer.argocd.argoproj.io
spec:
  sources:
    - git:
        url: https://github.com/argoproj-labs/argocd-example-extension.git
    - web:
        url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar
        integrity: sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC
  • Supporting More than one extension per resource

    Supporting More than one extension per resource

    Summary

    The current ArgoCD extension supports only one extension per resource. extension.js will overwrite the previous one.

    What change needs making?

    Use Cases

    When would you use this?

    Message from the maintainers:

    Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.

  • Add SECURITY.md

    Add SECURITY.md

    The Argo maintainers recently agreed to require all Argoproj Labs project repositories to contain a SECURITY.md file which documents:

    • Contact information for reporting security vulnerabilities
    • Some minimal information about policies, practices, with possibly links to further documentation with more details

    This will help direct vulnerability reporting to the right parties which can fix the issue.

    You are free to use the following as examples/templates:

    Also, please note that in the future we are exploring a requirement that argoproj-labs projects perform a CII self-assessment to better inform its users about which security best practices are being followed.

Related tags
Argo argocd-extensions
Notifications for Argo CD
 Notifications for Argo CD

Argo CD Notifications Argo CD Notifications continuously monitors Argo CD applications and provides a flexible way to notify users about important cha

Nov 27, 2022
Argo CD ApplicationSet Controller

The ApplicationSet controller manages multiple Argo CD Applications as a single ApplicationSet unit, supporting deployments to large numbers of clusters, deployments of large monorepos, and enabling secure Application self-service.

Dec 14, 2022
Automatic container image update for Argo CD

Argo CD Image Updater Introduction Argo CD Image Updater is a tool to automatically update the container images of Kubernetes workloads which are mana

Dec 25, 2022
A Kubernetes operator for managing Argo CD clusters.

Argo CD Operator A Kubernetes operator for managing Argo CD clusters. Documentation See the documentation for installation and usage of the operator.

Dec 14, 2022
Argo-CD Autopilot
 Argo-CD Autopilot

Introduction New users to GitOps and Argo CD are not often sure how they should structure their repos, add applications, promote apps across environme

Jan 6, 2023
Hera is a Python framework for constructing and submitting Argo Workflows.

Hera is an Argo Workflows Python SDK. Hera aims to make workflow construction and submission easy and accessible to everyone! Hera abstracts away workflow setup details while still maintaining a consistent vocabulary with Argo Workflows.

Dec 31, 2022
A series of controllers for configuring namespaces to accomodate Argo

argo-controller A series of controllers for configuring namespaces to accomodate Argo. ArgoCD TBD Argo Workflows Make a service account in every names

Jan 4, 2022
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.
 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.

What is Argo Workflows? Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflow

Dec 10, 2021
Argo Rollout visualization in Argo CD Web UI
 Argo Rollout visualization in Argo CD Web UI

Rollout Extension The project introduces the Argo Rollout dashboard into the Argo CD Web UI. Quick Start Install Argo CD and Argo CD Extensions Contro

Dec 29, 2022
Extending the Monkey (programming) Lang from

?? Mellang ?? Mellang, an interpreted programming language Mellang VSCode Extension You can download it on https://marketplace.visualstudio.com/items?

May 20, 2022
Trying to build an Ecommerce Microservice in Golang and Will try to make it Cloud Native - Learning Example extending the project of Nic Jackson

Golang Server Project Best Practices Dependency Injection :- In simple words, we want our functions and packages to receive the objects they depend on

Nov 28, 2022
OpenYurt - Extending your native Kubernetes to edge(project under CNCF)
 OpenYurt - Extending your native Kubernetes to edge(project under CNCF)

openyurtio/openyurt English | įŽ€äŊ“中文 What is NEW! Latest Release: September 26th, 2021. OpenYurt v0.5.0. Please check the CHANGELOG for details. First R

Jan 7, 2023
Console - Commands are defined in struct extending pkg/command/create user.go

Console Creating a Command Commands are defined in struct extending pkg/command/

Jan 2, 2022
Automating Kubernetes Rollouts with Argo and Prometheus. Checkout the demo URL below
 Automating Kubernetes Rollouts with Argo and Prometheus. Checkout the demo URL below

observe-argo-rollout Demo for Automating and Monitoring Kubernetes Rollouts with Argo and Prometheus Performing Demo The demo can be found on Katacoda

Nov 16, 2022
A plugin for argo which behaves like I'd like

argocd-lovely-plugin An ArgoCD plugin to perform various manipulations in a sensible order to ultimately output YAML for Argo CD to put into your clus

Dec 27, 2022
Simple example using Git actions + Argo CD + K8S + Docker and GO lang

CICD-simple_example Simple example using Git actions + Argo CD + K8S + Docker and GO lang Intro Pre reqs Have an ArgoCD account and Installed. Docker

Oct 28, 2021
Notifications for Argo CD
 Notifications for Argo CD

Argo CD Notifications Argo CD Notifications continuously monitors Argo CD applications and provides a flexible way to notify users about important cha

Nov 27, 2022
Argo CD ApplicationSet Controller

The ApplicationSet controller manages multiple Argo CD Applications as a single ApplicationSet unit, supporting deployments to large numbers of clusters, deployments of large monorepos, and enabling secure Application self-service.

Dec 14, 2022
Automatic container image update for Argo CD

Argo CD Image Updater Introduction Argo CD Image Updater is a tool to automatically update the container images of Kubernetes workloads which are mana

Dec 25, 2022
A Kubernetes operator for managing Argo CD clusters.

Argo CD Operator A Kubernetes operator for managing Argo CD clusters. Documentation See the documentation for installation and usage of the operator.

Dec 14, 2022