crossplane-contrib / provider-argocd Goto Github PK

View Code? Open in Web Editor NEW

68.0 6.0 32.0 866 KB

Crossplane provider to provision and manage Argo CD objects

License: Apache License 2.0

Makefile 2.16% Go 94.89% Dockerfile 0.07% Shell 2.87%

kubernetes operator crossplane crossplane-provider

provider-argocd's Introduction

provider-argocd

Overview

provider-argocd is the Crossplane infrastructure provider for Argo CD. The provider that is built from the source code in this repository can be installed into a Crossplane control plane and adds the following new functionality:

Custom Resource Definitions (CRDs) that model Argo CD resources
Controllers to provision these resources in Argo CD based on the users desired state captured in CRDs they create
Implementations of Crossplane's portable resource abstractions, enabling Argo CD resources to fulfill a user's general need for Argo CD configurations

Getting Started and Documentation

Follow the official docs to install crossplane, then these steps to get started with provider-argocd.

Optional: Start a local Argo CD server

kind create cluster

kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Create a new Argo CD user

Follow the steps in the official documentation to create a new user provider-argcod:

kubectl patch configmap/argocd-cm \
  -n argocd \
  --type merge \
  -p '{"data":{"accounts.provider-argocd":"apiKey"}}'

kubectl patch configmap/argocd-rbac-cm \
  -n argocd \
  --type merge \
  -p '{"data":{"policy.csv":"g, provider-argocd, role:admin"}}'

Create an API Token

Note: The following steps require the kubectl-view-secret plugin and jq to be installed.

Get the admin passwort via kubectl

ARGOCD_ADMIN_SECRET=$(kubectl view-secret argocd-initial-admin-secret -n argocd -q)

Port forward the Argo CD api to the host:

kubectl -n argocd port-forward svc/argocd-server 8443:443

Create a session JWT for the admin user at the Argo CD API. Note: You cannot use this token directly, because it will expire.

ARGOCD_ADMIN_TOKEN=$(curl -s -X POST -k -H "Content-Type: application/json" --data '{"username":"admin","password":"'$ARGOCD_ADMIN_SECRET'"}' https://localhost:8443/api/v1/session | jq -r .token)

Create an API token without expiration that can be used by provider-argocd

ARGOCD_PROVIDER_USER="provider-argocd"

ARGOCD_TOKEN=$(curl -s -X POST -k -H "Authorization: Bearer $ARGOCD_ADMIN_TOKEN" -H "Content-Type: application/json" https://localhost:8443/api/v1/account/$ARGOCD_PROVIDER_USER/token | jq -r .token)

Setup crossplane provider-argocd

Install provider-argocd:

cat << EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-argocd
spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.2.0
EOF

Create a kubernetes secret from the JWT so provider-argocd is able to connect to Argo CD:

kubectl create secret generic argocd-credentials -n crossplane-system --from-literal=authToken="$ARGOCD_TOKEN"

Configure a ProviderConfig with serverAddr pointing to an Argo CD instance:

cat << EOF | kubectl apply -f -
apiVersion: argocd.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: argocd-provider
spec:
  serverAddr: argocd-server.argocd.svc:443
  insecure: true
  plainText: false
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: argocd-credentials
      key: authToken
EOF

Contributing

provider-argocd is a community driven project and we welcome contributions. See the Crossplane Contributing guidelines to get started.

Report a Bug

For filing bugs, suggesting improvements, or requesting new features, please open an issue.

Contact

Please use the following to reach members of the community:

Slack: Join our slack channel
Forums: crossplane-dev
Twitter: @crossplane_io
Email: [email protected]

Governance and Owners

provider-argocd is run according to the same Governance and Ownership structure as the core Crossplane project.

Code of Conduct

provider-argocd adheres to the same Code of Conduct as the core Crossplane project.

Licensing

provider-argocd is under the Apache 2.0 license.

provider-argocd's People

Contributors

Stargazers

Watchers

provider-argocd's Issues

Fail to Recreate Deleted Cluster in ArgoCD v2.9.1

What happened?

First off, I have seen that the provider is configured to use ArgoCD v2.8.4

provider-argocd/go.mod

Line 6 in 00b9ad6

github.com/argoproj/argo-cd/v2 v2.8.4

However, there was some unexpected behavior with 2.9.1 that will need to be addressed eventually, so I'm bringing up this issue now.

The behavior I saw is if a user deletes a Cluster in the ArgoCD server that was managed by provider-argocd, the Cluster fails to be recreated, and stays in the state synced: false. Specifically, the error shown is

Warning  CannotObserveExternalResource  2m12s (x376 over 3d7h)  managed/cluster  cannot get Argocd Cluster: rpc error: code = PermissionDenied desc = permission denied

In the controller logs, I see

2023-11-27T16:25:08Z    DEBUG   provider-argocd Cannot observe external resource        {... "error": "cannot get Argocd Cluster: rpc error: code = PermissionDenied desc = permission denied", "errorVerbose": "rpc error: code = PermissionDenied desc = permission denied\ncannot get Argocd Cluster\ngithub.com/crossplane-contrib/provider-argocd/pkg/controller/cluster.(*external).Observe\n\tgithub.com/crossplane-contrib/provider-argocd/pkg/controller/cluster/controller.go:120\ngithub.com/crossplane/crossplane-runtime/pkg/reconciler/managed.(*Reconciler).Reconcile\n\tgithub.com/crossplane/[email protected]/pkg/reconciler/managed/reconciler.go:780\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235\nruntime.goexit\n\truntime/asm_amd64.s:1594"}

Instead of throwing an error, I would expect the Cluster to be recreated.

How can we reproduce it?

Not sure exactly what the breaking version is just looking at release notes. We went 2.7.7 -> 2.9.1, so you can try with ArgoCD 2.9.1. Also note that we're using the latest build of the provider; xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.5.0-rc.0.2.gf446591 that came following this PR https://github.com/crossplane-contrib/provider-argocd/pull/101/files, which could be related.

To go through our setup, first we added a user in our ArgoCD RBAC with the following permissions:

policy.csv: |
      p, <user>, clusters, *, *, allow

Then ran the following commands:

ARGOCD_ADMIN_SECRET=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
ARGOCD_SERVER=<ArgoCD server>
ARGOCD_ADMIN_TOKEN=$(curl -s -X POST -k -H "Content-Type: application/json" --data '{"username":"admin","password":"'$ARGOCD_ADMIN_SECRET'"}' ${ARGOCD_SERVER}/api/v1/session | jq -r .token)
curl -s -X POST -k -H "Authorization: Bearer $ARGOCD_ADMIN_TOKEN" -H "Content-Type: application/json" ${ARGOCD_SERVER}/api/v1/account/<user>/token | jq -r .token

We then used this token to create a secret and referenced it in a provider config called argocd.

Now using some test cluster, referenced below as 'test-cluster', add the following Cluster

Create a Cluster managed resource:

apiVersion: cluster.argocd.crossplane.io/v1alpha1
kind: Cluster
metadata:
  name: test-cluster
spec:
  forProvider:
    server: <server>
    config:
      bearerTokenSecretRef:
        key: token
        name: test-cluster-token
        namespace: <namespace>
    name: test-cluster
  providerConfigRef:
    name: argocd

Now manually delete the Cluster from the ArgoCD API, and it doesn't come back up.

As added context, I tried running something like argocd cluster get doesntexist --server <server> with both the user's token and admin creds, and got the error FATA[0000] rpc error: code = PermissionDenied desc = permission denied. I expected the error "Cluster Not Found"

What environment did it happen in?

Crossplane version:v1.13.2-up.2
Crossplane Provider argocd version: xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.5.0-rc.0.2.gf446591
Kubernetes client 1.25.3, Server 1.26.10, on an Upbound Managed Control Plane; ArgoCD running in EKS, running helm release 5.51.2.

"Application" cannot reference "Cluster"

What happened?

Using argocd provider v0.4.0, having an existing Cluster that is Ready True Synced True. I add an application like this

apiVersion: applications.argocd.crossplane.io/v1alpha1
kind: Application
metadata:
  name: argocd-application-security
spec:
  forProvider:
    destination:
      namespace: argocd
      #   server: https://aks.hcp.westeurope.azmk8s.io:443
      #   serverRef:
      #     name: argocd-cluster-cilium
      serverSelector:
        matchLabels:
          security: "true"
...

In the example above, using either serverSelector or serverRef, it gives error

Events:
  Type     Reason                        Age               From                 Message
  ----     ------                        ----              ----                 -------
  Warning  CannotCreateExternalResource  5s (x12 over 9s)  managed/application  cannot create Argocd application: rpc error: code = InvalidArgument desc = application spec for argocd-application-security is invalid: InvalidSpecError: Unable to get cluster: rpc error: code = NotFound desc = cluster "argocd-cluster-cilium" not found

Using server: https://aks.hcp.westeurope.azmk8s.io:443 works fine.

Cluster is defined like this

apiVersion: cluster.argocd.crossplane.io/v1alpha1
kind: Cluster
metadata:
  name: argocd-cluster-cilium
  labels:
    security: "true"
spec:
  forProvider:
    config:
      kubeconfigSecretRef:
        namespace: crossplane-system
        name: cilium-connectiondetails-write
        key: kubeconfig
    name: argocd-cluster-cilium
  providerConfigRef:
    name: argocd-provider

Unexpectedly high resource usage

What happened?

I noticed the status of the provider became unhealthy.
Autoscaling kicked in and added a node which solved the issue temporarily.
Checking the GKE console I saw that CPU and memory were increasing.

Nothing in the logs.

How can we reproduce it?

Could be related to using ArgoCD v2.4.0-rc2+cd5, I wanted to try the argocd-k8s-auth feature with GCP (which works fine, a nice solution to #13).

Provider

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-argocd
spec:
  package: crossplane/provider-argocd:v0.1.0

ProviderConfig

apiVersion: argocd.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: argocd-provider
spec:
  serverAddr: REDACTED
  insecure: false
  plainText: false
  credentials:
    source: Secret
    secretRef:
      namespace: argocd
      name: argocd-credentials
      key: authToken

Cluster (part of a Composition)

  - name: argocd-cluster
    base:
      apiVersion: cluster.argocd.crossplane.io/v1alpha1
      kind: Cluster
      spec:
        providerConfigRef:
          name: argocd-provider
        forProvider:
          config:
            tlsClientConfig:
              insecure: false
              caDataSecretRef:
                key: clusterCA
            execProviderConfig:
              apiVersion: client.authentication.k8s.io/v1beta1
              command: argocd-k8s-auth
              args:
                - gcp

    patches:
    - fromFieldPath: spec.id
      toFieldPath: metadata.name
    - fromFieldPath: spec.id
      toFieldPath: spec.forProvider.name
    - fromFieldPath: spec.deletionPolicy
      toFieldPath: spec.deletionPolicy
    - fromFieldPath: status.endpoint
      toFieldPath: spec.forProvider.server
      policy:
        fromFieldPath: Required
      transforms:
      - type: string
        string:
          fmt: "https://%s"
    - fromFieldPath: metadata.uid
      toFieldPath: spec.forProvider.config.tlsClientConfig.caDataSecretRef.name
      transforms:
      - type: string
        string:
          fmt: "%s-gkecluster"
    - fromFieldPath: spec.claimRef.namespace
      toFieldPath: spec.forProvider.config.tlsClientConfig.caDataSecretRef.namespace

    readinessChecks:
      - type: None

There are only two ProviderConfigUsages, two clusters.
One is for the in-cluster so it is not acutally used.
The other is working fine.

What environment did it happen in?

Crossplane version: 1.7.0
Crossplane Provider argocd version: 0.1.0
Kubernetes version (use kubectl version)

Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.3", GitCommit:"816c97ab8cff8a1c72eccca1026f7820e93e0d25", GitTreeState:"clean", BuildDate:"2022-01-25T21:25:17Z", GoVersion:"go1.17.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5-gke.2400", GitCommit:"edad26ea7e78d44536b547193f30209b03e954c9", GitTreeState:"clean", BuildDate:"2022-04-15T09:31:56Z", GoVersion:"go1.17.8b7", Compiler:"gc", Platform:"linux/amd64"}

Kubernetes distribution (e.g. Tectonic, GKE, OpenShift): GKE

Implement application managed resource

What problem are you facing?

provider-argocd does not have support for applications

How could Crossplane help solve your problem?

Implement application resource

Add gRPC web support

What problem are you facing?

Some ArgoCD instances of my customers are behind a proxy without http2 support.
The argocd cli allows the use of gRPC-Web in such cases using the --grpc-web and --grpc-web-root-path flags.

How could Crossplane help solve your problem?

Add grpcWeb and grpcWebRootPath to the ProviderConfig and pass it to the client library.

Cluster fails to delete

What happened?

When deleting clusters, the MR will be deleted, but the Cluster will remain in ArgoCD.

I believe that in the commit below the check if meta.WasDeleted(cr) && meta.GetExternalName(cr) != observedCluster.Name { was converted from !- to ==.

https://github.com/crossplane-contrib/provider-argocd/pull/59/files#diff-6018422a524a37b8b948ecc6863963b91153ca3810461b1868a7b79ea4bd0b09R118

How can we reproduce it?

Create Cluster
Delete Cluster MR
Observe if Cluster exists in the ArgoCD UI

Argocd application creation fails

What happened?

Argocd application creation fails with error observe failed: cannot list Argocd application: rpc error: code = NotFound desc = application 'example-application-kubeconfig' not found

How can we reproduce it?

Apply this manifest https://github.com/crossplane-contrib/provider-argocd/blob/release-0.5/examples/application/application.yaml.

What environment did it happen in?

Crossplane version: v0.39.0
Crossplane Provider argocd version: v0.5.0

I see we are hitting this: https://github.com/crossplane-contrib/provider-argocd/blob/release-0.5/pkg/controller/applications/controller.go#L113. Ideally, do we need to set nil instead of error there?

Declarative provider-argocd installation

I normally install my providers with a manifest:

Example for Civo provider:

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-civo
spec:
  package: "crossplane/provider-civo:main"

Now I tried that same approach with provider-argocd:

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-46"
spec:
  package: "crossplane/provider-argocd:main" # also tried crossplane-contrib/provider-argocd:main

But it is not get "healthy":

Am I using this plugin wrong?

I didn't saw the installation step in the docs.

Thank you

[Feature Request] Have Argo CD to support Crossplane natively

What problem are you facing?

When using Argo CD with Helm in GitOps, I can customize the parameters exposed by Helm values.yaml either from Argo CD UI or command line. Essentially, it exposes helm specific options via Application.argoproj.io so that can override default configuration in values.yaml.

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  destination:
    namespace: dev
    server: 'https://kubernetes.default.svc'
  source:
    path: path/to/your/config
    repoURL: 'https://github.com/<account>/<repo>'
    targetRevision: HEAD
    helm:
      parameters:
        - name: path.to.foo
          value: bar
  project: default

Crossplane on the other hand supports defining Composition, CompositeResourceDefinition (XRD), CompositeResource (XR) and CompositeResourceClaim (XRC) which is very similar to what Helm does. These resources can be checked in git to support GitOps. Below is a table that summarizes the side-by-side comparison between Crossplane and Helm. More details can be found here.

Crossplane	Helm	Description
Composition	Templates	Both to compose a set of Kubernetes resources, but Composition uses patch to override while Helm uses template.
CompositeResource(Claim)	values.yaml	Both to allow user input as configurable settings. Argo CD has better support on Helm, e.g: to specify values in Argo `Application` resource.
CompositeResourceDefinition	n/a	CompositeResourceDefinition as a schema has better user input control.

With XRD, XR/XRC, Crossplane is more reliable than Helm for user input as custom options. e.g.: to define a type for each option, mark it as required or optional, give it a description text, etc.

However, there is no such support as Helm does in Argo CD for UI and Application.argoproj.io integration.

How could Crossplane help solve your problem?

I know it may not be a good place to raise it here. We should ask a feature request in Argo CD community since this is more on Argo CD side to address such an issue. Also, it may not be easy to implement given the Crossplane design nature from tech perspective. But before that, just to make sure if that generally makes sense from Crossplane community side.

Ideally, I would like to see Crossplane could be taken as first-class citizen in Argo CD just as Helm, Kustomize, and other tools. We can attach custom options in Application.argoproj.io resource to override the default settings defined by XR/XRC as below. And this can also be supported via Argo CD web UI, as Helm does.

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  destination:
    namespace: dev
    server: 'https://kubernetes.default.svc'
  source:
    path: path/to/your/config
    repoURL: 'https://github.com/<account>/<repo>'
    targetRevision: HEAD
    crossplane:
      SomeXRC:
        - name: path.to.foo
          value: bar
  project: default

Does it make sense?

Github description

Please add a Github description, so other tools like https://github.com/luebken/awesome-crossplane-providers can pull what this provider is about.

Getting no matches for kind "ProviderConfig" in version "argocd.crossplane.io/v1alpha1"

What happened?

We were trying to setup ArgoCD cross plane provider with cross-plane following the steps mentioned in the ReadME.

When trying to run

cat << EOF | kubectl apply -f - apiVersion: argocd.crossplane.io/v1alpha1 kind: ProviderConfig metadata: name: argocd-provider spec: serverAddr: argocd-server.argocd.svc:443 insecure: true plainText: false credentials: source: Secret secretRef: namespace: crossplane-system name: argocd-credentials key: authToken EOF

it gives the following error

error: unable to recognize "STDIN": no matches for kind "ProviderConfig" in version "argocd.crossplane.io/v1alpha1"

All the cross-plane pods are healthy.

Implement user/pass authentication to argocd

What problem are you facing?

Currently provider-argocd uses a JWT to authenticate to argocd. This JWT is manually created for the argocd admin user:

# grab the initial admin password
ARGOCD_SECRET=$(kubectl view-secret argocd-initial-admin-secret -n argocd -q)
# port forward the argocd api to the host:
kubectl -n argocd port-forward svc/argocd-server 8443:443
# create a JWT for the admin user at the argocd api
ARGOCD_TOKEN=$(curl -s -X POST -k -H "Content-Type: application/json" --data '{"username":"admin","password":"'$ARGOCD_SECRET'"}' https://localhost:8443/api/v1/session | jq -r .token)

The JWT is time-bound and needs to be recreated every X hours.

How could Crossplane help solve your problem?

Instead of accepting a JWT to connect to argocd, provider-argocd should accept a user/pass and (re-)create the JWT on its own.

Potential Memory Leak in v0.5.0

What happened?

For context, my control plane exists in an environment that cannot directly hit our ArgoCD server endpoints, so I run a deployment on the cluster running ArgoCD to run the provider indirectly. What I've observed is that the memory allocated to this pod is increasing at roughly 1.3GB/day, consistent across four environments. I've checked using kubectl top pods and our stored metrics graphs:

k top pod argocd-provider-controller-xxxx -n argocd
NAME                                                         CPU(cores)   MEMORY(bytes)   
argocd-provider-controller-xxxx   15m          22729Mi

This is leading to pods being evicted for putting MemoryPressure on the underlying node.

How can we reproduce it?

First I manually create a ControllerConfig and Provider

apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
  name: provider-argocd-xxxxx-xxxxx
spec:
  replicas: 0
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-argocd-yyyyy-yyyyy
spec:
  controllerConfigRef:
    name: provider-argocd-xxxxx-xxxxx
  package: xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.5.0

There is a secret argocd-credentials with a token to ArgoCD at the key authToken, referenced by this ProviderConfig

apiVersion: argocd.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: argocd
spec:
  serverAddr: <addr>
  insecure: true
  plainText: false
  credentials:
    source: Secret
    secretRef:
      namespace: default
      name: argocd-credentials
      key: authToken

In the cluster running ArgoCD, I'm using the following deployment spec for the controller:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argocd-provider-controller-<control plane name>
  namespace: argocd
  annotations:
    uptest.upbound.io/conditions: "Available=True"
    uptest.upbound.io/pre-delete-hook: testhooks/delete.sh
  labels:
    app: provider-argocd
spec:
  replicas: 1
  selector:
    matchLabels:
      app: provider-argocd
  template:
    metadata:
      labels:
        app: provider-argocd
    spec:
      containers:
        - name: server
          image: xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.5.0
          imagePullPolicy: IfNotPresent
          args:
            - --debug
          env:
            - name: DO_NOTHING
              value: "false"
            - name: KUBECONFIG
              value: /etc/mcp-kubeconfig/kubeconfig
          volumeMounts:
            - name: mcp-kubeconfig
              mountPath: /etc/mcp-kubeconfig
      volumes:
        - name: mcp-kubeconfig
          secret:
            secretName: mcp-kubeconfig-<control plane name>

What environment did it happen in?

Crossplane version: 1.14.3-up.1 (note this is running in Upbound SaaS)
Crossplane Provider argocd version: v0.5.0

The deployments are running in EKS, and I've seen it on clusters running EKS versions v1.24 and v1.28.

provider fails due to nil pointer derefence

What happened?

As soon as I create a repository resource the provider fails with segfault.

This is the created resource (resource hashes might not match between example and error message. the resource is created as part of a composition.)

apiVersion: repositories.argocd.crossplane.io/v1alpha1
kind: Repository
metadata:
  name: test-app-m4d4m
spec:
  forProvider:
    passwordRef:
      key: token
      name: test-app-m4d4m-deploy-token
      namespace: crossplane-system
    repo: https://gitlab.com/b4221/demo-application.git
    type: git
    username: argocd
  providerConfigRef:
    name: argocd-provider

My providerConfig is created for a locally hosted argocd in the same cluster (as described by the readme):

// kg providerconfig.argocd argocd-provider -o yaml
apiVersion: argocd.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: argocd-provider
spec:
  credentials:
    secretRef:
      key: authToken
      name: argocd-credentials
      namespace: crossplane-system
    source: Secret
  insecure: true
  serverAddr: argocd-server.argocd.svc:443
status:
  users: 1

// make run
22:30:52 [ .. ] go build linux_amd64
go build: -i flag is deprecated
22:30:58 [ OK ] go build linux_amd64
22:30:58 [ .. ] Running Crossplane locally out-of-cluster . . .
/home/blut/provider-argocd/_output/bin/linux_amd64/provider --debug
2022-02-16T22:30:59.473+0100    DEBUG   provider-argocd Starting        {"sync-period": "1h0m0s"}
I0216 22:31:00.526958   12499 request.go:655] Throttling request took 1.0375678s, request: GET:https://127.0.0.1:62477/apis/node.k8s.io/v1beta1?timeout=32s
2022-02-16T22:31:00.877+0100    INFO    controller-runtime.metrics      metrics server is starting to listen    {"addr": ":8080"}
2022-02-16T22:31:00.878+0100    INFO    controller-runtime.manager      starting metrics server {"path": "/metrics"}
2022-02-16T22:31:00.878+0100    INFO    controller-runtime.manager.controller.managed/cluster   Starting EventSource   {"reconciler group": "cluster.argocd.crossplane.io", "reconciler kind": "Cluster", "source": "kind source: /, Kind="}
2022-02-16T22:31:00.878+0100    INFO    controller-runtime.manager.controller.providerconfig/providerconfig.argocd.crossplane.io                                                                                                            Starting EventSource     {"reconciler group": "argocd.crossplane.io", "reconciler kind": "ProviderConfig", "source": "kind source: /, Kind="}
2022-02-16T22:31:00.879+0100    INFO    controller-runtime.manager.controller.managed/project   Starting EventSource   {"reconciler group": "projects.argocd.crossplane.io", "reconciler kind": "Project", "source": "kind source: /, Kind="}
2022-02-16T22:31:00.879+0100    INFO    controller-runtime.manager.controller.managed/repository        Starting EventSource                                                                                                                {"reconciler group": "repositories.argocd.crossplane.io", "reconciler kind": "Repository", "source": "kind source: /, Kind="}
2022-02-16T22:31:00.986+0100    INFO    controller-runtime.manager.controller.managed/cluster   Starting Controller    {"reconciler group": "cluster.argocd.crossplane.io", "reconciler kind": "Cluster"}
2022-02-16T22:31:00.986+0100    INFO    controller-runtime.manager.controller.managed/cluster   Starting workers       {"reconciler group": "cluster.argocd.crossplane.io", "reconciler kind": "Cluster", "worker count": 1}
2022-02-16T22:31:00.987+0100    INFO    controller-runtime.manager.controller.providerconfig/providerconfig.argocd.crossplane.io                                                                                                            Starting EventSource     {"reconciler group": "argocd.crossplane.io", "reconciler kind": "ProviderConfig", "source": "kind source: /, Kind="}
2022-02-16T22:31:00.987+0100    INFO    controller-runtime.manager.controller.managed/project   Starting Controller    {"reconciler group": "projects.argocd.crossplane.io", "reconciler kind": "Project"}
2022-02-16T22:31:00.996+0100    INFO    controller-runtime.manager.controller.managed/repository        Starting Controller                                                                                                                 {"reconciler group": "repositories.argocd.crossplane.io", "reconciler kind": "Repository"}
2022-02-16T22:31:00.997+0100    INFO    controller-runtime.manager.controller.managed/repository        Starting workers                                                                                                                    {"reconciler group": "repositories.argocd.crossplane.io", "reconciler kind": "Repository", "worker count": 1}
2022-02-16T22:31:00.997+0100    DEBUG   provider-argocd Reconciling     {"controller": "managed/repository", "request": "/test-app-68qcn"}
2022-02-16T22:31:01.089+0100    INFO    controller-runtime.manager.controller.managed/project   Starting workers       {"reconciler group": "projects.argocd.crossplane.io", "reconciler kind": "Project", "worker count": 1}
2022-02-16T22:31:01.089+0100    INFO    controller-runtime.manager.controller.providerconfig/providerconfig.argocd.crossplane.io                                                                                                            Starting Controller      {"reconciler group": "argocd.crossplane.io", "reconciler kind": "ProviderConfig"}
2022-02-16T22:31:01.091+0100    INFO    controller-runtime.manager.controller.providerconfig/providerconfig.argocd.crossplane.io                                                                                                            Starting workers {"reconciler group": "argocd.crossplane.io", "reconciler kind": "ProviderConfig", "worker count": 1}
2022-02-16T22:31:01.093+0100    DEBUG   provider-argocd Reconciling     {"controller": "providerconfig/providerconfig.argocd.crossplane.io", "request": "/argocd-provider"}
E0216 22:31:01.101309   12499 runtime.go:78] Observed a panic: "invalid memory address or nil pointer dereference" (runtime error: invalid memory address or nil pointer dereference)
goroutine 351 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic({0x1b3fb00, 0x32adb40})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/runtime/runtime.go:74 +0x85
k8s.io/apimachinery/pkg/util/runtime.HandleCrash({0x0, 0x0, 0xc000b34000})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/runtime/runtime.go:48 +0x75
panic({0x1b3fb00, 0x32adb40})
        /home/blut/.go/src/runtime/panic.go:1038 +0x215
github.com/crossplane-contrib/provider-argocd/pkg/clients.UseProviderConfig({0x2090340, 0xc0002c2d20}, {0x20c8080, 0xc000400c80}, {0x20eb6e0, 0xc0008d9200})
        /home/blut/provider-argocd/pkg/clients/argocd.go:83 +0x2a3
github.com/crossplane-contrib/provider-argocd/pkg/clients.GetConfig({0x2090340, 0xc0002c2d20}, {0x20c8080, 0xc000400c80}, {0x20eb6e0, 0xc0008d9200})
        /home/blut/provider-argocd/pkg/clients/argocd.go:52 +0xd7
github.com/crossplane-contrib/provider-argocd/pkg/controller/repositories.(*connector).Connect(0xc0008bc9c0, {0x2090340, 0xc0002c2d20}, {0x20eb6e0, 0xc0008d9200})
        /home/blut/provider-argocd/pkg/controller/repositories/controller.go:81 +0x5f
github.com/crossplane/crossplane-runtime/pkg/reconciler/managed.(*Reconciler).Reconcile(0xc00029a5a0, {0xc0002c4f00, 0x1b3c980}, {{{0x0, 0x1bfe3c0}, {0xc0008b44b0, 0xc000aa44c0}}})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/github.com/crossplane/[email protected]/pkg/reconciler/managed/reconciler.go:564 +0xb0a
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc00029a640, {0x20902d0, 0xc0002c4f00}, {0x1bc2ec0, 0xc000b34000})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:298 +0x303
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc00029a640, {0x20902d0, 0xc0002c4f00})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253 +0x205
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2({0x20902d0, 0xc0002c4f00})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:216 +0x46
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1()
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185 +0x25
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0x7f3d0ccb5c30)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155 +0x67
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x20533a0, 0xc000ba9290}, 0x1, 0xc00055af00)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156 +0xb6
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x20533a0, 0x3b9aca00, 0x0, 0xe0, 0x101000000020001)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133 +0x89
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext({0x20902d0, 0xc0002c4f00}, 0xc000bac3b0, 0xc0007cc7a0, 0x1161aa6, 0x80)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185 +0x99
k8s.io/apimachinery/pkg/util/wait.UntilWithContext({0x20902d0, 0xc0002c4f00}, 0xc0006ea4c0, 0xc0007cc7b8)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:99 +0x2b
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:213 +0x356
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x197bee3]

goroutine 351 [running]:
k8s.io/apimachinery/pkg/util/runtime.HandleCrash({0x0, 0x0, 0xc000b34000})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/runtime/runtime.go:55 +0xd8
panic({0x1b3fb00, 0x32adb40})
        /home/blut/.go/src/runtime/panic.go:1038 +0x215
github.com/crossplane-contrib/provider-argocd/pkg/clients.UseProviderConfig({0x2090340, 0xc0002c2d20}, {0x20c8080, 0xc000400c80}, {0x20eb6e0, 0xc0008d9200})
        /home/blut/provider-argocd/pkg/clients/argocd.go:83 +0x2a3
github.com/crossplane-contrib/provider-argocd/pkg/clients.GetConfig({0x2090340, 0xc0002c2d20}, {0x20c8080, 0xc000400c80}, {0x20eb6e0, 0xc0008d9200})
        /home/blut/provider-argocd/pkg/clients/argocd.go:52 +0xd7
github.com/crossplane-contrib/provider-argocd/pkg/controller/repositories.(*connector).Connect(0xc0008bc9c0, {0x2090340, 0xc0002c2d20}, {0x20eb6e0, 0xc0008d9200})
        /home/blut/provider-argocd/pkg/controller/repositories/controller.go:81 +0x5f
github.com/crossplane/crossplane-runtime/pkg/reconciler/managed.(*Reconciler).Reconcile(0xc00029a5a0, {0xc0002c4f00, 0x1b3c980}, {{{0x0, 0x1bfe3c0}, {0xc0008b44b0, 0xc000aa44c0}}})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/github.com/crossplane/[email protected]/pkg/reconciler/managed/reconciler.go:564 +0xb0a
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc00029a640, {0x20902d0, 0xc0002c4f00}, {0x1bc2ec0, 0xc000b34000})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:298 +0x303
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc00029a640, {0x20902d0, 0xc0002c4f00})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253 +0x205
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2({0x20902d0, 0xc0002c4f00})
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:216 +0x46
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1()
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185 +0x25
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0x7f3d0ccb5c30)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155 +0x67
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x20533a0, 0xc000ba9290}, 0x1, 0xc00055af00)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156 +0xb6
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x20533a0, 0x3b9aca00, 0x0, 0xe0, 0x101000000020001)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133 +0x89
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext({0x20902d0, 0xc0002c4f00}, 0xc000bac3b0, 0xc0007cc7a0, 0x1161aa6, 0x80)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185 +0x99
k8s.io/apimachinery/pkg/util/wait.UntilWithContext({0x20902d0, 0xc0002c4f00}, 0xc0006ea4c0, 0xc0007cc7b8)
        /home/blut/provider-argocd/.work/pkg/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:99 +0x2b
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1
        /home/blut/provider-argocd/.work/pkg/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:213 +0x356
make: *** [Makefile:98: run] Error 2

How can we reproduce it?

Example resources have been included in the description.

What environment did it happen in?

crossplane v1.6.3
kubernetes kind v1.21.1
provider-argocd v0.1.0
argocd v2.2.5

ProviderConfig: Reference a serverAddress

What problem are you facing?

Today, the provider retrieves its argocd server address via a field in the ProviderConfig. In our environments the server address is stored in configmaps or secrets.

How could provider-argocd help solve your problem?

While it is a viable option to create a XR(D) for that, i feel like it would be great addition to the provider to read that field from another source, like a secret or a configmap.

For implementation purposes, I'd restrict it to secrets, since most of that is already part of the crossplane SDK. One could even think about to use a CommonCredentialSelector (maybe not), or a SecretKeySelector (maybe better).

[feature request] Configurable Upsert parameter for Cluster resource

What problem are you facing?

Unable to add a cluster that was not initially added to ArgoCD with this Provider. Error is received that the content differs and upsert is not enabled.

https://github.com/crossplane-contrib/provider-argocd/blob/v0.5.0/pkg/controller/cluster/controller.go#L269

How could Crossplane help solve your problem?

Allowing Upsert for Cluster resource to be set to true should solve this issue

Add Support for Scoped Repository

What problem are you facing?

I am currently using the ArgoCD Crossplane Provider and have a use case where I need support for scoped repositories. Currently, the provider lacks this feature, and it's essential for my scenario

How could Crossplane help solve your problem?

Once the appropriate RBAC rules are in place, developers can create their own Git repositories and, assuming they have the correct credentials, can add them in an existing project either from the UI or the CLI. However, both the User Interface and the CLI lack the ability to specify a project for scoped repositories.

Adding support for scoped repositories in the ArgoCD Crossplane Provider would greatly enhance its flexibility and usability in scenarios where project scoping is a requirement.

Ref

https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters

Add ApplicationSet MR

What problem are you facing?

I would like to have the ability to create an ArgoCD ApplicationSet inside a crossplane composition.

My use case is a new workload cluster bootstrap using Argocd and crossplane installed on a control plane cluster.

I have a directory on my IaC repository that contains a bunch of subfolders with kustomizations (but they could be helm charts or simple manifests) for the basic resources I want to have on every cluster I'll create with the composition, and as of now I need to create an application patching the destination cluster for each of the kustomizations.

How could Crossplane help solve your problem?

Add the ApplicationSet MR that creates an ArgoCD ApplicationSet.
Obviously, template placeholders needs to stay the same in order to be picked up by ArgoCD.

New Release needed?

What happened?

We were trying to get provider-argocd working, testing it with a simple (empty) Project.
We got the 1st event/error message from the image below. ("rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR")
After ensuring our ArgoCD Server was reachable/accessible and ruling out other issues/pitfalls, we changed the package in Provider/ControlerConfig from the current release v0.2.0 to the latest image v0.1.0-27.gf455825-main.
Now this fixed the problem and the Project got created successfully in ArgoCD, as the 2nd event message from the image below shows.
I then changed the package to the second latest image v0.1.0-26.ga23f109-main. This resulted in the same error appearing again. (see 3rd event message in the image below)

So it is this commit (f455825) - in which several packages are updated - that makes the difference.

Note: our ArgoCD Server is running on version v2.6.6+6d4de2e. Provider-argocd release v0.2.0 is using:

provider-argocd/go.mod

Line 6 in ca61e76

github.com/argoproj/argo-cd/v2 v2.2.12

How can we reproduce it?

see steps described above

What environment did it happen in?

Crossplane version: 1.11.1
Crossplane Provider argocd version: v0.2.0

Automate creation of API tokens

What problem are you facing?

I want to use provider-argocd for automatically adding provisioned clusters to ArgoCD.
However the provider needs the initial ArgoCD API-token to communicate with ArgoCD, I want to automate as much as possible, so I also want to automate the token creation and it should ultimately be stored in a Secret that the ProviderConfig can use.

How could Crossplane help solve your problem?

Make it possible to automate creation of API tokens to be used by the ProviderConfig.

server reference to a crossplane k8s cluster

Is there anyway to add a reference to a k8s cluster that is controlled through crossplane?

Repository controller doesn't update ressource on password change

What happened?

The isUpToDate method does not check if the password provided via secret changed.
The workaround is currently to trigger an update-call by changing another field in the repo claim.

How can we reproduce it?

Deploy secret with e.g. token, deploy repo referencing the secret (see example).
Write a new token in the secret or reference another secret with a new token.
-> no update call/request + new token is not being used

Add support for labels on Cluster

What problem are you facing?

Filtering with Generators-Cluster only supports labels, there is currently no way to add labels on a Cluster.

How could Crossplane help solve your problem?

Provide an option to pass labels on the Cluster resource

Panic on Cluster deletion

What happened?

The cluster was successfully created, but when the resource is deleted the controller had a panic :

E0927 12:40:05.990900       1 runtime.go:78] Observed a panic: "invalid memory address or nil pointer dereference" (runtime error: invalid memory address or nil pointer dereference)
goroutine 496 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic(0x1e6e180, 0x3448730)
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:74 +0x95
k8s.io/apimachinery/pkg/util/runtime.HandleCrash(0x0, 0x0, 0x0)
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:48 +0x86
panic(0x1e6e180, 0x3448730)
	/opt/hostedtoolcache/go/1.16.11/x64/src/runtime/panic.go:965 +0x1b9
github.com/crossplane-contrib/provider-argocd/pkg/controller/cluster.(*external).Observe(0xc000ade1c0, 0x24029c0, 0xc0008681e0, 0x242de10, 0xc0001666c0, 0x2402b80, 0xc000ade1c0, 0x0, 0x0)
	/home/runner/work/provider-argocd/provider-argocd/pkg/controller/cluster/controller.go:111 +0x7b4
github.com/crossplane/crossplane-runtime/pkg/reconciler/managed.(*Reconciler).Reconcile(0xc000294e60, 0x24029f8, 0xc000c180c0, 0x0, 0x0, 0xc000bbf68c, 0x4, 0xc000c18000, 0x0, 0x0, ...)
	/home/runner/work/provider-argocd/provider-argocd/vendor/github.com/crossplane/crossplane-runtime/pkg/reconciler/managed/reconciler.go:577 +0x1278
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc000294f00, 0x2402950, 0xc000a36e40, 0x1ef91e0, 0xc000bec620)
	/home/runner/work/provider-argocd/provider-argocd/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:298 +0x30d
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc000294f00, 0x2402950, 0xc000a36e40, 0xc0009c1e00)
	/home/runner/work/provider-argocd/provider-argocd/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:253 +0x205
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2(0x2402950, 0xc000a36e40)
	/home/runner/work/provider-argocd/provider-argocd/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:216 +0x4a
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1()
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:185 +0x37
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0xc0009c1f50)
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155 +0x5f
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0xc000c97f50, 0x23bf140, 0xc000c18060, 0xc000a36e01, 0xc0000b9020)
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156 +0x9b
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0xc0009c1f50, 0x3b9aca00, 0x0, 0x9e1f01, 0xc0000b9020)
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x98
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext(0x2402950, 0xc000a36e40, 0xc000b68030, 0x3b9aca00, 0x0, 0x1)
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:185 +0xa6
k8s.io/apimachinery/pkg/util/wait.UntilWithContext(0x2402950, 0xc000a36e40, 0xc000b68030, 0x3b9aca00)
	/home/runner/work/provider-argocd/provider-argocd/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:99 +0x57
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1
	/home/runner/work/provider-argocd/provider-argocd/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:213 +0x40d
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
	panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x1c88934]

The following code block get the cluster, but when a cluster has been deleted the Argocd API return a permission denied error, which is not checked.

provider-argocd/pkg/controller/cluster/controller.go

Lines 109 to 114 in 804f99b

    
           observedCluster, err := e.client.Get(ctx, &clusterQuery) 
        
           if cluster.IsErrorClusterNotFound(err) || 
        
           	(meta.WasDeleted(mg) && meta.GetExternalName(cr) != observedCluster.Name) { 
        
           	// ArgoCD Cluster resource ignores the name field. This detects the deletion of the default cluster resource. 
        
           	return managed.ExternalObservation{}, nil 
        
           }

Using the cli I confirmed the behaviour

argocd  cluster get deleted-cluster
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
FATA[0000] rpc error: code = PermissionDenied desc = permission denied

How can we reproduce it?

Create a Cluster then delete the resource

What environment did it happen in?

Argocd 2.4.11
Crossplane version: 1.9.0
Crossplane Provider argocd version: 0.1.0

ProviderConfig doesn't support Filesystem credentials

What happened?

The ProviderConfig for argocd has fields under spec.credentials for env, fs, and secretRef; but fs isn't supported.

How can we reproduce it?

apiVersion: argocd.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: Environment
    fs:
      path: /vault/secret/authToken
  serverAddr: https://argocd.example.com/

On apply:

The ProviderConfig "default" is invalid: spec.credentials.source: Unsupported value: "Filesystem": supported values: "None", "Secret", "Environment"

What environment did it happen in?

Crossplane version: v1.9.1
Crossplane Provider argocd version: v0.1.0

I think this is just a one-line change at https://github.com/crossplane-contrib/provider-argocd/blob/main/package/crds/argocd.crossplane.io_providerconfigs.yaml#L98, but I wasn't able to get a build environment working in MacOS to actually make a PR.

Implement project managed resource

What problem are you facing?

provider-argocd does not have support for projects

How could Crossplane help solve your problem?

Implement projects resource

Provider is failed to connect to argocd server

What happened?

argocd-provider pod is failing to connect to argocd

time="2024-04-03T18:12:28Z" level=fatal msg="Failed to establish connection to argocd-server.argocd.svc:443: read tcp 100.64.78.83:49608->172.20.75.34:443: read: connection reset by peer"

How can we reproduce it?

A test curl in another pod is able to get to argocd api:

curl -X GET argocd-server.argocd.svc:443/api/version -H "Authorization: Bearer $ARGOCD_TOKEN"
{"Version":"v2.10.5+335875d","BuildDate":"2024-03-28T15:02:45Z","GitCommit":"335875d13e018bed6e03873f4742582582964745","GitTreeState":"clean","GoVersion":"go1.21.3","Compiler":"gc","Platform":"linux/amd64","KustomizeVersion":"v5.2.1 2023-10-19T20:13:51Z","HelmVersion":"v3.14.3+gf03cc04","KubectlVersion":"v0.26.11","JsonnetVersion":"v0.20.0"}

Provider config:

apiVersion: argocd.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: argocd-provider
spec:
  credentials:
    secretRef:
      key: authToken
      name: argocd-credentials
      namespace: crossplane-system
    source: Secret
  insecure: true
  plainText: false
  serverAddr: argocd-server.argocd.svc:443

Provider:

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-argocd
spec:
  ignoreCrossplaneConstraints: false
  package: xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.6.0
  packagePullPolicy: IfNotPresent
  revisionActivationPolicy: Automatic
  revisionHistoryLimit: 1
  runtimeConfigRef:
    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
    name: default
  skipDependencyResolution: false

What environment did it happen in?

Crossplane version: 1.15.1
Crossplane Provider argocd version: 0.6.0
EKS: 1.24
ArgoCD: v2.10.5+335875d

Support AppProject Labels

What problem are you facing?

We are working on creating an ArgoCD project using the Crossplane provider. One of the key functionalities we rely on in ArgoCD is the usage of labels in the AppProject. These labels are crucial as they allow the AppProject to inherit default spec values from a global AppProject, providing us with a standardized setup and reducing manual configuration effort.

However, we've observed that the Crossplane provider's Managed Resource does not currently support adding these labels to the ArgoCD projects. This limitation hinders our ability to seamlessly integrate and manage our ArgoCD projects using Crossplane.

How could Crossplane help solve your problem?

To address this challenge, it would be beneficial if provider argocd could enhance to support Labels in AppProject: Add functionality in the Managed Resource to support defining and adding labels to the ArgoCD AppProject. This should be in line with how ArgoCD natively supports labels.

Implement cluster managed resource

What problem are you facing?

provider-argocd does not have support for clusters

How could Crossplane help solve your problem?

Implement cluster resource

Implement repository managed resource

What problem are you facing?

provider-argocd does not have support for repositories

How could Crossplane help solve your problem?

Implement repository resource

Connect or register Civo created cluster in ArgoCD

I have a cluster which is created by Crossplane through the Civo provider.
That process created a secret containing the kubeconfig.

How can I register that cluster in ArgoCD automatically (GitOps)?

Normally, I manually add the IP address to the ArgoCD AppProject if the cluster creation process has finished. Then I manually change all manifests which are using this server address. In an issue I raised here: argoproj/argo-cd#8107 (comment) they mentioned, that I can use a "string reference" of my cluster, (they pointed me there: https://doc.crds.dev/github.com/crossplane-contrib/provider-argocd/projects.argocd.crossplane.io/Project/[email protected]#spec-forProvider-destinations )

but I have no idea to do that. I simply didn't get it,...

That is my current state:

appProject

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: staging
  namespace: argocd
spec:
  description: staging deployment
  destinations:
    - namespace: "staging"
      name: "staging"
      server: https://123.456.789.0 # <<-- Somewhere here
      serverRef:                    # <<-- or here
        name: "staging"             # <<-- or here I can reference to my crossplane cluster by a name string, right?

How can I bridge the gap between my Crossplane created cluster and ArgoCD Application deployments without manual intervention? Isn't your repo's intention to exactly do that? I didn't found any example which makes sense for me to get that working.

What I found is, that I can create a secret to register my cluster (if I am not completely misunderstand):

apiVersion: v1
kind: Secret
metadata:
  name: staging-cluster-secret
  labels:
    argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
  name: mycluster.com
  server: https://mycluster.com
  config: |
    {
      "bearerToken": "<authentication token>",
      "tlsClientConfig": {
        "insecure": false,
        "caData": "<base64 encoded certificate>"
      }
    }

Am I right, that my demands are not possible to achieve automatically at the moment? If not, who is "responsible" to create that? CivoProvider? provider-argocd? argocd itself?

It would be awesome if someone can get me out of that configuration hell 😈

cannot create Argocd Cluster: rpc error: code = PermissionDenied

Maybe someone can help me to get provider-argocd running, please.
I followed the tutorial in the readme and always end up in a PermissionDenied error.

What happened?

Each provider-argo resource I try to install is not syncing or creating argocd clusters or projects.

For example applying the cluster:
kubectl apply -f https://raw.githubusercontent.com/crossplane-contrib/provider-argocd/main/examples/cluster/cluster.yaml

results in:

kubectl describe clusters.cluster.argocd.crossplane.io example-cluster

 Message:               create failed: cannot create Argocd Cluster: rpc error: code = PermissionDenied desc = permission denied: clusters, create, https://kubernetes.default.svc, sub: provider-argocd, iat: 2022-01-31T00:31:22Z
    Reason:                ReconcileError
    Status:                False
    Type:                  Synced
Events:
  Type     Reason                        Age                From             Message
  ----     ------                        ----               ----             -------
  Warning  CannotCreateExternalResource  1s (x12 over 12s)  managed/cluster  cannot create Argocd Cluster: rpc error: code = PermissionDenied desc = permission denied: clusters, create, https://kubernetes.default.svc, sub: provider-argocd, iat: 2022-01-31T00:31:22Z

How can we reproduce it?

Simply follow all steps in the readme. Only difference I did was using minikube instad of kind
Sidenotes:

I also found out, that the ProviderConfig in the /examples/provider differs slightly (in the Readme spec.plainText: false not mentioned.
How to install crossplane is not declared in the docs, yes it's obvious, but would be nice when following the steps
- I installed it by helm upgrade --install crossplane crossplane-stable/crossplane --namespace crossplane-system --create-namespace --wait
Installing the provider-argocd is not mentioned in the docs, I know this is also obvious, but is also breaking the installation flow slightly.
- I installed the provider-argo via manifest, like mentioned in one of the issues: (#17 (comment))
I created my ArgoCD user by patching the ArgoCD configMap:
kubectl patch configmap/argocd-cm -n argocd --type merge -p '{"data":{"accounts.provider-argocd":"apiKey, login"}}'

What environment did it happen in?

Crossplane version: helm.sh/chart=crossplane-1.6.1
Crossplane Provider argocd version:

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: argocd-provider
  annotations:
    argocd.argoproj.io/sync-wave: "-46"
spec:
  package: "crossplane/provider-argocd:v0.1.0"

I hope I didn't forgot anything.
It would be awesome to finish the installation process successfully.

Thank you in advance

Applications in Any Namespace

What problem are you facing?

Argocd can be configured to manage Applications in namespaces different than argocd (documentation). From what I've seen it is not possible to define the namespace in which the Application will be deployed using the Crossplane provider-argocd. Currently every Application is installed by default in the argocd namespace.

How could Crossplane help solve your problem?

It would be great to have a field to specify the namespace in which the Application will be deployed, this way we can use this multi-tenancy feature when deploying Applications via Crossplane.

Cluster MR not deleted

What happened?

The provider deletes the cluster from Argo CD but the managed resource is not properly clean because Argo CD return PermissionDenied when a cluster does not exist. This causes a loop and the resource is left dangling,

DEBUG   provider-argocd Cannot observe external resource        {"controller": "managed/cluster", "request": "/example-cluster", "uid": "7b028bc9-1b0a-4382-88f5-26ce17b75c11", "version": "261794", "external-name": "example-cluster", "error": "cannot get Argocd Cluster: rpc error: code = PermissionDenied desc = permission denied", "errorVerbose": "rpc error: code = PermissionDenied desc = permission denied\ncannot get Argocd Cluster\ngithub.com/crossplane-contrib/provider-argocd/pkg/controller/cluster.(*external).Observe\n\tgithub.com/crossplane-contrib/provider-argocd/pkg/controller/cluster/controller.go:119\ngithub.com/crossplane/crossplane-runtime/pkg/reconciler/managed.(*Reconciler).Reconcile\n\tgithub.com/crossplane/[email protected]/pkg/reconciler/managed/reconciler.go:620\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\tsigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227\nruntime.goexit\n\truntime/asm_arm64.s:1270"}
 DEBUG   events  Warning {"object": {"kind":"Cluster","name":"example-cluster","uid":"7b028bc9-1b0a-4382-88f5-26ce17b75c11","apiVersion":"cluster.argocd.crossplane.io/v1alpha1","resourceVersion":"261794"}, "reason": "CannotObserveExternalResource", "message": "cannot get Argocd Cluster: rpc error: code = PermissionDenied desc = permission denied"}

How can we reproduce it?

What environment did it happen in?

Crossplane version:
Crossplane Provider argocd version:

	observedCluster, err := e.client.Get(ctx, &clusterQuery)
	if cluster.IsErrorClusterNotFound(err) \|\|
	(meta.WasDeleted(mg) && meta.GetExternalName(cr) != observedCluster.Name) {
	// ArgoCD Cluster resource ignores the name field. This detects the deletion of the default cluster resource.
	return managed.ExternalObservation{}, nil
	}

crossplane-contrib / provider-argocd Goto Github PK

provider-argocd's Introduction

provider-argocd

Overview

Getting Started and Documentation

Optional: Start a local Argo CD server

Create a new Argo CD user

Create an API Token

Setup crossplane provider-argocd

Contributing

Report a Bug

Contact

Governance and Owners

Code of Conduct

Licensing

provider-argocd's People

Contributors

Stargazers

Watchers

Forkers

provider-argocd's Issues

What happened?

How can we reproduce it?

What environment did it happen in?

What happened?

What happened?

How can we reproduce it?

What environment did it happen in?

What problem are you facing?

How could Crossplane help solve your problem?

What problem are you facing?

How could Crossplane help solve your problem?

What happened?

How can we reproduce it?

What happened?

How can we reproduce it?

What environment did it happen in?

What problem are you facing?

How could Crossplane help solve your problem?

What happened?

What problem are you facing?

How could Crossplane help solve your problem?

What happened?

How can we reproduce it?

What environment did it happen in?

What happened?

How can we reproduce it?

What environment did it happen in?

What problem are you facing?

How could provider-argocd help solve your problem?

What problem are you facing?

How could Crossplane help solve your problem?

What problem are you facing?

How could Crossplane help solve your problem?

Ref

What problem are you facing?

How could Crossplane help solve your problem?

What happened?

How can we reproduce it?

What environment did it happen in?

What problem are you facing?

How could Crossplane help solve your problem?

What happened?

How can we reproduce it?

What problem are you facing?

How could Crossplane help solve your problem?

What happened?

How can we reproduce it?

What environment did it happen in?

What happened?

How can we reproduce it?

What environment did it happen in?

What problem are you facing?

How could Crossplane help solve your problem?

What happened?

How can we reproduce it?

What environment did it happen in?

What problem are you facing?

How could Crossplane help solve your problem?

What problem are you facing?