I was working on deploying the Chaos Agent using ArgoCD and the Helm Chart, and ran into some limitations with the script in this repository which is supposed to create the secrets & config maps based on upstream config.
In summary, the issue is the script will only attempt to update the secrets & configmaps if the infrastructure does not already exist. If you run this again, it won't do anything, leading to (potentially) empty configmaps and secrets, and an infrastructure which never comes online.
If the script in custom/litmus-helm-agent could be improved to support updating the config maps and secrets every time it runs (if they are different), that would fit much more nicely into a declarative deployment environment.
I'll document the steps I used to make this work via Argo, in the hopes it can be factored in to future improvements.
Helm values:
LITMUS_ENVIRONMENT_ID: myenvironment
useExistingHookSecret: true
Using an external-secrets.io/v1 ExternalSecret which pulled in the following configuration:
This external secret needs the following annotation:
argocd.argoproj.io/sync-wave: "-2"
(This is basically stored in GCP which is referenced by the external secret for my use case).
{
"LITMUS_URL": "https://litmus.mycompany.com",
"LITMUS_BACKEND_URL": "https://litmus.mycompany.com/api/query",
"LITMUS_FRONTEND_URL": "https://litmus.mycompany.com",
"LITMUS_USERNAME": "admin",
"LITMUS_PASSWORD": "password-goes-here",
"LITMUS_PROJECT_ID": "uuid-goes-here",
"VERSION": "3.19.0",
"LITMUS_ENVIRONMENT_ID": "myenvironment"
}I then needed to patch the resources using Kustomize
resources:
- templates/secret-hook.yaml
helmCharts:
- name: litmus-agent
version: 3.19.0
repo: https://litmuschaos.github.io/litmus-helm/
releaseName: litmus-agent
valuesFile: values.yaml
namespace: litmus-agent
patchesStrategicMerge:
- |-
apiVersion: batch/v1
kind: Job
metadata:
name: install-litmus-agent
spec:
template:
spec:
containers:
- name: litmus-agent
env:
# This will be set by the secret-hook.yaml
- name: LITMUS_ENVIRONMENT_ID
$patch: delete
envFrom:
# Forces to read the values from the secret-hook.yaml
- secretRef:
name: litmus-agent-hook
patches:
- patch: |-
- op: add
path: /metadata/annotations/argocd.argoproj.io~1compare-options
value: IgnoreExtraneous
- op: add
path: /metadata/annotations/argocd.argoproj.io~1sync-options
value: Delete=false,Prune=false
- op: remove
path: /data
- op: remove
path: /metadata/annotations/helm.sh~1hook
- op: remove
path: /metadata/annotations/helm.sh~1hook-delete-policy
- op: remove
path: /metadata/annotations/helm.sh~1hook-weight
- op: add
path: /metadata/annotations/argocd.argoproj.io~1sync-wave
value: -1
target:
kind: ConfigMap
- patch: |-
- op: add
path: /metadata/annotations/argocd.argoproj.io~1compare-options
value: IgnoreExtraneous
- op: add
path: /metadata/annotations/argocd.argoproj.io~1sync-options
value: Delete=false,Prune=false
- op: remove
path: /data
- op: remove
path: /metadata/annotations/helm.sh~1hook
- op: remove
path: /metadata/annotations/helm.sh~1hook-delete-policy
- op: remove
path: /metadata/annotations/helm.sh~1hook-weight
- op: add
path: /metadata/annotations/argocd.argoproj.io~1sync-wave
value: -1
target:
kind: Secret
I was working on deploying the Chaos Agent using ArgoCD and the Helm Chart, and ran into some limitations with the script in this repository which is supposed to create the secrets & config maps based on upstream config.
In summary, the issue is the script will only attempt to update the secrets & configmaps if the infrastructure does not already exist. If you run this again, it won't do anything, leading to (potentially) empty configmaps and secrets, and an infrastructure which never comes online.
If the script in
custom/litmus-helm-agentcould be improved to support updating the config maps and secrets every time it runs (if they are different), that would fit much more nicely into a declarative deployment environment.I'll document the steps I used to make this work via Argo, in the hopes it can be factored in to future improvements.
Helm values:
Using an external-secrets.io/v1 ExternalSecret which pulled in the following configuration:
This external secret needs the following annotation:
(This is basically stored in GCP which is referenced by the external secret for my use case).
{ "LITMUS_URL": "https://litmus.mycompany.com", "LITMUS_BACKEND_URL": "https://litmus.mycompany.com/api/query", "LITMUS_FRONTEND_URL": "https://litmus.mycompany.com", "LITMUS_USERNAME": "admin", "LITMUS_PASSWORD": "password-goes-here", "LITMUS_PROJECT_ID": "uuid-goes-here", "VERSION": "3.19.0", "LITMUS_ENVIRONMENT_ID": "myenvironment" }I then needed to patch the resources using Kustomize