feat(cmp-subst): performance improvements (#37)

* feat: lookup env ARGOCD_APP_NAME on empty secret name

* docs: simple installation values

* fix: drop subshell call for plugin

Author: oliverbaehler

README.md

@@ -28,6 +28,66 @@ Which will simply build the kustomize.
 
 ### ArgoCD
 
+Install it with the [ArgoCD community chart](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd). These Values should work:
+
+
+```yaml
+...
+    repoServer:
+      enabled: true
+      clusterAdminAccess:
+        enabled: true
+      containerSecurityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+          - all
+        readOnlyRootFilesystem: true
+        runAsUser: 1001
+        runAsGroup: 1001
+      volumes:
+      - emptyDir: {}
+        name: subst-tmp
+      - emptyDir: {}
+        name: subst-kubeconfig
+      extraContainers:
+      - name: cmp-subst
+        args: [/var/run/argocd/argocd-cmp-server]
+        image: ghcr.io/buttahtoast/subst-cmp:v0.3.0-alpha1
+        imagePullPolicy: Always
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+          runAsUser: 1001
+          runAsGroup: 1001
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+        volumeMounts:
+          - mountPath: /var/run/argocd
+            name: var-files
+          - mountPath: /home/argocd/cmp-server/plugins
+            name: plugins
+          # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
+          # mitigate path traversal attacks.
+          - mountPath: /tmp
+            name: subst-tmp
+          - mountPath: /etc/kubernetes/
+            name: subst-kubeconfig
+...
+```
+
+Change version accordingly.
+
+
+
 
 
 

argocd-cmp/Dockerfile

@@ -1,6 +1,6 @@
 
 FROM bash:5
-ENV KUBECONFIG=/etc/kubernetes/kubeconfig
+ENV ARGOCD_EXEC_TIMEOUT=90s
 COPY subst /subst
 COPY argocd-cmp/cmp.yaml /home/argocd/cmp-server/config/plugin.yaml
 COPY argocd-cmp/entrypoint.sh /entrypoint.sh

argocd-cmp/cmp.yaml

@@ -11,7 +11,14 @@ spec:
     fileName: ./kustomization.yaml
   generate:
     command:
-    - bash
-    - -c
-    - |
-        /subst render "." --secret-name "${ARGOCD_APP_NAME}" --secret-namespace  "argocd" --env-regex "^ARGOCD_ENV_.*$" --must-decrypt --kubeconfig "/etc/kubernetes/kubeconfig"
+    - /subst
+    args:
+    - render
+    - "."
+    - --secret-namespace
+    - "argocd"
+    - --env-regex
+    - "^ARGOCD_ENV_.*$"
+    - --must-decrypt
+    - --kubeconfig
+    - "/etc/kubernetes/kubeconfig"

pkg/config/config.go

@@ -77,6 +77,10 @@ func LoadConfiguration(cfgFile string, cmd *cobra.Command, directory string) (*C
 	// Root Directory
 	cfg.RootDirectory = directory
 
+	if cfg.SecretName == "" {
+		cfg.SecretName = os.Getenv("ARGOCD_APP_NAME")
+	}
+
 	if cfg.SecretName != "" {
 		regex := regexp.MustCompile(`[^a-zA-Z0-9]+`)
 		cfg.SecretName = regex.ReplaceAllString(cfg.SecretName, "-")