diff --git a/.argo/argo-checkout.yaml b/.argo/argo-checkout.yaml deleted file mode 100644 index d7280c3b..00000000 --- a/.argo/argo-checkout.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -type: container -version: 1 -name: argo-checkout -description: Checks out a source repository to /src -resources: - mem_mib: 500 - cpu_cores: 0.1 -image: argoproj/argoscm:v2.0 -command: ["axscm"] -args: ["clone", "%%inputs.parameters.REPO%%", "/src", "--commit", "%%inputs.parameters.COMMIT%%"] -inputs: - parameters: - COMMIT: - default: "%%session.commit%%" - REPO: - default: "%%session.repo%%" -outputs: - artifacts: - CODE: - path: /src diff --git a/.argo/publish.yaml b/.argo/publish.yaml deleted file mode 100644 index 7f15760c..00000000 --- a/.argo/publish.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -type: workflow -version: 1 -name: Publish Charts -inputs: - parameters: - COMMIT: - default: "%%session.commit%%" - REPO: - default: "%%session.repo%%" -steps: -- CHECKOUT: - template: argo-checkout -- PREPARE: - image: hypnoglow/kubernetes-helm:v2.6.1 - resources: - mem_mib: 500 - cpu_cores: 0.1 - command: ["sh", "-c"] - args: [cd /src && helm init --client-only && ./scripts/publish.sh] - inputs: - artifacts: - CODE: - from: "%%steps.CHECKOUT.outputs.artifacts.CODE%%" - path: /src - outputs: - artifacts: - CODE: - path: /src/output -- PUBLISH: - image: argoproj/argoscm:v2.0 - command: ["sh", "-c"] - args: [ - axscm clone %%inputs.parameters.REPO%% --commit gh-pages /src && cd /src && cp -r /output/* . && - git add . && git commit -m "Build on `date`" && - axscm clone %%inputs.parameters.REPO%% /src --commit gh-pages --merge=gh-pages --push] - resources: - mem_mib: 500 - cpu_cores: 0.1 - inputs: - artifacts: - CODE: - from: "%%steps.PREPARE.outputs.artifacts.CODE%%" - path: /output - ---- -type: policy -version: 1 -name: Publish Charts Policy -template: Publish Charts -notifications: -- when: - - on_failure - whom: - - committer - - author -when: -- event: on_push diff --git a/.circleci/chart-testing.yaml b/.circleci/chart-testing.yaml deleted file mode 100644 index 87e07618..00000000 --- a/.circleci/chart-testing.yaml +++ /dev/null @@ -1,4 +0,0 @@ -chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - - dandydeveloper=https://dandydeveloper.github.io/charts/ diff --git a/.circleci/config.yml b/.circleci/config.yml index 6c3306ec..79e8d1dc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,32 +5,13 @@ jobs: - image: quay.io/helmpack/chart-testing:v3.3.1 steps: - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml - # Technically this only needs to be run on master, but it's good to have it run on every PR - # so that it is regularly tested. + - run: ct lint --config .github/configs/ct-lint.yaml --lint-conf .github/configs/lintconf.yaml publish: docker: - # We just need an image with `helm` on it. Handily we know of one already. - - image: quay.io/helmpack/chart-testing:v3.3.1 + - image: bash steps: - # install the additional keys needed to push to GitHub. Alex Collins owns these keys. - - add_ssh_keys - - run: git config --global user.email "nobody@circleci.com" - - run: git config --global user.name "Circle CI Build" - - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: helm repo add minio https://helm.min.io/ - - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ - # Only actually publish charts on master. - - run: | - set -x - if [ "$CIRCLE_BRANCH" = "master" ]; then - export GIT_PUSH=true - else - export GIT_PUSH=false - fi - sh ./scripts/publish.sh + - run: echo "Replaced by Github Workflow - https://github.com/argoproj/argo-helm/actions/workflows/publish.yml" + workflows: version: 2 workflow: @@ -38,4 +19,4 @@ workflows: - lint - publish: requires: - - lint + - lint \ No newline at end of file diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml new file mode 100644 index 00000000..01fdbe0c --- /dev/null +++ b/.github/configs/cr.yaml @@ -0,0 +1,2 @@ +## Reference: https://github.com/helm/chart-releaser +index-path: "./index.yaml" \ No newline at end of file diff --git a/.github/configs/ct-install.yaml b/.github/configs/ct-install.yaml new file mode 100644 index 00000000..e991d382 --- /dev/null +++ b/.github/configs/ct-install.yaml @@ -0,0 +1,19 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Install Stage +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: + - "argocd-applicationset" diff --git a/.github/configs/ct-lint.yaml b/.github/configs/ct-lint.yaml new file mode 100644 index 00000000..e7188eb1 --- /dev/null +++ b/.github/configs/ct-lint.yaml @@ -0,0 +1,18 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Lint Stage +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: [] diff --git a/.circleci/lintconf.yaml b/.github/configs/lintconf.yaml similarity index 100% rename from .circleci/lintconf.yaml rename to .github/configs/lintconf.yaml diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index b81bf109..00000000 --- a/.github/stale.yml +++ /dev/null @@ -1 +0,0 @@ -# See https://github.com/probot/stale diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml new file mode 100644 index 00000000..1056a239 --- /dev/null +++ b/.github/workflows/lint-and-test.yml @@ -0,0 +1,45 @@ +## Reference: https://github.com/helm/chart-testing-action +--- +name: Linting and Testing +on: pull_request +jobs: + chart-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v1 + + - name: Set up python + uses: actions/setup-python@v2 + with: + python-version: 3.7 + + - name: Setup Chart Linting + id: lint + uses: helm/chart-testing-action@v2.0.1 + + - name: List changed charts + id: list-changed + run: | + ## If executed with debug this won't work anymore. + changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) + charts=$(echo "$changed" | tr '\n' ' ' | xargs) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + echo "::set-output name=changed_charts::$charts" + fi + - name: Run chart-testing (lint) + run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml + + - name: Create kind cluster + uses: helm/kind-action@v1.1.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + run: ct install --config ./.github/configs/ct-install.yaml + if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml new file mode 100644 index 00000000..d1ba98ee --- /dev/null +++ b/.github/workflows/pr-sizing.yml @@ -0,0 +1,14 @@ +## Reference: https://github.com/pascalgn/size-label-action +--- +name: 'PR Size' +on: + pull_request_target: + types: [opened, synchronize, reopened] +jobs: + size-label: + runs-on: ubuntu-latest + steps: + - name: size-label + uses: "pascalgn/size-label-action@v0.4.2" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..f01702a6 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,42 @@ +--- +name: Chart Publish +on: + push: + branches: + - master + - rewrite-build +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@v1 + + - name: Add dependency chart repos + run: | + helm repo add argo https://argoproj.github.io/argo-helm + helm repo add minio https://helm.min.io/ + helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ + helm repo add stable https://charts.helm.sh/stable + helm repo add incubator https://charts.helm.sh/incubator + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases. + - name: Fetch current Chart Index + run: | + git checkout origin/gh-pages index.yaml + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.2.0 + with: + config: "./.github/configs/cr.yaml" + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b671fc09..8b16dff4 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,14 +1,10 @@ name: Mark stale issues and pull requests - on: schedule: - cron: "30 1 * * *" - jobs: stale: - runs-on: ubuntu-latest - steps: - uses: actions/stale@v3 with: diff --git a/CODEOWNERS b/CODEOWNERS index a3926889..dbba7a58 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,10 +1,10 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners # All charts -/charts/* @mkilchhofer +/charts/ @mkilchhofer # Argo Workflows -/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler +/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler # Argo CD /charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @@ -13,7 +13,7 @@ /charts/argo-events @jbehling @VaibhavPage @oliverbaehler # Argo Rollouts -/charts/argo-rollouts @cabrinha @oliverbaehler +/charts/argo-rollouts @oliverbaehler # Argo CD Notifications /charts/argocd-notifications @alexmt @andyfeller @oliverbaehler diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f4c7d89c..a4ad43dd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -86,7 +86,7 @@ As part of the Continuous Integration system we run Helm's [Chart Testing](https The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. -Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml) +Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml) The linting can be invoked manually with the following command: @@ -96,11 +96,4 @@ The linting can be invoked manually with the following command: ## Publishing Changes -Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this: - -``` -GIT_PUSH=true ./scripts/publish.sh -``` - -Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch. -Write access to https://github.com/argoproj/argo-helm.git is required to publish changes. +Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`). \ No newline at end of file diff --git a/README.md b/README.md index 63c3aa4b..2db0e70a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Argo Helm Charts +[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) + Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command: ``` diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 05e0df40..465ad6e0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.0.1 +appVersion: 2.0.3 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.4 +version: 3.6.6 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3c7a8be7..1c5f8c17 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -34,6 +34,21 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop ## Upgrading +### 3.2.* + +With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**, +especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). + +If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: + +```yaml +kubeVersionOverride: "1.18.0" +``` + +Then you should no longer encounter this issue. + + ### 3.0.0 and above Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. @@ -98,7 +113,9 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | +| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | +| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | | installCRDs | Install CRDs if you are using Helm2. | `true` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | @@ -130,6 +147,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | | controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` | | controller.env | Environment variables for the controller. | `[]` | +| controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) | | controller.image.repository | Repository to use for the controller | `global.image.repository` | | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | | controller.image.tag | Tag to use for the controller | `global.image.tag` | @@ -181,6 +199,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | repoServer.containerPort | Repo server port | `8081` | | repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | | repoServer.env | Environment variables for the repo server. | `[]` | +| repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) | | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -241,6 +260,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.containerPort | Server container port. | `8080` | | server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | | server.env | Environment variables for the server. | `[]` | +| server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) | | server.image.repository | Repository to use for the server | `global.image.repository` | | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | | server.image.tag | Tag to use for the server | `global.image.tag` | @@ -326,6 +346,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | | dex.name | Dex name | `"dex-server"` | | dex.env | Environment variables for the Dex server. | `[]` | +| dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) | | dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | dex.podAnnotations | Annotations for the Dex server pods | `{}` | | dex.podLabels | Labels for the Dex server pods | `{}` | @@ -359,6 +380,7 @@ through `xxx.extraArgs` | redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` | | redis.name | Redis name | `"redis"` | | redis.env | Environment variables for the Redis server. | `[]` | +| redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) | | redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | redis.podAnnotations | Annotations for the Redis server pods | `{}` | | redis.podLabels | Labels for the Redis server pods | `{}` | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 138ba588..a5f59108 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -9,7 +9,8 @@ In order to access the server UI you have the following options: - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts -After reaching the UI the first time you can login with username: admin and the password will be the -name of the server pod. You can get the pod name by running: +After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 +kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d + +(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli) diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 79723e71..65081951 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -144,15 +144,22 @@ app.kubernetes.io/component: {{ .component }} Return the appropriate apiVersion for ingress */}} {{- define "argo-cd.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-cd.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} + {{/* Argo Configuration Preset Values (Incluenced by Values configuration) */}} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 524f302e..7902be76 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -70,6 +70,9 @@ spec: {{- if .Values.controller.env }} env: {{- toYaml .Values.controller.env | nindent 8 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: controller diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 51f81030..0b943982 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 7350db37..bd924d4b 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -67,6 +67,9 @@ spec: value: argocd {{- end }} {{- end }} + {{- with .Values.repoServer.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} + {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} {{- toYaml .Values.repoServer.volumeMounts | nindent 8}} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 0b343750..05b38acc 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 7212922c..edaea3b5 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -23,5 +23,5 @@ spec: issuerRef: kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-secret + secretName: argocd-tls-certificate {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 2ee5b7e3..44b89c0e 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -67,6 +67,9 @@ spec: {{- if .Values.server.env }} env: {{- toYaml .Values.server.env | nindent 8 }} + {{- end }} + {{- with .Values.server.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: {{- if .Values.server.volumeMounts }} diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 72a4018c..87877d92 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -44,3 +44,6 @@ spec: {{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} {{- end }} {{- end -}} +{{- with .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index ddf52efa..00002faa 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 45a2e09e..557140ce 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -62,6 +62,9 @@ spec: {{- if .Values.dex.env }} env: {{- toYaml .Values.dex.env | nindent 8 }} + {{- end }} + {{- with .Values.dex.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: http diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index adc3394a..58bae6e2 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index f3dd7f05..a6f0c46a 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -52,6 +52,9 @@ spec: {{- if .Values.redis.env }} env: {{- toYaml .Values.redis.env | nindent 8 }} + {{- end }} + {{- with .Values.redis.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - containerPort: {{ .Values.redis.containerPort }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b4f66e15..4ce8f1c9 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3,6 +3,7 @@ ## nameOverride: argocd fullnameOverride: "" +kubeVersionOverride: "" # Optional CRD installation for those without Helm hooks installCRDs: true @@ -10,7 +11,7 @@ installCRDs: true global: image: repository: quay.io/argoproj/argocd - tag: v2.0.1 + tag: v2.0.3 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 @@ -61,6 +62,14 @@ controller: # - name: "ARGOCD_CONTROLLER_REPLICAS" # value: "" + ## envFrom to pass to argocd-controller + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to controller pods ## podAnnotations: {} @@ -143,6 +152,7 @@ controller: servicePort: 8082 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -206,10 +216,11 @@ dex: # selector: # prometheus: kube-prometheus # additionalLabels: {} + interval: 30s image: - repository: quay.io/dexidp/dex - tag: v2.26.0 + repository: ghcr.io/dexidp/dex + tag: v2.27.0 imagePullPolicy: IfNotPresent initImage: repository: @@ -220,6 +231,13 @@ dex: ## env: [] + ## envFrom to pass to the Dex server + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Dex server pods ## podAnnotations: {} @@ -302,6 +320,14 @@ redis: ## env: [] + ## envFrom to pass to the Redis server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Redis server pods ## podAnnotations: {} @@ -392,6 +418,14 @@ server: ## env: [] + ## envFrom to pass to argocd-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container ## lifecycle: {} @@ -482,6 +516,7 @@ server: loadBalancerIP: "" loadBalancerSourceRanges: [] externalIPs: [] + externalTrafficPolicy: "" ## Server metrics service configuration metrics: @@ -492,6 +527,7 @@ server: servicePort: 8083 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -526,13 +562,21 @@ server: # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service + # name: ssl-redirect + # port: + # name: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false - # dedicated ingess for gRPC as documented at + # dedicated ingress for gRPC as documented at # https://argoproj.github.io/argo-cd/operator-manual/ingress/ ingressGrpc: enabled: false @@ -555,9 +599,17 @@ server: # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service + # name: ssl-redirect + # port: + # name: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false @@ -631,7 +683,7 @@ server: ## Annotations to be added to ArgoCD rbac ConfigMap rbacConfigAnnotations: {} - # Boolean determining whether or not to create the configmap. If false, it is expected tthe configmap will be created + # Boolean determining whether or not to create the configmap. If false, it is expected the configmap will be created # by something else. ArgoCD will not work if there is no configMap created with the name above. rbacConfigCreate: true @@ -761,6 +813,14 @@ repoServer: ## env: [] + ## envFrom to pass to argocd-repo-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Argo repoServer log format: text|json logFormat: text ## Argo repoServer log level @@ -840,6 +900,7 @@ repoServer: servicePort: 8084 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 5def36c7..6a7b1b7e 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.0 +version: 1.6.1 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml index cd5d3916..3078a2d3 100644 --- a/charts/argo-events/ci/test-values.yaml +++ b/charts/argo-events/ci/test-values.yaml @@ -1,6 +1,3 @@ serviceAccount: argo-events-sa-test -additionalSaNamespaces: - - nsone - - nstwo instanceID: test-argo-events singleNamespace: false diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml index f13b8a1d..fec88b4d 100644 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ b/charts/argo-events/templates/argo-events-sa.yaml @@ -5,7 +5,11 @@ kind: ServiceAccount metadata: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccountAnnotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.additionalSaNamespaces }} +{{ $annotations := .Values.serviceAccountAnnotations }} {{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} --- @@ -14,5 +18,8 @@ kind: ServiceAccount metadata: name: {{ $sa }} namespace: {{ $namespace }} + {{- with $annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml index e3631828..591d8da3 100644 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.eventbusController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -55,6 +56,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} {{- with .Values.eventbusController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml index a6522da6..62fe150e 100644 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -53,6 +54,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} {{- with .Values.eventsourceController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml index e6a1c104..0b51d1de 100644 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ b/charts/argo-events/templates/sensor-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.sensorController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.sensorController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -53,6 +54,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} {{- with .Values.sensorController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index a54ec010..55dd6643 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -1,5 +1,5 @@ # docker registry -registry: argoproj +registry: quay.io # The image pull policy imagePullPolicy: Always @@ -14,6 +14,9 @@ installCRD: true # ServiceAccount to use for running controller. serviceAccount: argo-events-sa +# serviceAccountAnnotations can be used to enable GKE workload identity, or other use-cases +serviceAccountAnnotations: {} + # Create service accounts in additional namespaces specified # The SA will always be created in the release namespaces additionalSaNamespaces: [] @@ -44,33 +47,35 @@ singleNamespace: true # sensor controller sensorController: name: sensor-controller - image: sensor-controller + image: argoproj/sensor-controller tag: v1.3.1 replicaCount: 1 - sensorImage: sensor + sensorImage: argoproj/sensor podAnnotations: {} nodeSelector: {} podLabels: {} priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventsourceController: name: eventsource-controller - image: eventsource-controller + image: argoproj/eventsource-controller tag: v1.3.1 replicaCount: 1 - eventsourceImage: eventsource + eventsourceImage: argoproj/eventsource podAnnotations: {} nodeSelector: {} podLabels: {} priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventbusController: name: eventbus-controller - image: eventbus-controller + image: argoproj/eventbus-controller tag: v1.3.1 replicaCount: 1 podAnnotations: {} @@ -79,6 +84,7 @@ eventbusController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} natsStreamingImage: nats-streaming:0.17.0 natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2 diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 84752bf3..d053ac6e 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ -apiVersion: v1 -appVersion: "0.10.2" +apiVersion: v2 +appVersion: "v1.0.1" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.2 +version: 1.0.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 6d2bef84..8916a86c 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -1,12 +1,11 @@ -Argo Rollouts Chart -============= -A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. +# Argo Rollouts Chart -Current chart version is `0.5.0` +A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. Source code can be found [here](https://github.com/argoproj/argo-rollouts) ## Additional Information + This is a **community maintained** chart. This chart installs [argo-rollouts](https://argoproj.github.io/argo-rollouts/), progressive delivery for Kubernetes. The default installation is intended to be similar to the provided Argo Rollouts [releases](https://github.com/argoproj/argo-rollouts/releases). @@ -14,6 +13,7 @@ The default installation is intended to be similar to the provided Argo Rollouts ## Prerequisites - Kubernetes 1.7+ +- Helm v3.0.0+ ## Installing the Chart @@ -22,27 +22,49 @@ To install the chart with the release name `my-release`: ```console $ helm repo add argo https://argoproj.github.io/argo-helm -$ helm install --name my-release argo/argo-rollouts +$ helm install my-release argo/argo-rollouts ``` ## Chart Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| clusterInstall | bool | `true` | | -| controller.component | string | `"rollouts-controller"` | | -| controller.image.pullPolicy | string | `"IfNotPresent"` | | -| controller.image.repository | string | `"argoproj/argo-rollouts"` | | -| controller.image.tag | string | `"v0.10.2"` | | -| controller.name | string | `"argo-rollouts"` | | -| controller.resources | Resource limits and requests for the controller pods. | `{}` | -| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| controller.metrics.serviceMonitor.enabled | bool | `false` | | -| imagePullSecrets | list | `[]` | | -| installCRDs | bool | `true` | | -| crdAnnotations | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| serviceAccount.name | string | `"argo-rollouts"` | | +| clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) | +| controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| controller.image.registry | string | `quay.io` | Registry to use | +| controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | +| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| controller.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | +| controller.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | +| imagePullSecrets | list | `[]` | Registry secret names as an array | +| installCRDs | bool | `true` | Install and upgrade CRDs | +| crdAnnotations | object | `{}` | Annotations to be added to all CRDs | +| podAnnotations | object | `{}` | Annotations to be added to the Rollout pods | +| podLabels | object | `{}` | Labels to be added to the Rollout pods | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level | +| containerSecurityContext | object | `{}` | Security Context to set on container level | + +## Upgrading + +### To 1.0.0 + +* This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020. + To migrate to Helm v3 please have a look at the [Helm 2to3 Plugin](https://github.com/helm/helm-2to3). This tool will convert the existing ConfigMap used for Tiller to a Secret of type `helm.sh/release.v1`. +* `quay.io` is the default registry now +* We introduce a template function for the labels here to reduce code duplication. This also affects the Deployment `matchLabels` selector. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment resource** before you upgrade. This is necessary because Deployment's label selector is immutable. +* All resources are now prefixed with the template `"argo-rollouts.fullname"`. + This enables the users to override resource names via the `nameOverride` and `fullnameOverride` parameters. +* Breaking parameters update + * `securityContext` was renamed to `containerSecurityContext` + * Added `controller.image.registry`. Prior to this chart version you had to override the registry via `controller.image.repository` diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 48744885..2e5153b5 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -30,3 +30,35 @@ Create chart name and version as used by the chart label. {{- define "argo-rollouts.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-rollouts.labels" -}} +helm.sh/chart: {{ include "argo-rollouts.chart" . }} +{{ include "argo-rollouts.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: argo-rollouts +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-rollouts.selectorLabels" -}} +app.kubernetes.io/name: {{ include "argo-rollouts.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "argo-rollouts.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "argo-rollouts.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml index 715aa001..ab3ac6dd 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml @@ -2,12 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-view + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-view - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -27,12 +26,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-edit + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-edit - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -58,12 +56,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-admin + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-admin - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml index c3fb9f0c..5872d59d 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml @@ -2,11 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-clusterrole + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-clusterrole - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -57,6 +56,16 @@ rules: - update - patch - delete +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch # services patch needed to update selector of canary/stable/active/preview services - apiGroups: - "" @@ -135,6 +144,7 @@ rules: - watch - get - update + - patch - list # trafficsplit access needed for using the SMI provider - apiGroups: @@ -147,4 +157,15 @@ rules: - get - update - patch +- apiGroups: + - getambassador.io + resources: + - mappings + verbs: + - create + - watch + - get + - update + - list + - delete {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml index 1d446845..b48ce5b5 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml @@ -2,17 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ .Release.Name }}-clusterrolebinding + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-clusterrolebinding - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Release.Name }}-clusterrole + name: {{ include "argo-rollouts.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index 1c4342bf..fb632312 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -1,52 +1,54 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }} + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 4 }} - {{- end }} + {{- include "argo-rollouts.labels" . | nindent 4 }} spec: selector: matchLabels: - app.kubernetes.io/name: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate template: metadata: - {{- if .Values.podAnnotations }} + {{- with .Values.podAnnotations }} annotations: - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/name: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + {{- range $key, $value := .Values.podLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ .Values.serviceAccount.name }} + serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }} containers: - - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" {{- if not .Values.clusterInstall }} args: - --namespaced {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - name: {{ .Values.controller.name }} - resources: -{{- toYaml .Values.controller.resources | nindent 10 }} + name: argo-rollouts + ports: + - containerPort: 8090 + name: metrics securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{- toYaml .Values.controller.nodeSelector | nindent 8 }} {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.controller.tolerations }} tolerations: {{- toYaml .Values.controller.tolerations | nindent 8 }} @@ -55,5 +57,3 @@ spec: affinity: {{- toYaml .Values.controller.affinity | nindent 8 }} {{- end }} - strategy: - type: Recreate diff --git a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml index 4301b7c8..6f2c975f 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml @@ -1,14 +1,14 @@ +{{- if .Values.controller.metrics.enabled }} apiVersion: v1 kind: Service metadata: - name: {{ .Release.Name }}-metrics + name: {{ include "argo-rollouts.fullname" . }}-metrics labels: app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAnnotations }} annotations: - {{- range $key, $value := .Values.serviceAnnotations }} - {{ $key }}: {{ $value | quote }} + {{- toYaml . | nindent 4 }} {{- end }} spec: ports: @@ -17,4 +17,5 @@ spec: port: 8090 targetPort: 8090 selector: - app.kubernetes.io/name: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-role.yaml b/charts/argo-rollouts/templates/argo-rollouts-role.yaml index 4c80d507..a981d95d 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-role.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-role.yaml @@ -1,11 +1,11 @@ +{{- if not .Values.clusterInstall }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Release.Name }}-role + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-role - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -145,3 +145,4 @@ rules: - get - update - patch +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml b/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml index ddc0e27d..128df3ab 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml @@ -1,15 +1,16 @@ +{{- if not .Values.clusterInstall }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Release.Name }}-role-binding + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-role-binding - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-role + name: {{ include "argo-rollouts.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml b/charts/argo-rollouts/templates/argo-rollouts-sa.yaml index dca70793..327eb6a5 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-sa.yaml @@ -1,8 +1,13 @@ +{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml b/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml index ea67f356..f94a25b8 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml @@ -1,18 +1,17 @@ -{{- if .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ .Release.Name }} + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- range $key, $value := .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{ $key }}: {{ $value | quote }} {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.additionalAnnotations }} + {{- with .Values.controller.metrics.serviceMonitor.additionalAnnotations }} annotations: -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalAnnotations | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: @@ -23,6 +22,5 @@ spec: selector: matchLabels: app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index b70b6f0b..08786ca0 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysisruns.argoproj.io spec: group: argoproj.io @@ -2305,6 +2308,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2324,6 +2328,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2345,8 +2350,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2404,6 +2411,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 4712ae2d..12fc5340 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysistemplates.argoproj.io spec: group: argoproj.io @@ -2300,6 +2303,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2319,6 +2323,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2340,8 +2345,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2399,6 +2406,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 72832f03..e357b4d2 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: clusteranalysistemplates.argoproj.io spec: group: argoproj.io @@ -2300,6 +2303,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2319,6 +2323,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2340,8 +2345,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2399,6 +2406,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 1fa5b261..5f9f8cfc 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: experiments.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 888ca599..10d0a8e1 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: rollouts.argoproj.io spec: group: argoproj.io @@ -29,11 +32,13 @@ spec: jsonPath: .status.replicas name: Current type: integer - - description: Total number of non-terminated pods targeted by this rollout that have the desired template spec + - description: Total number of non-terminated pods targeted by this rollout that + have the desired template spec jsonPath: .status.updatedReplicas name: Up-to-date type: integer - - description: Total number of available pods (ready for at least minReadySeconds) targeted by this rollout + - description: Total number of available pods (ready for at least minReadySeconds) + targeted by this rollout jsonPath: .status.availableReplicas name: Available type: integer @@ -300,6 +305,12 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + scaleDownDelayRevisionLimit: + format: int32 + type: integer + scaleDownDelaySeconds: + format: int32 + type: integer stableMetadata: properties: annotations: @@ -487,6 +498,15 @@ spec: - ingress - servicePort type: object + ambassador: + properties: + mappings: + items: + type: string + type: array + required: + - mappings + type: object istio: properties: destinationRule: @@ -2648,9 +2668,15 @@ spec: - containers type: object type: object - required: - - selector - - template + workloadRef: + properties: + apiVersion: + type: string + kind: + type: string + name: + type: string + type: object type: object status: properties: @@ -2765,6 +2791,8 @@ spec: currentStepIndex: format: int32 type: integer + message: + type: string observedGeneration: type: string pauseConditions: @@ -2780,6 +2808,8 @@ spec: - startTime type: object type: array + phase: + type: string promoteFull: type: boolean readyReplicas: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index a3200728..e778377f 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -3,7 +3,6 @@ installCRDs: true clusterInstall: true controller: - name: argo-rollouts component: rollouts-controller ## Node selectors and tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ @@ -12,8 +11,9 @@ controller: tolerations: [] affinity: {} image: + registry: quay.io repository: argoproj/argo-rollouts - tag: v0.10.2 + tag: "" pullPolicy: IfNotPresent resources: {} @@ -25,13 +25,20 @@ controller: # memory: 64Mi metrics: + enabled: false serviceMonitor: enabled: false additionalLabels: {} additionalAnnotations: {} serviceAccount: - name: argo-rollouts + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" ## Annotations to be added to all CRDs ## @@ -41,6 +48,21 @@ crdAnnotations: {} ## podAnnotations: {} +## Security Context to set on pod level +## +podSecurityContext: + runAsNonRoot: true + +## Security Context to set on container level +## +containerSecurityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + ## Annotations to be added to the Rollout service ## serviceAnnotations: {} diff --git a/charts/argo/.helmignore b/charts/argo-workflows/.helmignore similarity index 100% rename from charts/argo/.helmignore rename to charts/argo-workflows/.helmignore diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml new file mode 100644 index 00000000..6a33bfe4 --- /dev/null +++ b/charts/argo-workflows/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: argo-workflows +description: A Helm chart for Argo Workflows +type: application +version: 0.2.2 +appVersion: "v3.0.2" +icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +home: https://github.com/argoproj/argo-helm +sources: + - https://github.com/argoproj/argo-workflows +maintainers: + - name: alexec + - name: alexmt + - name: jessesuen + - name: benjaminws diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md new file mode 100644 index 00000000..7e1c9dd7 --- /dev/null +++ b/charts/argo-workflows/README.md @@ -0,0 +1,48 @@ +# Argo Workflows Chart + +This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). + +If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. + +## Pre-Requisites + +This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. + +A few options are: + +- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute +- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions + +## Usage Notes + +This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. + +## Values + +The `values.yaml` contains items used to tweak a deployment of this chart. +Fields to note: + +- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute +- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name +- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor +- `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran + +## Breaking changes from the deprecated `argo` chart + +1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory +1. the CRDs were updated to `apiextensions.k8s.io/v1` +1. the container image registry/project/tag format was changed to be more in line with the more common + + ```yaml + image: + registry: quay.io + repository: argoproj/argocli + tag: v3.0.1 + ``` + + this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images. + +1. switched to quay.io as the default registry for all images +1. removed any included usage of Minio +1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create` +1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml new file mode 100644 index 00000000..d3485603 --- /dev/null +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -0,0 +1,5 @@ +server: + ingress: + enabled: true + hosts: + - argo-workflows.127.0.0.1.xip.io diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml new file mode 100644 index 00000000..64c56cc1 --- /dev/null +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -0,0 +1,7 @@ +controller: + serviceMonitor: + enabled: false + metricsConfig: + enabled: true + telemetryConfig: + enabled: true diff --git a/charts/argo-workflows/ci/enable-rbac-values.yaml b/charts/argo-workflows/ci/enable-rbac-values.yaml new file mode 100644 index 00000000..10f717ac --- /dev/null +++ b/charts/argo-workflows/ci/enable-rbac-values.yaml @@ -0,0 +1,5 @@ +workflow: + serviceAccount: + create: true # Specifies whether a service account should be created + rbac: + create: true # adds Role and RoleBinding for the above specified service account to be able to run workflows diff --git a/charts/argo/crds/cluster-workflow-template-crd.yaml b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml similarity index 50% rename from charts/argo/crds/cluster-workflow-template-crd.yaml rename to charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml index a189f17c..fa7da83a 100644 --- a/charts/argo/crds/cluster-workflow-template-crd.yaml +++ b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,14 +1,9 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation spec: group: argoproj.io - version: v1alpha1 - scope: Cluster names: kind: ClusterWorkflowTemplate listKind: ClusterWorkflowTemplateList @@ -17,7 +12,24 @@ spec: - clusterwftmpl - cwft singular: clusterworkflowtemplate + scope: Cluster versions: - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object served: true storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml new file mode 100644 index 00000000..2878fe9b --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000..9585686a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workflows.yaml b/charts/argo-workflows/crds/argoproj.io_workflows.yaml new file mode 100644 index 00000000..f3751e18 --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflows.yaml @@ -0,0 +1,48 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml new file mode 100644 index 00000000..f6fa080a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt new file mode 100644 index 00000000..b4933a7d --- /dev/null +++ b/charts/argo-workflows/templates/NOTES.txt @@ -0,0 +1,7 @@ +1. Get Argo Server external IP/domain by running: + +kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} + +2. Submit the hello-world workflow by running: + +argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl new file mode 100644 index 00000000..a72c148f --- /dev/null +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -0,0 +1,104 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create argo workflows server name and version as used by the chart label. +*/}} +{{- define "argo-workflows.server.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-workflows.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-workflows.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "argo-workflows.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-workflows.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-workflows.labels" -}} +helm.sh/chart: {{ include "argo-workflows.chart" .context }} +{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argo-workflows +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-workflows.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Create the name of the server service account to use +*/}} +{{- define "argo-workflows.serverServiceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-workflows.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress +*/}} +{{- define "argo-workflows.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml similarity index 79% rename from charts/argo/templates/workflow-aggregate-roles.yaml rename to charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index b89e7b13..ba1c202d 100644 --- a/charts/argo/templates/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -2,10 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-view + name: {{ template "argo-workflows.fullname" . }}-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: @@ -14,6 +11,8 @@ rules: resources: - workflows - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows @@ -28,10 +27,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-edit + name: {{ template "argo-workflows.fullname" . }}-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: @@ -40,6 +36,8 @@ rules: resources: - workflows - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows @@ -59,10 +57,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-admin + name: {{ template "argo-workflows.fullname" . }}-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: @@ -71,6 +66,8 @@ rules: resources: - workflows - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows diff --git a/charts/argo/templates/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml similarity index 85% rename from charts/argo/templates/workflow-controller-cluster-roles.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 4d596b1c..34340d14 100644 --- a/charts/argo/templates/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -5,7 +5,9 @@ kind: Role kind: ClusterRole {{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: - apiGroups: - "" @@ -53,8 +55,6 @@ rules: resources: - workflowtemplates - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers verbs: - get - list @@ -129,11 +129,13 @@ rules: - update - patch - delete + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template rules: - apiGroups: - argoproj.io @@ -144,3 +146,4 @@ rules: - get - list - watch +{{- end }} diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml similarity index 83% rename from charts/argo/templates/workflow-controller-config-map.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 26fe2cd8..afddb194 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -1,11 +1,9 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap + name: {{ template "argo-workflows.controller.fullname" . }}-configmap labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} data: config: | {{- if .Values.controller.instanceID.enabled }} @@ -31,7 +29,7 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} + {{- if .Values.useDefaultArtifactRepo }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} @@ -44,13 +42,13 @@ data: {{- if .Values.useStaticCredentials }} accessKeySecret: key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} + name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} secretKeySecret: key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} + name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }} - endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }} + bucket: {{ .Values.artifactRepository.s3.bucket }} + endpoint: {{ .Values.artifactRepository.s3.endpoint }} insecure: {{ .Values.artifactRepository.s3.insecure }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml similarity index 50% rename from charts/argo/templates/workflow-controller-crb.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 66cca4d0..1235e325 100644 --- a/charts/argo/templates/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -5,7 +5,9 @@ kind: RoleBinding kind: ClusterRoleBinding {{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io {{- if .Values.singleNamespace }} @@ -13,13 +15,13 @@ roleRef: {{ else }} kind: ClusterRole {{- end }} - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} + name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} {{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} +{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }} {{- $namespace := .Release.Namespace }} {{- range $key := .Values.controller.workflowNamespaces }} {{- if not (eq $key $namespace) }} @@ -29,16 +31,21 @@ subjects: {{- end }} {{- end }} {{- end }} + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template subjects: - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} + name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo/templates/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml similarity index 55% rename from charts/argo/templates/workflow-controller-deployment-pdb.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index a7352a04..564ba412 100644 --- a/charts/argo/templates/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -2,12 +2,9 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} + name: {{ template "argo-workflows.controller.fullname" . }} labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: {{- if .Values.controller.pdb.minAvailable }} minAvailable: {{ .Values.controller.pdb.minAvailable }} @@ -18,6 +15,5 @@ spec: {{- end }} selector: matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml new file mode 100644 index 00000000..9f80ea7f --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with.Values.controller.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{- with .Values.controller.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: controller + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + command: [ "workflow-controller" ] + args: + - "--configmap" + - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "--executor-image" + - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}" + - "--loglevel" + - "{{ .Values.controller.logging.level }}" + - "--gloglevel" + - "{{ .Values.controller.logging.globallevel }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + {{- with .Values.controller.workflowWorkers }} + - "--workflow-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podWorkers }} + - "--pod-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + securityContext: + {{- toYaml .Values.controller.securityContext | nindent 12 }} + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- with .Values.controller.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + ports: + - name: metrics + containerPort: {{ .Values.controller.metricsConfig.port }} + livenessProbe: + httpGet: + port: metrics + path: {{ .Values.controller.metricsConfig.path }} + initialDelaySeconds: 30 + periodSeconds: 30 + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml new file mode 100644 index 00000000..e917bb41 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{ with .Values.controller.serviceAccount.annotations }} + annotations: + {{- toYaml .| nindent 4 }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml new file mode 100644 index 00000000..5c248f49 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -0,0 +1,38 @@ +{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with .Values.controller.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} +spec: + ports: + {{- if .Values.controller.metricsConfig.enabled }} + - name: {{ .Values.controller.metricsConfig.servicePortName }} + port: {{ .Values.controller.metricsConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.metricsConfig.port }} + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - name: {{ .Values.controller.telemetryConfig.servicePortName }} + port: {{ .Values.controller.telemetryConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.telemetryConfig.port }} + {{- end }} + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo/templates/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml similarity index 58% rename from charts/argo/templates/workflow-controller-servicemonitor.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 425fedac..54cf1b31 100644 --- a/charts/argo/templates/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -2,14 +2,11 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }} + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: @@ -28,6 +25,5 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} {{- end }} diff --git a/charts/argo/templates/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml similarity index 51% rename from charts/argo/templates/workflow-rb.yaml rename to charts/argo-workflows/templates/controller/workflow-rb.yaml index 17785257..9b27c045 100644 --- a/charts/argo/templates/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -2,18 +2,18 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Release.Name }}-workflow -{{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} -{{- end }} + name: {{ template "argo-workflows.fullname" . }}-workflow + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-workflow + name: {{ template "argo-workflows.fullname" . }}-workflow subjects: - kind: ServiceAccount name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} + {{- with .Values.workflow.namespace }} + namespace: {{ . }} {{- end }} {{- end }} diff --git a/charts/argo/templates/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml similarity index 70% rename from charts/argo/templates/workflow-role.yaml rename to charts/argo-workflows/templates/controller/workflow-role.yaml index 37365f21..bf8b3cff 100644 --- a/charts/argo/templates/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -2,9 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Release.Name }}-workflow - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} + name: {{ template "argo-workflows.fullname" . }}-workflow + {{- with .Values.workflow.namespace }} + namespace: {{ . }} {{- end }} rules: - apiGroups: diff --git a/charts/argo/templates/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml similarity index 77% rename from charts/argo/templates/workflow-sa.yaml rename to charts/argo-workflows/templates/controller/workflow-sa.yaml index 45d97cf0..dc84f2b1 100644 --- a/charts/argo/templates/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -3,8 +3,8 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} + {{- with .Values.workflow.namespace }} + namespace: {{ . }} {{- end }} {{- with .Values.workflow.serviceAccount.annotations }} annotations: diff --git a/charts/argo/templates/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml similarity index 66% rename from charts/argo/templates/server-cluster-roles.yaml rename to charts/argo-workflows/templates/server/server-cluster-roles.yaml index b6d47c09..6403bf96 100644 --- a/charts/argo/templates/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -1,12 +1,14 @@ {{- if .Values.server.enabled }} apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} + {{- if .Values.singleNamespace }} kind: Role -{{- else }} + {{- else }} kind: ClusterRole -{{- end }} + {{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: - apiGroups: - "" @@ -28,7 +30,7 @@ rules: - list - watch - delete -{{- if .Values.server.sso }} + {{- if .Values.server.sso }} - apiGroups: - "" resources: @@ -44,9 +46,7 @@ rules: - secrets verbs: - create -{{- end}} -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} + {{- if .Values.server.sso.rbac }} - apiGroups: - "" resources: @@ -54,8 +54,8 @@ rules: verbs: - get - list + {{- end }} {{- end }} -{{- end }} - apiGroups: - "" resources: @@ -95,27 +95,31 @@ rules: - get {{- end}} - apiGroups: - - argoproj.io + - argoproj.io resources: - - workflows - - workfloweventbindings - - workflowtemplates - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates + - eventsources + - sensors + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows verbs: - - create - - get - - list - - watch - - update - - patch - - delete + - create + - get + - list + - watch + - update + - patch + - delete + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -132,3 +136,4 @@ rules: - delete {{- end }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml new file mode 100644 index 00000000..16d55902 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +{{ else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + {{ else }} + kind: ClusterRole + {{- end }} + name: {{ template "argo-workflows.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml new file mode 100644 index 00000000..aeba6547 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.server.enabled .Values.server.pdb.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- if .Values.server.pdb.minAvailable }} + minAvailable: {{ .Values.server.pdb.minAvailable }} + {{- else if .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml new file mode 100644 index 00000000..5effabf6 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -0,0 +1,108 @@ +{{- if .Values.server.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} +spec: + replicas: {{ .Values.server.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: argo-server + image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + securityContext: + {{- toYaml .Values.server.securityContext | nindent 12 }} + args: + - server + - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + {{- with .Values.server.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + - "--secure={{ .Values.server.secure }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + ports: + - name: web + containerPort: 2746 + readinessProbe: + httpGet: + path: / + port: 2746 + {{- if .Values.server.secure }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 20 + env: + - name: IN_CLUSTER + value: "true" + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: BASE_HREF + value: {{ .Values.server.baseHref | quote }} + {{- with .Values.server.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.server.resources | nindent 12 }} + volumeMounts: + - name: tmp + mountPath: /tmp + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 10}} + {{- end }} + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + {{- with .Values.server.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml new file mode 100644 index 00000000..f0488031 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -0,0 +1,88 @@ +{{- if .Values.server.ingress.enabled -}} +{{- $serviceName := include "argo-workflows.server.fullname" . -}} +{{- $servicePort := .Values.server.servicePort -}} +{{- $paths := .Values.server.ingress.paths -}} +{{- $extraPaths := .Values.server.ingress.extraPaths -}} +apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- if .Values.server.ingress.labels }} + {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- end }} +spec: + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} + rules: + {{- if .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} + backend: + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} + backend: + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.server.ingress.tls }} + tls: + {{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml new file mode 100644 index 00000000..adcf7b48 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml new file mode 100644 index 00000000..5d161ee8 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.server.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - port: {{ .Values.server.servicePort }} + {{- with .Values.server.servicePortName }} + name: {{ . }} + {{- end }} + targetPort: 2746 + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.serviceType }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} + loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- end }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo/values.yaml b/charts/argo-workflows/values.yaml similarity index 68% rename from charts/argo/values.yaml rename to charts/argo-workflows/values.yaml index 31a36041..e2ce2e71 100644 --- a/charts/argo/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -1,16 +1,9 @@ images: - namespace: argoproj - controller: workflow-controller - server: argocli - executor: argoexec + # imagePullPolicy to apply to all containers pullPolicy: Always # Secrets with credentials to pull images from a private registry pullSecrets: [] # - name: argo-pull-secret - tag: v2.12.5 - -crdVersion: v1alpha1 -installCRD: true init: # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is @@ -24,17 +17,19 @@ createAggregateRoles: true singleNamespace: false workflow: - namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. + namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. serviceAccount: - create: false # Specifies whether a service account should be created + create: false # Specifies whether a service account should be created annotations: {} - name: "argo-workflow" # Service account which is used to run workflows + name: "argo-workflow" # Service account which is used to run workflows rbac: - create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows + create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows controller: image: - # Overrides .images.tag if defined. + registry: quay.io + repository: argoproj/workflow-controller + # Overrides the image tag whose default is the chart appVersion. tag: "" # parallelism dictates how many workflows can be running at the same time parallelism: @@ -48,7 +43,17 @@ controller: metricsConfig: enabled: false path: /metrics - port: 8080 + port: 9090 + servicePort: 8080 + servicePortName: metrics + # the controller container's securityContext + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL persistence: {} # connectionPool: # maxIdleConns: 100 @@ -69,24 +74,28 @@ controller: # passwordSecret: # name: argo-postgres-config # key: password - workflowDefaults: {} # Only valid for 2.7+ + workflowDefaults: {} # Only valid for 2.7+ # spec: # ttlStrategy: # secondsAfterCompletion: 84600 # workflowWorkers: 32 # podWorkers: 32 - workflowRestrictions: {} # Only valid for 2.9+ + workflowRestrictions: {} # Only valid for 2.9+ # templateReferencing: Strict|Secure telemetryConfig: enabled: false path: /telemetry port: 8081 + servicePort: 8081 + servicePortName: telemetry serviceMonitor: enabled: false additionalLabels: {} - serviceAccount: argo - # Service account annotations - serviceAccountAnnotations: {} + serviceAccount: + create: true + name: "" + # Annotations applied to created service account + annotations: {} name: workflow-controller workflowNamespaces: - default @@ -103,10 +112,6 @@ controller: level: info globallevel: "0" serviceType: ClusterIP - metricsServicePort: 8080 - metricsServicePortName: metrics - telemetryServicePort: 8081 - telemetryServicePortName: telemetry # Annotations to be applied to the controller Service serviceAnnotations: {} # Optional labels to add to the controller Service @@ -115,9 +120,13 @@ controller: # service type `LoadBalancer` loadBalancerSourceRanges: [] resources: {} - # The list of environment variable definitions to be added to the controller - # manages container verbatim. + + ## Extra environment variables to provide to the controller container + ## extraEnv: + ## - name: FOO + ## value: "bar" extraEnv: [] + # Extra arguments to be added to the controller extraArgs: [] replicas: 1 @@ -138,11 +147,16 @@ controller: priorityClassName: "" # https://argoproj.github.io/argo-workflows/links/ links: [] + clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. + enabled: true # executor controls how the init and wait container should be customized executor: image: - # Overrides .images.tag if defined. + registry: quay.io + repository: argoproj/argoexec + # Overrides the image tag whose default is the chart appVersion. tag: "" resources: {} # Adds environment variables for the executor. @@ -154,10 +168,12 @@ server: enabled: true # only updates base url of resources on client side, # it's expected that a proxy server rewrites the request URL and gets rid of this prefix - # https://github.com/argoproj/argo/issues/716#issuecomment-433213190 + # https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190 baseHref: / image: - # Overrides .images.tag if defined. + registry: quay.io + repository: argoproj/argocli + # Overrides the image tag whose default is the chart appVersion. tag: "" # optional map of annotations to be applied to the ui Pods podAnnotations: {} @@ -165,16 +181,21 @@ server: podLabels: {} # SecurityContext to set on the server pods podSecurityContext: {} + securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL name: server serviceType: ClusterIP servicePort: 2746 # servicePortName: http - serviceAccount: argo-server - # Whether to create the service account with the name specified in - # server.serviceAccount and bind it to the server role. - createServiceAccount: true - # Service account annotations - serviceAccountAnnotations: {} + serviceAccount: + create: true + name: "" + annotations: {} # Annotations to be applied to the UI Service serviceAnnotations: {} # Optional labels to add to the UI Service @@ -206,9 +227,15 @@ server: # Run the argo server in "secure" mode. Configure this value instead of # "--secure" in extraArgs. See the following documentation for more details # on secure mode: - # https://argoproj.github.io/argo-workflows/tls/#encrypted + # https://argoproj.github.io/argo-workflows/tls/ secure: false + ## Extra environment variables to provide to the argo-server container + ## extraEnv: + ## - name: FOO + ## value: "bar" + extraEnv: [] + # Extra arguments to provide to the Argo server binary. extraArgs: [] @@ -221,37 +248,43 @@ server: ## ingress: enabled: false + annotations: {} + labels: {} + ingressClassName: "" - ## Annotations to be added to the web ingress. + ## Argo Workflows Server Ingress. + ## Hostnames must be provided if Ingress is enabled. + ## Secrets must be manually created in the namespace ## - # annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + hosts: + [] + # - argocd.example.com + paths: + - / + extraPaths: + [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service + # name: ssl-redirect + # port: + # name: use-annotation + tls: + [] + # - secretName: argocd-example-tls + # hosts: + # - argocd.example.com + https: false - ## Labels to be added to the web ingress. - ## - # labels: - # use-cloudflare-solver: "true" - - ## Hostnames. - ## Must be provided if Ingress is enabled. - ## - # hosts: - # - argo.domain.com - - ## Additional Paths for each host - # paths: - # - serviceName: "ssl-redirect" - # servicePort: "use-annotation" - - ## TLS configuration. - ## Secrets must be manually created in the namespace. - ## - # tls: - # - secretName: argo-ui-tls - # hosts: - # - argo.domain.com clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. + enabled: true # Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true sso: @@ -294,7 +327,7 @@ artifactRepository: # Note the `key` attribute is not the actual secret, it's the PATH to # the contents in the associated secret, as defined by the `name` attribute. accessKeySecret: - # name: -minio (default) + # name: -minio key: accesskey secretKeySecret: # name: -minio @@ -306,25 +339,16 @@ artifactRepository: # roleARN: # useSDKCreds: true # gcs: - # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey - - -# NOTE: These are setting attributes for the `minio` optional dependency -minio: - # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map - install: false - defaultBucket: - enabled: true - name: argo-artifacts + # bucket: -argo + # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" + # serviceAccountKeySecret is a secret selector. + # It references the k8s secret named 'my-gcs-credentials'. + # This secret is expected to have have the key 'serviceAccountKey', + # containing the base64 encoded credentials + # to the bucket. + # + # If it's running on GKE and Workload Identity is used, + # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey diff --git a/charts/argo/Chart.lock b/charts/argo/Chart.lock deleted file mode 100644 index 4b57ae05..00000000 --- a/charts/argo/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: minio - repository: https://helm.min.io/ - version: 8.0.9 -digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260 -generated: "2021-01-13T15:31:40.823086-08:00" diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml deleted file mode 100644 index 3f10ee6f..00000000 --- a/charts/argo/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v2 -appVersion: v2.12.5 -description: A Helm chart for Argo Workflows -name: argo -version: 0.16.10 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -home: https://github.com/argoproj/argo-helm -maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: benjaminws -dependencies: -- name: minio - version: 8.0.9 - repository: https://helm.min.io/ - condition: minio.install diff --git a/charts/argo/README.md b/charts/argo/README.md deleted file mode 100644 index b0b5613a..00000000 --- a/charts/argo/README.md +++ /dev/null @@ -1,27 +0,0 @@ -## Argo Workflows Chart - -This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). - -If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. - -## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. - -A few options are: -- Setup the CRD yourself manually and use `--set installCRD=false` when installing the helm chart. Find the CRDs in the [argo codebase](https://github.com/argoproj/argo-workflows/tree/master/manifests/base/crds/full) -- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - -## Usage Notes: -This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. - -## Values - -The `values.yaml` contains items used to tweak a deployment of this chart. -Fields to note: -* `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute -* `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name -* `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor -* `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran -* `minio.install`: If this is true, we'll install [minio](https://github.com/kubernetes/charts/tree/master/stable/minio) and build out the artifactRepository section in workflow controller config map. -* `artifactRepository.s3.accessKeySecret` and `artifactRepository.s3.secretKeySecret` These by default link to minio default credentials stored in the secret deployed by the minio chart. diff --git a/charts/argo/crds/cron-workflow-crd.yaml b/charts/argo/crds/cron-workflow-crd.yaml deleted file mode 100644 index abd50b30..00000000 --- a/charts/argo/crds/cron-workflow-crd.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - listKind: CronWorkflowList - plural: cronworkflows - shortNames: - - cwf - - cronwf - singular: cronworkflow - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-crd.yaml b/charts/argo/crds/workflow-crd.yaml deleted file mode 100644 index 24f6abc2..00000000 --- a/charts/argo/crds/workflow-crd.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - listKind: WorkflowList - plural: workflows - shortNames: - - wf - singular: workflow - scope: Namespaced - subresources: {} - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-eventbinding-crd.yaml b/charts/argo/crds/workflow-eventbinding-crd.yaml deleted file mode 100644 index a58de8e7..00000000 --- a/charts/argo/crds/workflow-eventbinding-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workfloweventbindings.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings - shortNames: - - wfeb - singular: workfloweventbinding - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-template-crd.yaml b/charts/argo/crds/workflow-template-crd.yaml deleted file mode 100644 index 0be13451..00000000 --- a/charts/argo/crds/workflow-template-crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - listKind: WorkflowTemplateList - plural: workflowtemplates - shortNames: - - wftmpl - singular: workflowtemplate - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/templates/NOTES.txt b/charts/argo/templates/NOTES.txt deleted file mode 100644 index 7b4c02f0..00000000 --- a/charts/argo/templates/NOTES.txt +++ /dev/null @@ -1,16 +0,0 @@ -1. Get Argo Server external IP/domain by running: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }} - -2. Submit the hello-world workflow by running: - -argo submit https://raw.githubusercontent.com/argoproj/argo/master/examples/hello-world.yaml --watch - -{{ if .Values.minio.install }} - -3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following -command: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio - -{{ end }} diff --git a/charts/argo/templates/_helpers.tpl b/charts/argo/templates/_helpers.tpl deleted file mode 100644 index f0d83d2e..00000000 --- a/charts/argo/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/argo/templates/cluster-workflow-template-crd.yaml b/charts/argo/templates/cluster-workflow-template-crd.yaml deleted file mode 100644 index be688da3..00000000 --- a/charts/argo/templates/cluster-workflow-template-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Cluster - names: - kind: ClusterWorkflowTemplate - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft -{{- end }} diff --git a/charts/argo/templates/cron-workflow-crd.yaml b/charts/argo/templates/cron-workflow-crd.yaml deleted file mode 100644 index 923abdf2..00000000 --- a/charts/argo/templates/cron-workflow-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - plural: cronworkflows - shortNames: - - cronwf - - cwf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/server-crb.yaml b/charts/argo/templates/server-crb.yaml deleted file mode 100644 index ad4cfeda..00000000 --- a/charts/argo/templates/server-crb.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: RoleBinding -{{ else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - {{ else }} - kind: ClusterRole - {{- end }} - name: {{ .Release.Name }}-{{ .Values.server.name}} -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/argo/templates/server-deployment-pdb.yaml b/charts/argo/templates/server-deployment-pdb.yaml deleted file mode 100644 index 31f1d4f8..00000000 --- a/charts/argo/templates/server-deployment-pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.pdb.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - {{- if .Values.server.pdb.minAvailable }} - minAvailable: {{ .Values.server.pdb.minAvailable }} - {{- else if .Values.server.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml deleted file mode 100644 index 832fd37d..00000000 --- a/charts/argo/templates/server-deployment.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.server.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - {{- if .Values.server.podLabels }} - {{- toYaml .Values.server.podLabels | nindent 8 }} - {{- end }} - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.server.serviceAccount | quote }} - {{- if .Values.server.podSecurityContext }} - securityContext: - {{- toYaml .Values.server.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: argo-server - args: - - server - - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap - {{- if .Values.server.extraArgs }} - {{- toYaml .Values.server.extraArgs | nindent 10 }} - {{- end }} - {{- if .Values.server.secure }} - - "--secure" - {{- end }} - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - {{- if .Values.server.podPortName }} - ports: - - name: {{ .Values.server.podPortName }} - containerPort: 2746 - {{- end }} - readinessProbe: - httpGet: - path: / - port: 2746 - {{- if .Values.server.secure }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 10 - periodSeconds: 20 - env: - - name: IN_CLUSTER - value: "true" - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: BASE_HREF - value: {{ .Values.server.baseHref | quote }} - resources: - {{- toYaml .Values.server.resources | nindent 12 }} - volumeMounts: - - name: tmp - mountPath: /tmp - {{- with .Values.server.volumeMounts }} - {{- toYaml . | nindent 10}} - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: tmp - emptyDir: {} - {{- with .Values.server.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - {{- with .Values.server.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} -{{- end -}} diff --git a/charts/argo/templates/server-ingress.yaml b/charts/argo/templates/server-ingress.yaml deleted file mode 100644 index 6eab3f50..00000000 --- a/charts/argo/templates/server-ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.ingress.enabled -}} -{{- $serviceName := printf "%s-%s" .Release.Name .Values.server.name -}} -{{- $servicePort := .Values.server.servicePort -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- range $key, $value := .Values.server.ingress.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $.Values.server.ingress.paths }} - {{- range $.Values.server.ingress.paths }} - - backend: - serviceName: {{ .serviceName }} - servicePort: {{ .servicePort }} - {{- end }} - {{- end }} - - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.server.ingress.tls }} - tls: -{{ toYaml .Values.server.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-sa.yaml b/charts/argo/templates/server-sa.yaml deleted file mode 100644 index 5b419a65..00000000 --- a/charts/argo/templates/server-sa.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.server.serviceAccount }} - annotations: -{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }} -{{- end -}} diff --git a/charts/argo/templates/server-service.yaml b/charts/argo/templates/server-service.yaml deleted file mode 100644 index ba4d74f6..00000000 --- a/charts/argo/templates/server-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.server.serviceLabels }} - {{- toYaml .Values.server.serviceLabels | nindent 4 }} - {{- end }} - {{- if .Values.server.serviceAnnotations }} - annotations: -{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - - port: {{ .Values.server.servicePort }} - {{- if .Values.server.servicePortName }} - name: {{ .Values.server.servicePortName }} - {{- end }} - targetPort: 2746 - selector: - app: {{ .Release.Name }}-{{ .Values.server.name }} - sessionAffinity: None - type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} - {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/worfkflow-controller-secrets-access.yaml b/charts/argo/templates/worfkflow-controller-secrets-access.yaml deleted file mode 100644 index f0d48519..00000000 --- a/charts/argo/templates/worfkflow-controller-secrets-access.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -rules: -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - - {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - verbs: - - get - - watch - - list -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml deleted file mode 100755 index 9ad509d0..00000000 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} - {{ toYaml .Values.controller.podLabels | nindent 8}} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.controller.serviceAccount | quote }} - {{- if .Values.controller.podSecurityContext }} - securityContext: - {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: controller - image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - command: [ "workflow-controller" ] - args: - - "--configmap" - - "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap" - - "--executor-image" - - "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ default .Values.images.tag .Values.executor.image.tag }}" - - "--loglevel" - - "{{ .Values.controller.logging.level }}" - - "--gloglevel" - - "{{ .Values.controller.logging.globallevel }}" - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - {{- with .Values.controller.workflowWorkers }} - - "--workflow-workers" - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.podWorkers }} - - "--pod-workers" - - {{ . | quote }} - {{- end }} - {{- if .Values.controller.extraArgs }} - {{- toYaml .Values.controller.extraArgs | nindent 10 }} - {{- end }} - env: - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- with .Values.controller.extraEnv }} - {{ toYaml . | nindent 10 }} - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.metricsConfig.enabled }} - ports: - - containerPort: 8080 - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} - {{- end }} diff --git a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml b/charts/argo/templates/workflow-controller-minio-secret-crb.yaml deleted file mode 100644 index 722776a4..00000000 --- a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} -{{- $namespace := .Release.Namespace }} -{{- range $key := .Values.controller.workflowNamespaces }} - {{- if not (eq $key $namespace) }} - - kind: ServiceAccount - name: {{ $uiServiceAccount }} - namespace: {{ $key }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-controller-sa.yaml b/charts/argo/templates/workflow-controller-sa.yaml deleted file mode 100644 index 02d274da..00000000 --- a/charts/argo/templates/workflow-controller-sa.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.controller.serviceAccount }} - annotations: -{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }} diff --git a/charts/argo/templates/workflow-controller-service.yaml b/charts/argo/templates/workflow-controller-service.yaml deleted file mode 100644 index 7985a54c..00000000 --- a/charts/argo/templates/workflow-controller-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceLabels }} - {{ toYaml .Values.controller.serviceLabels | nindent 4}} - {{- end }} - {{- if .Values.controller.serviceAnnotations }} - annotations: -{{ toYaml .Values.controller.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - {{- if .Values.controller.metricsConfig.enabled }} - - name: {{ .Values.controller.metricsServicePortName }} - port: {{ .Values.controller.metricsServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.metricsConfig.port }} - {{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - - name: {{ .Values.controller.telemetryServicePortName }} - port: {{ .Values.controller.telemetryServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.telemetryConfig.port }} - {{- end }} - selector: - app: {{ .Release.Name }}-{{ .Values.controller.name }} - sessionAffinity: None - type: {{ .Values.controller.serviceType }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/workflow-crd.yaml b/charts/argo/templates/workflow-crd.yaml deleted file mode 100644 index 44a6fa98..00000000 --- a/charts/argo/templates/workflow-crd.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - plural: workflows - shortNames: - - wf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/workflow-template-crd.yaml b/charts/argo/templates/workflow-template-crd.yaml deleted file mode 100644 index 757fa098..00000000 --- a/charts/argo/templates/workflow-template-crd.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - plural: workflowtemplates - shortNames: - - wftmpl -{{- end }} diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index fba7f6bd..936734b0 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.4 +version: 0.1.5 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 8a1e04d8..9be1b26b 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.3.0 +version: 1.3.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml index badee60f..f888811c 100644 --- a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} labels: {{- include "argocd-notifications.bots.slack.labels" . | nindent 4 }} + {{- with .Values.bots.slack.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} {{ end }} diff --git a/charts/argocd-notifications/templates/serviceaccount.yaml b/charts/argocd-notifications/templates/serviceaccount.yaml index 591d13bd..418b6800 100644 --- a/charts/argocd-notifications/templates/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.serviceAccountName" . }} labels: {{- include "argocd-notifications.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index bfe746c3..f258401f 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -93,6 +93,8 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-controller + annotations: {} + cm: # Whether helm chart creates controller config map create: true @@ -371,6 +373,8 @@ bots: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-bot + annotations: {} + resources: {} # limits: # cpu: 100m diff --git a/scripts/lint.sh b/scripts/lint.sh index 8f084c5b..1f0e9104 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -1,19 +1,17 @@ #!/bin/bash +# This script runs the chart-testing tool locally. It simulates the linting that is also done by the github action. Run this without any errors before pushing. +# Reference: https://github.com/helm/chart-testing set -eux SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - name=$(basename $dir) - echo "Running Helm linting for $name" - docker run \ - -v "$SRCROOT:/workdir" \ - gcr.io/kubernetes-charts-ci/test-image:v3.1.0 \ - ct \ - lint \ - --config .circleci/chart-testing.yaml \ - --lint-conf .circleci/lintconf.yaml \ - --charts "/workdir/charts/${name}" -done +echo -e "\n-- Linting all Helm Charts --\n" +docker run \ + -v "$SRCROOT:/workdir" \ + --entrypoint /bin/sh \ + quay.io/helmpack/chart-testing:v3.3.1 \ + -c cd /workdir \ + ct lint \ + --config .github/configs/ct-lint.yaml \ + --lint-conf .github/configs/lintconf.yaml \ + --debug diff --git a/scripts/publish.sh b/scripts/publish.sh deleted file mode 100755 index 025ba5d9..00000000 --- a/scripts/publish.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -set -eux - -SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -GIT_PUSH=${GIT_PUSH:-false} - -rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output - -helm repo add argoproj https://argoproj.github.io/argo-helm - -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - - name=$(basename $dir) - - if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ] - then - echo "Processing chart dependencies" - helm --debug dep build $dir - # Bug with Helm subcharts with hyphen on them - # https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684 - if [ "$name" == "argo-cd" ] - then - echo "Restore ArgoCD RedisHA subchart" - tar -C $dir/charts -xf $dir/charts/redis-ha-*.tgz - fi - fi - - echo "Processing $dir" - helm --debug package $dir -done - -cp $SRCROOT/*.tgz output/ -cd $SRCROOT/output && helm repo index . - -cd $SRCROOT/output && git status - -if [ "$GIT_PUSH" == "true" ] -then - cd $SRCROOT/output && git add . && git commit -m "Publish charts" && git push git@github.com:argoproj/argo-helm.git gh-pages -fi