DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into main

Browse source 
Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com>
This commit is contained in:
shlomi tubul 2024-06-21 12:43:05 +03:00 committed by GitHub
commit 011824fa18
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
53 changed files with 1714 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.github/dependabot.yml vendored
View file

@ -6,3 +6,11 @@ updates:
schedule: schedule:
interval: weekly interval: weekly
day: "saturday" day: "saturday"
commit-message:
prefix: "chore(deps)"
groups:
dependencies:
applies-to: version-updates
update-types:
- "minor"
- "patch"

4
.github/workflows/lint-and-test.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
options: --user 1001 options: --user 1001
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run ah lint - name: Run ah lint
working-directory: ./charts working-directory: ./charts
run: ah lint run: ah lint
@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
fetch-depth: 0 fetch-depth: 0

4
.github/workflows/publish.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
fetch-depth: 0 fetch-depth: 0
@ -66,7 +66,7 @@ jobs:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}

8
.github/workflows/renovate.yaml vendored
View file

@ -16,21 +16,21 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Get token - name: Get token
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0 uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
id: get_token id: get_token
with: with:
app-id: ${{ vars.RENOVATE_APP_ID }} app-id: ${{ vars.RENOVATE_APP_ID }}
private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Self-hosted Renovate - name: Self-hosted Renovate
uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12
with: with:
configurationFile: .github/configs/renovate-config.js configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 37.332.0 renovate-version: 37.384.0
token: '${{ steps.get_token.outputs.token }}' token: '${{ steps.get_token.outputs.token }}'
env: env:
LOG_LEVEL: 'debug' LOG_LEVEL: 'debug'

4
.github/workflows/scorecard.yml vendored
View file

@ -33,7 +33,7 @@ jobs:
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
persist-credentials: false persist-credentials: false
@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
with: with:
sarif_file: results.sarif sarif_file: results.sarif

60
README.md
View file

@ -42,3 +42,63 @@ Please refer to [SECURITY.md](SECURITY.md) for details on how to report security
### Changelog ### Changelog
Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog).
## Charts use Helm "Capabilities"
Our charts make use of the Helm built-in object "Capabilities":
> This provides information about what capabilities the Kubernetes cluster supports.
> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/*
Today we use:
- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster
- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1")
If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster.
For this you need to pass the `--api-versions` parameter to the `helm template` command:
```bash
helm template argocd \
oci://ghcr.io/argoproj/argo-helm/argo-cd \
--api-versions monitoring.coreos.com/v1 \
--values my-argocd-values.yaml
```
If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options.
Example with Kustomize:
```yaml
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
- name: argo-cd
repo: oci://ghcr.io/argoproj/argo-helm
version: x.y.z
releaseName: argocd
apiVersions:
- monitoring.coreos.com/v1
valuesFile: my-argocd-values.yaml
```
Example with helmfile:
```yaml
# helmfile.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
apiVersions:
- monitoring.coreos.com/v1
releases:
- name: argocd
namespace: argocd
chart: argo/argo-cd
values:
- my-argocd-values.yaml
```

4
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2 apiVersion: v2
appVersion: v2.11.0 appVersion: v2.11.3
kubeVersion: ">=1.23.0-0" kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd name: argo-cd
version: 6.9.4 version: 7.2.1
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources: sources:

72
charts/argo-cd/README.md
View file

@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
#### How to rotate Redis secret?
Upstream steps in the [FAQ] are not enough, since we chose a different approach.
(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
```bash
kubectl delete secret argocd-redis -n <argocd namesapce>
```
* **Perform a helm upgrade**
```bash
helm upgrade argocd argo/argo-cd --reuse-values --wait
```
* If you are running Redis in HA mode, restart Redis in HA.
```bash
kubectl rollout restart deployment argocd-redis-ha-haproxy
kubectl rollout restart statefulset argocd-redis-ha-server
```
* If you are running Redis in non-HA mode, restart Redis.
```bash
kubectl rollout restart deployment argocd-redis
```
* Restart other components.
```bash
kubectl rollout restart deployment argocd-server argocd-repo-server
kubectl rollout restart statefulset argocd-application-controller
```
### 6.9.0 ### 6.9.0
ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).
@ -638,6 +671,8 @@ NAME: my-release
| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments |
| global.domain | string | `"argocd.example.com"` | Default domain used by all components | | global.domain | string | `"argocd.example.com"` | Default domain used by all components |
| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. |
| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) |
| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments |
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
@ -662,7 +697,7 @@ NAME: my-release
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
| configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
@ -932,7 +967,7 @@ NAME: my-release
| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources |
| server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificate.usages | list | `[]` | Usages for the certificate |
| server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret |
| server.certificateSecret.crt | string | `""` | Certificate data | | server.certificateSecret.crt | string | `""` | Certificate data |
@ -1047,6 +1082,7 @@ NAME: my-release
| server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalIPs | list | `[]` | Server service external IPs |
| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints |
| server.service.labels | object | `{}` | Server service labels | | server.service.labels | object | `{}` | Server service labels |
| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation |
| server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
| server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
| server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") |
@ -1271,8 +1307,10 @@ The main options are listed here:
|-----|------|---------|-------------| |-----|------|---------|-------------|
| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. |
| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. |
| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH |
| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context |
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. |
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
@ -1316,6 +1354,33 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations | | externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations |
| externalRedis.username | string | `""` | External Redis username | | externalRedis.username | string | `""` | External Redis username |
### Redis secret-init
The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
If you use an External Redis (See Option 3 above), this Job is not deployed.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods |
| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job |
| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job |
| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job |
| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job |
| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name |
| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job |
| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job |
| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job |
| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job |
| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job |
| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context |
| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod |
| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod |
| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job |
## ApplicationSet ## ApplicationSet
| Key | Type | Default | Description | | Key | Type | Default | Description |
@ -1336,7 +1401,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
@ -1507,8 +1571,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/

48
charts/argo-cd/README.md.gotmpl
View file

@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
#### How to rotate Redis secret?
Upstream steps in the [FAQ] are not enough, since we chose a different approach.
(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
```bash
kubectl delete secret argocd-redis -n <argocd namesapce>
```
* **Perform a helm upgrade**
```bash
helm upgrade argocd argo/argo-cd --reuse-values --wait
```
* If you are running Redis in HA mode, restart Redis in HA.
```bash
kubectl rollout restart deployment argocd-redis-ha-haproxy
kubectl rollout restart statefulset argocd-redis-ha-server
```
* If you are running Redis in non-HA mode, restart Redis.
```bash
kubectl rollout restart deployment argocd-redis
```
* Restart other components.
```bash
kubectl rollout restart deployment argocd-server argocd-repo-server
kubectl rollout restart statefulset argocd-application-controller
```
### 6.9.0 ### 6.9.0
ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).
@ -722,6 +755,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
{{- end }} {{- end }}
{{- end }} {{- end }}
### Redis secret-init
The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
If you use an External Redis (See Option 3 above), this Job is not deployed.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "redisSecretInit" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## ApplicationSet ## ApplicationSet
| Key | Type | Default | Description | | Key | Type | Default | Description |
@ -750,8 +796,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/

31
charts/argo-cd/templates/_helpers.tpl
View file

@ -86,6 +86,25 @@ Create the name of the redis service account to use
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Create Redis secret-init name
*/}}
{{- define "argo-cd.redisSecretInit.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the Redis secret-init service account to use
*/}}
{{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
{{- if .Values.redisSecretInit.serviceAccount.create -}}
{{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.redisSecretInit.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/* {{/*
Create argocd server name and version as used by the chart label. Create argocd server name and version as used by the chart label.
*/}} */}}
@ -226,3 +245,15 @@ Allows overriding it for multi-namespace deployments in combined charts.
{{- define "argo-cd.namespace" -}} {{- define "argo-cd.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }} {{- end }}
{{/*
Dual stack definition
*/}}
{{- define "argo-cd.dualStack" -}}
{{- with .Values.global.dualStack.ipFamilyPolicy }}
ipFamilyPolicy: {{ . }}
{{- end }}
{{- with .Values.global.dualStack.ipFamilies }}
ipFamilies: {{ toYaml . | nindent 4 }}
{{- end }}
{{- end }}

8
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -199,15 +199,19 @@ spec:
- name: REDIS_USERNAME - name: REDIS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username key: redis-username
optional: true optional: true
- name: REDIS_PASSWORD - name: REDIS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password key: redis-password
optional: true optional: true
{{- else }}
key: auth
{{- end }}
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

1
charts/argo-cd/templates/argocd-application-controller/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.controller.metrics.service.clusterIP }} clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.controller.metrics.service.portName }} - name: {{ .Values.controller.metrics.service.portName }}
protocol: TCP protocol: TCP

14
charts/argo-cd/templates/argocd-application-controller/role.yaml
View file

@ -43,3 +43,17 @@ rules:
- get - get
- list - list
- watch - watch
{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }}
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- argocd-app-controller-shard-cm
verbs:
- get
- list
- watch
- create
- update
{{- end }}

8
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -198,15 +198,19 @@ spec:
- name: REDIS_USERNAME - name: REDIS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username key: redis-username
optional: true optional: true
- name: REDIS_PASSWORD - name: REDIS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password key: redis-password
optional: true optional: true
{{- else }}
key: auth
{{- end }}
- name: REDIS_SENTINEL_USERNAME - name: REDIS_SENTINEL_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

2
charts/argo-cd/templates/argocd-applicationset/certificate.yaml
View file

@ -13,7 +13,7 @@ metadata:
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec: spec:
secretName: {{ .Values.applicationSet.certificate.secretName }} secretName: argocd-applicationset-controller-tls
commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
dnsNames: dnsNames:
- {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}

1
charts/argo-cd/templates/argocd-applicationset/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.applicationSet.metrics.service.portName }} - name: {{ .Values.applicationSet.metrics.service.portName }}
protocol: TCP protocol: TCP

1
charts/argo-cd/templates/argocd-applicationset/service.yaml
View file

@ -16,6 +16,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
type: {{ .Values.applicationSet.service.type }} type: {{ .Values.applicationSet.service.type }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.applicationSet.service.portName }} - name: {{ .Values.applicationSet.service.portName }}
port: {{ .Values.applicationSet.service.port }} port: {{ .Values.applicationSet.service.port }}

26
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
View file

@ -1,17 +1,17 @@
{{- range .Values.configs.clusterCredentials }} {{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
namespace: {{ $.Release.Namespace | quote }} namespace: {{ $.Release.Namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .labels }} {{- with $cluster_value.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
argocd.argoproj.io/secret-type: cluster argocd.argoproj.io/secret-type: cluster
{{- with .annotations }} {{- with $cluster_value.annotations }}
annotations: annotations:
{{- range $key, $value := . }} {{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
@ -19,17 +19,17 @@ metadata:
{{- end }} {{- end }}
type: Opaque type: Opaque
stringData: stringData:
name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
{{- if .namespaces }} {{- if $cluster_value.namespaces }}
namespaces: {{ .namespaces }} namespaces: {{ $cluster_value.namespaces }}
{{- if .clusterResources }} {{- if $cluster_value.clusterResources }}
clusterResources: {{ .clusterResources | quote }} clusterResources: {{ $cluster_value.clusterResources | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .project }} {{- if $cluster_value.project }}
project: {{ .project | quote }} project: {{ $cluster_value.project | quote }}
{{- end }} {{- end }}
config: | config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }} {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }}
{{- end }} {{- end }}

2
charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml
View file

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "argo-cd.redis.fullname" . }} name: argocd-redis
namespace: {{ include "argo-cd.namespace" . }} namespace: {{ include "argo-cd.namespace" . }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}

1
charts/argo-cd/templates/argocd-notifications/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} clusterIP: {{ .Values.notifications.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
selector: selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
ports: ports:

8
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -175,15 +175,19 @@ spec:
- name: REDIS_USERNAME - name: REDIS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username key: redis-username
optional: true optional: true
- name: REDIS_PASSWORD - name: REDIS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password key: redis-password
optional: true optional: true
{{- else }}
key: auth
{{- end }}
- name: REDIS_SENTINEL_USERNAME - name: REDIS_SENTINEL_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

1
charts/argo-cd/templates/argocd-repo-server/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.repoServer.metrics.service.portName }} - name: {{ .Values.repoServer.metrics.service.portName }}
protocol: TCP protocol: TCP

1
charts/argo-cd/templates/argocd-repo-server/service.yaml
View file

@ -15,6 +15,7 @@ metadata:
name: {{ template "argo-cd.repoServer.fullname" . }} name: {{ template "argo-cd.repoServer.fullname" . }}
namespace: {{ include "argo-cd.namespace" . }} namespace: {{ include "argo-cd.namespace" . }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.repoServer.service.portName }} - name: {{ .Values.repoServer.service.portName }}
protocol: TCP protocol: TCP

1
charts/argo-cd/templates/argocd-server/aws/service.yaml
View file

@ -9,6 +9,7 @@ metadata:
name: {{ template "argo-cd.server.fullname" . }}-grpc name: {{ template "argo-cd.server.fullname" . }}-grpc
namespace: {{ include "argo-cd.namespace" . }} namespace: {{ include "argo-cd.namespace" . }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.server.service.servicePortHttpName }} - name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP protocol: TCP

9
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -13,7 +13,14 @@ metadata:
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec: spec:
secretName: {{ .Values.server.certificate.secretName }} secretTemplate:
{{- with .Values.server.certificate.secretTemplateAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
secretName: argocd-server-tls
commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
dnsNames: dnsNames:
- {{ .Values.server.certificate.domain | default .Values.global.domain }} - {{ .Values.server.certificate.domain | default .Values.global.domain }}

8
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -243,15 +243,19 @@ spec:
- name: REDIS_USERNAME - name: REDIS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username key: redis-username
optional: true optional: true
- name: REDIS_PASSWORD - name: REDIS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password key: redis-password
optional: true optional: true
{{- else }}
key: auth
{{- end }}
- name: REDIS_SENTINEL_USERNAME - name: REDIS_SENTINEL_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

1
charts/argo-cd/templates/argocd-server/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.server.metrics.service.clusterIP }} clusterIP: {{ .Values.server.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.server.metrics.service.portName }} - name: {{ .Values.server.metrics.service.portName }}
protocol: TCP protocol: TCP

4
charts/argo-cd/templates/argocd-server/service.yaml
View file

@ -16,6 +16,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
type: {{ .Values.server.service.type }} type: {{ .Values.server.service.type }}
{{- include "argo-cd.dualStack" . | indent 2 }}
{{- with .Values.server.service.externalIPs }} {{- with .Values.server.service.externalIPs }}
externalIPs: {{ . }} externalIPs: {{ . }}
{{- end }} {{- end }}
@ -23,6 +24,9 @@ spec:
externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }}
{{- end }} {{- end }}
{{- if eq .Values.server.service.type "LoadBalancer" }} {{- if eq .Values.server.service.type "LoadBalancer" }}
{{- with .Values.server.service.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- with .Values.server.service.loadBalancerIP }} {{- with .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ . }} loadBalancerIP: {{ . }}
{{- end }} {{- end }}

1
charts/argo-cd/templates/dex/service.yaml
View file

@ -16,6 +16,7 @@ metadata:
{{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.dex.servicePortHttpName }} - name: {{ .Values.dex.servicePortHttpName }}
protocol: TCP protocol: TCP

65
charts/argo-cd/templates/redis-secret-init/job.yaml Normal file
View file

@ -0,0 +1,65 @@
{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation
{{- range $key, $value := .Values.redisSecretInit.jobAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
spec:
template:
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- argocd
- admin
- redis-initial-password
image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }}
name: secret-init
resources:
{{- toYaml .Values.redisSecretInit.resources | nindent 10 }}
{{- with .Values.redisSecretInit.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.redisSecretInit.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
restartPolicy: OnFailure
{{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
{{- end }}

27
charts/argo-cd/templates/redis-secret-init/role.yaml Normal file
View file

@ -0,0 +1,27 @@
{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
rules:
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- argocd-redis
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
{{- end }}

19
charts/argo-cd/templates/redis-secret-init/rolebinding.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "argo-cd.redisSecretInit.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
{{- end }}

16
charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation
{{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
{{- end }}

13
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -65,8 +65,14 @@ spec:
- "" - ""
- --appendonly - --appendonly
- "no" - "no"
{{- with (concat .Values.global.env .Values.redis.env) }} - --requirepass $(REDIS_PASSWORD)
env: env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: argocd-redis
key: auth
{{- with (concat .Values.global.env .Values.redis.env) }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.redis.envFrom }} {{- with .Values.redis.envFrom }}
@ -124,6 +130,11 @@ spec:
value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: argocd-redis
key: auth
{{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- with (concat .Values.global.env .Values.redis.exporter.env) }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

2
charts/argo-cd/templates/redis/health-configmap.yaml
View file

@ -11,6 +11,7 @@ data:
redis_liveness.sh: | redis_liveness.sh: |
response=$( response=$(
redis-cli \ redis-cli \
-a "${REDIS_PASSWORD}" --no-auth-warning \
-h localhost \ -h localhost \
-p {{ .Values.redis.containerPorts.redis }} \ -p {{ .Values.redis.containerPorts.redis }} \
ping ping
@ -23,6 +24,7 @@ data:
redis_readiness.sh: | redis_readiness.sh: |
response=$( response=$(
redis-cli \ redis-cli \
-a "${REDIS_PASSWORD}" --no-auth-warning \
-h localhost \ -h localhost \
-p {{ .Values.redis.containerPorts.redis }} \ -p {{ .Values.redis.containerPorts.redis }} \
ping ping

1
charts/argo-cd/templates/redis/service.yaml
View file

@ -17,6 +17,7 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: redis - name: redis
port: {{ .Values.redis.servicePort }} port: {{ .Values.redis.servicePort }}

107
charts/argo-cd/values.yaml
View file

@ -98,6 +98,13 @@ global:
# hostnames: # hostnames:
# - git.myhostname # - git.myhostname
# Configure dual-stack used by all component services
dualStack:
# -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
ipFamilyPolicy: ""
# -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
ipFamilies: []
# Default network policy rules used by all components # Default network policy rules used by all components
networkPolicy: networkPolicy:
# -- Create NetworkPolicy objects for all components # -- Create NetworkPolicy objects for all components
@ -418,13 +425,13 @@ configs:
# command: [sh, -c, find . -name env.yaml] # command: [sh, -c, find . -name env.yaml]
# -- Provide one or multiple [external cluster credentials] # -- Provide one or multiple [external cluster credentials]
# @default -- `[]` (See [values.yaml]) # @default -- `{}` (See [values.yaml])
## Ref: ## Ref:
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
clusterCredentials: [] clusterCredentials: {}
# - name: mycluster # mycluster:
# server: https://mycluster.example.com # server: https://mycluster.example.com
# labels: {} # labels: {}
# annotations: {} # annotations: {}
@ -433,7 +440,7 @@ configs:
# tlsClientConfig: # tlsClientConfig:
# insecure: false # insecure: false
# caData: "<base64 encoded certificate>" # caData: "<base64 encoded certificate>"
# - name: mycluster2 # mycluster2:
# server: https://mycluster2.example.com # server: https://mycluster2.example.com
# labels: {} # labels: {}
# annotations: {} # annotations: {}
@ -444,7 +451,7 @@ configs:
# tlsClientConfig: # tlsClientConfig:
# insecure: false # insecure: false
# caData: "<base64 encoded certificate>" # caData: "<base64 encoded certificate>"
# - name: mycluster3-project-scoped # mycluster3-project-scoped:
# server: https://mycluster3.example.com # server: https://mycluster3.example.com
# labels: {} # labels: {}
# annotations: {} # annotations: {}
@ -1547,6 +1554,12 @@ redis-ha:
containerSecurityContext: containerSecurityContext:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
# -- Configures redis-ha with AUTH
auth: true
# -- Existing Secret to use for redis-ha authentication.
# By default the redis-secret-init Job is generating this Secret.
existingSecret: argocd-redis
# -- Whether the Redis server pods should be forced to run on separate nodes. # -- Whether the Redis server pods should be forced to run on separate nodes.
hardAntiAffinity: true hardAntiAffinity: true
@ -1594,6 +1607,82 @@ externalRedis:
# -- External Redis Secret annotations # -- External Redis Secret annotations
secretAnnotations: {} secretAnnotations: {}
redisSecretInit:
# -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
enabled: true
# -- Redis secret-init name
name: redis-secret-init
image:
# -- Repository to use for the Redis secret-init Job
# @default -- `""` (defaults to global.image.repository)
repository: "" # defaults to global.image.repository
# -- Tag to use for the Redis secret-init Job
# @default -- `""` (defaults to global.image.tag)
tag: "" # defaults to global.image.tag
# -- Image pull policy for the Redis secret-init Job
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: "" # IfNotPresent
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- Annotations to be added to the Redis secret-init Job
jobAnnotations: {}
# -- Annotations to be added to the Redis secret-init Job
podAnnotations: {}
# -- Labels to be added to the Redis secret-init Job
podLabels: {}
# -- Resource limits and requests for Redis secret-init Job
resources: {}
# limits:
# cpu: 200m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 64Mi
# -- Application controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# -- Redis secret-init Job pod-level security context
securityContext: {}
serviceAccount:
# -- Create a service account for the redis pod
create: true
# -- Service account name for redis pod
name: ""
# -- Annotations applied to created service account
annotations: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Priority class for Redis secret-init Job
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- Node selector to be added to the Redis secret-init Job
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- Tolerations to be added to the Redis secret-init Job
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
## Server ## Server
server: server:
# -- Argo CD server name # -- Argo CD server name
@ -1901,8 +1990,6 @@ server:
certificate: certificate:
# -- Deploy a Certificate resource (requires cert-manager) # -- Deploy a Certificate resource (requires cert-manager)
enabled: false enabled: false
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-server-tls
# -- Certificate primary domain (commonName) # -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain) # @default -- `""` (defaults to global.domain)
domain: "" domain: ""
@ -1940,6 +2027,8 @@ server:
# -- Usages for the certificate # -- Usages for the certificate
### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
usages: [] usages: []
# -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
secretTemplateAnnotations: {}
# TLS certificate configuration via Secret # TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
@ -1978,6 +2067,8 @@ server:
# -- Server service https port appProtocol # -- Server service https port appProtocol
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
servicePortHttpsAppProtocol: "" servicePortHttpsAppProtocol: ""
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- LoadBalancer will get created with the IP specified in this field # -- LoadBalancer will get created with the IP specified in this field
loadBalancerIP: "" loadBalancerIP: ""
# -- Source IP ranges to allow access to service from # -- Source IP ranges to allow access to service from
@ -2905,8 +2996,6 @@ applicationSet:
certificate: certificate:
# -- Deploy a Certificate resource (requires cert-manager) # -- Deploy a Certificate resource (requires cert-manager)
enabled: false enabled: false
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-applicationset-controller-tls
# -- Certificate primary domain (commonName) # -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain) # @default -- `""` (defaults to global.domain)
domain: "" domain: ""

8
charts/argo-events/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
appVersion: v1.9.1 appVersion: v1.9.2
description: A Helm chart for Argo Events, the event-driven workflow automation framework description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events name: argo-events
version: 2.4.4 version: 2.4.6
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords: keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: added - kind: changed
description: Support ability to set .Values.namespaceOverride description: Bump argo-events to v1.9.2

3
charts/argo-events/templates/_helpers.tpl
View file

@ -104,6 +104,9 @@ helm.sh/chart: {{ include "argo-events.chart" .context }}
{{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }} {{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argo-events app.kubernetes.io/part-of: argo-events
{{- with .context.Values.global.additionalLabels }}
{{ toYaml . }}
{{- end }}
{{- end }} {{- end }}
{{/* {{/*

8
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
appVersion: v1.6.6 appVersion: v1.7.0
description: A Helm chart for Argo Rollouts description: A Helm chart for Argo Rollouts
name: argo-rollouts name: argo-rollouts
version: 2.35.2 version: 2.36.0
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords: keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: added - kind: changed
description: Added pod labels for the controller and the dashboard components description: Bump argo-rollouts to v1.7.0

3
charts/argo-rollouts/README.md
View file

@ -51,6 +51,7 @@ For full list of changes please check ArtifactHub [changelog].
| fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template |
| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | | global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments |
| global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | | global.deploymentLabels | object | `{}` | Labels for all deployed Deployments |
| global.revisionHistoryLimit | int | `10` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. |
| imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. |
| installCRDs | bool | `true` | Install and upgrade CRDs | | installCRDs | bool | `true` | Install and upgrade CRDs |
| keepCRDs | bool | `true` | Keep CRD's on helm uninstall | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
@ -78,7 +79,7 @@ For full list of changes please check ArtifactHub [changelog].
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| containerSecurityContext | object | `{}` | Security Context to set on container level | | containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level |
| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
| controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
| controller.containerPorts.healthz | int | `8080` | Healthz container port | | controller.containerPorts.healthz | int | `8080` | Healthz container port |

3
charts/argo-rollouts/templates/controller/deployment.yaml
View file

@ -21,8 +21,9 @@ spec:
app.kubernetes.io/component: {{ .Values.controller.component }} app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.selectorLabels" . | nindent 6 }} {{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
strategy: strategy:
type: Recreate type: RollingUpdate
replicas: {{ .Values.controller.replicas }} replicas: {{ .Values.controller.replicas }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
template: template:
metadata: metadata:
{{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }} {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }}

239
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -188,6 +188,19 @@ spec:
type: object type: object
datadog: datadog:
properties: properties:
aggregator:
default: last
enum:
- avg
- min
- max
- sum
- last
- percentile
- mean
- l2norm
- area
type: string
apiVersion: apiVersion:
default: v1 default: v1
enum: enum:
@ -241,6 +254,9 @@ spec:
backoffLimit: backoffLimit:
format: int32 format: int32
type: integer type: integer
backoffLimitPerIndex:
format: int32
type: integer
completionMode: completionMode:
type: string type: string
completions: completions:
@ -248,6 +264,9 @@ spec:
type: integer type: integer
manualSelector: manualSelector:
type: boolean type: boolean
maxFailedIndexes:
format: int32
type: integer
parallelism: parallelism:
format: int32 format: int32
type: integer type: integer
@ -289,13 +308,14 @@ spec:
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- action - action
- onPodConditions
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- rules - rules
type: object type: object
podReplacementPolicy:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -467,6 +487,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -535,6 +565,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -601,6 +641,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -669,6 +719,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -848,6 +908,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -898,6 +966,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1094,13 +1170,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1453,6 +1556,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1503,6 +1614,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1699,13 +1818,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2065,6 +2211,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2115,6 +2269,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2311,13 +2473,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2543,12 +2732,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -2945,11 +3165,26 @@ spec:
type: array type: array
terminate: terminate:
type: boolean type: boolean
ttlStrategy:
properties:
secondsAfterCompletion:
format: int32
type: integer
secondsAfterFailure:
format: int32
type: integer
secondsAfterSuccess:
format: int32
type: integer
type: object
required: required:
- metrics - metrics
type: object type: object
status: status:
properties: properties:
completedAt:
format: date-time
type: string
dryRunSummary: dryRunSummary:
properties: properties:
count: count:

235
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -184,6 +184,19 @@ spec:
type: object type: object
datadog: datadog:
properties: properties:
aggregator:
default: last
enum:
- avg
- min
- max
- sum
- last
- percentile
- mean
- l2norm
- area
type: string
apiVersion: apiVersion:
default: v1 default: v1
enum: enum:
@ -237,6 +250,9 @@ spec:
backoffLimit: backoffLimit:
format: int32 format: int32
type: integer type: integer
backoffLimitPerIndex:
format: int32
type: integer
completionMode: completionMode:
type: string type: string
completions: completions:
@ -244,6 +260,9 @@ spec:
type: integer type: integer
manualSelector: manualSelector:
type: boolean type: boolean
maxFailedIndexes:
format: int32
type: integer
parallelism: parallelism:
format: int32 format: int32
type: integer type: integer
@ -285,13 +304,14 @@ spec:
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- action - action
- onPodConditions
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- rules - rules
type: object type: object
podReplacementPolicy:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -463,6 +483,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -531,6 +561,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -597,6 +637,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -665,6 +715,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -844,6 +904,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -894,6 +962,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1090,13 +1166,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1449,6 +1552,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1499,6 +1610,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1695,13 +1814,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2061,6 +2207,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2111,6 +2265,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2307,13 +2469,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2539,12 +2728,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -2939,8 +3159,15 @@ spec:
- provider - provider
type: object type: object
type: array type: array
required: templates:
- metrics items:
properties:
clusterScope:
type: boolean
templateName:
type: string
type: object
type: array
type: object type: object
required: required:
- spec - spec

235
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -184,6 +184,19 @@ spec:
type: object type: object
datadog: datadog:
properties: properties:
aggregator:
default: last
enum:
- avg
- min
- max
- sum
- last
- percentile
- mean
- l2norm
- area
type: string
apiVersion: apiVersion:
default: v1 default: v1
enum: enum:
@ -237,6 +250,9 @@ spec:
backoffLimit: backoffLimit:
format: int32 format: int32
type: integer type: integer
backoffLimitPerIndex:
format: int32
type: integer
completionMode: completionMode:
type: string type: string
completions: completions:
@ -244,6 +260,9 @@ spec:
type: integer type: integer
manualSelector: manualSelector:
type: boolean type: boolean
maxFailedIndexes:
format: int32
type: integer
parallelism: parallelism:
format: int32 format: int32
type: integer type: integer
@ -285,13 +304,14 @@ spec:
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- action - action
- onPodConditions
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- rules - rules
type: object type: object
podReplacementPolicy:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -463,6 +483,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -531,6 +561,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -597,6 +637,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -665,6 +715,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -844,6 +904,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -894,6 +962,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1090,13 +1166,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1449,6 +1552,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1499,6 +1610,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1695,13 +1814,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2061,6 +2207,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2111,6 +2265,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2307,13 +2469,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2539,12 +2728,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -2939,8 +3159,15 @@ spec:
- provider - provider
type: object type: object
type: array type: array
required: templates:
- metrics items:
properties:
clusterScope:
type: boolean
templateName:
type: string
type: object
type: array
type: object type: object
required: required:
- spec - spec

213
charts/argo-rollouts/templates/crds/experiment-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -94,6 +94,17 @@ spec:
- templateName - templateName
type: object type: object
type: array type: array
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
dryRun: dryRun:
items: items:
properties: properties:
@ -309,6 +320,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -377,6 +398,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -443,6 +474,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -511,6 +552,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -690,6 +741,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -740,6 +799,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -936,13 +1003,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1295,6 +1389,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1345,6 +1447,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1541,13 +1651,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1907,6 +2044,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1957,6 +2102,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2153,13 +2306,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2385,12 +2565,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:

227
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -581,6 +581,26 @@ spec:
- templateName - templateName
type: object type: object
type: array type: array
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
dryRun:
items:
properties:
metricName:
type: string
required:
- metricName
type: object
type: array
duration: duration:
type: string type: string
templates: templates:
@ -913,6 +933,9 @@ spec:
- name - name
type: object type: object
type: array type: array
maxTrafficWeight:
format: int32
type: integer
nginx: nginx:
properties: properties:
additionalIngressAnnotations: additionalIngressAnnotations:
@ -1093,6 +1116,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1161,6 +1194,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1227,6 +1270,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1295,6 +1348,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1474,6 +1537,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1524,6 +1595,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1720,13 +1799,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2079,6 +2185,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2129,6 +2243,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2325,13 +2447,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2691,6 +2840,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2741,6 +2898,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2937,13 +3102,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -3169,12 +3361,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -3340,6 +3563,8 @@ spec:
type: string type: string
name: name:
type: string type: string
scaleDown:
type: string
type: object type: object
type: object type: object
status: status:

1
charts/argo-rollouts/templates/dashboard/deployment.yaml
View file

@ -24,6 +24,7 @@ spec:
strategy: strategy:
type: Recreate type: Recreate
replicas: {{ .Values.dashboard.replicas }} replicas: {{ .Values.dashboard.replicas }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
template: template:
metadata: metadata:
{{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }} {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }}

17
charts/argo-rollouts/values.yaml
View file

@ -43,6 +43,8 @@ global:
deploymentAnnotations: {} deploymentAnnotations: {}
# -- Labels for all deployed Deployments # -- Labels for all deployed Deployments
deploymentLabels: {} deploymentLabels: {}
# -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
revisionHistoryLimit: 10
controller: controller:
# -- Value of label `app.kubernetes.io/component` # -- Value of label `app.kubernetes.io/component`
@ -238,13 +240,14 @@ podSecurityContext:
runAsNonRoot: true runAsNonRoot: true
# -- Security Context to set on container level # -- Security Context to set on container level
containerSecurityContext: {} containerSecurityContext:
# capabilities: allowPrivilegeEscalation: false
# drop: capabilities:
# - ALL drop:
# readOnlyRootFilesystem: true - ALL
# runAsNonRoot: true readOnlyRootFilesystem: true
# runAsUser: 1000 seccompProfile:
type: RuntimeDefault
# -- Annotations to be added to the Rollout service # -- Annotations to be added to the Rollout service
serviceAnnotations: {} serviceAnnotations: {}

6
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2 apiVersion: v2
appVersion: v3.5.6 appVersion: v3.5.8
name: argo-workflows name: argo-workflows
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
type: application type: application
version: 0.41.6 version: 0.41.11
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
sources: sources:
@ -17,4 +17,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: fixed - kind: fixed
description: Add missing serviceLabels to server service description: Add `app:` label to components to match upstream

1
charts/argo-workflows/templates/_helpers.tpl
View file

@ -94,6 +94,7 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
app.kubernetes.io/instance: {{ .context.Release.Name }} app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }} {{- if .component }}
app.kubernetes.io/component: {{ .component }} app.kubernetes.io/component: {{ .component }}
app: {{ .component }}
{{- end }} {{- end }}
{{- end }} {{- end }}

8
charts/argocd-image-updater/Chart.yaml
View file

@ -2,8 +2,8 @@ apiVersion: v2
name: argocd-image-updater name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application type: application
version: 0.10.0 version: 0.10.2
appVersion: v0.13.0 appVersion: v0.13.1
home: https://github.com/argoproj-labs/argocd-image-updater home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
keywords: keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: fixed
description: Bump argocd-image-updater to v0.13.0 description: Fixed a URL in values.yaml comments

2
charts/argocd-image-updater/values.yaml
View file

@ -107,7 +107,7 @@ config:
# -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`)
applicationsAPIKind: "" applicationsAPIKind: ""
# Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags
# Note: this is only relevant if config.applicationsAPIKind == 'argocd' # Note: this is only relevant if config.applicationsAPIKind == 'argocd'
argocd: argocd:
# -- Use the gRPC-web protocol to connect to the Argo CD API # -- Use the gRPC-web protocol to connect to the Argo CD API