DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of github.com:rupinSec/argo-helm

Browse source
This commit is contained in:
Rupin Solanki 2023-01-20 09:55:37 +05:30
commit 140c2b3692
12 changed files with 174 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/argo-cd/Chart.yaml
View file

@ -3,7 +3,7 @@ appVersion: v2.5.7
kubeVersion: ">=1.22.0-0" kubeVersion: ">=1.22.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd name: argo-cd
version: 5.17.5 version: 5.18.1
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources: sources:
@ -23,4 +23,4 @@ dependencies:
condition: redis-ha.enabled condition: redis-ha.enabled
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "[Changed]: Update Argo CD extensions to v0.2.1" - "[Added]: Extra secret labels with .Values.configs.secret.labels"

1
charts/argo-cd/README.md
View file

@ -442,6 +442,7 @@ NAME: my-release
| configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events | | configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events |
| configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events | | configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events |
| configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events |
| configs.secret.labels | object | `{}` | Labels to be added to argocd-secret |
| configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. |
| configs.tlsCerts | object | See [values.yaml] | TLS certificate | | configs.tlsCerts | object | See [values.yaml] | TLS certificate |
| configs.tlsCertsAnnotations | object | `{}` | TLS certificate configmap annotations | | configs.tlsCertsAnnotations | object | `{}` | TLS certificate configmap annotations |

3
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -5,6 +5,9 @@ metadata:
name: argocd-secret name: argocd-secret
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
{{- with .Values.configs.secret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.configs.secret.annotations }} {{- with .Values.configs.secret.annotations }}
annotations: annotations:
{{- range $key, $value := . }} {{- range $key, $value := . }}

2
charts/argo-cd/values.yaml
View file

@ -400,6 +400,8 @@ configs:
secret: secret:
# -- Create the argocd-secret # -- Create the argocd-secret
createSecret: true createSecret: true
# -- Labels to be added to argocd-secret
labels: {}
# -- Annotations to be added to argocd-secret # -- Annotations to be added to argocd-secret
annotations: {} annotations: {}

7
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
appVersion: v1.3.1 appVersion: v1.4.0
description: A Helm chart for Argo Rollouts description: A Helm chart for Argo Rollouts
name: argo-rollouts name: argo-rollouts
version: 2.21.3 version: 2.22.0
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords: keywords:
@ -15,5 +15,4 @@ maintainers:
url: https://argoproj.github.io/ url: https://argoproj.github.io/
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "[Fixed]: avoid app.kubernetes.io/version kubernetes label from exceeding maximum length (63)" - "[Changed]: Upgrade ArgoRollouts to v1.4.0"
- "[Fixed]: generated value for app.kubernetes.io/version label is now valid even when defining a controller.image.tag with a SHA digest"

22
charts/argo-rollouts/templates/controller/clusterrole.yaml
View file

@ -89,7 +89,7 @@ rules:
- create - create
- get - get
- update - update
# secret access to run analysis templates which reference secrets, allow init containers to manipulate secrets # secret read access to run analysis templates which reference secrets
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -99,9 +99,6 @@ rules:
- get - get
- list - list
- watch - watch
- create
- patch
- update
# pod list/update needed for updating ephemeral data # pod list/update needed for updating ephemeral data
- apiGroups: - apiGroups:
- "" - ""
@ -110,6 +107,7 @@ rules:
verbs: verbs:
- list - list
- update - update
- watch
# pods eviction needed for restart # pods eviction needed for restart
- apiGroups: - apiGroups:
- "" - ""
@ -223,4 +221,20 @@ rules:
- list - list
- update - update
- patch - patch
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }} {{- end }}

99
charts/argo-rollouts/templates/controller/role.yaml
View file

@ -56,7 +56,19 @@ rules:
- update - update
- patch - patch
- delete - delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
# services patch needed to update selector of canary/stable/active/preview services # services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -66,8 +78,18 @@ rules:
- list - list
- watch - watch
- patch - patch
# secret access to run analysis templates which reference secrets - create
# configmap access to read notification-engine configuration - delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -77,9 +99,6 @@ rules:
- get - get
- list - list
- watch - watch
- create
- patch
- update
# pod list/update needed for updating ephemeral data # pod list/update needed for updating ephemeral data
- apiGroups: - apiGroups:
- "" - ""
@ -88,6 +107,7 @@ rules:
verbs: verbs:
- list - list
- update - update
- watch
# pods eviction needed for restart # pods eviction needed for restart
- apiGroups: - apiGroups:
- "" - ""
@ -129,15 +149,17 @@ rules:
- update - update
- patch - patch
- delete - delete
# virtualservice access needed for using the Istio provider # virtualservice/destinationrule access needed for using the Istio provider
- apiGroups: - apiGroups:
- networking.istio.io - networking.istio.io
resources: resources:
- virtualservices - virtualservices
- destinationrules
verbs: verbs:
- watch - watch
- get - get
- update - update
- patch
- list - list
# trafficsplit access needed for using the SMI provider # trafficsplit access needed for using the SMI provider
- apiGroups: - apiGroups:
@ -150,4 +172,69 @@ rules:
- get - get
- update - update
- patch - patch
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
# Endpoints and TargetGroupBindings needed for ALB target group verification
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }} {{- end }}

3
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -2742,6 +2742,9 @@ spec:
type: array type: array
insecure: insecure:
type: boolean type: boolean
jsonBody:
type: object
x-kubernetes-preserve-unknown-fields: true
jsonPath: jsonPath:
type: string type: string
method: method:

3
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -2738,6 +2738,9 @@ spec:
type: array type: array
insecure: insecure:
type: boolean type: boolean
jsonBody:
type: object
x-kubernetes-preserve-unknown-fields: true
jsonPath: jsonPath:
type: string type: string
method: method:

3
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -2738,6 +2738,9 @@ spec:
type: array type: array
insecure: insecure:
type: boolean type: boolean
jsonBody:
type: object
x-kubernetes-preserve-unknown-fields: true
jsonPath: jsonPath:
type: string type: string
method: method:

39
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -89,6 +89,12 @@ spec:
revisionHistoryLimit: revisionHistoryLimit:
format: int32 format: int32
type: integer type: integer
rollbackWindow:
properties:
revisions:
format: int32
type: integer
type: object
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -397,6 +403,9 @@ spec:
- type: integer - type: integer
- type: string - type: string
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
minPodsPerReplicaSet:
format: int32
type: integer
pingPong: pingPong:
properties: properties:
pingService: pingService:
@ -713,6 +722,20 @@ spec:
required: required:
- mappings - mappings
type: object type: object
apisix:
properties:
route:
properties:
name:
type: string
rules:
items:
type: string
type: array
required:
- name
type: object
type: object
appMesh: appMesh:
properties: properties:
virtualNodeGroup: virtualNodeGroup:
@ -770,6 +793,14 @@ spec:
items: items:
type: string type: string
type: array type: array
tcpRoutes:
items:
properties:
port:
format: int64
type: integer
type: object
type: array
tlsRoutes: tlsRoutes:
items: items:
properties: properties:
@ -794,6 +825,14 @@ spec:
items: items:
type: string type: string
type: array type: array
tcpRoutes:
items:
properties:
port:
format: int64
type: integer
type: object
type: array
tlsRoutes: tlsRoutes:
items: items:
properties: properties:

7
charts/argo-rollouts/templates/dashboard/clusterrole.yaml
View file

@ -44,17 +44,18 @@ rules:
- get - get
- list - list
- watch - watch
# deployments and podtemplates read access needed for workload reference support
- apiGroups: - apiGroups:
- ""
- apps - apps
resources: resources:
- deployments - deployments
- podtemplates
verbs: verbs:
- get - get
- list - list
- watch - watch
{{- if not .Values.dashboard.readonly }}
- update
- patch
{{- end }}
- apiGroups: - apiGroups:
- apps - apps
resources: resources: