feat(argo-rollouts): Add initContainers to controller pod, allow secrets to be manipulated (#1410)

* Add initContainers to controller pod, allow secrets to be manipulated Signed-off-by: lukepatrick <lukephilips@gmail.com> * bump Signed-off-by: lukepatrick <lukephilips@gmail.com> * linting Signed-off-by: lukepatrick <lukephilips@gmail.com> * Update charts/argo-rollouts/templates/controller/deployment.yaml Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> Signed-off-by: lukepatrick <lukephilips@gmail.com> Signed-off-by: lukepatrick <lukephilips@gmail.com> Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
2022-08-26 10:40:01 -06:00 · 2022-08-26 10:40:01 -06:00 · 19b1c138e1
commit 19b1c138e1
parent dd4fdef4ee
6 changed files with 25 additions and 5 deletions
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "v1.2.2"
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.19.2
+version: 2.20.0
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
@ -10,4 +10,4 @@ maintainers:
    url: https://argoproj.github.io/
 annotations:
  artifacthub.io/changes: |
-    - "[Changed]: Helm chart maintainers standardized to argoproj"
+    - "[Added]: initContainer option to controller pod, updated secrets roles"
--- a/charts/argo-rollouts/README.md
+++ b/charts/argo-rollouts/README.md
@ -71,6 +71,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
 | controller.image.registry | string | `"quay.io"` | Registry to use |
 | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use |
 | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
+| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod |
 | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
 | controller.metrics.enabled | bool | `false` | Deploy metrics service |
 | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor |
@ -175,4 +176,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
 [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
-[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-2.19.2/charts/argo-rollouts/values.yaml
+[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-2.20.0/charts/argo-rollouts/values.yaml
--- a/charts/argo-rollouts/templates/controller/clusterrole.yaml
+++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml
@ -89,7 +89,7 @@ rules:
  - create
  - get
  - update
-# secret read access to run analysis templates which reference secrets
+# secret access to run analysis templates which reference secrets, allow init containers to manipulate secrets
 - apiGroups:
  - ""
  resources:
@ -99,6 +99,9 @@ rules:
  - get
  - list
  - watch
+  - create
+  - patch
+  - update
 # pod list/update needed for updating ephemeral data
 - apiGroups:
  - ""
--- a/charts/argo-rollouts/templates/controller/deployment.yaml
+++ b/charts/argo-rollouts/templates/controller/deployment.yaml
@ -65,6 +65,10 @@ spec:
      {{- with .Values.controller.extraContainers }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
+      {{- with .Values.controller.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      {{- if .Values.controller.nodeSelector }}
      nodeSelector:
        {{- toYaml .Values.controller.nodeSelector | nindent 8 }}
--- a/charts/argo-rollouts/templates/controller/role.yaml
+++ b/charts/argo-rollouts/templates/controller/role.yaml
@ -66,7 +66,7 @@ rules:
  - list
  - watch
  - patch
-# secret read access to run analysis templates which reference secrets
+# secret access to run analysis templates which reference secrets
 # configmap access to read notification-engine configuration
 - apiGroups:
  - ""
@ -77,6 +77,9 @@ rules:
  - get
  - list
  - watch
+  - create
+  - patch
+  - update
 # pod list/update needed for updating ephemeral data
 - apiGroups:
  - ""
--- a/charts/argo-rollouts/values.yaml
+++ b/charts/argo-rollouts/values.yaml
@ -74,6 +74,15 @@ controller:
  ## This will be rendered as the literal yaml
  extraContainers: []

+  # -- Init containers to add to the rollouts controller pod
+  ## This will be rendered as the literal yaml
+  initContainers: []
+  #  - name: download-tools
+  #    image: alpine:3.8
+  #    command: [sh, -c]
+  #    args:
+  #      -  ls
+
  # -- Resource limits and requests for the controller pods.
  resources: {}
  #  limits: