From 19b1c138e138d462d9b15148ebe8ebf91f7014b9 Mon Sep 17 00:00:00 2001 From: Luke Date: Fri, 26 Aug 2022 10:40:01 -0600 Subject: [PATCH] feat(argo-rollouts): Add initContainers to controller pod, allow secrets to be manipulated (#1410) * Add initContainers to controller pod, allow secrets to be manipulated Signed-off-by: lukepatrick * bump Signed-off-by: lukepatrick * linting Signed-off-by: lukepatrick * Update charts/argo-rollouts/templates/controller/deployment.yaml Co-authored-by: Marco Kilchhofer Signed-off-by: lukepatrick Signed-off-by: lukepatrick Co-authored-by: Marco Kilchhofer --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 ++- .../argo-rollouts/templates/controller/clusterrole.yaml | 5 ++++- .../argo-rollouts/templates/controller/deployment.yaml | 4 ++++ charts/argo-rollouts/templates/controller/role.yaml | 5 ++++- charts/argo-rollouts/values.yaml | 9 +++++++++ 6 files changed, 25 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 7356a0cf..320bad6a 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "v1.2.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.19.2 +version: 2.20.0 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png home: https://github.com/argoproj/argo-helm maintainers: @@ -10,4 +10,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Changed]: Helm chart maintainers standardized to argoproj" + - "[Added]: initContainer option to controller pod, updated secrets roles" diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 45807654..d0881293 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -71,6 +71,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | controller.image.registry | string | `"quay.io"` | Registry to use | | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | @@ -175,4 +176,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets -[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-2.19.2/charts/argo-rollouts/values.yaml +[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-2.20.0/charts/argo-rollouts/values.yaml diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 4db2e81d..b8fdf475 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -89,7 +89,7 @@ rules: - create - get - update -# secret read access to run analysis templates which reference secrets +# secret access to run analysis templates which reference secrets, allow init containers to manipulate secrets - apiGroups: - "" resources: @@ -99,6 +99,9 @@ rules: - get - list - watch + - create + - patch + - update # pod list/update needed for updating ephemeral data - apiGroups: - "" diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 223d13f0..d06c0c92 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -65,6 +65,10 @@ spec: {{- with .Values.controller.extraContainers }} {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{- toYaml .Values.controller.nodeSelector | nindent 8 }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 23794c34..81ce8542 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -66,7 +66,7 @@ rules: - list - watch - patch -# secret read access to run analysis templates which reference secrets +# secret access to run analysis templates which reference secrets # configmap access to read notification-engine configuration - apiGroups: - "" @@ -77,6 +77,9 @@ rules: - get - list - watch + - create + - patch + - update # pod list/update needed for updating ephemeral data - apiGroups: - "" diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index ae24b660..f74ed7a1 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -74,6 +74,15 @@ controller: ## This will be rendered as the literal yaml extraContainers: [] + # -- Init containers to add to the rollouts controller pod + ## This will be rendered as the literal yaml + initContainers: [] + # - name: download-tools + # image: alpine:3.8 + # command: [sh, -c] + # args: + # - ls + # -- Resource limits and requests for the controller pods. resources: {} # limits: