From e7258346cc3c90ae31529521470a0903c2f25afa Mon Sep 17 00:00:00 2001 From: caseyclarkjamf <46542458+caseyclarkjamf@users.noreply.github.com> Date: Tue, 1 Dec 2020 17:26:17 -0600 Subject: [PATCH 1/2] fix: (argo-rollouts) Add clusterInstall conditional around aggregate ClusterRoles (#484) * add clusterinstall conditional around aggregate clusterroles Signed-off-by: Casey Clark * bump chart version to 0.3.9 Signed-off-by: Casey Clark Co-authored-by: Scott Cabrinha --- charts/argo-rollouts/Chart.yaml | 2 +- .../argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index dfc42e56..4bf8c39b 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.9.1" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.3.8 +version: 0.3.9 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml index 7f94befa..2cc55d1f 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml @@ -1,3 +1,4 @@ +{{- if .Values.clusterInstall }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -75,3 +76,4 @@ rules: - patch - update - watch +{{- end }} From e6babc874b0ab6f43a670f682b56cd4116c4c035 Mon Sep 17 00:00:00 2001 From: Joe McGovern Date: Wed, 2 Dec 2020 10:26:21 -0600 Subject: [PATCH 2/2] fix(argo): Use https for readiness probe in secure mode (#506) Signed-off-by: Joseph McGovern Co-authored-by: Stefan Sedich --- charts/argo/Chart.yaml | 2 +- charts/argo/templates/server-deployment.yaml | 7 +++++++ charts/argo/values.yaml | 6 ++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 63fbbdbb..76a5299a 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v2.11.7 description: A Helm chart for Argo Workflows name: argo -version: 0.13.8 +version: 0.13.10 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml index bae59607..832fd37d 100644 --- a/charts/argo/templates/server-deployment.yaml +++ b/charts/argo/templates/server-deployment.yaml @@ -38,6 +38,9 @@ spec: {{- if .Values.server.extraArgs }} {{- toYaml .Values.server.extraArgs | nindent 10 }} {{- end }} + {{- if .Values.server.secure }} + - "--secure" + {{- end }} {{- if .Values.singleNamespace }} - "--namespaced" {{- end }} @@ -52,7 +55,11 @@ spec: httpGet: path: / port: 2746 + {{- if .Values.server.secure }} + scheme: HTTPS + {{- else }} scheme: HTTP + {{- end }} initialDelaySeconds: 10 periodSeconds: 20 env: diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 5a9a452b..67c9af29 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -201,6 +201,12 @@ server: # PriorityClass: system-cluster-critical priorityClassName: "" + # Run the argo server in "secure" mode. Configure this value instead of + # "--secure" in extraArgs. See the following documentation for more details + # on secure mode: + # https://argoproj.github.io/argo/tls/#encrypted + secure: false + # Extra arguments to provide to the Argo server binary. extraArgs: []