Merge branch 'master' into feat-argo-events-serviceaccount-annotations

.circleci/chart-testing.yaml

@@ -1,4 +0,0 @@
-chart-repos:
-  - argo=https://argoproj.github.io/argo-helm
-  - minio=https://helm.min.io/
-  - dandydeveloper=https://dandydeveloper.github.io/charts/

.circleci/config.yml

@@ -5,32 +5,13 @@ jobs:
       - image: quay.io/helmpack/chart-testing:v3.3.1
     steps:
       - checkout
-      - run: helm repo add stable https://charts.helm.sh/stable
+      - run: ct lint --config .github/configs/ct-lint.yaml --lint-conf .github/configs/lintconf.yaml
-      - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
-  # Technically this only needs to be run on master, but it's good to have it run on every PR
-  # so that it is regularly tested.
   publish:
     docker:
-      # We just need an image with `helm` on it. Handily we know of one already.
+      - image: bash
-      - image: quay.io/helmpack/chart-testing:v3.3.1
     steps:
-      # install the additional keys needed to push to GitHub. Alex Collins owns these keys.
+      - run: echo "Replaced by Github Workflow - https://github.com/argoproj/argo-helm/actions/workflows/publish.yml"
-      - add_ssh_keys
+
-      - run: git config --global user.email "nobody@circleci.com"
-      - run: git config --global user.name "Circle CI Build"
-      - checkout
-      - run: helm repo add stable https://charts.helm.sh/stable
-      - run: helm repo add minio https://helm.min.io/
-      - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
-      # Only actually publish charts on master.
-      - run: |
-          set -x
-          if [ "$CIRCLE_BRANCH" = "master" ]; then
-            export GIT_PUSH=true
-          else 
-            export GIT_PUSH=false
-          fi
-          sh ./scripts/publish.sh
 workflows:
   version: 2
   workflow:
@@ -38,4 +19,4 @@ workflows:
       - lint
       - publish:
           requires:
-            - lint
+            - lint

.github/configs/cr.yaml

@@ -0,0 +1,2 @@
+## Reference: https://github.com/helm/chart-releaser
+index-path: "./index.yaml" 

.github/configs/ct-install.yaml

@@ -0,0 +1,19 @@
+## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
+# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
+# Only Used for the CT Install Stage
+remote: origin
+chart-dirs:
+  - charts
+chart-repos:
+  - argo=https://argoproj.github.io/argo-helm
+  - minio=https://helm.min.io/
+  - dandydeveloper=https://dandydeveloper.github.io/charts/
+  - stable=https://charts.helm.sh/stable
+  - incubator=https://charts.helm.sh/incubator
+helm-extra-args: "--timeout 600s"  
+validate-chart-schema: false
+validate-maintainers: true
+validate-yaml: true
+exclude-deprecated: true
+excluded-charts: 
+  - "argocd-applicationset"

.github/configs/ct-lint.yaml

@@ -0,0 +1,18 @@
+## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
+# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
+# Only Used for the CT Lint Stage
+remote: origin
+chart-dirs:
+  - charts
+chart-repos:
+  - argo=https://argoproj.github.io/argo-helm
+  - minio=https://helm.min.io/
+  - dandydeveloper=https://dandydeveloper.github.io/charts/
+  - stable=https://charts.helm.sh/stable
+  - incubator=https://charts.helm.sh/incubator
+helm-extra-args: "--timeout 600s"  
+validate-chart-schema: false
+validate-maintainers: true
+validate-yaml: true
+exclude-deprecated: true
+excluded-charts: []

.github/stale.yml

@@ -1 +0,0 @@
-# See https://github.com/probot/stale

.github/workflows/lint-and-test.yml

@@ -0,0 +1,45 @@
+## Reference: https://github.com/helm/chart-testing-action
+---
+name: Linting and Testing
+on: pull_request
+jobs: 
+  chart-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+
+      - name: Set up python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Setup Chart Linting
+        id: lint
+        uses: helm/chart-testing-action@v2.0.1
+
+      - name: List changed charts
+        id: list-changed
+        run: |
+          ## If executed with debug this won't work anymore.
+          changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
+          charts=$(echo "$changed" | tr '\n' ' ' | xargs)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+            echo "::set-output name=changed_charts::$charts"
+          fi
+      - name: Run chart-testing (lint)
+        run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.1.0
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        run: ct install --config ./.github/configs/ct-install.yaml
+        if: steps.list-changed.outputs.changed == 'true'

.github/workflows/pr-sizing.yml

@@ -0,0 +1,14 @@
+## Reference: https://github.com/pascalgn/size-label-action
+---
+name: 'PR Size'
+on: 
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+jobs:
+  size-label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: size-label
+        uses: "pascalgn/size-label-action@v0.4.2"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/publish.yml

@@ -0,0 +1,42 @@
+---
+name: Chart Publish
+on:
+  push:
+    branches:
+      - master
+      - rewrite-build
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+
+      - name: Add dependency chart repos
+        run: |
+          helm repo add argo https://argoproj.github.io/argo-helm
+          helm repo add minio https://helm.min.io/
+          helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
+          helm repo add stable https://charts.helm.sh/stable
+          helm repo add incubator https://charts.helm.sh/incubator
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"  
+          
+      ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases.
+      - name: Fetch current Chart Index 
+        run: |
+          git checkout origin/gh-pages index.yaml
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.2.0
+        with: 
+          config: "./.github/configs/cr.yaml"
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/stale.yml

@@ -1,14 +1,10 @@
 name: Mark stale issues and pull requests
-
 on:
   schedule:
   - cron: "30 1 * * *"
-
 jobs:
   stale:
-
     runs-on: ubuntu-latest
-
     steps:
     - uses: actions/stale@v3
       with:

CODEOWNERS

@@ -1,5 +1,8 @@
 # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 
+# All charts
+/charts/ @mkilchhofer
+
 # Argo Workflows
 /charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
 
@@ -10,7 +13,7 @@
 /charts/argo-events @jbehling @VaibhavPage @oliverbaehler
 
 # Argo Rollouts
-/charts/argo-rollouts @cabrinha @oliverbaehler
+/charts/argo-rollouts @oliverbaehler
 
 # Argo CD Notifications
 /charts/argocd-notifications @alexmt @andyfeller @oliverbaehler

CONTRIBUTING.md

@@ -22,6 +22,12 @@ helm delete argo-cd --purge
 kubectl delete crd -l app.kubernetes.io/part-of=argocd
 ```
 
+Pre-requisites:
+```
+helm repo add redis-ha https://dandydeveloper.github.io/charts/
+helm dependency update
+```
+
 Minimally:
 
 ```
@@ -80,7 +86,7 @@ As part of the Continuous Integration system we run Helm's [Chart Testing](https
 
 The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
 
-Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml)
+Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml)
 
 The linting can be invoked manually with the following command:
 
@@ -90,11 +96,4 @@ The linting can be invoked manually with the following command:
 
 ## Publishing Changes
 
-Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this:
+Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`).
-
-```
-GIT_PUSH=true ./scripts/publish.sh
-```
-
-Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch.
-Write access to https://github.com/argoproj/argo-helm.git is required to publish changes.

README.md

@@ -1,5 +1,7 @@
 # Argo Helm Charts
 
+[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
+
 Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command:
 
 ```

charts/argo-cd/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 2.0.0
+appVersion: 2.0.1
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 3.2.3
+version: 3.6.0
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:

charts/argo-cd/README.md

@@ -34,13 +34,28 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop
 
 ## Upgrading
 
+### 3.2.* 
+
+With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
+[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**,
+especially deploying on clusters running a cluster version prior to `1.19` (which misses  `Ingress` on apiVersion `networking.k8s.io/v1`).
+
+If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like:
+
+```yaml
+kubeVersionOverride: "1.18.0"
+``` 
+
+Then you should no longer encounter this issue.
+
+
 ### 3.0.0 and above
 
 Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3.
 
 ### 2.14.7 and above
 
-The `matchLabels` key in the ArgoCD Appliaction Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
+The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
 
 ### 2.10.x to 2.11.0
 
@@ -98,7 +113,9 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
 | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
 | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
+| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` |
 | nameOverride | Provide a name in place of `argocd` | `"argocd"` |
+| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` |
 | installCRDs | Install CRDs if you are using Helm2. | `true` |
 | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
 | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
@@ -113,6 +130,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` |
 | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
 | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
+| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) |
 | openshift.enabled | enables using arbitrary uid for argo repo server | `false` |
 
 ## ArgoCD Controller

charts/argo-cd/templates/NOTES.txt

@@ -9,7 +9,8 @@ In order to access the server UI you have the following options:
       - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
 
 
-After reaching the UI the first time you can login with username: admin and the password will be the
+After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
-name of the server pod. You can get the pod name by running:
 
-kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2
+kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+
+(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli)

charts/argo-cd/templates/_helpers.tpl

@@ -144,11 +144,36 @@ app.kubernetes.io/component: {{ .component }}
 Return the appropriate apiVersion for ingress
 */}}
 {{- define "argo-cd.ingress.apiVersion" -}}
-{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}}
 {{- print "extensions/v1beta1" -}}
-{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}}
 {{- print "networking.k8s.io/v1beta1" -}}
 {{- else -}}
 {{- print "networking.k8s.io/v1" -}}
 {{- end -}}
+{{- end -}}
+
+{{/*
+Return the target Kubernetes version
+*/}}
+{{- define "argo-cd.kubeVersion" -}}
+  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
+{{- end -}}
+
+{{/* 
+Argo Configuration Preset Values (Incluenced by Values configuration)
+*/}}
+{{- define "argo-cd.config.presets" -}}
+  {{- if .Values.configs.styles }}
+ui.cssurl: "./custom/custom.styles.css"
+  {{- end }}
+{{- end -}}
+
+{{/* 
+Merge Argo Configuration with Preset Configuration
+*/}}
+{{- define "argo-cd.config" -}}
+  {{- if .Values.server.configEnabled -}}
+{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }}
+  {{- end -}}
 {{- end -}}

charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml

@@ -6,6 +6,9 @@ metadata:
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
+{{- if .Values.controller.clusterRoleRules.enabled }}
+{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
+{{ else }}
 - apiGroups:
   - '*'
   resources:
@@ -16,4 +19,5 @@ rules:
   - '*'
   verbs:
   - '*'
-{{- end }}
+{{- end }}
+{{- end }}

charts/argo-cd/templates/argocd-application-controller/deployment.yaml

@@ -70,6 +70,9 @@ spec:
         {{- if .Values.controller.env }}
         env:
 {{- toYaml .Values.controller.env | nindent 8 }}
+        {{- end }}
+        {{- with .Values.controller.envFrom }}
+        envFrom: {{- toYaml . | nindent 8 }}
         {{- end }}
         ports:
         - name: controller
@@ -95,9 +98,9 @@ spec:
         volumeMounts:
         - mountPath: /app/config/controller/tls
           name: argocd-repo-server-tls
-{{- if .Values.controller.volumeMounts }}
+        {{- with .Values.controller.volumeMounts }}
-{{- toYaml .Values.controller.volumeMounts | nindent 10}}
+        {{- toYaml . | nindent 8 }}
-{{- end }}
+        {{- end }}
         resources:
 {{- toYaml .Values.controller.resources | nindent 10 }}
     {{- if .Values.controller.nodeSelector }}
@@ -129,9 +132,9 @@ spec:
             path: ca.crt
           optional: true
           secretName: argocd-repo-server-tls
-{{- if .Values.controller.volumes }}
+      {{- with .Values.controller.volumes }}
-{{- toYaml .Values.controller.volumes | nindent 8 }}
+      {{- toYaml . | nindent 6 }}
-{{- end }}
+      {{- end }}
 {{- if .Values.controller.priorityClassName }}
       priorityClassName: {{ .Values.controller.priorityClassName }}
 {{- end }}

charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml

@@ -17,7 +17,9 @@ metadata:
 spec:
   endpoints:
     - port: metrics
-      interval: 30s
+      {{- with .Values.controller.metrics.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
       path: /metrics
   namespaceSelector:
     matchNames:

charts/argo-cd/templates/argocd-configs/argocd-cm.yaml

@@ -11,6 +11,5 @@ metadata:
     {{ $key }}: {{ $value | quote }}
   {{- end }}
   {{- end }}
-data:
+data: {{- include "argo-cd.config" $ | nindent 4 }}
-{{- toYaml .Values.server.config | nindent 4 }}
 {{- end }}

charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.configs.styles }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-custom-styles
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+data:
+  custom.styles.css: |
+    {{- .Values.configs.styles | nindent 4 }}
+{{- end }}

charts/argo-cd/templates/argocd-repo-server/deployment.yaml

@@ -67,6 +67,9 @@ spec:
           value: argocd
 {{- end }}
 {{- end }}
+        {{- with .Values.openshift.envFrom }}
+        envFrom: {{- toYaml . | nindent 8 }}
+        {{- end }}
         volumeMounts:
         {{- if .Values.repoServer.volumeMounts }}
 {{- toYaml .Values.repoServer.volumeMounts | nindent 8}}

charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml

@@ -17,7 +17,9 @@ metadata:
 spec:
   endpoints:
     - port: metrics
-      interval: 30s
+      {{- with .Values.controller.metrics.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
       path: /metrics
   namespaceSelector:
     matchNames:

charts/argo-cd/templates/argocd-server/deployment.yaml

@@ -67,6 +67,9 @@ spec:
         {{- if .Values.server.env }}
         env:
 {{- toYaml .Values.server.env | nindent 8 }}
+        {{- end }}
+        {{- with .Values.server.envFrom }}
+        envFrom: {{- toYaml . | nindent 8 }}
         {{- end }}
         volumeMounts:
         {{- if .Values.server.volumeMounts }}
@@ -82,6 +85,11 @@ spec:
         {{- end }}
         - mountPath: /app/config/server/tls
           name: argocd-repo-server-tls
+        {{- if .Values.configs.styles }}
+        - mountPath: "/shared/app/custom/custom.styles.css"
+          subPath: "custom.styles.css"
+          name: custom-styles
+        {{- end }}
         ports:
         - name: {{ .Values.server.name }}
           containerPort: {{ .Values.server.containerPort }}
@@ -141,6 +149,11 @@ spec:
       {{- end }}
       - emptyDir: {}
         name: static-files
+      {{- if .Values.configs.styles }}
+      - configMap:
+          name: argocd-custom-styles
+        name: custom-styles
+      {{- end }}
       {{- if .Values.configs.knownHosts }}
       - configMap:
           name: argocd-ssh-known-hosts-cm

charts/argo-cd/templates/argocd-server/service.yaml

@@ -44,3 +44,6 @@ spec:
 {{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
 {{- end -}}
+{{- with .Values.server.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ . }}
+{{- end }}

charts/argo-cd/templates/argocd-server/servicemonitor.yaml

@@ -17,7 +17,9 @@ metadata:
 spec:
   endpoints:
     - port: metrics
-      interval: 30s
+      {{- with .Values.controller.metrics.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
       path: /metrics
   namespaceSelector:
     matchNames:

charts/argo-cd/templates/dex/deployment.yaml

@@ -62,6 +62,9 @@ spec:
         {{- if .Values.dex.env }}
         env:
 {{- toYaml .Values.dex.env | nindent 8 }}
+        {{- end }}
+        {{- with .Values.dex.envFrom }}
+        envFrom: {{- toYaml . | nindent 8 }}
         {{- end }}
         ports:
         - name: http

charts/argo-cd/templates/dex/servicemonitor.yaml

@@ -17,7 +17,9 @@ metadata:
 spec:
   endpoints:
     - port: metrics
-      interval: 30s
+      {{- with .Values.controller.metrics.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
       path: /metrics
   namespaceSelector:
     matchNames:

charts/argo-cd/templates/redis/deployment.yaml

@@ -52,6 +52,9 @@ spec:
         {{- if .Values.redis.env }}
         env:
 {{- toYaml .Values.redis.env | nindent 8 }}
+        {{- end }}
+        {{- with .Values.redis.envFrom }}
+        envFrom: {{- toYaml . | nindent 8 }}
         {{- end }}
         ports:
         - containerPort: {{ .Values.redis.containerPort }}

charts/argo-cd/values.yaml

@@ -3,6 +3,7 @@
 ##
 nameOverride: argocd
 fullnameOverride: ""
+kubeVersionOverride: ""
 
 # Optional CRD installation for those without Helm hooks
 installCRDs: true
@@ -10,7 +11,7 @@ installCRDs: true
 global:
   image:
     repository: quay.io/argoproj/argocd
-    tag: v2.0.0
+    tag: v2.0.1
     imagePullPolicy: IfNotPresent
   securityContext: {}
   #  runAsUser: 999
@@ -61,6 +62,14 @@ controller:
     # - name: "ARGOCD_CONTROLLER_REPLICAS"
     #   value: ""
 
+  ## envFrom to pass to argocd-controller
+  ##
+  envFrom: []
+  # - configMapRef:
+  #     name: config-map-name
+  # - secretRef:
+  #     name: secret-name
+
   ## Annotations to be added to controller pods
   ##
   podAnnotations: {}
@@ -143,6 +152,7 @@ controller:
       servicePort: 8082
     serviceMonitor:
       enabled: false
+      interval: 30s
     #   selector:
     #     prometheus: kube-prometheus
     #   namespace: monitoring
@@ -183,6 +193,13 @@ controller:
   ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
   clusterAdminAccess:
     enabled: true
+  ## Enable Custom Rules for the Application Controller's Cluster Role resource
+  ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
+  ## Defaults to off
+  clusterRoleRules:
+    enabled: false
+    rules: []
+
 
 ## Dex
 dex:
@@ -196,6 +213,7 @@ dex:
       labels: {}
     serviceMonitor:
       enabled: false
+      interval: 30s
 
   image:
     repository: quay.io/dexidp/dex
@@ -210,6 +228,13 @@ dex:
   ##
   env: []
 
+  ## envFrom to pass to the Dex server
+  envFrom: []
+  # - configMapRef:
+  #     name: config-map-name
+  # - secretRef:
+  #     name: secret-name
+
   ## Annotations to be added to the Dex server pods
   ##
   podAnnotations: {}
@@ -276,7 +301,7 @@ redis:
 
   image:
     repository: redis
-    tag: 6.2.1-alpine
+    tag: 6.2.2-alpine
     imagePullPolicy: IfNotPresent
 
   ## Additional command line arguments to pass to redis-server
@@ -292,6 +317,14 @@ redis:
   ##
   env: []
 
+  ## envFrom to pass to the Redis server
+  ##
+  envFrom: []
+  # - configMapRef:
+  #     name: config-map-name
+  # - secretRef:
+  #     name: secret-name
+
   ## Annotations to be added to the Redis server pods
   ##
   podAnnotations: {}
@@ -353,7 +386,7 @@ redis-ha:
     metrics:
       enabled: true
   image:
-    tag: 6.2.1-alpine
+    tag: 6.2.2-alpine
 
 ## Server
 server:
@@ -382,6 +415,14 @@ server:
   ##
   env: []
 
+  ## envFrom to pass to argocd-server
+  ##
+  envFrom: []
+  # - configMapRef:
+  #     name: config-map-name
+  # - secretRef:
+  #     name: secret-name
+
   ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container
   ##
   lifecycle: {}
@@ -472,6 +513,7 @@ server:
     loadBalancerIP: ""
     loadBalancerSourceRanges: []
     externalIPs: []
+    externalTrafficPolicy: ""
 
   ## Server metrics service configuration
   metrics:
@@ -482,6 +524,7 @@ server:
       servicePort: 8083
     serviceMonitor:
       enabled: false
+      interval: 30s
     #   selector:
     #     prometheus: kube-prometheus
     #   namespace: monitoring
@@ -751,6 +794,14 @@ repoServer:
   ##
   env: []
 
+  ## envFrom to pass to argocd-repo-server
+  ##
+  envFrom: []
+  # - configMapRef:
+  #     name: config-map-name
+  # - secretRef:
+  #     name: secret-name
+
   ## Argo repoServer log format: text|json
   logFormat: text
   ## Argo repoServer log level
@@ -830,6 +881,7 @@ repoServer:
       servicePort: 8084
     serviceMonitor:
       enabled: false
+      interval: 30s
     #   selector:
     #     prometheus: kube-prometheus
     #   namespace: monitoring
@@ -1008,9 +1060,16 @@ configs:
 
     # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
     # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
-    # argocdServerAdminPassword:
+    # argocdServerAdminPassword: ""
     # Password modification time defaults to current time if not set
     # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"
 
+  ## Custom CSS Styles
+  ## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
+  # styles: |
+  #  .nav-bar {
+  #    background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
+  #  }
+
 openshift:
   enabled: false

charts/argo-ci/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-description: A Helm chart for Argo-CI
-name: argo-ci
-version: 1.0.0
-icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
-appVersion: v1.0.0-alpha2
-home: https://github.com/argoproj/argo-helm
-deprecated: true
-dependencies:
-  - name: argo
-    version: "^0.16.0"
-    repository: https://argoproj.github.io/argo-helm

charts/argo-ci/README.md

@@ -1,5 +0,0 @@
-# Argo CI Chart
-
-**Deprecated** - Use [Argo-Events](./argo-events) instead.
-
-This is a **community maintained** chart.

charts/argo-ci/templates/_helpers.tpl

@@ -1,16 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{- define "fullname" -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/argo-ci/templates/ci-deployment.yaml

@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-ci
-  labels:
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}-ci
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}-ci
-        release: {{ .Release.Name }}
-    spec:
-      containers:
-        - name: ci
-          image: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}"
-          imagePullPolicy: {{ .Values.imagePullPolicy }}
-          env:
-          - name: IN_CLUSTER
-            value: "true"
-          - name: NAMESPACE
-            value: {{ .Values.workflowNamespace }}
-          - name: ARGO_CI_IMAGE
-            value: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}"
-          - name: CONTROLLER_INSTANCE_ID
-            value: {{ .Release.Name }}
-          ports:
-          - containerPort: 8001
-          - containerPort: 8002
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

charts/argo-ci/templates/ci-service.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-ci
-  labels:
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 8001
-  selector:
-    app: {{ .Release.Name }}-ci
-  sessionAffinity: None
-  type: LoadBalancer

charts/argo-ci/values.yaml

@@ -1,14 +0,0 @@
-imageNamespace: argoproj
-ciImage: argoci
-imageTag: v1.0.0-alpha2
-imagePullPolicy: Always
-# Secrets with credentials to pull images from a private registry
-imagePullSecrets: []
-# - name: argo-pull-secret
-workflowNamespace: default
-
-argo:
-  imagesNamespace: argoproj
-  installMinio: true
-  minioBucketName: argo-artifacts
-  useReleaseAsInstanceID: true

charts/argo-events/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: A Helm chart to install Argo-Events in k8s Cluster
 name: argo-events
-version: 1.4.0
+version: 1.4.2
 keywords:
   - argo-events
   - sensor-controller

charts/argo-events/ci/test-values.yaml

@@ -1,6 +1,3 @@
 serviceAccount: argo-events-sa-test
-additionalSaNamespaces:
-  - nsone
-  - nstwo
 instanceID: test-argo-events
 singleNamespace: false

charts/argo-rollouts/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "0.10.2"
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 0.5.2
+version: 0.5.3
 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:

charts/argo-workflows/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: argo-workflows
+description: A Helm chart for Argo Workflows
+type: application
+version: 0.1.2
+appVersion: "v3.0.2"
+icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
+home: https://github.com/argoproj/argo-helm
+sources:
+  - https://github.com/argoproj/argo-workflows
+maintainers:
+  - name: alexec
+  - name: alexmt
+  - name: jessesuen
+  - name: benjaminws

charts/argo-workflows/README.md

@@ -0,0 +1,48 @@
+# Argo Workflows Chart
+
+This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm).
+
+If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace.
+
+## Pre-Requisites
+
+This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these.
+
+A few options are:
+
+- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute
+- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
+
+## Usage Notes
+
+This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
+
+## Values
+
+The `values.yaml` contains items used to tweak a deployment of this chart.
+Fields to note:
+
+- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute
+- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name
+- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor
+- `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran
+
+## Breaking changes from the deprecated `argo` chart
+
+1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory
+1. the CRDs were updated to `apiextensions.k8s.io/v1`
+1. the container image registry/project/tag format was changed to be more in line with the more common
+
+   ```yaml
+   image:
+     registry: quay.io
+     repository: argoproj/argocli
+     tag: v3.0.1
+   ```
+
+   this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images.
+
+1. switched to quay.io as the default registry for all images
+1. removed any included usage of Minio
+1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create`
+1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig`

charts/argo-workflows/ci/enable-ingress-values.yaml

@@ -0,0 +1,5 @@
+server:
+  ingress:
+    enabled: true
+    hosts:
+      - argo-workflows.127.0.0.1.xip.io

charts/argo-workflows/ci/enable-metrics-values.yaml

@@ -0,0 +1,7 @@
+controller:
+  serviceMonitor:
+    enabled: false
+  metricsConfig:
+    enabled: true
+  telemetryConfig:
+    enabled: true

charts/argo-workflows/ci/enable-rbac-values.yaml

@@ -0,0 +1,5 @@
+workflow:
+  serviceAccount:
+    create: true # Specifies whether a service account should be created
+  rbac:
+    create: true # adds Role and RoleBinding for the above specified service account to be able to run workflows

charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml

@@ -1,14 +1,9 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: clusterworkflowtemplates.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
 spec:
   group: argoproj.io
-  version: v1alpha1
-  scope: Cluster
   names:
     kind: ClusterWorkflowTemplate
     listKind: ClusterWorkflowTemplateList
@@ -17,7 +12,24 @@ spec:
     - clusterwftmpl
     - cwft
     singular: clusterworkflowtemplate
+  scope: Cluster
   versions:
   - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        required:
+        - metadata
+        - spec
+        type: object
     served: true
     storage: true

charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml

@@ -0,0 +1,38 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: cronworkflows.argoproj.io
+spec:
+  group: argoproj.io
+  names:
+    kind: CronWorkflow
+    listKind: CronWorkflowList
+    plural: cronworkflows
+    shortNames:
+    - cwf
+    - cronwf
+    singular: cronworkflow
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true

charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml

@@ -0,0 +1,34 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: workfloweventbindings.argoproj.io
+spec:
+  group: argoproj.io
+  names:
+    kind: WorkflowEventBinding
+    listKind: WorkflowEventBindingList
+    plural: workfloweventbindings
+    shortNames:
+    - wfeb
+    singular: workfloweventbinding
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true

charts/argo-workflows/crds/argoproj.io_workflows.yaml

@@ -0,0 +1,48 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: workflows.argoproj.io
+spec:
+  group: argoproj.io
+  names:
+    kind: Workflow
+    listKind: WorkflowList
+    plural: workflows
+    shortNames:
+    - wf
+    singular: workflow
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Status of the workflow
+      jsonPath: .status.phase
+      name: Status
+      type: string
+    - description: When the workflow was started
+      format: date-time
+      jsonPath: .status.startedAt
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources: {}

charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml

@@ -0,0 +1,34 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: workflowtemplates.argoproj.io
+spec:
+  group: argoproj.io
+  names:
+    kind: WorkflowTemplate
+    listKind: WorkflowTemplateList
+    plural: workflowtemplates
+    shortNames:
+    - wftmpl
+    singular: workflowtemplate
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true

charts/argo-workflows/templates/NOTES.txt

@@ -0,0 +1,7 @@
+1. Get Argo Server external IP/domain by running:
+
+kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }}
+
+2. Submit the hello-world workflow by running:
+
+argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch

charts/argo-workflows/templates/_helpers.tpl

@@ -0,0 +1,96 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Create argo workflows server name and version as used by the chart label.
+*/}}
+{{- define "argo-workflows.server.fullname" -}}
+{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create controller name and version as used by the chart label.
+*/}}
+{{- define "argo-workflows.controller.fullname" -}}
+{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "argo-workflows.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "argo-workflows.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "argo-workflows.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "argo-workflows.labels" -}}
+helm.sh/chart: {{ include "argo-workflows.chart" .context }}
+{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
+app.kubernetes.io/managed-by: {{ .context.Release.Service }}
+app.kubernetes.io/part-of: argo-workflows
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "argo-workflows.selectorLabels" -}}
+{{- if .name -}}
+app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
+{{ end -}}
+app.kubernetes.io/instance: {{ .context.Release.Name }}
+{{- if .component }}
+app.kubernetes.io/component: {{ .component }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the server service account to use
+*/}}
+{{- define "argo-workflows.serverServiceAccountName" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "argo-workflows.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "argo-workflows.controllerServiceAccountName" -}}
+{{- if .Values.controller.serviceAccount.create -}}
+    {{ default (include "argo-workflows.fullname" .) .Values.controller.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.controller.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress
+*/}}
+{{- define "argo-workflows.ingress.apiVersion" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}

charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     helm.sh/hook: pre-install
     helm.sh/hook-delete-policy: before-hook-creation
-  name: argo-aggregate-to-view
+  name: argo-workflows-aggregate-to-view
   labels:
     rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
@@ -14,6 +14,8 @@ rules:
   resources:
   - workflows
   - workflows/finalizers
+  - workfloweventbindings
+  - workfloweventbindings/finalizers
   - workflowtemplates
   - workflowtemplates/finalizers
   - cronworkflows
@@ -31,7 +33,7 @@ metadata:
   annotations:
     helm.sh/hook: pre-install
     helm.sh/hook-delete-policy: before-hook-creation
-  name: argo-aggregate-to-edit
+  name: argo-workflows-aggregate-to-edit
   labels:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
 rules:
@@ -40,6 +42,8 @@ rules:
   resources:
   - workflows
   - workflows/finalizers
+  - workfloweventbindings
+  - workfloweventbindings/finalizers
   - workflowtemplates
   - workflowtemplates/finalizers
   - cronworkflows
@@ -62,7 +66,7 @@ metadata:
   annotations:
     helm.sh/hook: pre-install
     helm.sh/hook-delete-policy: before-hook-creation
-  name: argo-aggregate-to-admin
+  name: argo-workflows-aggregate-to-admin
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
@@ -71,6 +75,8 @@ rules:
   resources:
   - workflows
   - workflows/finalizers
+  - workfloweventbindings
+  - workfloweventbindings/finalizers
   - workflowtemplates
   - workflowtemplates/finalizers
   - cronworkflows

charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml

@@ -5,7 +5,9 @@ kind: Role
 kind: ClusterRole
 {{- end }}
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}
+  name: {{ template "argo-workflows.controller.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
 - apiGroups:
   - ""

charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml

@@ -1,11 +1,9 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap
+  name: {{ template "argo-workflows.controller.fullname" . }}-configmap
   labels:
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
 data:
   config: |
     {{- if .Values.controller.instanceID.enabled }}
@@ -31,7 +29,7 @@ data:
       securityContext: {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- end }}
-    {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
+    {{- if .Values.useDefaultArtifactRepo }}
     artifactRepository:
       {{- if .Values.artifactRepository.archiveLogs }}
       archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
@@ -44,13 +42,13 @@ data:
         {{- if .Values.useStaticCredentials }}
         accessKeySecret:
           key: {{ .Values.artifactRepository.s3.accessKeySecret.key }}
-          name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }}
+          name: {{ .Values.artifactRepository.s3.accessKeySecret.name }}
         secretKeySecret:
           key: {{ .Values.artifactRepository.s3.secretKeySecret.key }}
-          name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }}
+          name: {{ .Values.artifactRepository.s3.secretKeySecret.name }}
         {{- end }}
-        bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }}
+        bucket: {{ .Values.artifactRepository.s3.bucket }}
-        endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }}
+        endpoint: {{ .Values.artifactRepository.s3.endpoint }}
         insecure: {{ .Values.artifactRepository.s3.insecure }}
         {{- if .Values.artifactRepository.s3.keyFormat }}
         keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}

charts/argo-workflows/templates/controller/workflow-controller-crb.yaml

@@ -5,7 +5,9 @@ kind: RoleBinding
 kind: ClusterRoleBinding
 {{- end }}
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}
+  name: {{ template "argo-workflows.controller.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   {{- if .Values.singleNamespace }}
@@ -13,13 +15,13 @@ roleRef:
   {{ else }}
   kind: ClusterRole
   {{- end }}
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}
+  name: {{ template "argo-workflows.controller.fullname" . }}
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.controller.serviceAccount }}
+    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 {{- if .Values.controller.workflowNamespaces }}
-{{- $uiServiceAccount := .Values.controller.serviceAccount }}
+{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }}
 {{- $namespace := .Release.Namespace }}
 {{- range $key := .Values.controller.workflowNamespaces }}
   {{- if not (eq $key $namespace) }}
@@ -33,12 +35,14 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
+  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
+  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.controller.serviceAccount }}
+    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
     namespace: {{ .Release.Namespace }}

charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml

@@ -2,12 +2,9 @@
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}
+  name: {{ template "argo-workflows.controller.fullname" . }}
   labels:
-    app: {{ .Release.Name }}-{{ .Values.controller.name}}
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
 spec:
   {{- if .Values.controller.pdb.minAvailable }}
   minAvailable: {{ .Values.controller.pdb.minAvailable }}
@@ -18,6 +15,5 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-      app: {{ .Release.Name }}-{{ .Values.controller.name}}
+      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-      release: {{ .Release.Name }}
 {{- end }}

charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml

@@ -0,0 +1,104 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "argo-workflows.controller.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
+        app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }}
+        {{- with.Values.controller.podLabels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.controller.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }}
+      {{- with .Values.controller.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: controller
+          image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.images.pullPolicy }}
+          command: [ "workflow-controller" ]
+          args:
+          - "--configmap"
+          - "{{ template "argo-workflows.controller.fullname" . }}-configmap"
+          - "--executor-image"
+          - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}"
+          - "--loglevel"
+          - "{{ .Values.controller.logging.level }}"
+          - "--gloglevel"
+          - "{{ .Values.controller.logging.globallevel }}"
+          {{- if .Values.singleNamespace }}
+          - "--namespaced"
+          {{- end }}
+          {{- with .Values.controller.workflowWorkers }}
+          - "--workflow-workers"
+          - {{ . | quote }}
+          {{- end }}
+          {{- with .Values.controller.podWorkers }}
+          - "--pod-workers"
+          - {{ . | quote }}
+          {{- end }}
+          {{- with .Values.controller.extraArgs }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          securityContext:
+            {{- toYaml .Values.controller.securityContext | nindent 12 }}
+          env:
+            - name: ARGO_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: LEADER_ELECTION_IDENTITY
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+          {{- with .Values.controller.extraEnv }}
+            {{ toYaml . | nindent 10 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.controller.resources | nindent 12 }}
+          ports:
+            - name: metrics
+              containerPort: {{ .Values.controller.metricsConfig.port }}
+          livenessProbe:
+            httpGet:
+              port: metrics
+              path: {{ .Values.controller.metricsConfig.path }}
+            initialDelaySeconds: 30
+            periodSeconds: 30
+      {{- with .Values.images.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.controller.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.controller.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.controller.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.controller.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}

charts/argo-workflows/templates/controller/workflow-controller-sa.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "argo-workflows.controllerServiceAccountName" . }}
+  {{ with .Values.controller.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml .| nindent 4 }}
+  {{- end }}

charts/argo-workflows/templates/controller/workflow-controller-service.yaml

@@ -0,0 +1,38 @@
+{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "argo-workflows.controller.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }}
+    {{- with .Values.controller.serviceLabels }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.controller.serviceAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+spec:
+  ports:
+  {{- if .Values.controller.metricsConfig.enabled }}
+  - name: {{ .Values.controller.metricsConfig.servicePortName }}
+    port: {{ .Values.controller.metricsConfig.servicePort }}
+    protocol: TCP
+    targetPort: {{ .Values.controller.metricsConfig.port }}
+  {{- end }}
+  {{- if .Values.controller.telemetryConfig.enabled }}
+  - name: {{ .Values.controller.telemetryConfig.servicePortName }}
+    port: {{ .Values.controller.telemetryConfig.servicePort }}
+    protocol: TCP
+    targetPort: {{ .Values.controller.telemetryConfig.port }}
+  {{- end }}
+  selector:
+    {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.controller.serviceType }}
+  {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+    {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml

@@ -2,14 +2,11 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}
+  name: {{ template "argo-workflows.controller.fullname" . }}
   labels:
-    app: {{ .Release.Name }}-{{ .Values.controller.name}}
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    {{- with .Values.controller.serviceMonitor.additionalLabels }}
-    release: {{ .Release.Name }}
+      {{- toYaml . | nindent 4 }}
-    heritage: {{ .Release.Service }}
-    {{- if .Values.controller.serviceMonitor.additionalLabels }}
-{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }}
     {{- end }}
 spec:
   endpoints:
@@ -28,6 +25,5 @@ spec:
       - {{ .Release.Namespace }}
   selector:
     matchLabels:
-      app: {{ .Release.Name }}-{{ .Values.controller.name}}
+      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-      release: {{ .Release.Name }}
 {{- end }}

charts/argo-workflows/templates/controller/workflow-rb.yaml

@@ -2,18 +2,18 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ .Release.Name }}-workflow
+  name: {{ template "argo-workflows.fullname" . }}-workflow
-{{- if .Values.workflow.namespace }}
+  {{- with .Values.workflow.namespace }}
-  namespace: {{ .Values.workflow.namespace }}
+  namespace: {{ . }} 
-{{- end }}
+  {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ .Release.Name }}-workflow
+  name: {{ template "argo-workflows.fullname" . }}-workflow
 subjects:
 - kind: ServiceAccount
   name: {{ .Values.workflow.serviceAccount.name }}
-  {{- if .Values.workflow.namespace }}
+  {{- with .Values.workflow.namespace }}
-  namespace: {{ .Values.workflow.namespace }}
+  namespace: {{ . }}
   {{- end }}
 {{- end }}

charts/argo-workflows/templates/controller/workflow-role.yaml

@@ -2,9 +2,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ .Release.Name }}-workflow
+  name: {{ template "argo-workflows.fullname" . }}-workflow
-  {{- if .Values.workflow.namespace }}
+  {{- with .Values.workflow.namespace }}
-  namespace: {{ .Values.workflow.namespace }}
+  namespace: {{ . }}
   {{- end }}
 rules:
 - apiGroups:

charts/argo-workflows/templates/controller/workflow-sa.yaml

@@ -3,8 +3,8 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.workflow.serviceAccount.name }}
-  {{- if .Values.workflow.namespace }}
+  {{- with .Values.workflow.namespace }}
-  namespace: {{ .Values.workflow.namespace }}
+  namespace: {{ . }}
   {{- end }}
   {{- with .Values.workflow.serviceAccount.annotations }}
   annotations:

charts/argo-workflows/templates/server/server-cluster-roles.yaml

@@ -1,12 +1,14 @@
 {{- if .Values.server.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
+  {{- if .Values.singleNamespace }}
 kind: Role
-{{- else }}
+  {{- else }}
 kind: ClusterRole
-{{- end }}
+  {{- end }}
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name }}
+  name: {{ template "argo-workflows.server.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 rules:
 - apiGroups:
   - ""
@@ -28,7 +30,7 @@ rules:
   - list
   - watch
   - delete
-{{- if .Values.server.sso }}
+  {{- if .Values.server.sso }}
 - apiGroups:
   - ""
   resources:
@@ -44,9 +46,7 @@ rules:
   - secrets
   verbs:
   - create
-{{- end}}
+    {{- if .Values.server.sso.rbac }}
-{{- if .Values.server.sso }}
-  {{- if .Values.server.sso.rbac }}
 - apiGroups:
   - ""
   resources:
@@ -54,8 +54,8 @@ rules:
   verbs:
   - get
   - list
+    {{- end }}
   {{- end }}
-{{- end }}
 - apiGroups:
   - ""
   resources:
@@ -95,27 +95,29 @@ rules:
   - get
 {{- end}}
 - apiGroups:
-  - argoproj.io
+    - argoproj.io
   resources:
-  - workflows
+    - eventsources
-  - workfloweventbindings
+    - sensors
-  - workflowtemplates
+    - workflows
-  - cronworkflows
+    - workfloweventbindings
-  - cronworkflows/finalizers
+    - workflowtemplates
-  - clusterworkflowtemplates
+    - cronworkflows
   verbs:
-  - create
+    - create
-  - get
+    - get
-  - list
+    - list
-  - watch
+    - watch
-  - update
+    - update
-  - patch
+    - patch
-  - delete
+    - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template
+  name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 rules:
 - apiGroups:
   - argoproj.io

charts/argo-workflows/templates/server/server-crb.yaml

@@ -0,0 +1,39 @@
+{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: RoleBinding
+{{ else }}
+kind: ClusterRoleBinding
+{{- end }}
+metadata:
+  name: {{ template "argo-workflows.server.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
+  kind: ClusterRole
+  {{- end }}
+  name: {{ template "argo-workflows.server.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "argo-workflows.serverServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
+subjects:
+- kind: ServiceAccount
+  name: {{ template "argo-workflows.serverServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/argo-workflows/templates/server/server-deployment-pdb.yaml

@@ -0,0 +1,19 @@
+{{- if and .Values.server.enabled .Values.server.pdb.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "argo-workflows.server.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+spec:
+  {{- if .Values.server.pdb.minAvailable }}
+  minAvailable: {{ .Values.server.pdb.minAvailable }}
+  {{- else if .Values.server.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.server.pdb.maxUnavailable }}
+  {{- else }}
+  minAvailable: 0
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
+{{- end -}}

charts/argo-workflows/templates/server/server-deployment.yaml

@@ -2,55 +2,52 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name}}
+  name: {{ template "argo-workflows.server.fullname" . }}
   labels:
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    release: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }}
-    heritage: {{ .Release.Service }}
 spec:
   replicas: {{ .Values.server.replicas }}
   selector:
     matchLabels:
-      app: {{ .Release.Name }}-{{ .Values.server.name}}
+      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
-      release: {{ .Release.Name }}
   template:
     metadata:
       labels:
-        app: {{ .Release.Name }}-{{ .Values.server.name}}
+        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
-        release: {{ .Release.Name }}
+        app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }}
-        {{- if .Values.server.podLabels }}
+        {{- with .Values.server.podLabels }}
-        {{- toYaml .Values.server.podLabels | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
         {{- end }}
-      {{- if .Values.server.podAnnotations }}
+      {{- with .Values.server.podAnnotations }}
       annotations:
-{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }}
+        {{- toYaml .Values.server.podAnnotations | nindent 8 }}
+      {{- end }}
     spec:
-      serviceAccountName: {{ .Values.server.serviceAccount | quote }}
+      serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }}
-      {{- if .Values.server.podSecurityContext }}
+      {{- with .Values.server.podSecurityContext }}
       securityContext:
-        {{- toYaml .Values.server.podSecurityContext | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       containers:
         - name: argo-server
+          image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.images.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.server.securityContext | nindent 12 }}
           args:
           - server
-          - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap
+          - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap
-          {{- if .Values.server.extraArgs }}
+          {{- with .Values.server.extraArgs }}
-          {{- toYaml .Values.server.extraArgs | nindent 10 }}
+            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- if .Values.server.secure }}
-          - "--secure"
           {{- end }}
+          - "--secure={{ .Values.server.secure }}"
           {{- if .Values.singleNamespace }}
           - "--namespaced"
           {{- end }}
-          image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          {{- if .Values.server.podPortName }}
           ports:
-          - name: {{ .Values.server.podPortName }}
+          - name: web
             containerPort: 2746
-          {{- end }}
           readinessProbe:
             httpGet:
               path: /
@@ -102,7 +99,7 @@ spec:
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.server.priorityClassName }}
+      {{- with .Values.server.priorityClassName }}
-      priorityClassName: {{ .Values.server.priorityClassName }}
+      priorityClassName: {{ . }}
       {{- end }}
 {{- end -}}

charts/argo-workflows/templates/server/server-ingress.yaml

@@ -0,0 +1,88 @@
+{{- if .Values.server.ingress.enabled -}}
+{{- $serviceName := include "argo-workflows.server.fullname" . -}}
+{{- $servicePort := .Values.server.servicePort -}}
+{{- $paths := .Values.server.ingress.paths -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+{{- if .Values.server.ingress.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.server.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  name: {{ template "argo-workflows.server.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- if .Values.server.ingress.labels }}
+    {{- toYaml .Values.server.ingress.labels | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
+  {{- with .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- end }}
+  rules:
+  {{- if .Values.server.ingress.hosts }}
+    {{- range $host := .Values.server.ingress.hosts }}
+    - host: {{ $host }}
+      http:
+        paths:
+          {{- if $extraPaths }}
+          {{- toYaml $extraPaths | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
+            pathType: Prefix
+            {{- end }}
+            backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+              {{- else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{- end }}
+          {{- end -}}
+    {{- end -}}
+  {{- else }}
+    - http:
+        paths:
+          {{- if $extraPaths }}
+          {{- toYaml $extraPaths | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
+            pathType: Prefix
+            {{- end }}
+            backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+              {{- else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{- end }}
+          {{- end -}}
+  {{- end -}}
+  {{- if .Values.server.ingress.tls }}
+  tls:
+    {{- toYaml .Values.server.ingress.tls | nindent 4 }}
+  {{- end -}}
+{{- end -}}

charts/argo-workflows/templates/server/server-sa.yaml

@@ -0,0 +1,10 @@
+{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "argo-workflows.serverServiceAccountName" . }}
+  {{- with .Values.server.serviceAccount.annotations  }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/argo-workflows/templates/server/server-service.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.server.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "argo-workflows.server.fullname" . }}
+  labels:
+    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }}
+  {{- with .Values.server.serviceAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ports:
+  - port: {{ .Values.server.servicePort }}
+    {{- with .Values.server.servicePortName }}
+    name: {{ . }}
+    {{- end }}
+    targetPort: 2746
+  selector:
+    {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.server.serviceType }}
+  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
+  {{- end }}
+  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+    {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/argo-workflows/values.yaml

@@ -1,16 +1,9 @@
 images:
-  namespace: argoproj
+  # imagePullPolicy to apply to all containers
-  controller: workflow-controller
-  server: argocli
-  executor: argoexec
   pullPolicy: Always
   # Secrets with credentials to pull images from a private registry
   pullSecrets: []
   # - name: argo-pull-secret
-  tag: v2.12.5
-
-crdVersion: v1alpha1
-installCRD: true
 
 init:
   # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is
@@ -24,17 +17,19 @@ createAggregateRoles: true
 singleNamespace: false
 
 workflow:
-  namespace: ""  # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
+  namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
   serviceAccount:
-    create: false  # Specifies whether a service account should be created
+    create: false # Specifies whether a service account should be created
     annotations: {}
-    name: "argo-workflow"  # Service account which is used to run workflows
+    name: "argo-workflow" # Service account which is used to run workflows
   rbac:
-    create: false  # adds Role and RoleBinding for the above specified service account to be able to run workflows
+    create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
 
 controller:
   image:
-    # Overrides .images.tag if defined.
+    registry: quay.io
+    repository: argoproj/workflow-controller
+    # Overrides the image tag whose default is the chart appVersion.
     tag: ""
   # parallelism dictates how many workflows can be running at the same time
   parallelism:
@@ -48,7 +43,17 @@ controller:
   metricsConfig:
     enabled: false
     path: /metrics
-    port: 8080
+    port: 9090
+    servicePort: 8080
+    servicePortName: metrics
+  # the controller container's securityContext
+  securityContext:
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
   persistence: {}
   # connectionPool:
   #   maxIdleConns: 100
@@ -69,24 +74,28 @@ controller:
   #   passwordSecret:
   #     name: argo-postgres-config
   #     key: password
-  workflowDefaults: {}  # Only valid for 2.7+
+  workflowDefaults: {} # Only valid for 2.7+
   #  spec:
   #    ttlStrategy:
   #      secondsAfterCompletion: 84600
   # workflowWorkers: 32
   # podWorkers: 32
-  workflowRestrictions: {}  # Only valid for 2.9+
+  workflowRestrictions: {} # Only valid for 2.9+
   #  templateReferencing: Strict|Secure
   telemetryConfig:
     enabled: false
     path: /telemetry
     port: 8081
+    servicePort: 8081
+    servicePortName: telemetry
   serviceMonitor:
     enabled: false
     additionalLabels: {}
-  serviceAccount: argo
+  serviceAccount:
-  # Service account annotations
+    create: true
-  serviceAccountAnnotations: {}
+    name: argo
+    # Annotations applied to created service account
+    annotations: {}
   name: workflow-controller
   workflowNamespaces:
     - default
@@ -103,10 +112,6 @@ controller:
     level: info
     globallevel: "0"
   serviceType: ClusterIP
-  metricsServicePort: 8080
-  metricsServicePortName: metrics
-  telemetryServicePort: 8081
-  telemetryServicePortName: telemetry
   # Annotations to be applied to the controller Service
   serviceAnnotations: {}
   # Optional labels to add to the controller Service
@@ -142,7 +147,9 @@ controller:
 # executor controls how the init and wait container should be customized
 executor:
   image:
-    # Overrides .images.tag if defined.
+    registry: quay.io
+    repository: argoproj/argoexec
+    # Overrides the image tag whose default is the chart appVersion.
     tag: ""
   resources: {}
   # Adds environment variables for the executor.
@@ -154,10 +161,12 @@ server:
   enabled: true
   # only updates base url of resources on client side,
   # it's expected that a proxy server rewrites the request URL and gets rid of this prefix
-  # https://github.com/argoproj/argo/issues/716#issuecomment-433213190
+  # https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
   baseHref: /
   image:
-    # Overrides .images.tag if defined.
+    registry: quay.io
+    repository: argoproj/argocli
+    # Overrides the image tag whose default is the chart appVersion.
     tag: ""
   # optional map of annotations to be applied to the ui Pods
   podAnnotations: {}
@@ -165,16 +174,21 @@ server:
   podLabels: {}
   # SecurityContext to set on the server pods
   podSecurityContext: {}
+  securityContext:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
   name: server
   serviceType: ClusterIP
   servicePort: 2746
   # servicePortName: http
-  serviceAccount: argo-server
+  serviceAccount:
-  # Whether to create the service account with the name specified in
+    create: true
-  # server.serviceAccount and bind it to the server role.
+    name: argo-server
-  createServiceAccount: true
+    annotations: {}
-  # Service account annotations
-  serviceAccountAnnotations: {}
   # Annotations to be applied to the UI Service
   serviceAnnotations: {}
   # Optional labels to add to the UI Service
@@ -206,7 +220,7 @@ server:
   # Run the argo server in "secure" mode. Configure this value instead of
   # "--secure" in extraArgs. See the following documentation for more details
   # on secure mode:
-  # https://argoproj.github.io/argo-workflows/tls/#encrypted
+  # https://argoproj.github.io/argo-workflows/tls/
   secure: false
 
   # Extra arguments to provide to the Argo server binary.
@@ -221,36 +235,32 @@ server:
   ##
   ingress:
     enabled: false
+    annotations: {}
+    labels: {}
+    ingressClassName: ""
 
-    ## Annotations to be added to the web ingress.
+    ## Argo Workflows Server Ingress.
+    ## Hostnames must be provided if Ingress is enabled.
+    ## Secrets must be manually created in the namespace
     ##
-    # annotations:
+    hosts:
-    #   kubernetes.io/ingress.class: nginx
+      []
-    #   kubernetes.io/tls-acme: "true"
+      # - argocd.example.com
+    paths:
+      - /
+    extraPaths:
+      []
+      # - path: /*
+      #   backend:
+      #     serviceName: ssl-redirect
+      #     servicePort: use-annotation
+    tls:
+      []
+      # - secretName: argocd-example-tls
+      #   hosts:
+      #     - argocd.example.com
+    https: false
 
-    ## Labels to be added to the web ingress.
-    ##
-    # labels:
-    #   use-cloudflare-solver: "true"
-
-    ## Hostnames.
-    ## Must be provided if Ingress is enabled.
-    ##
-    # hosts:
-    #   - argo.domain.com
-
-    ## Additional Paths for each host
-    # paths:
-    #   - serviceName: "ssl-redirect"
-    #     servicePort: "use-annotation"
-
-    ## TLS configuration.
-    ## Secrets must be manually created in the namespace.
-    ##
-    # tls:
-    #   - secretName: argo-ui-tls
-    #     hosts:
-    #       - argo.domain.com
   clusterWorkflowTemplates:
     # Give the server permissions to edit ClusterWorkflowTemplates.
     enableEditing: true
@@ -294,7 +304,7 @@ artifactRepository:
     # Note the `key` attribute is not the actual secret, it's the PATH to
     # the contents in the associated secret, as defined by the `name` attribute.
     accessKeySecret:
-      # name: <releaseName>-minio (default)
+      # name: <releaseName>-minio
       key: accesskey
     secretKeySecret:
       # name: <releaseName>-minio
@@ -306,25 +316,16 @@ artifactRepository:
     # roleARN:
     # useSDKCreds: true
   # gcs:
-    # bucket: <project>-argo
+  # bucket: <project>-argo
-    # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
+  # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
-    # serviceAccountKeySecret is a secret selector.
+  # serviceAccountKeySecret is a secret selector.
-    # It references the k8s secret named 'my-gcs-credentials'.
+  # It references the k8s secret named 'my-gcs-credentials'.
-    # This secret is expected to have have the key 'serviceAccountKey',
+  # This secret is expected to have have the key 'serviceAccountKey',
-    # containing the base64 encoded credentials
+  # containing the base64 encoded credentials
-    # to the bucket.
+  # to the bucket.
-    #
+  #
-    # If it's running on GKE and Workload Identity is used,
+  # If it's running on GKE and Workload Identity is used,
-    # serviceAccountKeySecret is not needed.
+  # serviceAccountKeySecret is not needed.
-    # serviceAccountKeySecret:
+  # serviceAccountKeySecret:
-      # name: my-gcs-credentials
+  # name: my-gcs-credentials
-      # key: serviceAccountKey
+  # key: serviceAccountKey
-
-
-# NOTE: These are setting attributes for the `minio` optional dependency
-minio:
-  # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
-  install: false
-  defaultBucket:
-    enabled: true
-    name: argo-artifacts

charts/argo/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

charts/argo/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: minio
-  repository: https://helm.min.io/
-  version: 8.0.9
-digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
-generated: "2021-01-13T15:31:40.823086-08:00"

charts/argo/Chart.yaml

@@ -1,17 +0,0 @@
-apiVersion: v2
-appVersion: v2.12.5
-description: A Helm chart for Argo Workflows
-name: argo
-version: 0.16.10
-icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
-home: https://github.com/argoproj/argo-helm
-maintainers:
-  - name: alexec
-  - name: alexmt
-  - name: jessesuen
-  - name: benjaminws
-dependencies:
-- name: minio
-  version: 8.0.9
-  repository: https://helm.min.io/
-  condition: minio.install

charts/argo/README.md

@@ -1,27 +0,0 @@
-## Argo Workflows Chart
-
-This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm).
-
-If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace.
-
-## Pre-Requisites
-This chart uses an install hook to configure the CRD definition.  Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these.
-
-A few options are:
-- Setup the CRD yourself manually and use `--set installCRD=false` when installing the helm chart. Find the CRDs in the [argo codebase](https://github.com/argoproj/argo-workflows/tree/master/manifests/base/crds/full)
-- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute
-- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
-
-## Usage Notes:
-This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster.  If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
-
-## Values
-
-The `values.yaml` contains items used to tweak a deployment of this chart.
-Fields to note:
-* `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid`  attribute
-* `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name
-* `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor
-* `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran
-* `minio.install`: If this is true, we'll install [minio](https://github.com/kubernetes/charts/tree/master/stable/minio) and build out the artifactRepository section in workflow controller config map.
-* `artifactRepository.s3.accessKeySecret` and `artifactRepository.s3.secretKeySecret` These by default link to minio default credentials stored in the secret deployed by the minio chart.

charts/argo/crds/cron-workflow-crd.yaml

@@ -1,23 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: cronworkflows.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
-spec:
-  group: argoproj.io
-  names:
-    kind: CronWorkflow
-    listKind: CronWorkflowList
-    plural: cronworkflows
-    shortNames:
-    - cwf
-    - cronwf
-    singular: cronworkflow
-  scope: Namespaced
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true

charts/argo/crds/workflow-crd.yaml

@@ -1,33 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: workflows.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.phase
-    description: Status of the workflow
-    name: Status
-    type: string
-  - JSONPath: .status.startedAt
-    description: When the workflow was started
-    format: date-time
-    name: Age
-    type: date
-  group: argoproj.io
-  names:
-    kind: Workflow
-    listKind: WorkflowList
-    plural: workflows
-    shortNames:
-    - wf
-    singular: workflow
-  scope: Namespaced
-  subresources: {}
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true

charts/argo/crds/workflow-eventbinding-crd.yaml

@@ -1,19 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: workfloweventbindings.argoproj.io
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowEventBinding
-    listKind: WorkflowEventBindingList
-    plural: workfloweventbindings
-    shortNames:
-    - wfeb
-    singular: workfloweventbinding
-  scope: Namespaced
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true

charts/argo/crds/workflow-template-crd.yaml

@@ -1,22 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtemplates.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
-spec:
-  group: argoproj.io
-  version: v1alpha1
-  scope: Namespaced
-  names:
-    kind: WorkflowTemplate
-    listKind: WorkflowTemplateList
-    plural: workflowtemplates
-    shortNames:
-    - wftmpl
-    singular: workflowtemplate
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true

charts/argo/templates/NOTES.txt

@@ -1,16 +0,0 @@
-1. Get Argo Server external IP/domain by running:
-
-kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }}
-
-2. Submit the hello-world workflow by running:
-
-argo submit https://raw.githubusercontent.com/argoproj/argo/master/examples/hello-world.yaml --watch
-
-{{ if .Values.minio.install }}
-
-3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following
-command:
-
-kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio
-
-{{ end }}

charts/argo/templates/_helpers.tpl

@@ -1,16 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{- define "fullname" -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/argo/templates/cluster-workflow-template-crd.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterworkflowtemplates.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
-spec:
-  group: argoproj.io
-  version: v1alpha1
-  scope: Cluster
-  names:
-    kind: ClusterWorkflowTemplate
-    plural: clusterworkflowtemplates
-    shortNames:
-    - clusterwftmpl
-    - cwft
-{{- end }}

charts/argo/templates/cron-workflow-crd.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: cronworkflows.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
-spec:
-  group: argoproj.io
-  names:
-    kind: CronWorkflow
-    plural: cronworkflows
-    shortNames:
-    - cronwf
-    - cwf
-  scope: Namespaced
-  version: v1alpha1
-{{- end }}

charts/argo/templates/server-crb.yaml

@@ -1,35 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.createServiceAccount -}}
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
-kind: RoleBinding
-{{ else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name}}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
-  kind: Role
-  {{ else }}
-  kind: ClusterRole
-  {{- end }}
-  name: {{ .Release.Name }}-{{ .Values.server.name}}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Values.server.serviceAccount }}
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
-subjects:
-- kind: ServiceAccount
-  name: {{ .Values.server.serviceAccount }}
-  namespace: {{ .Release.Namespace }}
-{{- end -}}

charts/argo/templates/server-deployment-pdb.yaml

@@ -1,25 +0,0 @@
-{{- if .Values.server.enabled -}}
-{{- if .Values.server.pdb.enabled -}}
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name}}
-  labels:
-    app: {{ .Release.Name }}-{{ .Values.server.name}}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  {{- if .Values.server.pdb.minAvailable }}
-  minAvailable: {{ .Values.server.pdb.minAvailable }}
-  {{- else if .Values.server.pdb.maxUnavailable }}
-  maxUnavailable: {{ .Values.server.pdb.maxUnavailable }}
-  {{- else }}
-  minAvailable: 0
-  {{- end }}
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}-{{ .Values.server.name}}
-      release: {{ .Release.Name }}
-{{- end -}}
-{{- end -}}

charts/argo/templates/server-ingress.yaml

@@ -1,46 +0,0 @@
-{{- if .Values.server.enabled -}}
-{{- if .Values.server.ingress.enabled -}}
-{{- $serviceName := printf "%s-%s" .Release.Name .Values.server.name -}}
-{{- $servicePort := .Values.server.servicePort -}}
-{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
-apiVersion: networking.k8s.io/v1beta1
-{{ else }}
-apiVersion: extensions/v1beta1
-{{ end -}}
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name }}
-  labels:
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-    {{- range $key, $value := .Values.server.ingress.labels }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  annotations:
-    {{- range $key, $value := .Values.server.ingress.annotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-spec:
-  rules:
-    {{- range .Values.server.ingress.hosts }}
-    - host: {{ . }}
-      http:
-        paths:
-          {{- if $.Values.server.ingress.paths }}
-          {{- range $.Values.server.ingress.paths }}
-          - backend:
-              serviceName: {{ .serviceName }}
-              servicePort: {{ .servicePort }}
-          {{- end }}
-          {{- end }}
-          - backend:
-              serviceName: {{ $serviceName }}
-              servicePort: {{ $servicePort }}
-    {{- end -}}
-  {{- if .Values.server.ingress.tls }}
-  tls:
-{{ toYaml .Values.server.ingress.tls | indent 4 }}
-  {{- end -}}
-{{- end -}}
-{{- end -}}

charts/argo/templates/server-sa.yaml

@@ -1,8 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.createServiceAccount -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.server.serviceAccount }}
-  annotations:
-{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }}
-{{- end -}}

charts/argo/templates/server-service.yaml

@@ -1,33 +0,0 @@
-{{- if .Values.server.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name }}
-  labels:
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-    {{- if .Values.server.serviceLabels }}
-    {{- toYaml .Values.server.serviceLabels | nindent 4 }}
-    {{- end }}
-  {{- if .Values.server.serviceAnnotations }}
-  annotations:
-{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }}
-spec:
-  ports:
-  - port: {{ .Values.server.servicePort }}
-    {{- if .Values.server.servicePortName }}
-    name: {{ .Values.server.servicePortName }}
-    {{- end }}
-    targetPort: 2746
-  selector:
-    app: {{ .Release.Name }}-{{ .Values.server.name }}
-  sessionAffinity: None
-  type: {{ .Values.server.serviceType }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
-  {{- end }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.server.loadBalancerSourceRanges | indent 4 }}{{- end }}
-{{- end -}}

charts/argo/templates/worfkflow-controller-secrets-access.yaml

@@ -1,18 +0,0 @@
-{{ if .Values.minio.install }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  resourceNames:
-  - {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
-  - {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
-  verbs:
-  - get
-  - watch
-  - list
-{{- end }}

charts/argo/templates/workflow-controller-deployment.yaml

@@ -1,94 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}
-  labels:
-    app: {{ .Release.Name }}-{{ .Values.controller.name}}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.controller.replicas }}
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}-{{ .Values.controller.name}}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}-{{ .Values.controller.name}}
-        release: {{ .Release.Name }}
-        {{- if .Values.controller.podLabels }}
-        {{ toYaml .Values.controller.podLabels | nindent 8}}
-        {{- end }}
-      {{- if .Values.controller.podAnnotations }}
-      annotations:
-{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
-    spec:
-      serviceAccountName: {{ .Values.controller.serviceAccount | quote }}
-      {{- if .Values.controller.podSecurityContext }}
-      securityContext:
-        {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: controller
-          image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          command: [ "workflow-controller" ]
-          args:
-          - "--configmap"
-          - "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap"
-          - "--executor-image"
-          - "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ default .Values.images.tag .Values.executor.image.tag }}"
-          - "--loglevel"
-          - "{{ .Values.controller.logging.level }}"
-          - "--gloglevel"
-          - "{{ .Values.controller.logging.globallevel }}"
-          {{- if .Values.singleNamespace }}
-          - "--namespaced"
-          {{- end }}
-          {{- with .Values.controller.workflowWorkers }}
-          - "--workflow-workers"
-          - {{ . | quote }}
-          {{- end }}
-          {{- with .Values.controller.podWorkers }}
-          - "--pod-workers"
-          - {{ . | quote }}
-          {{- end }}
-          {{- if .Values.controller.extraArgs }}
-          {{- toYaml .Values.controller.extraArgs | nindent 10 }}
-          {{- end }}
-          env:
-          - name: ARGO_NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-          {{- with .Values.controller.extraEnv }}
-            {{ toYaml . | nindent 10 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.controller.resources | nindent 12 }}
-          {{- if .Values.controller.metricsConfig.enabled }}
-          ports:
-          - containerPort: 8080
-          {{- end }}
-      {{- with .Values.images.pullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if .Values.controller.priorityClassName }}
-      priorityClassName: {{ .Values.controller.priorityClassName }}
-      {{- end }}

charts/argo/templates/workflow-controller-minio-secret-crb.yaml

@@ -1,25 +0,0 @@
-{{ if .Values.minio.install }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
-subjects:
-  - kind: ServiceAccount
-    name: {{ .Values.controller.serviceAccount }}
-    namespace: {{ .Release.Namespace }}
-{{- if .Values.controller.workflowNamespaces }}
-{{- $uiServiceAccount := .Values.controller.serviceAccount }}
-{{- $namespace := .Release.Namespace }}
-{{- range $key := .Values.controller.workflowNamespaces }}
-  {{- if not (eq $key $namespace) }}
-  - kind: ServiceAccount
-    name: {{ $uiServiceAccount }}
-    namespace: {{ $key }}
-  {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}

charts/argo/templates/workflow-controller-sa.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.controller.serviceAccount }}
-  annotations:
-{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }}

charts/argo/templates/workflow-controller-service.yaml

@@ -1,38 +0,0 @@
-{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}
-  labels:
-    app: {{ .Release.Name }}-{{ .Values.controller.name}}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-    {{- if .Values.controller.serviceLabels }}
-    {{ toYaml .Values.controller.serviceLabels | nindent 4}}
-    {{- end }}
-  {{- if .Values.controller.serviceAnnotations }}
-  annotations:
-{{ toYaml .Values.controller.serviceAnnotations | indent 4}}{{- end }}
-spec:
-  ports:
-  {{- if .Values.controller.metricsConfig.enabled }}
-  - name: {{ .Values.controller.metricsServicePortName }}
-    port: {{ .Values.controller.metricsServicePort }}
-    protocol: TCP
-    targetPort: {{ .Values.controller.metricsConfig.port }}
-  {{- end }}
-  {{- if .Values.controller.telemetryConfig.enabled }}
-  - name: {{ .Values.controller.telemetryServicePortName }}
-    port: {{ .Values.controller.telemetryServicePort }}
-    protocol: TCP
-    targetPort: {{ .Values.controller.telemetryConfig.port }}
-  {{- end }}
-  selector:
-    app: {{ .Release.Name }}-{{ .Values.controller.name }}
-  sessionAffinity: None
-  type: {{ .Values.controller.serviceType }}
-  {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }}{{- end }}
-{{- end -}}

charts/argo/templates/workflow-crd.yaml

@@ -1,28 +0,0 @@
-{{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflows.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.phase
-    description: Status of the workflow
-    name: Status
-    type: string
-  - JSONPath: .status.startedAt
-    description: When the workflow was started
-    format: date-time
-    name: Age
-    type: date
-  group: argoproj.io
-  names:
-    kind: Workflow
-    plural: workflows
-    shortNames:
-    - wf
-  scope: Namespaced
-  version: v1alpha1
-{{- end }}

charts/argo/templates/workflow-template-crd.yaml

@@ -1,18 +0,0 @@
-{{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtemplates.argoproj.io
-  annotations:
-    helm.sh/hook: crd-install
-    helm.sh/hook-delete-policy: before-hook-creation
-spec:
-  group: argoproj.io
-  version: v1alpha1
-  scope: Namespaced
-  names:
-    kind: WorkflowTemplate
-    plural: workflowtemplates
-    shortNames:
-    - wftmpl
-{{- end }}

charts/argocd-applicationset/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-applicationset
 description: A Helm chart for installing ArgoCD ApplicationSet
 type: application
-version: 0.1.3
+version: 0.1.5
 appVersion: "v0.1.0"
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png