Merge branch 'master' into gcs-support

.gitignore

@@ -3,3 +3,4 @@ output
 .DS_Store
 .idea
 **/*.tgz
+**/charts/*/charts

charts/argo-cd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.6.2"
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 2.6.0
+version: 2.6.3
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:

charts/argo-cd/crds/crd-project.yaml

@@ -20,34 +20,37 @@ spec:
   scope: Namespaced
   validation:
     openAPIV3Schema:
-      description: 'AppProject provides a logical grouping of applications, providing
+      description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
-        controls for: * where the apps may deploy to (cluster whitelist) * what may
-        be deployed (repository whitelist, resource whitelist/blacklist) * who can
-        access these applications (roles, OIDC group claims bindings) * and what they
-        can do (RBAC policies) * automation access to these roles (JWT tokens)'
       properties:
         apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
+          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
           type: string
         kind:
-          description: 'Kind is a string value representing the REST resource this
+          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
           type: string
         metadata:
           type: object
         spec:
           description: AppProjectSpec is the specification of an AppProject
           properties:
-            clusterResourceWhitelist:
+            clusterResourceBlacklist:
-              description: ClusterResourceWhitelist contains list of whitelisted cluster
+              description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
-                level resources
               items:
-                description: GroupKind specifies a Group and a Kind, but does not
+                description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
-                  force a version.  This is useful for identifying concepts during
+                properties:
-                  lookup stages without having partially valid types
+                  group:
+                    type: string
+                  kind:
+                    type: string
+                required:
+                - group
+                - kind
+                type: object
+              type: array
+            clusterResourceWhitelist:
+              description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
+              items:
+                description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
                 properties:
                   group:
                     type: string
@@ -62,29 +65,25 @@ spec:
               description: Description contains optional project description
               type: string
             destinations:
-              description: Destinations contains list of destinations available for
+              description: Destinations contains list of destinations available for deployment
-                deployment
               items:
-                description: ApplicationDestination contains deployment destination
+                description: ApplicationDestination contains deployment destination information
-                  information
                 properties:
+                  name:
+                    description: Name of the destination cluster which can be used instead of server (url) field
+                    type: string
                   namespace:
-                    description: Namespace overrides the environment namespace value
+                    description: Namespace overrides the environment namespace value in the ksonnet app.yaml
-                      in the ksonnet app.yaml
                     type: string
                   server:
-                    description: Server overrides the environment server value in
+                    description: Server overrides the environment server value in the ksonnet app.yaml
-                      the ksonnet app.yaml
                     type: string
                 type: object
               type: array
             namespaceResourceBlacklist:
-              description: NamespaceResourceBlacklist contains list of blacklisted
+              description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
-                namespace level resources
               items:
-                description: GroupKind specifies a Group and a Kind, but does not
+                description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
-                  force a version.  This is useful for identifying concepts during
-                  lookup stages without having partially valid types
                 properties:
                   group:
                     type: string
@@ -96,12 +95,9 @@ spec:
                 type: object
               type: array
             namespaceResourceWhitelist:
-              description: NamespaceResourceWhitelist contains list of whitelisted
+              description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
-                namespace level resources
               items:
-                description: GroupKind specifies a Group and a Kind, but does not
+                description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
-                  force a version.  This is useful for identifying concepts during
-                  lookup stages without having partially valid types
                 properties:
                   group:
                     type: string
@@ -113,17 +109,25 @@ spec:
                 type: object
               type: array
             orphanedResources:
-              description: OrphanedResources specifies if controller should monitor
+              description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
-                orphaned resources of apps in this project
               properties:
+                ignore:
+                  items:
+                    properties:
+                      group:
+                        type: string
+                      kind:
+                        type: string
+                      name:
+                        type: string
+                    type: object
+                  type: array
                 warn:
-                  description: Warn indicates if warning condition should be created
+                  description: Warn indicates if warning condition should be created for apps which have orphaned resources
-                    for apps which have orphaned resources
                   type: boolean
               type: object
             roles:
-              description: Roles are user defined RBAC roles associated with this
+              description: Roles are user defined RBAC roles associated with this project
-                project
               items:
                 description: ProjectRole represents a role that has access to a project
                 properties:
@@ -131,17 +135,14 @@ spec:
                     description: Description is a description of the role
                     type: string
                   groups:
-                    description: Groups are a list of OIDC group claims bound to this
+                    description: Groups are a list of OIDC group claims bound to this role
-                      role
                     items:
                       type: string
                     type: array
                   jwtTokens:
-                    description: JWTTokens are a list of generated JWT tokens bound
+                    description: JWTTokens are a list of generated JWT tokens bound to this role
-                      to this role
                     items:
-                      description: JWTToken holds the issuedAt and expiresAt values
+                      description: JWTToken holds the issuedAt and expiresAt values of a token
-                        of a token
                       properties:
                         exp:
                           format: int64
@@ -159,8 +160,7 @@ spec:
                     description: Name is a name for this role
                     type: string
                   policies:
-                    description: Policies Stores a list of casbin formated strings
+                    description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
-                      that define access policies for the role in the project
                     items:
                       type: string
                     type: array
@@ -168,55 +168,83 @@ spec:
                 - name
                 type: object
               type: array
+            signatureKeys:
+              description: List of PGP key IDs that commits to be synced to must be signed with
+              items:
+                description: SignatureKey is the specification of a key required to verify commit signatures with
+                properties:
+                  keyID:
+                    description: The ID of the key in hexadecimal notation
+                    type: string
+                required:
+                - keyID
+                type: object
+              type: array
             sourceRepos:
-              description: SourceRepos contains list of repository URLs which can
+              description: SourceRepos contains list of repository URLs which can be used for deployment
-                be used for deployment
               items:
                 type: string
               type: array
             syncWindows:
-              description: SyncWindows controls when syncs can be run for apps in
+              description: SyncWindows controls when syncs can be run for apps in this project
-                this project
               items:
-                description: SyncWindow contains the kind, time, duration and attributes
+                description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
-                  that are used to assign the syncWindows to apps
                 properties:
                   applications:
-                    description: Applications contains a list of applications that
+                    description: Applications contains a list of applications that the window will apply to
-                      the window will apply to
                     items:
                       type: string
                     type: array
                   clusters:
-                    description: Clusters contains a list of clusters that the window
+                    description: Clusters contains a list of clusters that the window will apply to
-                      will apply to
                     items:
                       type: string
                     type: array
                   duration:
-                    description: Duration is the amount of time the sync window will
+                    description: Duration is the amount of time the sync window will be open
-                      be open
                     type: string
                   kind:
                     description: Kind defines if the window allows or blocks syncs
                     type: string
                   manualSync:
-                    description: ManualSync enables manual syncs when they would otherwise
+                    description: ManualSync enables manual syncs when they would otherwise be blocked
-                      be blocked
                     type: boolean
                   namespaces:
-                    description: Namespaces contains a list of namespaces that the
+                    description: Namespaces contains a list of namespaces that the window will apply to
-                      window will apply to
                     items:
                       type: string
                     type: array
                   schedule:
-                    description: Schedule is the time the window will begin, specified
+                    description: Schedule is the time the window will begin, specified in cron format
-                      in cron format
                     type: string
                 type: object
               type: array
           type: object
+        status:
+          description: AppProjectStatus contains information about appproj
+          properties:
+            jwtTokensByRole:
+              additionalProperties:
+                properties:
+                  items:
+                    items:
+                      description: JWTToken holds the issuedAt and expiresAt values of a token
+                      properties:
+                        exp:
+                          format: int64
+                          type: integer
+                        iat:
+                          format: int64
+                          type: integer
+                        id:
+                          type: string
+                      required:
+                      - iat
+                      type: object
+                    type: array
+                type: object
+              type: object
+          type: object
       required:
       - metadata
       - spec

charts/argo-cd/templates/argocd-server/ingress-grpc.yaml

@@ -2,6 +2,7 @@
 {{- $serviceName := include "argo-cd.server.fullname" . -}}
 {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
 {{- $paths := .Values.server.ingressGrpc.paths -}}
+{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
 {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
 apiVersion: networking.k8s.io/v1beta1
 {{ else }}
@@ -33,6 +34,9 @@ spec:
     - host: {{ $host }}
       http:
         paths:
+  {{- if $extraPaths }}
+  {{- toYaml $extraPaths | nindent 10 }}
+  {{- end -}}
   {{- range $p := $paths }}
           - path: {{ $p }}
             backend:
@@ -43,6 +47,9 @@ spec:
   {{- else }}
     - http:
         paths:
+  {{- if $extraPaths }}
+  {{- toYaml $extraPaths | nindent 10 }}
+  {{- end -}}
   {{- range $p := $paths }}
           - path: {{ $p }}
             backend:

charts/argo-cd/templates/argocd-server/ingress.yaml

@@ -2,6 +2,7 @@
 {{- $serviceName := include "argo-cd.server.fullname" . -}}
 {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
 {{- $paths := .Values.server.ingress.paths -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
 {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
 apiVersion: networking.k8s.io/v1beta1
 {{ else }}
@@ -33,6 +34,9 @@ spec:
     - host: {{ $host }}
       http:
         paths:
+  {{- if $extraPaths }}
+  {{- toYaml $extraPaths | nindent 10 }}
+  {{- end }}
   {{- range $p := $paths }}
           - path: {{ $p }}
             backend:
@@ -43,6 +47,9 @@ spec:
   {{- else }}
     - http:
         paths:
+  {{- if $extraPaths }}
+  {{- toYaml $extraPaths | nindent 10 }}
+  {{- end }}
   {{- range $p := $paths }}
           - path: {{ $p }}
             backend:

charts/argo-cd/templates/argocd-server/projects.yaml

@@ -46,5 +46,9 @@ items:
       roles:
 {{- toYaml .roles | nindent 8 }}
       {{- end }}
+      {{- if .syncWindows }}
+      syncWindows:
+{{- toYaml .syncWindows | nindent 8 }}
+      {{- end }}
 {{- end }}
 {{- end }}

charts/argo-cd/values.yaml

@@ -454,6 +454,12 @@ server:
       # - argocd.example.com
     paths:
       - /
+    extraPaths:
+      []
+      # - path: /*
+      #   backend:
+      #     serviceName: ssl-redirect
+      #     servicePort: use-annotation
     tls:
       []
       # - secretName: argocd-example-tls
@@ -476,6 +482,12 @@ server:
       # - argocd.example.com
     paths:
       - /
+    extraPaths:
+      []
+      # - path: /*
+      #   backend:
+      #     serviceName: ssl-redirect
+      #     servicePort: use-annotation
     tls:
       []
       # - secretName: argocd-example-tls
@@ -604,6 +616,13 @@ server:
   #     kind: StatefulSet
   #   orphanedResources: {}
   #   roles: []
+  #   syncWindows:
+  #   - kind: allow
+  #     schedule: '10 1 * * *'
+  #     duration: 1h
+  #     applications:
+  #     - '*-prod'
+  #     manualSync: true
 
   ## Enable Admin ClusterRole resources.
   ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.

charts/argo-ci/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 description: A Helm chart for Argo-CI
 name: argo-ci
-version: 0.1.6
+version: 0.1.7
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 appVersion: v1.0.0-alpha2
 home: https://github.com/argoproj/argo-helm

charts/argo-ci/templates/ci-deployment.yaml

@@ -33,3 +33,7 @@ spec:
           ports:
           - containerPort: 8001
           - containerPort: 8002
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/argo-ci/values.yaml

@@ -2,6 +2,9 @@ imageNamespace: argoproj
 ciImage: argoci
 imageTag: v1.0.0-alpha2
 imagePullPolicy: Always
+# Secrets with credentials to pull images from a private registry
+imagePullSecrets: []
+# - name: argo-pull-secret
 workflowNamespace: default
 
 argo:

charts/argo-events/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 description: A Helm chart to install Argo-Events in k8s Cluster
 name: argo-events
-version: 0.17.0
+version: 0.17.1
 keywords:
   - argo-events
   - sensor-controller

charts/argo-events/templates/eventbus-controller-deployment.yaml

@@ -37,3 +37,7 @@ spec:
               value: {{ .Values.eventbusController.natsStreamingImage }}
             - name: NATS_METRICS_EXPORTER_IMAGE
               value: {{ .Values.eventbusController.natsMetricsExporterImage }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/argo-events/templates/eventbus-crd.yaml

@@ -3,6 +3,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: eventbus.argoproj.io
+  annotations:
+    helm.sh/hook: crd-install
+    helm.sh/hook-delete-policy: before-hook-creation
 spec:
   group: argoproj.io
   names:

charts/argo-events/templates/eventsource-controller-deployment.yaml

@@ -35,3 +35,7 @@ spec:
                   fieldPath: metadata.namespace
             - name: EVENTSOURCE_IMAGE
               value: "{{ .Values.registry }}/{{ .Values.eventsourceController.eventsourceImage }}:{{ .Values.eventsourceController.tag }}"
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/argo-events/templates/eventsource-crd.yaml

@@ -3,6 +3,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: eventsources.argoproj.io
+  annotations:
+    helm.sh/hook: crd-install
+    helm.sh/hook-delete-policy: before-hook-creation
 spec:
   group: argoproj.io
   scope: Namespaced

charts/argo-events/templates/sensor-controller-deployment.yaml

@@ -35,3 +35,7 @@ spec:
                   fieldPath: metadata.namespace
             - name: SENSOR_IMAGE
               value: "{{ .Values.registry }}/{{ .Values.sensorController.sensorImage }}:{{ .Values.sensorController.tag }}"
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/argo-events/templates/sensor-crd.yaml

@@ -4,6 +4,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: sensors.argoproj.io
+  annotations:
+    helm.sh/hook: crd-install
+    helm.sh/hook-delete-policy: before-hook-creation
 spec:
   group: argoproj.io
   names:

charts/argo-events/values.yaml

@@ -4,6 +4,10 @@ registry: argoproj
 # The image pull policy
 imagePullPolicy: Always
 
+# Secrets with credentials to pull images from a private registry
+imagePullSecrets: []
+# - name: argo-pull-secret
+
 # If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation.
 installCRD: true
 

charts/argo-rollouts/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "0.8.3"
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 0.3.4
+version: 0.3.6
 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:

charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml

@@ -6,6 +6,10 @@ metadata:
     app.kubernetes.io/component: server
     app.kubernetes.io/name: {{ .Release.Name }}-metrics
     app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+  {{- range $key, $value := .Values.serviceAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 spec:
   ports:
   - name: metrics

charts/argo-rollouts/values.yaml

@@ -28,12 +28,18 @@ controller:
 serviceAccount:
   name: argo-rollouts
 
-## Annotations to be added to the Redis server pods
+## Annotations to be added to the Rollout pods
 ##
 podAnnotations: {}
 
-## Labels to be added to the Redis server pods
+## Annotations to be added to the Rollout service
+##
+serviceAnnotations: {}
+
+## Labels to be added to the Rollout pods
 ##
 podLabels: {}
 
+# Secrets with credentials to pull images from a private registry
 imagePullSecrets: []
+# - name: argo-pull-secret

charts/argo/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: v2.8.0
 description: A Helm chart for Argo Workflows
 name: argo
-version: 0.9.9
+version: 0.10.2
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:

charts/argo/templates/server-deployment.yaml

@@ -26,6 +26,10 @@ spec:
 {{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }}
     spec:
       serviceAccountName: {{ .Values.server.serviceAccount | quote }}
+      {{- if .Values.server.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.server.podSecurityContext | nindent 8 }}
+      {{- end }}
       containers:
         - name: argo-server
           args:
@@ -67,6 +71,10 @@ spec:
           volumeMounts:
             {{- toYaml . | nindent 12}}
           {{- end }}
+      {{- with .Values.images.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.server.volumes }}
       volumes:
         {{- toYaml . | nindent 8}}

charts/argo/templates/workflow-controller-cluster-roles.yaml

@@ -73,6 +73,7 @@ rules:
   - events
   verbs:
   - create
+  - patch
 - apiGroups:
   - ""
   resources:
@@ -80,6 +81,14 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - "policy"
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - get
+  - delete
 {{- if .Values.controller.persistence }}
 - apiGroups:
   - ""

charts/argo/templates/workflow-controller-config-map.yaml

@@ -16,7 +16,7 @@ data:
     {{- end }}
     {{- end }}
     containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
-    {{- if or .Values.executor.resources .Values.executor.env }}
+    {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}}
     executor:
       {{- with .Values.executor.resources }}
       resources: {{- toYaml . | nindent 8 }}
@@ -24,6 +24,9 @@ data:
       {{- with .Values.executor.env }}
       env: {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.executor.securityContext }}
+      securityContext: {{- toYaml . | nindent 8 }}
+      {{- end }}
     {{- end }}
     {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
     artifactRepository:

charts/argo/templates/workflow-controller-deployment.yaml

@@ -26,6 +26,10 @@ spec:
 {{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
     spec:
       serviceAccountName: {{ .Values.controller.serviceAccount | quote }}
+      {{- if .Values.controller.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
+      {{- end }}
       containers:
         - name: controller
           image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}"
@@ -63,6 +67,10 @@ spec:
           ports:
           - containerPort: 8080
           {{- end }}
+      {{- with .Values.images.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/argo/values.yaml

@@ -4,6 +4,9 @@ images:
   server: argocli
   executor: argoexec
   pullPolicy: Always
+  # Secrets with credentials to pull images from a private registry
+  pullSecrets: []
+  # - name: argo-pull-secret
   tag: v2.7.6
 
 crdVersion: v1alpha1
@@ -28,6 +31,8 @@ controller:
   podAnnotations: {}
   # Optional labels to add to the controller pods
   podLabels: {}
+  # SecurityContext to set on the controller pods
+  podSecurityContext: {}
   # podPortName: http
   metricsConfig:
     enabled: false
@@ -105,7 +110,8 @@ controller:
   ## Node selectors and tolerations for server scheduling to nodes with taints
   ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
   ##
-  nodeSelector: {}
+  nodeSelector:
+    kubernetes.io/os: linux
   tolerations: []
   affinity: {}
 
@@ -117,6 +123,8 @@ executor:
   resources: {}
   # Adds environment variables for the executor.
   env: {}
+  # sets security context for the executor container
+  securityContext: {}
 
 server:
   enabled: true
@@ -131,6 +139,8 @@ server:
   podAnnotations: {}
   # Optional labels to add to the UI pods
   podLabels: {}
+  # SecurityContext to set on the server pods
+  podSecurityContext: {}
   name: server
   serviceType: ClusterIP
   servicePort: 2746
@@ -157,7 +167,8 @@ server:
   ## Node selectors and tolerations for server scheduling to nodes with taints
   ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
   ##
-  nodeSelector: {}
+  nodeSelector:
+    kubernetes.io/os: linux
   tolerations: []
   affinity: {}
 

charts/argocd-notifications/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: 0.7.0
 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD.
 name: argocd-notifications
 type: application
-version: 1.0.10
+version: 1.0.11
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:

charts/argocd-notifications/templates/bots/slack/deployment.yaml

@@ -30,6 +30,9 @@ spec:
           command:
             - /app/argocd-notifications
             - bot
+          ports:
+          - containerPort: 8080
+            name: http
       {{- with .Values.bots.slack.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/argocd-notifications/templates/bots/slack/service.yaml

@@ -9,10 +9,10 @@ metadata:
   {{- end }}
 spec:
   ports:
-  - name: server
+  - name: http
-    port: 80
+    port: {{ .Values.bots.slack.service.port }}
     protocol: TCP
-    targetPort: 8080
+    targetPort: http
   selector:
     {{- include "argocd-notifications.bots.slack.selectorLabels" . | nindent 4 }}
   type: {{ .Values.bots.slack.service.type }}

charts/argocd-notifications/values.yaml

@@ -211,6 +211,7 @@ bots:
 
     service:
       annotations: {}
+      port: 80
       type: LoadBalancer
 
     serviceAccount: