From 2ddd3a3fcb5dc99b4861a157dec12c2d85442e82 Mon Sep 17 00:00:00 2001 From: Emanuel Oliveira Date: Fri, 20 Aug 2021 18:40:32 -0300 Subject: [PATCH] feat: update ArgoCD version to v2.1.0 Signed-off-by: Emanuel Oliveira Signed-off-by: Emanuel Oliveira --- charts/argo-cd/Chart.yaml | 7 +- charts/argo-cd/crds/crd-application.yaml | 41 ++++++++++- charts/argo-cd/templates/NOTES.txt | 5 ++ .../deployment.yaml | 7 ++ .../argocd-repo-server/deployment.yaml | 2 +- .../repository-credentials-secret-legacy.yaml | 13 ++++ .../repository-credentials-secret.yaml | 27 ++++--- .../argocd-repo-server/repository-secret.yaml | 18 +++++ charts/argo-cd/values.yaml | 73 +++++++++++++------ 9 files changed, 154 insertions(+), 39 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret-legacy.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/repository-secret.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 322cd0c0..3758aa73 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.0.5 +appVersion: 2.1.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.12.1 +version: 3.13.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-cd/assets/logo.png keywords: @@ -21,4 +21,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: redis-ha.nameOverride / redis-ha.fullnameOverride breaks the ArgoCD helm chart" + - "[Update]: Update to ArgoCD v2.1.0" + - "[Feature]: Enable use of separated secred for repositories" diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index 74364ae4..714b363e 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -267,6 +267,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -365,6 +371,10 @@ spec: properties: group: type: string + jqPathExpressions: + items: + type: string + type: array jsonPointers: items: type: string @@ -376,7 +386,6 @@ spec: namespace: type: string required: - - jsonPointers - kind type: object type: array @@ -543,6 +552,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -838,6 +853,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether toforce applying common labels to resources for Kustomizeapps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -1134,6 +1155,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -1412,6 +1439,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -1687,6 +1720,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index a5f59108..fed04de8 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,3 +1,8 @@ +{{- if .Values.configs.repositoryCredentials }} +WARNING: You are using configs.repositoryCredentials parameter that's DEPRECATED +Instead, use configs.repositoryTemplates and/or configs.repositories parameters + +{{- end}} In order to access the server UI you have the following options: 1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 7902be76..0ac65d90 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -50,6 +50,8 @@ spec: - {{ .Values.controller.args.selfHealTimeout | quote }} - --repo-server - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --repo-server-timeout-seconds + - {{ .Values.controller.args.repoServerTimeoutSeconds | quote }} - --logformat - {{ .Values.controller.logFormat }} - --loglevel @@ -95,7 +97,10 @@ spec: timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + workingDir: /home/argocd volumeMounts: + - name: argocd-home + mountPath: /home/argocd - mountPath: /app/config/controller/tls name: argocd-repo-server-tls {{- with .Values.controller.volumeMounts }} @@ -121,6 +126,8 @@ spec: {{ toYaml . | indent 6 }} {{- end }} volumes: + - emptyDir: {} + name: argocd-home - name: argocd-repo-server-tls secret: items: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 30082b2d..44ee2a83 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -41,7 +41,7 @@ spec: image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} command: - - uid_entrypoint.sh + - entrypoint.sh - argocd-repo-server {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - --redis diff --git a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret-legacy.yaml b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret-legacy.yaml new file mode 100644 index 00000000..a89bedcb --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret-legacy.yaml @@ -0,0 +1,13 @@ +{{- if .Values.configs.repositoryCredentials }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repository-credentials + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} +type: Opaque +data: +{{- range $key, $value := .Values.configs.repositoryCredentials }} + {{ $key }}: {{ $value | b64enc }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml index 354e2ca9..a6c222a1 100644 --- a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml @@ -1,13 +1,18 @@ -{{- if .Values.configs.repositoryCredentials }} +{{- if .Values.configs.repositoryTemplates }} apiVersion: v1 -kind: Secret -metadata: - name: argocd-repository-credentials - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} -type: Opaque -data: -{{- range $key, $value := .Values.configs.repositoryCredentials }} - {{ $key }}: {{ $value | b64enc }} +kind: List +items: +{{- range $repo_cred_key, $repo_cred_value := .Values.configs.repositoryTemplates }} + - apiVersion: v1 + kind: Secret + metadata: + name: argocd-repo-creds-{{ $repo_cred_key }} + labels: + argocd.argoproj.io/secret-type: repo-creds + {{- include "argo-cd.labels" (dict "context" $ "component" $.Values.server.name "name" "secret") | nindent 8 }} + data: + {{- range $key, $value := $repo_cred_value }} + {{ $key }}: {{ $value | toString | b64enc }} + {{- end }} +{{- end }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/repository-secret.yaml b/charts/argo-cd/templates/argocd-repo-server/repository-secret.yaml new file mode 100644 index 00000000..2d69b0e4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/repository-secret.yaml @@ -0,0 +1,18 @@ +{{- if .Values.configs.repositories }} +apiVersion: v1 +kind: List +items: +{{- range $repo_key, $repo_value := .Values.configs.repositories }} + - apiVersion: v1 + kind: Secret + metadata: + name: argocd-repo-{{ $repo_key }} + labels: + argocd.argoproj.io/secret-type: repository + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 8 }} + data: + {{- range $key, $value := $repo_value }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 4a6172ef..57991918 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -8,7 +8,7 @@ kubeVersionOverride: "" global: image: repository: quay.io/argoproj/argocd - tag: v2.0.5 + tag: v2.1.0 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 @@ -57,6 +57,7 @@ controller: operationProcessors: "10" appResyncPeriod: "180" selfHealTimeout: "5" + repoServerTimeoutSeconds: "60" ## Argo controller log format: text|json logFormat: text @@ -97,6 +98,8 @@ controller: # drop: # - all # readOnlyRootFilesystem: true + # runAsNonRoot: true + # readOnlyRootFilesystem: true ## Configures the controller port containerPort: 8082 @@ -368,10 +371,8 @@ redis: ## Redis Pod specific security context securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 runAsNonRoot: true + runAsUser: 999 serviceAccount: create: false @@ -671,6 +672,8 @@ server: url: https://argocd.example.com # Argo CD instance label key application.instanceLabelKey: argocd.argoproj.io/instance + + # DEPRECATED: Please instead use configs.repositoryTemplates and configs.repositories # repositories: | # - url: git@github.com:group/repo.git # sshPrivateKeySecret: @@ -682,6 +685,7 @@ server: # - type: helm # url: https://argoproj.github.io/argo-helm # name: argo + # oidc.config: | # name: AzureAD # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 @@ -1088,25 +1092,48 @@ configs: # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK # XWyb96wrUlv+E8I= # -----END CERTIFICATE----- - # Creates a secret with optional repository credentials - repositoryCredentials: - {} - # sample-ssh-key: | - # -----BEGIN RSA PRIVATE KEY----- - # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N - # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 - # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB - # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x - # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe - # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 - # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 - # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM - # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK - # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ - # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc - # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le - # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= - # -----END RSA PRIVATE KEY----- +## # Creates a secret with optional repository credentials +## DEPRECATED: Instead, use configs.repositoryTemplates and/or configs.repositories + repositoryCredentials: {} + +## Creates a secret for each key/value specified below to create repository credentials + repositoryTemplates: {} + # github-enterprise-creds-1: + # url: https://github.com/argoproj + # githubAppID: 1 + # githubAppInstallationID: 2 + # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3 + # githubAppPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + # https-creds: + # url: https://github.com/argoproj + # password: my-password + # username: my-username + # ssh-creds: + # url: git@github.com:argoproj-labs + # sshPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + +## Creates a secret for each key/value specified below to create repositories +## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredencials". + repositories: {} + # istio-helm-repo: + # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts + # name: istio.io + # type: helm + # private-helm-repo: + # url: https://my-private-chart-repo.internal + # name: private-repo + # type: helm + # password: my-password + # username: my-username + # private-repo: + # url: https://github.com/argoproj/private-repo + secret: createSecret: true ## Annotations to be added to argocd-secret