Merge branch 'main' into docs-typo-fix-in-security.md

This commit is contained in:
Kripu Khadka 2023-11-14 19:19:25 +05:45 committed by GitHub
commit 2f7c151ffa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
40 changed files with 2213 additions and 66 deletions

View file

@ -7,6 +7,12 @@ exemptions:
reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI) reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI)
- check: sbom - check: sbom
reason: "Tracking Helm dependencies is not yet a stable practice." reason: "Tracking Helm dependencies is not yet a stable practice."
- check: self_assessment
reason: "Refer to self assessments supplied by the codebases Argo Helm supports."
- check: signed_releases
reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only."
- check: license_scanning
reason: "Temporary exemption: pending response from CNCF Service Desk"
# TODO: # TODO:
# License scanning information # License scanning information

View file

@ -1,14 +1,6 @@
# All * @mkilchhofer @jmeridth @yu-croco
* @mkilchhofer @jmeridth
# Argo Workflows
/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 /charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24
# Argo CD
/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 /charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24
# Argo Events
/charts/argo-events/ @pdrastil @jmeridth @tico24 /charts/argo-events/ @pdrastil @jmeridth @tico24
# Argo Rollouts
/charts/argo-rollouts/ @jmeridth /charts/argo-rollouts/ @jmeridth

View file

@ -7,7 +7,6 @@ chart-dirs:
- charts - charts
chart-repos: chart-repos:
- dandydeveloper=https://dandydeveloper.github.io/charts/ - dandydeveloper=https://dandydeveloper.github.io/charts/
helm-extra-args: "--timeout 600s"
validate-chart-schema: false validate-chart-schema: false
validate-maintainers: true validate-maintainers: true
validate-yaml: true validate-yaml: true

View file

@ -13,7 +13,7 @@ jobs:
options: --user 1001 options: --user 1001
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run ah lint - name: Run ah lint
working-directory: ./charts working-directory: ./charts
run: ah lint run: ah lint
@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 0 fetch-depth: 0
@ -32,16 +32,16 @@ jobs:
version: v3.10.1 # Also update in publish.yaml version: v3.10.1 # Also update in publish.yaml
- name: Set up python - name: Set up python
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with: with:
python-version: 3.9 python-version: 3.9
- name: Setup Chart Linting - name: Setup Chart Linting
id: lint id: lint
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
with: with:
# Note: Also update in scripts/lint.sh # Note: Also update in scripts/lint.sh
version: v3.7.1 version: v3.10.0
- name: List changed charts - name: List changed charts
id: list-changed id: list-changed

View file

@ -19,7 +19,7 @@ jobs:
name: Validate PR title name: Validate PR title
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:

View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 0 fetch-depth: 0
@ -58,14 +58,14 @@ jobs:
PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
- name: Run chart-releaser - name: Run chart-releaser
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with: with:
config: "./.github/configs/cr.yaml" config: "./.github/configs/cr.yaml"
env: env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}

View file

@ -33,12 +33,12 @@ jobs:
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif

View file

@ -47,6 +47,8 @@ Any breaking changes to a chart (backwards incompatible) require:
### New Application Versions ### New Application Versions
Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release.
When selecting new application versions ensure you make the following changes: When selecting new application versions ensure you make the following changes:
* `values.yaml`: Bump all instances of the container image version * `values.yaml`: Bump all instances of the container image version

View file

@ -6,6 +6,7 @@
[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo)
[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo) [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm)
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7942/badge)](https://www.bestpractices.dev/projects/7942)
Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command:

23
SECURITY-INSIGHTS.yml Normal file
View file

@ -0,0 +1,23 @@
header:
schema-version: '1.0.0'
expiration-date: '2024-11-04T10:00:00.000Z'
project-url: https://github.com/argoproj/argo-helm
project-lifecycle:
status: active
bug-fixes-only: false
core-maintainers:
- https://github.com/mkilchhofer
- https://github.com/jmeridth
contribution-policy:
accepts-pull-requests: true
accepts-automated-pull-requests: true
distribution-points:
- https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
vulnerability-reporting:
accepts-vulnerability-reports: true
email-contact: cncf-argo-maintainers@lists.cncf.io
security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
comment: Please refer to the security policy for reporting information prior to using the email contact.
dependencies:
env-dependencies-policy:
policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions

View file

@ -1,9 +1,9 @@
apiVersion: v2 apiVersion: v2
appVersion: v2.8.4 appVersion: v2.9.0
kubeVersion: ">=1.23.0-0" kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd name: argo-cd
version: 5.46.3 version: 5.51.1
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources: sources:
@ -26,5 +26,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: fixed
description: Upgrade Argo CD to v2.8.4 description: Add configurations for Applications in any namespace

View file

@ -449,6 +449,7 @@ NAME: my-release
| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | | configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret |
| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | | configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap |
| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
@ -561,6 +562,7 @@ NAME: my-release
| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | | controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | | controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name |
| controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet | | controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet |
| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
| controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | | controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container |
@ -653,6 +655,7 @@ NAME: my-release
| repoServer.serviceAccount.create | bool | `true` | Create repo server service account | | repoServer.serviceAccount.create | bool | `true` | Create repo server service account |
| repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | | repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| repoServer.serviceAccount.name | string | `""` | Repo server service account name | | repoServer.serviceAccount.name | string | `""` | Repo server service account name |
| repoServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | | repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server |
| repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | | repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory |
@ -807,6 +810,7 @@ NAME: my-release
| server.serviceAccount.create | bool | `true` | Create server service account | | server.serviceAccount.create | bool | `true` | Create server service account |
| server.serviceAccount.labels | object | `{}` | Labels applied to created service account | | server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| server.serviceAccount.name | string | `"argocd-server"` | Server service account name | | server.serviceAccount.name | string | `"argocd-server"` | Server service account name |
| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | | server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server |
| server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container |
@ -915,6 +919,7 @@ server:
| dex.servicePortHttp | int | `5556` | Service port for HTTP access | | dex.servicePortHttp | int | `5556` | Service port for HTTP access |
| dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | | dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access |
| dex.servicePortMetrics | int | `5558` | Service port for metrics access | | dex.servicePortMetrics | int | `5558` | Service port for metrics access |
| dex.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex | | dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex |
| dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | | dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container |
@ -947,7 +952,7 @@ server:
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis.image.tag | string | `"7.0.13-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.metrics.enabled | bool | `false` | Deploy metrics service | | redis.metrics.enabled | bool | `false` | Deploy metrics service |
@ -986,6 +991,7 @@ server:
| redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | | redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod |
| redis.serviceAccount.name | string | `""` | Service account name for redis pod | | redis.serviceAccount.name | string | `""` | Service account name for redis pod |
| redis.servicePort | int | `6379` | Redis service port | | redis.servicePort | int | `6379` | Redis service port |
| redis.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis | | redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis |
| redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | | redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container |
@ -1000,20 +1006,22 @@ The main options are listed here:
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. |
| redis-ha.affinity | object | `{}` | Assign custom [affinity] rules to the Redis pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. |
| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context |
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
| redis-ha.haproxy.affinity | object | `{}` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
| redis-ha.image.repository | string | `"redis"` | Redis repository | | redis-ha.image.repository | string | `"redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
@ -1134,6 +1142,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | | applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account |
| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | | applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | | applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name |
| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | | applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller |
| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | | applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations |
@ -1152,6 +1161,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|-----|------|---------|-------------| |-----|------|---------|-------------|
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource |
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
| notifications.containerPorts.metrics | int | `9001` | Metrics container port | | notifications.containerPorts.metrics | int | `9001` | Metrics container port |
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
@ -1212,6 +1222,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | | notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name |
| notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | | notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions |
| notifications.templates | object | `{}` | The notification template is used to generate the notification content | | notifications.templates | object | `{}` | The notification template is used to generate the notification content |
| notifications.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
@ -1243,3 +1254,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[tini]: https://github.com/argoproj/argo-cd/pull/12707 [tini]: https://github.com/argoproj/argo-cd/pull/12707
[EKS EoL]: https://endoflife.date/amazon-eks [EKS EoL]: https://endoflife.date/amazon-eks
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace

View file

@ -562,3 +562,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[tini]: https://github.com/argoproj/argo-cd/pull/12707 [tini]: https://github.com/argoproj/argo-cd/pull/12707
[EKS EoL]: https://endoflife.date/amazon-eks [EKS EoL]: https://endoflife.date/amazon-eks
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace

View file

@ -52,6 +52,9 @@ spec:
{{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- if .Values.controller.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
containers: containers:
- args: - args:

View file

@ -52,6 +52,9 @@ spec:
{{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }} {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- if .Values.applicationSet.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
containers: containers:
- name: {{ .Values.applicationSet.name }} - name: {{ .Values.applicationSet.name }}
@ -87,6 +90,18 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.annotations
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.labels
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

View file

@ -0,0 +1,22 @@
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
rules:
{{- with .Values.notifications.clusterRoleRules.rules }}
{{- toYaml . | nindent 2 }}
{{- end }}
- apiGroups:
- "argoproj.io"
resources:
- "applications"
verbs:
- get
- list
- watch
- update
- patch
{{- end }}

View file

@ -0,0 +1,16 @@
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "argo-cd.notifications.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.notificationsServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

View file

@ -51,6 +51,9 @@ spec:
{{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }} {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- if .Values.notifications.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }} serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
containers: containers:
- name: {{ .Values.notifications.name }} - name: {{ .Values.notifications.name }}
@ -75,13 +78,19 @@ spec:
configMapKeyRef: configMapKeyRef:
key: notificationscontroller.log.level key: notificationscontroller.log.level
name: argocd-cmd-params-cm name: argocd-cmd-params-cm
optional: true optional: true
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
key: notificationscontroller.log.format key: notificationscontroller.log.format
name: argocd-cmd-params-cm name: argocd-cmd-params-cm
optional: true optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
{{- with .Values.notifications.extraEnvFrom }} {{- with .Values.notifications.extraEnvFrom }}
envFrom: envFrom:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}

View file

@ -33,6 +33,9 @@ spec:
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
{{- end }} {{- end }}
{{- if .Values.configs.cmp.create }}
checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }}
{{- range $key, $value := . }} {{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
@ -59,6 +62,9 @@ spec:
{{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }} {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- if .Values.repoServer.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
containers: containers:
- name: {{ .Values.repoServer.name }} - name: {{ .Values.repoServer.name }}
@ -225,6 +231,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm name: argocd-cmd-params-cm
optional: true optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.disable.helm.manifest.max.extracted.size
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED - name: ARGOCD_GIT_MODULES_ENABLED
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

View file

@ -21,6 +21,9 @@ rules:
- events - events
verbs: verbs:
- list - list
{{- if (index .Values.configs.params "application.namespaces") }}
- create
{{- end }}
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -40,6 +43,7 @@ rules:
- argoproj.io - argoproj.io
resources: resources:
- applications - applications
- applicationsets
verbs: verbs:
- get - get
- list - list

View file

@ -53,6 +53,9 @@ spec:
{{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- if .Values.server.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }}
containers: containers:
- name: {{ .Values.server.name }} - name: {{ .Values.server.name }}

View file

@ -12,10 +12,10 @@ metadata:
{{- with .Values.server.metrics.serviceMonitor.additionalLabels }} {{- with .Values.server.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- with .Values.server.metrics.serviceMonitor.annotations }}
annotations: annotations:
{{- range $key, $value := .Values.server.metrics.serviceMonitor.annotations }} {{- toYaml . | nindent 4 }}
{{ $key }}: {{ $value | quote }} {{- end }}
{{- end }}
spec: spec:
endpoints: endpoints:
- port: {{ .Values.server.metrics.service.portName }} - port: {{ .Values.server.metrics.service.portName }}

View file

@ -359,6 +359,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -657,6 +688,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -797,7 +859,8 @@ spec:
properties: properties:
name: name:
description: Name is an alternate way of specifying the target description: Name is an alternate way of specifying the target
cluster by its symbolic name cluster by its symbolic name. This must be set if Server is
not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace for the description: Namespace specifies the target namespace for the
@ -805,8 +868,9 @@ spec:
namespace-scoped resources that have not set a value for .metadata.namespace namespace-scoped resources that have not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster and description: Server specifies the URL of the target cluster's
must be set to the Kubernetes control plane API Kubernetes control plane API. This must be set if Name is not
set.
type: string type: string
type: object type: object
ignoreDifferences: ignoreDifferences:
@ -1067,6 +1131,37 @@ spec:
description: Namespace sets the namespace that Kustomize adds description: Namespace sets the namespace that Kustomize adds
to all resources to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas override description: Replicas is a list of Kustomize Replicas override
specifications specifications
@ -1355,6 +1450,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas override description: Replicas is a list of Kustomize Replicas override
specifications specifications
@ -1796,6 +1922,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2097,6 +2254,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2542,6 +2730,37 @@ spec:
description: Namespace sets the namespace that description: Namespace sets the namespace that
Kustomize adds to all resources Kustomize adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2860,6 +3079,38 @@ spec:
description: Namespace sets the namespace that description: Namespace sets the namespace that
Kustomize adds to all resources Kustomize adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize
patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize description: Replicas is a list of Kustomize
Replicas override specifications Replicas override specifications
@ -3292,6 +3543,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -3603,6 +3885,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -3804,7 +4117,8 @@ spec:
properties: properties:
name: name:
description: Name is an alternate way of specifying the description: Name is an alternate way of specifying the
target cluster by its symbolic name target cluster by its symbolic name. This must be set
if Server is not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace description: Namespace specifies the target namespace
@ -3813,8 +4127,9 @@ spec:
not set a value for .metadata.namespace not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster description: Server specifies the URL of the target cluster's
and must be set to the Kubernetes control plane API Kubernetes control plane API. This must be set if Name
is not set.
type: string type: string
type: object type: object
ignoreDifferences: ignoreDifferences:
@ -4056,6 +4371,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -4367,6 +4713,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications

File diff suppressed because it is too large Load diff

View file

@ -55,6 +55,9 @@ spec:
{{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- if .Values.dex.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
containers: containers:
- name: {{ .Values.dex.name }} - name: {{ .Values.dex.name }}

View file

@ -48,6 +48,9 @@ spec:
{{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- if .Values.redis.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }} serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }}
containers: containers:
- name: {{ .Values.redis.name }} - name: {{ .Values.redis.name }}

View file

@ -263,6 +263,12 @@ configs:
# -- Enables use of the Progressive Syncs capability # -- Enables use of the Progressive Syncs capability
applicationsetcontroller.enable.progressive.syncs: false applicationsetcontroller.enable.progressive.syncs: false
# -- Enables [Applications in any namespace]
## List of additional namespaces where applications may be created in and reconciled from.
## The namespace where Argo CD is installed to will always be allowed.
## Set comma-separated list. (e.g. app-team-one, app-team-two)
application.namespaces: ""
# Argo CD RBAC policy configuration # Argo CD RBAC policy configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbac: rbac:
@ -326,7 +332,7 @@ configs:
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
@ -731,6 +737,9 @@ controller:
# -- Number of seconds after which the [probe] times out # -- Number of seconds after which the [probe] times out
timeoutSeconds: 1 timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Priority class for the application controller pods # -- Priority class for the application controller pods
# @default -- `""` (defaults to global.priorityClassName) # @default -- `""` (defaults to global.priorityClassName)
priorityClassName: "" priorityClassName: ""
@ -1074,6 +1083,9 @@ dex:
# -- Number of seconds after which the [probe] times out # -- Number of seconds after which the [probe] times out
timeoutSeconds: 1 timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
serviceAccount: serviceAccount:
# -- Create dex service account # -- Create dex service account
create: true create: true
@ -1162,7 +1174,7 @@ redis:
# -- Redis repository # -- Redis repository
repository: public.ecr.aws/docker/library/redis repository: public.ecr.aws/docker/library/redis
# -- Redis tag # -- Redis tag
tag: 7.0.11-alpine tag: 7.0.13-alpine
# -- Redis image pull policy # -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy) # @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: "" imagePullPolicy: ""
@ -1279,6 +1291,7 @@ redis:
# -- Redis container-level security context # -- Redis container-level security context
# @default -- See [values.yaml] # @default -- See [values.yaml]
containerSecurityContext: containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:
@ -1312,6 +1325,9 @@ redis:
# topologyKey: topology.kubernetes.io/zone # topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule # whenUnsatisfiable: DoNotSchedule
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
serviceAccount: serviceAccount:
# -- Create a service account for the redis pod # -- Create a service account for the redis pod
create: false create: false
@ -1381,7 +1397,7 @@ redis-ha:
# -- Redis repository # -- Redis repository
repository: redis repository: redis
# -- Redis tag # -- Redis tag
tag: 7.0.11-alpine tag: 7.0.13-alpine
## Prometheus redis-exporter sidecar ## Prometheus redis-exporter sidecar
exporter: exporter:
# -- Enable Prometheus redis-exporter sidecar # -- Enable Prometheus redis-exporter sidecar
@ -1415,9 +1431,14 @@ redis-ha:
# -- Additional affinities to add to the haproxy pods. # -- Additional affinities to add to the haproxy pods.
additionalAffinities: {} additionalAffinities: {}
# -- Assign custom [affinity] rules to the haproxy pods. # -- Assign custom [affinity] rules to the haproxy pods.
affinity: {} affinity: |
# -- [Tolerations] for use with node taints for haproxy pods. # -- [Tolerations] for use with node taints for haproxy pods.
tolerations: [] tolerations: []
# -- HAProxy container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
readOnlyRootFilesystem: true
# -- Whether the Redis server pods should be forced to run on separate nodes. # -- Whether the Redis server pods should be forced to run on separate nodes.
hardAntiAffinity: true hardAntiAffinity: true
@ -1426,7 +1447,7 @@ redis-ha:
additionalAffinities: {} additionalAffinities: {}
# -- Assign custom [affinity] rules to the Redis pods. # -- Assign custom [affinity] rules to the Redis pods.
affinity: {} affinity: |
# -- [Tolerations] for use with node taints for Redis pods. # -- [Tolerations] for use with node taints for Redis pods.
tolerations: [] tolerations: []
@ -1445,6 +1466,10 @@ redis-ha:
# -- Enforcement policy, hard or soft # -- Enforcement policy, hard or soft
# @default -- `""` (defaults to `ScheduleAnyway`) # @default -- `""` (defaults to `ScheduleAnyway`)
whenUnsatisfiable: "" whenUnsatisfiable: ""
# -- Redis HA statefulset container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
readOnlyRootFilesystem: true
# External Redis parameters # External Redis parameters
externalRedis: externalRedis:
@ -1708,6 +1733,9 @@ server:
# -- Number of seconds after which the [probe] times out # -- Number of seconds after which the [probe] times out
timeoutSeconds: 1 timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Priority class for the Argo CD server pods # -- Priority class for the Argo CD server pods
# @default -- `""` (defaults to global.priorityClassName) # @default -- `""` (defaults to global.priorityClassName)
priorityClassName: "" priorityClassName: ""
@ -2251,6 +2279,9 @@ repoServer:
# -- Number of seconds after which the [probe] times out # -- Number of seconds after which the [probe] times out
timeoutSeconds: 1 timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector] # -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector) # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {} nodeSelector: {}
@ -2608,6 +2639,9 @@ applicationSet:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3 failureThreshold: 3
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector] # -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector) # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {} nodeSelector: {}
@ -2921,6 +2955,9 @@ notifications:
drop: drop:
- ALL - ALL
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector] # -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector) # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {} nodeSelector: {}
@ -2966,6 +3003,12 @@ notifications:
# -- Whether helm chart creates notifications controller config map # -- Whether helm chart creates notifications controller config map
create: true create: true
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
# -- List of custom rules for the notifications controller's ClusterRole resource
rules: []
# -- Contains centrally managed global application subscriptions # -- Contains centrally managed global application subscriptions
## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
subscriptions: [] subscriptions: []

View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v1.6.0 appVersion: v1.6.0
description: A Helm chart for Argo Rollouts description: A Helm chart for Argo Rollouts
name: argo-rollouts name: argo-rollouts
version: 2.32.0 version: 2.32.2
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords: keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: fixed
description: Upgrade Argo Rollouts to v1.6.0 description: Update AnalysisRun CRD to match upstream

View file

@ -48,7 +48,7 @@ spec:
{{- if not .Values.clusterInstall }} {{- if not .Values.clusterInstall }}
- --namespaced - --namespaced
{{- end }} {{- end }}
{{- if gt .Values.controller.replicas 1.0 }} {{- if gt (int .Values.controller.replicas) 1 }}
- --leader-elect - --leader-elect
{{- end }} {{- end }}
{{- with .Values.controller.extraArgs }} {{- with .Values.controller.extraArgs }}

View file

@ -189,13 +189,22 @@ spec:
datadog: datadog:
properties: properties:
apiVersion: apiVersion:
default: v1
enum:
- v1
- v2
type: string
formula:
type: string type: string
interval: interval:
default: 5m
type: string type: string
queries:
additionalProperties:
type: string
type: object
query: query:
type: string type: string
required:
- query
type: object type: object
graphite: graphite:
properties: properties:
@ -2809,6 +2818,19 @@ spec:
type: string type: string
authentication: authentication:
properties: properties:
oauth2:
properties:
clientId:
type: string
clientSecret:
type: string
scopes:
items:
type: string
type: array
tokenUrl:
type: string
type: object
sigv4: sigv4:
properties: properties:
profile: profile:
@ -2857,6 +2879,31 @@ spec:
type: object type: object
web: web:
properties: properties:
authentication:
properties:
oauth2:
properties:
clientId:
type: string
clientSecret:
type: string
scopes:
items:
type: string
type: array
tokenUrl:
type: string
type: object
sigv4:
properties:
profile:
type: string
region:
type: string
roleArn:
type: string
type: object
type: object
body: body:
type: string type: string
headers: headers:

View file

@ -1,9 +1,9 @@
apiVersion: v2 apiVersion: v2
appVersion: v3.4.11 appVersion: v3.5.1
name: argo-workflows name: argo-workflows
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
type: application type: application
version: 0.33.3 version: 0.39.0
icon: https://argoproj.github.io/argo-workflows/assets/logo.png icon: https://argoproj.github.io/argo-workflows/assets/logo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
sources: sources:
@ -17,4 +17,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: fixed - kind: fixed
description: Add HA docs and example description: Accept multi auth mode for server.

View file

@ -108,6 +108,7 @@ Fields to note:
|-----|------|---------|-------------| |-----|------|---------|-------------|
| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart |
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
| commonLabels | object | `{}` | Labels to set on all resources |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs | | crds.install | bool | `true` | Install and upgrade CRDs |
| crds.keep | bool | `true` | Keep CRDs on chart uninstall | | crds.keep | bool | `true` | Keep CRDs on chart uninstall |
@ -141,6 +142,7 @@ Fields to note:
| controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.affinity | object | `{}` | Assign custom [affinity] rules |
| controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] |
| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ |
| controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment |
| controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller |
| controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment |
@ -181,6 +183,7 @@ Fields to note:
| controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods |
| controller.persistence | object | `{}` | enable persistence using postgres | | controller.persistence | object | `{}` | enable persistence using postgres |
| controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods |
| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers |
| controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | | controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. |
| controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. | | controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. |
| controller.podLabels | object | `{}` | Optional labels to add to the controller pods | | controller.podLabels | object | `{}` | Optional labels to add to the controller pods |
@ -220,6 +223,7 @@ Fields to note:
| controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ | | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ |
| controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. | | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. |
| controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ | | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ |
| controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers |
| controller.workflowWorkers | string | `nil` | Number of workflow workers | | controller.workflowWorkers | string | `nil` | Number of workflow workers |
### Workflow Main Container ### Workflow Main Container
@ -256,6 +260,8 @@ Fields to note:
| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate |
| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. |
| server.affinity | object | `{}` | Assign custom [affinity] rules | | server.affinity | object | `{}` | Assign custom [affinity] rules |
| server.authMode | string | `""` | Deprecated; use server.authModes instead. |
| server.authModes | list | `[]` | A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. |
| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server |
| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] |
@ -267,7 +273,7 @@ Fields to note:
| server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. |
| server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment | | server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment |
| server.enabled | bool | `true` | Deploy the Argo Server | | server.enabled | bool | `true` | Deploy the Argo Server |
| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. | | server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. |
| server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment |
| server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container |
| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | | server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment |
@ -315,7 +321,7 @@ Fields to note:
| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | | server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret |
| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret |
| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups |
| server.sso.enabled | bool | `false` | Create SSO configuration | | server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. |
| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client |
| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider |
| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers |

View file

@ -1,3 +1,7 @@
{{- if .Values.server.authMode }}
DEPRECATED option server.authMode - Use server.authModes
{{- end }}
1. Get Argo Server external IP/domain by running: 1. Get Argo Server external IP/domain by running:
kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }}

View file

@ -79,6 +79,9 @@ helm.sh/chart: {{ include "argo-workflows.chart" .context }}
{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} {{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argo-workflows app.kubernetes.io/part-of: argo-workflows
{{- with .context.Values.commonLabels }}
{{ toYaml .}}
{{- end }}
{{- end }} {{- end }}
{{/* {{/*

View file

@ -20,6 +20,12 @@ rules:
- cronworkflows/finalizers - cronworkflows/finalizers
- clusterworkflowtemplates - clusterworkflowtemplates
- clusterworkflowtemplates/finalizers - clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs: verbs:
- get - get
- list - list
@ -46,6 +52,12 @@ rules:
- cronworkflows/finalizers - cronworkflows/finalizers
- clusterworkflowtemplates - clusterworkflowtemplates
- clusterworkflowtemplates/finalizers - clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs: verbs:
- create - create
- delete - delete
@ -79,6 +91,12 @@ rules:
- cronworkflows/finalizers - cronworkflows/finalizers
- clusterworkflowtemplates - clusterworkflowtemplates
- clusterworkflowtemplates/finalizers - clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs: verbs:
- create - create
- delete - delete

View file

@ -60,6 +60,18 @@ spec:
- "--workflow-workers" - "--workflow-workers"
- {{ . | quote }} - {{ . | quote }}
{{- end }} {{- end }}
{{- with .Values.controller.workflowTTLWorkers }}
- "--workflow-ttl-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.podCleanupWorkers }}
- "--pod-cleanup-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.cronWorkflowWorkers }}
- "--cron-workflow-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.extraArgs }} {{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 10 }} {{- toYaml . | nindent 10 }}
{{- end }} {{- end }}

View file

@ -441,6 +441,8 @@ spec:
type: object type: object
securityToken: securityToken:
type: string type: string
useSDKCreds:
type: boolean
required: required:
- key - key
type: object type: object
@ -470,6 +472,17 @@ spec:
type: object type: object
bucket: bucket:
type: string type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent: createBucketIfNotPresent:
properties: properties:
objectLocking: objectLocking:

View file

@ -52,6 +52,12 @@ spec:
{{- with .Values.server.extraArgs }} {{- with .Values.server.extraArgs }}
{{- toYaml . | nindent 10 }} {{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
{{- if .Values.server.authMode }}
- "--auth-mode={{ .Values.server.authMode }}"
{{- end }}
{{- range .Values.server.authModes }}
- "--auth-mode={{ . }}"
{{- end }}
- "--secure={{ .Values.server.secure }}" - "--secure={{ .Values.server.secure }}"
{{- if .Values.singleNamespace }} {{- if .Values.singleNamespace }}
- "--namespaced" - "--namespaced"

View file

@ -26,6 +26,9 @@ nameOverride:
# -- String to fully override "argo-workflows.fullname" template # -- String to fully override "argo-workflows.fullname" template
fullnameOverride: fullnameOverride:
# -- Labels to set on all resources
commonLabels: {}
# -- Override the Kubernetes version, which is used to evaluate certain manifests # -- Override the Kubernetes version, which is used to evaluate certain manifests
kubeVersionOverride: "" kubeVersionOverride: ""
@ -121,7 +124,7 @@ controller:
# -- Service metrics port name # -- Service metrics port name
servicePortName: metrics servicePortName: metrics
# -- ServiceMonitor relabel configs to apply to samples before scraping # -- ServiceMonitor relabel configs to apply to samples before scraping
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
relabelings: [] relabelings: []
# -- ServiceMonitor metric relabel configs to apply to samples before ingestion # -- ServiceMonitor metric relabel configs to apply to samples before ingestion
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
@ -158,6 +161,10 @@ controller:
# passwordSecret: # passwordSecret:
# name: argo-postgres-config # name: argo-postgres-config
# key: password # key: password
# ssl: true
# # sslMode must be one of: disable, require, verify-ca, verify-full
# # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq
# sslMode: require
# -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
# Only valid for 2.7+ # Only valid for 2.7+
@ -173,6 +180,13 @@ controller:
# -- Number of workflow workers # -- Number of workflow workers
workflowWorkers: # 32 workflowWorkers: # 32
# -- Number of workflow TTL workers
workflowTTLWorkers: # 4
# -- Number of pod cleanup workers
podCleanupWorkers: # 4
# -- Number of cron workflow workers
# Only valid for 3.5+
cronWorkflowWorkers: # 8
# -- Restricts the Workflows that the controller will process. # -- Restricts the Workflows that the controller will process.
# Only valid for 2.9+ # Only valid for 2.9+
workflowRestrictions: {} workflowRestrictions: {}
@ -522,14 +536,16 @@ server:
# - name: FOO # - name: FOO
# value: "bar" # value: "bar"
# -- Extra arguments to provide to the Argo server binary, such as for disabling authentication. # -- Deprecated; use server.authModes instead.
authMode: ""
# -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well.
## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/
authModes: []
# -- Extra arguments to provide to the Argo server binary.
## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options
extraArgs: [] extraArgs: []
# If you want to disable authentication for purposes such as:
# - local dev-mode without authentication
# - gateway authentication through some other service such as KeyCloak
# uncomment the lines below and comment out the default empty list `extraArgs: []` above:
# extraArgs:
# - --auth-mode=server
logging: logging:
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
@ -631,8 +647,7 @@ server:
# SSO configuration when SSO is specified as a server auth mode. # SSO configuration when SSO is specified as a server auth mode.
sso: sso:
# -- Create SSO configuration # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`.
## SSO is activated by adding --auth-mode=sso to the server command line.
enabled: false enabled: false
# -- The root URL of the OIDC identity provider # -- The root URL of the OIDC identity provider
issuer: https://accounts.google.com issuer: https://accounts.google.com

View file

@ -9,7 +9,7 @@ echo -e "\n-- Linting all Helm Charts --\n"
docker run \ docker run \
-v "$SRCROOT:/workdir" \ -v "$SRCROOT:/workdir" \
--entrypoint /bin/sh \ --entrypoint /bin/sh \
quay.io/helmpack/chart-testing:v3.7.1 \ quay.io/helmpack/chart-testing:v3.10.0 \
-c cd /workdir \ -c cd /workdir \
ct lint \ ct lint \
--config .github/configs/ct-lint.yaml \ --config .github/configs/ct-lint.yaml \