Merge branch 'main' into docs-typo-fix-in-security.md
This commit is contained in:
commit
2f7c151ffa
40 changed files with 2213 additions and 66 deletions
|
@ -7,6 +7,12 @@ exemptions:
|
|||
reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI)
|
||||
- check: sbom
|
||||
reason: "Tracking Helm dependencies is not yet a stable practice."
|
||||
- check: self_assessment
|
||||
reason: "Refer to self assessments supplied by the codebases Argo Helm supports."
|
||||
- check: signed_releases
|
||||
reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only."
|
||||
- check: license_scanning
|
||||
reason: "Temporary exemption: pending response from CNCF Service Desk"
|
||||
|
||||
# TODO:
|
||||
# License scanning information
|
||||
|
|
10
CODEOWNERS → .github/CODEOWNERS
vendored
10
CODEOWNERS → .github/CODEOWNERS
vendored
|
@ -1,14 +1,6 @@
|
|||
# All
|
||||
* @mkilchhofer @jmeridth
|
||||
* @mkilchhofer @jmeridth @yu-croco
|
||||
|
||||
# Argo Workflows
|
||||
/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24
|
||||
|
||||
# Argo CD
|
||||
/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24
|
||||
|
||||
# Argo Events
|
||||
/charts/argo-events/ @pdrastil @jmeridth @tico24
|
||||
|
||||
# Argo Rollouts
|
||||
/charts/argo-rollouts/ @jmeridth
|
1
.github/configs/ct-lint.yaml
vendored
1
.github/configs/ct-lint.yaml
vendored
|
@ -7,7 +7,6 @@ chart-dirs:
|
|||
- charts
|
||||
chart-repos:
|
||||
- dandydeveloper=https://dandydeveloper.github.io/charts/
|
||||
helm-extra-args: "--timeout 600s"
|
||||
validate-chart-schema: false
|
||||
validate-maintainers: true
|
||||
validate-yaml: true
|
||||
|
|
10
.github/workflows/lint-and-test.yml
vendored
10
.github/workflows/lint-and-test.yml
vendored
|
@ -13,7 +13,7 @@ jobs:
|
|||
options: --user 1001
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Run ah lint
|
||||
working-directory: ./charts
|
||||
run: ah lint
|
||||
|
@ -22,7 +22,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
@ -32,16 +32,16 @@ jobs:
|
|||
version: v3.10.1 # Also update in publish.yaml
|
||||
|
||||
- name: Set up python
|
||||
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
|
||||
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
|
||||
with:
|
||||
python-version: 3.9
|
||||
|
||||
- name: Setup Chart Linting
|
||||
id: lint
|
||||
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
|
||||
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
|
||||
with:
|
||||
# Note: Also update in scripts/lint.sh
|
||||
version: v3.7.1
|
||||
version: v3.10.0
|
||||
|
||||
- name: List changed charts
|
||||
id: list-changed
|
||||
|
|
2
.github/workflows/pr-title.yml
vendored
2
.github/workflows/pr-title.yml
vendored
|
@ -19,7 +19,7 @@ jobs:
|
|||
name: Validate PR title
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0
|
||||
- uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
|
|
6
.github/workflows/publish.yml
vendored
6
.github/workflows/publish.yml
vendored
|
@ -18,7 +18,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
@ -58,14 +58,14 @@ jobs:
|
|||
PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
|
||||
|
||||
- name: Run chart-releaser
|
||||
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
|
||||
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
|
||||
with:
|
||||
config: "./.github/configs/cr.yaml"
|
||||
env:
|
||||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||
|
||||
- name: Login to GHCR
|
||||
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
|
|
4
.github/workflows/scorecard.yml
vendored
4
.github/workflows/scorecard.yml
vendored
|
@ -33,12 +33,12 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
|
||||
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
|
|
|
@ -47,6 +47,8 @@ Any breaking changes to a chart (backwards incompatible) require:
|
|||
|
||||
### New Application Versions
|
||||
|
||||
Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release.
|
||||
|
||||
When selecting new application versions ensure you make the following changes:
|
||||
|
||||
* `values.yaml`: Bump all instances of the container image version
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
[](https://artifacthub.io/packages/search?repo=argo)
|
||||
[](https://clomonitor.io/projects/cncf/argo)
|
||||
[](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm)
|
||||
[](https://www.bestpractices.dev/projects/7942)
|
||||
|
||||
Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command:
|
||||
|
||||
|
|
23
SECURITY-INSIGHTS.yml
Normal file
23
SECURITY-INSIGHTS.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
header:
|
||||
schema-version: '1.0.0'
|
||||
expiration-date: '2024-11-04T10:00:00.000Z'
|
||||
project-url: https://github.com/argoproj/argo-helm
|
||||
project-lifecycle:
|
||||
status: active
|
||||
bug-fixes-only: false
|
||||
core-maintainers:
|
||||
- https://github.com/mkilchhofer
|
||||
- https://github.com/jmeridth
|
||||
contribution-policy:
|
||||
accepts-pull-requests: true
|
||||
accepts-automated-pull-requests: true
|
||||
distribution-points:
|
||||
- https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
|
||||
vulnerability-reporting:
|
||||
accepts-vulnerability-reports: true
|
||||
email-contact: cncf-argo-maintainers@lists.cncf.io
|
||||
security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
|
||||
comment: Please refer to the security policy for reporting information prior to using the email contact.
|
||||
dependencies:
|
||||
env-dependencies-policy:
|
||||
policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions
|
|
@ -1,9 +1,9 @@
|
|||
apiVersion: v2
|
||||
appVersion: v2.8.4
|
||||
appVersion: v2.9.0
|
||||
kubeVersion: ">=1.23.0-0"
|
||||
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
|
||||
name: argo-cd
|
||||
version: 5.46.3
|
||||
version: 5.51.1
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
|
||||
sources:
|
||||
|
@ -26,5 +26,5 @@ annotations:
|
|||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: Upgrade Argo CD to v2.8.4
|
||||
- kind: fixed
|
||||
description: Add configurations for Applications in any namespace
|
||||
|
|
|
@ -449,6 +449,7 @@ NAME: my-release
|
|||
| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret |
|
||||
| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap |
|
||||
| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
|
||||
| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
|
||||
| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
|
||||
| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
|
||||
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
|
||||
|
@ -561,6 +562,7 @@ NAME: my-release
|
|||
| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
|
||||
| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name |
|
||||
| controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet |
|
||||
| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
|
||||
| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
|
||||
| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
|
||||
| controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container |
|
||||
|
@ -653,6 +655,7 @@ NAME: my-release
|
|||
| repoServer.serviceAccount.create | bool | `true` | Create repo server service account |
|
||||
| repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account |
|
||||
| repoServer.serviceAccount.name | string | `""` | Repo server service account name |
|
||||
| repoServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
|
||||
| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
|
||||
| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server |
|
||||
| repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory |
|
||||
|
@ -807,6 +810,7 @@ NAME: my-release
|
|||
| server.serviceAccount.create | bool | `true` | Create server service account |
|
||||
| server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
|
||||
| server.serviceAccount.name | string | `"argocd-server"` | Server service account name |
|
||||
| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
|
||||
| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
|
||||
| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server |
|
||||
| server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container |
|
||||
|
@ -915,6 +919,7 @@ server:
|
|||
| dex.servicePortHttp | int | `5556` | Service port for HTTP access |
|
||||
| dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access |
|
||||
| dex.servicePortMetrics | int | `5558` | Service port for metrics access |
|
||||
| dex.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
|
||||
| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
|
||||
| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex |
|
||||
| dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container |
|
||||
|
@ -947,7 +952,7 @@ server:
|
|||
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
|
||||
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
|
||||
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
|
||||
| redis.image.tag | string | `"7.0.11-alpine"` | Redis tag |
|
||||
| redis.image.tag | string | `"7.0.13-alpine"` | Redis tag |
|
||||
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
|
||||
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
|
||||
| redis.metrics.enabled | bool | `false` | Deploy metrics service |
|
||||
|
@ -986,6 +991,7 @@ server:
|
|||
| redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod |
|
||||
| redis.serviceAccount.name | string | `""` | Service account name for redis pod |
|
||||
| redis.servicePort | int | `6379` | Redis service port |
|
||||
| redis.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
|
||||
| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
|
||||
| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis |
|
||||
| redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container |
|
||||
|
@ -1000,20 +1006,22 @@ The main options are listed here:
|
|||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. |
|
||||
| redis-ha.affinity | object | `{}` | Assign custom [affinity] rules to the Redis pods. |
|
||||
| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. |
|
||||
| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context |
|
||||
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
|
||||
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
|
||||
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
|
||||
| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter |
|
||||
| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
|
||||
| redis-ha.haproxy.affinity | object | `{}` | Assign custom [affinity] rules to the haproxy pods. |
|
||||
| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
|
||||
| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
|
||||
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
|
||||
| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. |
|
||||
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
|
||||
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
|
||||
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
|
||||
| redis-ha.image.repository | string | `"redis"` | Redis repository |
|
||||
| redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag |
|
||||
| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag |
|
||||
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
|
||||
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
|
||||
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
|
||||
|
@ -1134,6 +1142,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
|||
| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account |
|
||||
| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account |
|
||||
| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name |
|
||||
| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
|
||||
| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
|
||||
| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller |
|
||||
| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations |
|
||||
|
@ -1152,6 +1161,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
|||
|-----|------|---------|-------------|
|
||||
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
|
||||
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
|
||||
| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource |
|
||||
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
|
||||
| notifications.containerPorts.metrics | int | `9001` | Metrics container port |
|
||||
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
|
||||
|
@ -1212,6 +1222,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
|||
| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name |
|
||||
| notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions |
|
||||
| notifications.templates | object | `{}` | The notification template is used to generate the notification content |
|
||||
| notifications.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
|
||||
| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
|
||||
| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
|
||||
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
|
||||
|
@ -1243,3 +1254,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
|
|||
[tini]: https://github.com/argoproj/argo-cd/pull/12707
|
||||
[EKS EoL]: https://endoflife.date/amazon-eks
|
||||
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
|
||||
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
|
||||
|
|
|
@ -562,3 +562,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
|
|||
[tini]: https://github.com/argoproj/argo-cd/pull/12707
|
||||
[EKS EoL]: https://endoflife.date/amazon-eks
|
||||
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
|
||||
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
|
||||
|
|
|
@ -52,6 +52,9 @@ spec:
|
|||
{{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
|
||||
containers:
|
||||
- args:
|
||||
|
|
|
@ -52,6 +52,9 @@ spec:
|
|||
{{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.applicationSet.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Values.applicationSet.name }}
|
||||
|
@ -87,6 +90,18 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: applicationsetcontroller.global.preserved.annotations
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: applicationsetcontroller.global.preserved.labels
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "argo-cd.notifications.fullname" . }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
|
||||
rules:
|
||||
{{- with .Values.notifications.clusterRoleRules.rules }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
- apiGroups:
|
||||
- "argoproj.io"
|
||||
resources:
|
||||
- "applications"
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
{{- end }}
|
|
@ -0,0 +1,16 @@
|
|||
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "argo-cd.notifications.fullname" . }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "argo-cd.notifications.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "argo-cd.notificationsServiceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
|
@ -51,6 +51,9 @@ spec:
|
|||
{{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.notifications.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Values.notifications.name }}
|
||||
|
@ -82,6 +85,12 @@ spec:
|
|||
key: notificationscontroller.log.format
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_NAMESPACES
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
{{- with .Values.notifications.extraEnvFrom }}
|
||||
envFrom:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
|
|
|
@ -33,6 +33,9 @@ spec:
|
|||
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
|
||||
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.configs.cmp.create }}
|
||||
checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }}
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
|
@ -59,6 +62,9 @@ spec:
|
|||
{{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.repoServer.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Values.repoServer.name }}
|
||||
|
@ -225,6 +231,18 @@ spec:
|
|||
key: reposerver.streamed.manifest.max.extracted.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.helm.manifest.max.extracted.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: reposerver.disable.helm.manifest.max.extracted.size
|
||||
optional: true
|
||||
- name: ARGOCD_GIT_MODULES_ENABLED
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
|
|
@ -21,6 +21,9 @@ rules:
|
|||
- events
|
||||
verbs:
|
||||
- list
|
||||
{{- if (index .Values.configs.params "application.namespaces") }}
|
||||
- create
|
||||
{{- end }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
@ -40,6 +43,7 @@ rules:
|
|||
- argoproj.io
|
||||
resources:
|
||||
- applications
|
||||
- applicationsets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
|
|
|
@ -53,6 +53,9 @@ spec:
|
|||
{{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Values.server.name }}
|
||||
|
|
|
@ -12,10 +12,10 @@ metadata:
|
|||
{{- with .Values.server.metrics.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.server.metrics.serviceMonitor.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.server.metrics.serviceMonitor.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: {{ .Values.server.metrics.service.portName }}
|
||||
|
|
|
@ -359,6 +359,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -657,6 +688,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -797,7 +859,8 @@ spec:
|
|||
properties:
|
||||
name:
|
||||
description: Name is an alternate way of specifying the target
|
||||
cluster by its symbolic name
|
||||
cluster by its symbolic name. This must be set if Server is
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace specifies the target namespace for the
|
||||
|
@ -805,8 +868,9 @@ spec:
|
|||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster and
|
||||
must be set to the Kubernetes control plane API
|
||||
description: Server specifies the URL of the target cluster's
|
||||
Kubernetes control plane API. This must be set if Name is not
|
||||
set.
|
||||
type: string
|
||||
type: object
|
||||
ignoreDifferences:
|
||||
|
@ -1067,6 +1131,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize adds
|
||||
to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas override
|
||||
specifications
|
||||
|
@ -1355,6 +1450,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas override
|
||||
specifications
|
||||
|
@ -1796,6 +1922,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -2097,6 +2254,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -2542,6 +2730,37 @@ spec:
|
|||
description: Namespace sets the namespace that
|
||||
Kustomize adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -2860,6 +3079,38 @@ spec:
|
|||
description: Namespace sets the namespace that
|
||||
Kustomize adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize
|
||||
patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize
|
||||
Replicas override specifications
|
||||
|
@ -3292,6 +3543,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -3603,6 +3885,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -3804,7 +4117,8 @@ spec:
|
|||
properties:
|
||||
name:
|
||||
description: Name is an alternate way of specifying the
|
||||
target cluster by its symbolic name
|
||||
target cluster by its symbolic name. This must be set
|
||||
if Server is not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace specifies the target namespace
|
||||
|
@ -3813,8 +4127,9 @@ spec:
|
|||
not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster
|
||||
and must be set to the Kubernetes control plane API
|
||||
description: Server specifies the URL of the target cluster's
|
||||
Kubernetes control plane API. This must be set if Name
|
||||
is not set.
|
||||
type: string
|
||||
type: object
|
||||
ignoreDifferences:
|
||||
|
@ -4056,6 +4371,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -4367,6 +4713,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -55,6 +55,9 @@ spec:
|
|||
{{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.dex.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Values.dex.name }}
|
||||
|
|
|
@ -48,6 +48,9 @@ spec:
|
|||
{{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.redis.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Values.redis.name }}
|
||||
|
|
|
@ -263,6 +263,12 @@ configs:
|
|||
# -- Enables use of the Progressive Syncs capability
|
||||
applicationsetcontroller.enable.progressive.syncs: false
|
||||
|
||||
# -- Enables [Applications in any namespace]
|
||||
## List of additional namespaces where applications may be created in and reconciled from.
|
||||
## The namespace where Argo CD is installed to will always be allowed.
|
||||
## Set comma-separated list. (e.g. app-team-one, app-team-two)
|
||||
application.namespaces: ""
|
||||
|
||||
# Argo CD RBAC policy configuration
|
||||
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
|
||||
rbac:
|
||||
|
@ -326,7 +332,7 @@ configs:
|
|||
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
||||
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
|
||||
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
|
||||
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
|
||||
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
|
||||
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
||||
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|
||||
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
||||
|
@ -731,6 +737,9 @@ controller:
|
|||
# -- Number of seconds after which the [probe] times out
|
||||
timeoutSeconds: 1
|
||||
|
||||
# -- terminationGracePeriodSeconds for container lifecycle hook
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
# -- Priority class for the application controller pods
|
||||
# @default -- `""` (defaults to global.priorityClassName)
|
||||
priorityClassName: ""
|
||||
|
@ -1074,6 +1083,9 @@ dex:
|
|||
# -- Number of seconds after which the [probe] times out
|
||||
timeoutSeconds: 1
|
||||
|
||||
# -- terminationGracePeriodSeconds for container lifecycle hook
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
serviceAccount:
|
||||
# -- Create dex service account
|
||||
create: true
|
||||
|
@ -1162,7 +1174,7 @@ redis:
|
|||
# -- Redis repository
|
||||
repository: public.ecr.aws/docker/library/redis
|
||||
# -- Redis tag
|
||||
tag: 7.0.11-alpine
|
||||
tag: 7.0.13-alpine
|
||||
# -- Redis image pull policy
|
||||
# @default -- `""` (defaults to global.image.imagePullPolicy)
|
||||
imagePullPolicy: ""
|
||||
|
@ -1279,6 +1291,7 @@ redis:
|
|||
# -- Redis container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
|
@ -1312,6 +1325,9 @@ redis:
|
|||
# topologyKey: topology.kubernetes.io/zone
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
|
||||
# -- terminationGracePeriodSeconds for container lifecycle hook
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
serviceAccount:
|
||||
# -- Create a service account for the redis pod
|
||||
create: false
|
||||
|
@ -1381,7 +1397,7 @@ redis-ha:
|
|||
# -- Redis repository
|
||||
repository: redis
|
||||
# -- Redis tag
|
||||
tag: 7.0.11-alpine
|
||||
tag: 7.0.13-alpine
|
||||
## Prometheus redis-exporter sidecar
|
||||
exporter:
|
||||
# -- Enable Prometheus redis-exporter sidecar
|
||||
|
@ -1415,9 +1431,14 @@ redis-ha:
|
|||
# -- Additional affinities to add to the haproxy pods.
|
||||
additionalAffinities: {}
|
||||
# -- Assign custom [affinity] rules to the haproxy pods.
|
||||
affinity: {}
|
||||
affinity: |
|
||||
|
||||
# -- [Tolerations] for use with node taints for haproxy pods.
|
||||
tolerations: []
|
||||
# -- HAProxy container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
# -- Whether the Redis server pods should be forced to run on separate nodes.
|
||||
hardAntiAffinity: true
|
||||
|
@ -1426,7 +1447,7 @@ redis-ha:
|
|||
additionalAffinities: {}
|
||||
|
||||
# -- Assign custom [affinity] rules to the Redis pods.
|
||||
affinity: {}
|
||||
affinity: |
|
||||
|
||||
# -- [Tolerations] for use with node taints for Redis pods.
|
||||
tolerations: []
|
||||
|
@ -1445,6 +1466,10 @@ redis-ha:
|
|||
# -- Enforcement policy, hard or soft
|
||||
# @default -- `""` (defaults to `ScheduleAnyway`)
|
||||
whenUnsatisfiable: ""
|
||||
# -- Redis HA statefulset container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
# External Redis parameters
|
||||
externalRedis:
|
||||
|
@ -1708,6 +1733,9 @@ server:
|
|||
# -- Number of seconds after which the [probe] times out
|
||||
timeoutSeconds: 1
|
||||
|
||||
# -- terminationGracePeriodSeconds for container lifecycle hook
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
# -- Priority class for the Argo CD server pods
|
||||
# @default -- `""` (defaults to global.priorityClassName)
|
||||
priorityClassName: ""
|
||||
|
@ -2251,6 +2279,9 @@ repoServer:
|
|||
# -- Number of seconds after which the [probe] times out
|
||||
timeoutSeconds: 1
|
||||
|
||||
# -- terminationGracePeriodSeconds for container lifecycle hook
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
# -- [Node selector]
|
||||
# @default -- `{}` (defaults to global.nodeSelector)
|
||||
nodeSelector: {}
|
||||
|
@ -2608,6 +2639,9 @@ applicationSet:
|
|||
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
|
||||
failureThreshold: 3
|
||||
|
||||
# -- terminationGracePeriodSeconds for container lifecycle hook
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
# -- [Node selector]
|
||||
# @default -- `{}` (defaults to global.nodeSelector)
|
||||
nodeSelector: {}
|
||||
|
@ -2921,6 +2955,9 @@ notifications:
|
|||
drop:
|
||||
- ALL
|
||||
|
||||
# -- terminationGracePeriodSeconds for container lifecycle hook
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
# -- [Node selector]
|
||||
# @default -- `{}` (defaults to global.nodeSelector)
|
||||
nodeSelector: {}
|
||||
|
@ -2966,6 +3003,12 @@ notifications:
|
|||
# -- Whether helm chart creates notifications controller config map
|
||||
create: true
|
||||
|
||||
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
|
||||
## Defaults to off
|
||||
clusterRoleRules:
|
||||
# -- List of custom rules for the notifications controller's ClusterRole resource
|
||||
rules: []
|
||||
|
||||
# -- Contains centrally managed global application subscriptions
|
||||
## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
|
||||
subscriptions: []
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
appVersion: v1.6.0
|
||||
description: A Helm chart for Argo Rollouts
|
||||
name: argo-rollouts
|
||||
version: 2.32.0
|
||||
version: 2.32.2
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
|
||||
keywords:
|
||||
|
@ -18,5 +18,5 @@ annotations:
|
|||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: Upgrade Argo Rollouts to v1.6.0
|
||||
- kind: fixed
|
||||
description: Update AnalysisRun CRD to match upstream
|
||||
|
|
|
@ -48,7 +48,7 @@ spec:
|
|||
{{- if not .Values.clusterInstall }}
|
||||
- --namespaced
|
||||
{{- end }}
|
||||
{{- if gt .Values.controller.replicas 1.0 }}
|
||||
{{- if gt (int .Values.controller.replicas) 1 }}
|
||||
- --leader-elect
|
||||
{{- end }}
|
||||
{{- with .Values.controller.extraArgs }}
|
||||
|
|
|
@ -189,13 +189,22 @@ spec:
|
|||
datadog:
|
||||
properties:
|
||||
apiVersion:
|
||||
default: v1
|
||||
enum:
|
||||
- v1
|
||||
- v2
|
||||
type: string
|
||||
formula:
|
||||
type: string
|
||||
interval:
|
||||
default: 5m
|
||||
type: string
|
||||
queries:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
query:
|
||||
type: string
|
||||
required:
|
||||
- query
|
||||
type: object
|
||||
graphite:
|
||||
properties:
|
||||
|
@ -2809,6 +2818,19 @@ spec:
|
|||
type: string
|
||||
authentication:
|
||||
properties:
|
||||
oauth2:
|
||||
properties:
|
||||
clientId:
|
||||
type: string
|
||||
clientSecret:
|
||||
type: string
|
||||
scopes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
tokenUrl:
|
||||
type: string
|
||||
type: object
|
||||
sigv4:
|
||||
properties:
|
||||
profile:
|
||||
|
@ -2857,6 +2879,31 @@ spec:
|
|||
type: object
|
||||
web:
|
||||
properties:
|
||||
authentication:
|
||||
properties:
|
||||
oauth2:
|
||||
properties:
|
||||
clientId:
|
||||
type: string
|
||||
clientSecret:
|
||||
type: string
|
||||
scopes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
tokenUrl:
|
||||
type: string
|
||||
type: object
|
||||
sigv4:
|
||||
properties:
|
||||
profile:
|
||||
type: string
|
||||
region:
|
||||
type: string
|
||||
roleArn:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
body:
|
||||
type: string
|
||||
headers:
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
apiVersion: v2
|
||||
appVersion: v3.4.11
|
||||
appVersion: v3.5.1
|
||||
name: argo-workflows
|
||||
description: A Helm chart for Argo Workflows
|
||||
type: application
|
||||
version: 0.33.3
|
||||
version: 0.39.0
|
||||
icon: https://argoproj.github.io/argo-workflows/assets/logo.png
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
sources:
|
||||
|
@ -17,4 +17,4 @@ annotations:
|
|||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
artifacthub.io/changes: |
|
||||
- kind: fixed
|
||||
description: Add HA docs and example
|
||||
description: Accept multi auth mode for server.
|
||||
|
|
|
@ -108,6 +108,7 @@ Fields to note:
|
|||
|-----|------|---------|-------------|
|
||||
| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart |
|
||||
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
|
||||
| commonLabels | object | `{}` | Labels to set on all resources |
|
||||
| crds.annotations | object | `{}` | Annotations to be added to all CRDs |
|
||||
| crds.install | bool | `true` | Install and upgrade CRDs |
|
||||
| crds.keep | bool | `true` | Keep CRDs on chart uninstall |
|
||||
|
@ -141,6 +142,7 @@ Fields to note:
|
|||
| controller.affinity | object | `{}` | Assign custom [affinity] rules |
|
||||
| controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
|
||||
| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] |
|
||||
| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ |
|
||||
| controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment |
|
||||
| controller.extraArgs | list | `[]` | Extra arguments to be added to the controller |
|
||||
| controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment |
|
||||
|
@ -181,6 +183,7 @@ Fields to note:
|
|||
| controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods |
|
||||
| controller.persistence | object | `{}` | enable persistence using postgres |
|
||||
| controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods |
|
||||
| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers |
|
||||
| controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. |
|
||||
| controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. |
|
||||
| controller.podLabels | object | `{}` | Optional labels to add to the controller pods |
|
||||
|
@ -220,6 +223,7 @@ Fields to note:
|
|||
| controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ |
|
||||
| controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. |
|
||||
| controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ |
|
||||
| controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers |
|
||||
| controller.workflowWorkers | string | `nil` | Number of workflow workers |
|
||||
|
||||
### Workflow Main Container
|
||||
|
@ -256,6 +260,8 @@ Fields to note:
|
|||
| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate |
|
||||
| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. |
|
||||
| server.affinity | object | `{}` | Assign custom [affinity] rules |
|
||||
| server.authMode | string | `""` | Deprecated; use server.authModes instead. |
|
||||
| server.authModes | list | `[]` | A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. |
|
||||
| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
|
||||
| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server |
|
||||
| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] |
|
||||
|
@ -267,7 +273,7 @@ Fields to note:
|
|||
| server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. |
|
||||
| server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment |
|
||||
| server.enabled | bool | `true` | Deploy the Argo Server |
|
||||
| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. |
|
||||
| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. |
|
||||
| server.extraContainers | list | `[]` | Extra containers to be added to the server deployment |
|
||||
| server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container |
|
||||
| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment |
|
||||
|
@ -315,7 +321,7 @@ Fields to note:
|
|||
| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret |
|
||||
| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret |
|
||||
| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups |
|
||||
| server.sso.enabled | bool | `false` | Create SSO configuration |
|
||||
| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. |
|
||||
| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client |
|
||||
| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider |
|
||||
| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers |
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
{{- if .Values.server.authMode }}
|
||||
DEPRECATED option server.authMode - Use server.authModes
|
||||
{{- end }}
|
||||
|
||||
1. Get Argo Server external IP/domain by running:
|
||||
|
||||
kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }}
|
||||
|
|
|
@ -79,6 +79,9 @@ helm.sh/chart: {{ include "argo-workflows.chart" .context }}
|
|||
{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
|
||||
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
|
||||
app.kubernetes.io/part-of: argo-workflows
|
||||
{{- with .context.Values.commonLabels }}
|
||||
{{ toYaml .}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
|
|
|
@ -20,6 +20,12 @@ rules:
|
|||
- cronworkflows/finalizers
|
||||
- clusterworkflowtemplates
|
||||
- clusterworkflowtemplates/finalizers
|
||||
- workflowtasksets
|
||||
- workflowtasksets/finalizers
|
||||
- workflowtaskresults
|
||||
- workflowtaskresults/finalizers
|
||||
- workflowartifactgctasks
|
||||
- workflowartifactgctasks/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
|
@ -46,6 +52,12 @@ rules:
|
|||
- cronworkflows/finalizers
|
||||
- clusterworkflowtemplates
|
||||
- clusterworkflowtemplates/finalizers
|
||||
- workflowtasksets
|
||||
- workflowtasksets/finalizers
|
||||
- workflowtaskresults
|
||||
- workflowtaskresults/finalizers
|
||||
- workflowartifactgctasks
|
||||
- workflowartifactgctasks/finalizers
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
|
@ -79,6 +91,12 @@ rules:
|
|||
- cronworkflows/finalizers
|
||||
- clusterworkflowtemplates
|
||||
- clusterworkflowtemplates/finalizers
|
||||
- workflowtasksets
|
||||
- workflowtasksets/finalizers
|
||||
- workflowtaskresults
|
||||
- workflowtaskresults/finalizers
|
||||
- workflowartifactgctasks
|
||||
- workflowartifactgctasks/finalizers
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
|
|
|
@ -60,6 +60,18 @@ spec:
|
|||
- "--workflow-workers"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.workflowTTLWorkers }}
|
||||
- "--workflow-ttl-workers"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.podCleanupWorkers }}
|
||||
- "--pod-cleanup-workers"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.cronWorkflowWorkers }}
|
||||
- "--cron-workflow-workers"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.extraArgs }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -441,6 +441,8 @@ spec:
|
|||
type: object
|
||||
securityToken:
|
||||
type: string
|
||||
useSDKCreds:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
|
@ -470,6 +472,17 @@ spec:
|
|||
type: object
|
||||
bucket:
|
||||
type: string
|
||||
caSecret:
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
optional:
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
createBucketIfNotPresent:
|
||||
properties:
|
||||
objectLocking:
|
||||
|
|
|
@ -52,6 +52,12 @@ spec:
|
|||
{{- with .Values.server.extraArgs }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.authMode }}
|
||||
- "--auth-mode={{ .Values.server.authMode }}"
|
||||
{{- end }}
|
||||
{{- range .Values.server.authModes }}
|
||||
- "--auth-mode={{ . }}"
|
||||
{{- end }}
|
||||
- "--secure={{ .Values.server.secure }}"
|
||||
{{- if .Values.singleNamespace }}
|
||||
- "--namespaced"
|
||||
|
|
|
@ -26,6 +26,9 @@ nameOverride:
|
|||
# -- String to fully override "argo-workflows.fullname" template
|
||||
fullnameOverride:
|
||||
|
||||
# -- Labels to set on all resources
|
||||
commonLabels: {}
|
||||
|
||||
# -- Override the Kubernetes version, which is used to evaluate certain manifests
|
||||
kubeVersionOverride: ""
|
||||
|
||||
|
@ -121,7 +124,7 @@ controller:
|
|||
# -- Service metrics port name
|
||||
servicePortName: metrics
|
||||
# -- ServiceMonitor relabel configs to apply to samples before scraping
|
||||
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
|
||||
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
|
||||
relabelings: []
|
||||
# -- ServiceMonitor metric relabel configs to apply to samples before ingestion
|
||||
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
|
||||
|
@ -158,6 +161,10 @@ controller:
|
|||
# passwordSecret:
|
||||
# name: argo-postgres-config
|
||||
# key: password
|
||||
# ssl: true
|
||||
# # sslMode must be one of: disable, require, verify-ca, verify-full
|
||||
# # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq
|
||||
# sslMode: require
|
||||
|
||||
# -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
|
||||
# Only valid for 2.7+
|
||||
|
@ -173,6 +180,13 @@ controller:
|
|||
|
||||
# -- Number of workflow workers
|
||||
workflowWorkers: # 32
|
||||
# -- Number of workflow TTL workers
|
||||
workflowTTLWorkers: # 4
|
||||
# -- Number of pod cleanup workers
|
||||
podCleanupWorkers: # 4
|
||||
# -- Number of cron workflow workers
|
||||
# Only valid for 3.5+
|
||||
cronWorkflowWorkers: # 8
|
||||
# -- Restricts the Workflows that the controller will process.
|
||||
# Only valid for 2.9+
|
||||
workflowRestrictions: {}
|
||||
|
@ -522,14 +536,16 @@ server:
|
|||
# - name: FOO
|
||||
# value: "bar"
|
||||
|
||||
# -- Extra arguments to provide to the Argo server binary, such as for disabling authentication.
|
||||
# -- Deprecated; use server.authModes instead.
|
||||
authMode: ""
|
||||
|
||||
# -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well.
|
||||
## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/
|
||||
authModes: []
|
||||
|
||||
# -- Extra arguments to provide to the Argo server binary.
|
||||
## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options
|
||||
extraArgs: []
|
||||
# If you want to disable authentication for purposes such as:
|
||||
# - local dev-mode without authentication
|
||||
# - gateway authentication through some other service such as KeyCloak
|
||||
# uncomment the lines below and comment out the default empty list `extraArgs: []` above:
|
||||
# extraArgs:
|
||||
# - --auth-mode=server
|
||||
|
||||
logging:
|
||||
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
|
||||
|
@ -631,8 +647,7 @@ server:
|
|||
|
||||
# SSO configuration when SSO is specified as a server auth mode.
|
||||
sso:
|
||||
# -- Create SSO configuration
|
||||
## SSO is activated by adding --auth-mode=sso to the server command line.
|
||||
# -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`.
|
||||
enabled: false
|
||||
# -- The root URL of the OIDC identity provider
|
||||
issuer: https://accounts.google.com
|
||||
|
|
|
@ -9,7 +9,7 @@ echo -e "\n-- Linting all Helm Charts --\n"
|
|||
docker run \
|
||||
-v "$SRCROOT:/workdir" \
|
||||
--entrypoint /bin/sh \
|
||||
quay.io/helmpack/chart-testing:v3.7.1 \
|
||||
quay.io/helmpack/chart-testing:v3.10.0 \
|
||||
-c cd /workdir \
|
||||
ct lint \
|
||||
--config .github/configs/ct-lint.yaml \
|
||||
|
|
Loading…
Reference in a new issue