DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #94 from codefresh-io/CR-24728-argo-cd-helm-7

Browse source 
feat: update upstream argo-cd 2.12.3 and bump helm chart to 7.4.7
This commit is contained in:
Oleksandr Saulyak 2024-09-10 17:20:23 +03:00 committed by GitHub
commit 30639e6736
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
82 changed files with 2250 additions and 869 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.github/dependabot.yml vendored
View file

@ -6,3 +6,11 @@ updates:
schedule: schedule:
interval: weekly interval: weekly
day: "saturday" day: "saturday"
commit-message:
prefix: "chore(deps)"
groups:
dependencies:
applies-to: version-updates
update-types:
- "minor"
- "patch"

6
.github/workflows/lint-and-test.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
options: --user 1001 options: --user 1001
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run ah lint - name: Run ah lint
working-directory: ./charts working-directory: ./charts
run: ah lint run: ah lint
@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
fetch-depth: 0 fetch-depth: 0
@ -32,7 +32,7 @@ jobs:
version: v3.10.1 # Also update in publish.yaml version: v3.10.1 # Also update in publish.yaml
- name: Set up python - name: Set up python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with: with:
python-version: 3.9 python-version: 3.9

2
.github/workflows/pr-title.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
name: Validate PR title name: Validate PR title
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2 - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:

4
.github/workflows/publish.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
fetch-depth: 0 fetch-depth: 0
@ -67,7 +67,7 @@ jobs:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}

8
.github/workflows/renovate.yaml vendored
View file

@ -16,21 +16,21 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Get token - name: Get token
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0 uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
id: get_token id: get_token
with: with:
app-id: ${{ vars.RENOVATE_APP_ID }} app-id: ${{ vars.RENOVATE_APP_ID }}
private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
- name: Checkout - name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Self-hosted Renovate - name: Self-hosted Renovate
uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7
with: with:
configurationFile: .github/configs/renovate-config.js configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 37.332.0 renovate-version: 38.18.0
token: '${{ steps.get_token.outputs.token }}' token: '${{ steps.get_token.outputs.token }}'
env: env:
LOG_LEVEL: 'debug' LOG_LEVEL: 'debug'

8
.github/workflows/scorecard.yml vendored
View file

@ -33,12 +33,12 @@ jobs:
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
@ -60,7 +60,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab. # format to the repository Actions tab.
- name: "Upload artifact" - name: "Upload artifact"
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
with: with:
sarif_file: results.sarif sarif_file: results.sarif

60
README.md
View file

@ -42,3 +42,63 @@ Please refer to [SECURITY.md](SECURITY.md) for details on how to report security
### Changelog ### Changelog
Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog).
## Charts use Helm "Capabilities"
Our charts make use of the Helm built-in object "Capabilities":
> This provides information about what capabilities the Kubernetes cluster supports.
> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/*
Today we use:
- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster
- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1")
If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster.
For this you need to pass the `--api-versions` parameter to the `helm template` command:
```bash
helm template argocd \
oci://ghcr.io/argoproj/argo-helm/argo-cd \
--api-versions monitoring.coreos.com/v1 \
--values my-argocd-values.yaml
```
If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options.
Example with Kustomize:
```yaml
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
- name: argo-cd
repo: oci://ghcr.io/argoproj/argo-helm
version: x.y.z
releaseName: argocd
apiVersions:
- monitoring.coreos.com/v1
valuesFile: my-argocd-values.yaml
```
Example with helmfile:
```yaml
# helmfile.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
apiVersions:
- monitoring.coreos.com/v1
releases:
- name: argocd
namespace: argocd
chart: argo/argo-cd
values:
- my-argocd-values.yaml
```

6
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2 apiVersion: v2
appVersion: v2.11-2024.8.19-6be897266 appVersion: v2.12-2024.9.3-6f8e0c7e2
kubeVersion: ">=1.23.0-0" kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd name: argo-cd
version: 6.11.1-8-cap-2.11-repo-server-cftoken-fix version: 7.4.7-0-cap-2.12-2024.9.3-6f8e0c7e2
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources: sources:
@ -27,4 +27,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: changed
description: Upgrade argo-cd to v2.11-2024.8.19-6be897266 with v1 reporter removal description: Upgrade argo-cd to v2.12.3

47
charts/argo-cd/README.md
View file

@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 7.0.0
We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
If you used the value, please migrate like below.
```yaml
# before
configs:
clusterCredentials:
- mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
# after
configs:
clusterCredentials:
mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
```
### 6.10.0 ### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
@ -744,6 +769,8 @@ NAME: my-release
| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments |
| global.domain | string | `"argocd.example.com"` | Default domain used by all components | | global.domain | string | `"argocd.example.com"` | Default domain used by all components |
| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. |
| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) |
| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments |
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
@ -768,7 +795,7 @@ NAME: my-release
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
| configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning | | configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
@ -1039,7 +1066,7 @@ NAME: my-release
| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources |
| server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificate.usages | list | `[]` | Usages for the certificate |
| server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret |
| server.certificateSecret.crt | string | `""` | Certificate data | | server.certificateSecret.crt | string | `""` | Certificate data |
@ -1154,6 +1181,7 @@ NAME: my-release
| server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalIPs | list | `[]` | Server service external IPs |
| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints |
| server.service.labels | object | `{}` | Server service labels | | server.service.labels | object | `{}` | Server service labels |
| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation |
| server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
| server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
| server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") |
@ -1418,7 +1446,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored | | externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored |
| externalRedis.host | string | `""` | External Redis server host | | externalRedis.host | string | `""` | External Redis server host |
| externalRedis.password | string | `""` | External Redis password | | externalRedis.password | string | `""` | External Redis password |
| externalRedis.port | int | `6379` | External Redis server port | | externalRedis.port | int | `6379` | External Redis server port |
@ -1472,7 +1500,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
@ -1589,6 +1616,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller | | notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller |
| notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod | | notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod |
| notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods |
| notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` | | notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` |
| notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` | | notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` |
| notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server |
@ -1617,6 +1650,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods |
| notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods |
| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods | | notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods |
| notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods |
| notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller |
| notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret |
| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |

25
charts/argo-cd/README.md.gotmpl
View file

@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 7.0.0
We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
If you used the value, please migrate like below.
```yaml
# before
configs:
clusterCredentials:
- mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
# after
configs:
clusterCredentials:
mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
```
### 6.10.0 ### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.

4
charts/argo-cd/templates/NOTES.txt
View file

@ -1,6 +1,6 @@
In order to access the server UI you have the following options: In order to access the server UI you have the following options:
1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443
and then open the browser on http://localhost:8080 and accept the certificate and then open the browser on http://localhost:8080 and accept the certificate
@ -12,7 +12,7 @@ In order to access the server UI you have the following options:
{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} {{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d kubectl -n {{ include "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli) (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}} {{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}

16
charts/argo-cd/templates/_helpers.tpl
View file

@ -99,7 +99,7 @@ Create the name of the Redis secret-init service account to use
*/}} */}}
{{- define "argo-cd.redisSecretInit.serviceAccountName" -}} {{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
{{- if .Values.redisSecretInit.serviceAccount.create -}} {{- if .Values.redisSecretInit.serviceAccount.create -}}
{{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }} {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }}
{{- else -}} {{- else -}}
{{ default "default" .Values.redisSecretInit.serviceAccount.name }} {{ default "default" .Values.redisSecretInit.serviceAccount.name }}
{{- end -}} {{- end -}}
@ -183,7 +183,7 @@ Argo Configuration Preset Values (Influenced by Values configuration)
{{- define "argo-cd.config.cm.presets" -}} {{- define "argo-cd.config.cm.presets" -}}
{{- $presets := dict -}} {{- $presets := dict -}}
{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}} {{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}}
{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}}
{{- end -}} {{- end -}}
{{- if .Values.configs.styles -}} {{- if .Values.configs.styles -}}
@ -246,6 +246,18 @@ Allows overriding it for multi-namespace deployments in combined charts.
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }} {{- end }}
{{/*
Dual stack definition
*/}}
{{- define "argo-cd.dualStack" -}}
{{- with .Values.global.dualStack.ipFamilyPolicy }}
ipFamilyPolicy: {{ . }}
{{- end }}
{{- with .Values.global.dualStack.ipFamilies }}
ipFamilies: {{ toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{/* {{/*
Create event reporter name and version as used by the chart label. Create event reporter name and version as used by the chart label.
*/}} */}}

14
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -208,10 +208,22 @@ spec:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }} {{- if .Values.externalRedis.host }}
key: redis-password key: redis-password
optional: true
{{- else }} {{- else }}
key: auth key: auth
{{- end }} {{- end }}
optional: true
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

1
charts/argo-cd/templates/argocd-application-controller/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.controller.metrics.service.clusterIP }} clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.controller.metrics.service.portName }} - name: {{ .Values.controller.metrics.service.portName }}
protocol: TCP protocol: TCP

4
charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
View file

@ -1,9 +1,9 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} {{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
metadata: metadata:
name: {{ template "argo-cd.controller.fullname" . }} name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }} namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- if .Values.controller.metrics.rules.selector }} {{- if .Values.controller.metrics.rules.selector }}

14
charts/argo-cd/templates/argocd-application-controller/role.yaml
View file

@ -43,3 +43,17 @@ rules:
- get - get
- list - list
- watch - watch
{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }}
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- argocd-app-controller-shard-cm
verbs:
- get
- list
- watch
- create
- update
{{- end }}

2
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "argo-cd.controller.fullname" . }} name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.metrics.serviceMonitor.selector }} {{- with .Values.controller.metrics.serviceMonitor.selector }}

12
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -211,6 +211,18 @@ spec:
{{- else }} {{- else }}
key: auth key: auth
{{- end }} {{- end }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

2
charts/argo-cd/templates/argocd-applicationset/certificate.yaml
View file

@ -13,7 +13,7 @@ metadata:
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec: spec:
secretName: {{ .Values.applicationSet.certificate.secretName }} secretName: argocd-applicationset-controller-tls
commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
dnsNames: dnsNames:
- {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}

2
charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
View file

@ -35,6 +35,8 @@ rules:
- appprojects - appprojects
verbs: verbs:
- get - get
- list
- watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:

1
charts/argo-cd/templates/argocd-applicationset/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.applicationSet.metrics.service.portName }} - name: {{ .Values.applicationSet.metrics.service.portName }}
protocol: TCP protocol: TCP

2
charts/argo-cd/templates/argocd-applicationset/role.yaml
View file

@ -34,6 +34,8 @@ rules:
- appprojects - appprojects
verbs: verbs:
- get - get
- list
- watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:

1
charts/argo-cd/templates/argocd-applicationset/service.yaml
View file

@ -16,6 +16,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
type: {{ .Values.applicationSet.service.type }} type: {{ .Values.applicationSet.service.type }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.applicationSet.service.portName }} - name: {{ .Values.applicationSet.service.portName }}
port: {{ .Values.applicationSet.service.port }} port: {{ .Values.applicationSet.service.port }}

2
charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }} name: {{ template "argo-cd.applicationSet.fullname" . }}
namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} namespace: {{ default (include "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.metrics.serviceMonitor.selector }} {{- with .Values.applicationSet.metrics.serviceMonitor.selector }}

31
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
View file

@ -1,17 +1,17 @@
{{- range .Values.configs.clusterCredentials }} {{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
namespace: {{ $.Release.Namespace | quote }} namespace: {{ include "argo-cd.namespace" $ | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .labels }} {{- with $cluster_value.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
argocd.argoproj.io/secret-type: cluster argocd.argoproj.io/secret-type: cluster
{{- with .annotations }} {{- with $cluster_value.annotations }}
annotations: annotations:
{{- range $key, $value := . }} {{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
@ -19,17 +19,20 @@ metadata:
{{- end }} {{- end }}
type: Opaque type: Opaque
stringData: stringData:
name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} {{- if $cluster_value.shard }}
server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} shard: {{ $cluster_value.shard }}
{{- if .namespaces }} {{- end }}
namespaces: {{ .namespaces }} name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
{{- if .clusterResources }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
clusterResources: {{ .clusterResources | quote }} {{- if $cluster_value.namespaces }}
namespaces: {{ $cluster_value.namespaces }}
{{- if $cluster_value.clusterResources }}
clusterResources: {{ $cluster_value.clusterResources | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .project }} {{- if $cluster_value.project }}
project: {{ .project | quote }} project: {{ $cluster_value.project | quote }}
{{- end }} {{- end }}
config: | config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }} {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }}
{{- end }} {{- end }}

2
charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
View file

@ -4,7 +4,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: argocd-repo-creds-{{ $repo_cred_key }} name: argocd-repo-creds-{{ $repo_cred_key }}
namespace: {{ $.Release.Namespace | quote }} namespace: {{ include "argo-cd.namespace" $ | quote }}
labels: labels:
argocd.argoproj.io/secret-type: repo-creds argocd.argoproj.io/secret-type: repo-creds
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}

2
charts/argo-cd/templates/argocd-configs/repository-secret.yaml
View file

@ -4,7 +4,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: argocd-repo-{{ $repo_key }} name: argocd-repo-{{ $repo_key }}
namespace: {{ $.Release.Namespace | quote }} namespace: {{ include "argo-cd.namespace" $ | quote }}
labels: labels:
argocd.argoproj.io/secret-type: repository argocd.argoproj.io/secret-type: repository
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}

20
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -107,6 +107,26 @@ spec:
- name: metrics - name: metrics
containerPort: {{ .Values.notifications.containerPorts.metrics }} containerPort: {{ .Values.notifications.containerPorts.metrics }}
protocol: TCP protocol: TCP
{{- if .Values.notifications.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: metrics
initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.notifications.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: metrics
initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }}
{{- end }}
resources: resources:
{{- toYaml .Values.notifications.resources | nindent 12 }} {{- toYaml .Values.notifications.resources | nindent 12 }}
{{- with .Values.notifications.containerSecurityContext }} {{- with .Values.notifications.containerSecurityContext }}

1
charts/argo-cd/templates/argocd-notifications/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} clusterIP: {{ .Values.notifications.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
selector: selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
ports: ports:

2
charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "argo-cd.notifications.fullname" . }} name: {{ template "argo-cd.notifications.fullname" . }}
namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }} namespace: {{ default (include "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- with .Values.notifications.metrics.serviceMonitor.selector }} {{- with .Values.notifications.metrics.serviceMonitor.selector }}

22
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -192,6 +192,18 @@ spec:
{{- else }} {{- else }}
key: auth key: auth
{{- end }} {{- end }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
@ -294,6 +306,12 @@ spec:
key: token key: token
name: codefresh-token name: codefresh-token
optional: {{ not .Values.applicationVersioning.enabled }} optional: {{ not .Values.applicationVersioning.enabled }}
- name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
valueFrom:
configMapKeyRef:
key: reposerver.include.hidden.directories
name: argocd-cmd-params-cm
optional: true
{{- if .Values.repoServer.useEphemeralHelmWorkingDir }} {{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
- name: HELM_CACHE_HOME - name: HELM_CACHE_HOME
value: /helm-working-dir value: /helm-working-dir
@ -375,10 +393,8 @@ spec:
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
name: copyutil name: copyutil
{{- with .Values.repoServer.resources }}
resources: resources:
{{- toYaml . | nindent 10 }} {{- toYaml .Values.repoServer.resources | nindent 10 }}
{{- end }}
{{- with .Values.repoServer.containerSecurityContext }} {{- with .Values.repoServer.containerSecurityContext }}
securityContext: securityContext:
{{- toYaml . | nindent 10 }} {{- toYaml . | nindent 10 }}

1
charts/argo-cd/templates/argocd-repo-server/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.repoServer.metrics.service.portName }} - name: {{ .Values.repoServer.metrics.service.portName }}
protocol: TCP protocol: TCP

1
charts/argo-cd/templates/argocd-repo-server/service.yaml
View file

@ -15,6 +15,7 @@ metadata:
name: {{ template "argo-cd.repoServer.fullname" . }} name: {{ template "argo-cd.repoServer.fullname" . }}
namespace: {{ include "argo-cd.namespace" . }} namespace: {{ include "argo-cd.namespace" . }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.repoServer.service.portName }} - name: {{ .Values.repoServer.service.portName }}
protocol: TCP protocol: TCP

2
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "argo-cd.repoServer.fullname" . }} name: {{ template "argo-cd.repoServer.fullname" . }}
namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }} namespace: {{ default (include "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- with .Values.repoServer.metrics.serviceMonitor.selector }} {{- with .Values.repoServer.metrics.serviceMonitor.selector }}

1
charts/argo-cd/templates/argocd-server/aws/service.yaml
View file

@ -9,6 +9,7 @@ metadata:
name: {{ template "argo-cd.server.fullname" . }}-grpc name: {{ template "argo-cd.server.fullname" . }}-grpc
namespace: {{ include "argo-cd.namespace" . }} namespace: {{ include "argo-cd.namespace" . }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.server.service.servicePortHttpName }} - name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP protocol: TCP

9
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -13,7 +13,14 @@ metadata:
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec: spec:
secretName: {{ .Values.server.certificate.secretName }} secretTemplate:
{{- with .Values.server.certificate.secretTemplateAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
secretName: argocd-server-tls
commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
dnsNames: dnsNames:
- {{ .Values.server.certificate.domain | default .Values.global.domain }} - {{ .Values.server.certificate.domain | default .Values.global.domain }}

12
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -256,6 +256,18 @@ spec:
{{- else }} {{- else }}
key: auth key: auth
{{- end }} {{- end }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

1
charts/argo-cd/templates/argocd-server/metrics.yaml
View file

@ -24,6 +24,7 @@ spec:
{{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.server.metrics.service.clusterIP }} clusterIP: {{ .Values.server.metrics.service.clusterIP }}
{{- end }} {{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.server.metrics.service.portName }} - name: {{ .Values.server.metrics.service.portName }}
protocol: TCP protocol: TCP

4
charts/argo-cd/templates/argocd-server/service.yaml
View file

@ -16,6 +16,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
type: {{ .Values.server.service.type }} type: {{ .Values.server.service.type }}
{{- include "argo-cd.dualStack" . | indent 2 }}
{{- with .Values.server.service.externalIPs }} {{- with .Values.server.service.externalIPs }}
externalIPs: {{ . }} externalIPs: {{ . }}
{{- end }} {{- end }}
@ -23,6 +24,9 @@ spec:
externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }}
{{- end }} {{- end }}
{{- if eq .Values.server.service.type "LoadBalancer" }} {{- if eq .Values.server.service.type "LoadBalancer" }}
{{- with .Values.server.service.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- with .Values.server.service.loadBalancerIP }} {{- with .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ . }} loadBalancerIP: {{ . }}
{{- end }} {{- end }}

2
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "argo-cd.server.fullname" . }} name: {{ template "argo-cd.server.fullname" . }}
namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }} namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.metrics.serviceMonitor.selector }} {{- with .Values.server.metrics.serviceMonitor.selector }}

271
charts/argo-cd/templates/crds/crd-application.yaml
View file

@ -39,20 +39,29 @@ spec:
name: Revision name: Revision
priority: 10 priority: 10
type: string type: string
- jsonPath: .spec.project
name: Project
priority: 10
type: string
name: v1alpha1 name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: Application is a definition of Application resource. description: Application is a definition of Application resource.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -150,22 +159,21 @@ spec:
type: object type: object
type: array type: array
revision: revision:
description: Revision is the revision (Git) or chart version (Helm) description: |-
which to sync the application to If omitted, will use the revision Revision is the revision (Git) or chart version (Helm) which to sync the application to
specified in app spec. If omitted, will use the revision specified in app spec.
type: string type: string
revisions: revisions:
description: Revisions is the list of revision (Git) or chart description: |-
version (Helm) which to sync each source in sources field for Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
the application to If omitted, will use the revision specified If omitted, will use the revision specified in app spec.
in app spec.
items: items:
type: string type: string
type: array type: array
source: source:
description: Source overrides the source definition set in the description: |-
application. This is typically set in a Rollback operation and Source overrides the source definition set in the application.
is nil during a Sync operation This is typically set in a Rollback operation and is nil during a Sync operation
properties: properties:
chart: chart:
description: Chart is a Helm chart name, and must be specified description: Chart is a Helm chart name, and must be specified
@ -486,18 +494,18 @@ spec:
Helm) that contains the application manifests Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the source description: |-
to sync the application to. In case of Git, this can be TargetRevision defines the revision of the source to sync the application to.
commit, tag, or branch. If omitted, will equal to HEAD. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version. In case of Helm, this is a semver tag for the Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
type: object type: object
sources: sources:
description: Sources overrides the source definition set in the description: |-
application. This is typically set in a Rollback operation and Sources overrides the source definition set in the application.
is nil during a Sync operation This is typically set in a Rollback operation and is nil during a Sync operation
items: items:
description: ApplicationSource contains all required information description: ApplicationSource contains all required information
about the source of an application about the source of an application
@ -825,11 +833,10 @@ spec:
Helm) that contains the application manifests Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the description: |-
source to sync the application to. In case of Git, this TargetRevision defines the revision of the source to sync the application to.
can be commit, tag, or branch. If omitted, will equal In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
to HEAD. In case of Helm, this is a semver tag for the In case of Helm, this is a semver tag for the Chart's version.
Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -848,10 +855,10 @@ spec:
the sync. the sync.
properties: properties:
force: force:
description: Force indicates whether or not to supply description: |-
the --force flag to `kubectl apply`. The --force flag Force indicates whether or not to supply the --force flag to `kubectl apply`.
deletes and re-create the resource, when PATCH encounters The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
conflict and has retried for 5 times. retried for 5 times.
type: boolean type: boolean
type: object type: object
hook: hook:
@ -859,10 +866,10 @@ spec:
perform the sync. This is the default strategy perform the sync. This is the default strategy
properties: properties:
force: force:
description: Force indicates whether or not to supply description: |-
the --force flag to `kubectl apply`. The --force flag Force indicates whether or not to supply the --force flag to `kubectl apply`.
deletes and re-create the resource, when PATCH encounters The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
conflict and has retried for 5 times. retried for 5 times.
type: boolean type: boolean
type: object type: object
type: object type: object
@ -883,9 +890,9 @@ spec:
not set. not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace for the description: |-
application's resources. The namespace will only be set for Namespace specifies the target namespace for the application's resources.
namespace-scoped resources that have not set a value for .metadata.namespace The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster's description: Server specifies the URL of the target cluster's
@ -914,10 +921,9 @@ spec:
kind: kind:
type: string type: string
managedFieldsManagers: managedFieldsManagers:
description: ManagedFieldsManagers is a list of trusted managers. description: |-
Fields mutated by those managers will take precedence over ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
the desired state defined in the SCM and won't be displayed desired state defined in the SCM and won't be displayed in diffs
in diffs
items: items:
type: string type: string
type: array type: array
@ -944,18 +950,17 @@ spec:
type: object type: object
type: array type: array
project: project:
description: Project is a reference to the project this application description: |-
belongs to. The empty string means that application belongs to the Project is a reference to the project this application belongs to.
'default' project. The empty string means that application belongs to the 'default' project.
type: string type: string
revisionHistoryLimit: revisionHistoryLimit:
description: RevisionHistoryLimit limits the number of items kept description: |-
in the application's revision history, which is used for informational RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
purposes as well as for rollbacks to previous versions. This should This should only be changed in exceptional circumstances.
only be changed in exceptional circumstances. Setting to zero will Setting to zero will store no history. This will reduce storage used.
store no history. This will reduce storage used. Increasing will Increasing will increase the space used to store the history, so we do not recommend increasing it.
increase the space used to store the history, so we do not recommend Default is 10.
increasing it. Default is 10.
format: int64 format: int64
type: integer type: integer
source: source:
@ -1274,10 +1279,10 @@ spec:
that contains the application manifests that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the source description: |-
to sync the application to. In case of Git, this can be commit, TargetRevision defines the revision of the source to sync the application to.
tag, or branch. If omitted, will equal to HEAD. In case of Helm, In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
this is a semver tag for the Chart's version. In case of Helm, this is a semver tag for the Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -1606,10 +1611,10 @@ spec:
that contains the application manifests that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the source description: |-
to sync the application to. In case of Git, this can be commit, TargetRevision defines the revision of the source to sync the application to.
tag, or branch. If omitted, will equal to HEAD. In case of In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
Helm, this is a semver tag for the Chart's version. In case of Helm, this is a semver tag for the Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -2102,11 +2107,10 @@ spec:
Helm) that contains the application manifests Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the description: |-
source to sync the application to. In case of Git, this TargetRevision defines the revision of the source to sync the application to.
can be commit, tag, or branch. If omitted, will equal In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
to HEAD. In case of Helm, this is a semver tag for the In case of Helm, this is a semver tag for the Chart's version.
Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -2448,11 +2452,10 @@ spec:
or Helm) that contains the application manifests or Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the description: |-
source to sync the application to. In case of Git, this TargetRevision defines the revision of the source to sync the application to.
can be commit, tag, or branch. If omitted, will equal In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
to HEAD. In case of Helm, this is a semver tag for the In case of Helm, this is a semver tag for the Chart's version.
Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -2464,9 +2467,9 @@ spec:
type: object type: object
type: array type: array
observedAt: observedAt:
description: 'ObservedAt indicates when the application state was description: |-
updated without querying latest git state Deprecated: controller ObservedAt indicates when the application state was updated without querying latest git state
no longer updates ObservedAt field' Deprecated: controller no longer updates ObservedAt field
format: date-time format: date-time
type: string type: string
operationState: operationState:
@ -2579,22 +2582,21 @@ spec:
type: object type: object
type: array type: array
revision: revision:
description: Revision is the revision (Git) or chart version description: |-
(Helm) which to sync the application to If omitted, Revision is the revision (Git) or chart version (Helm) which to sync the application to
will use the revision specified in app spec. If omitted, will use the revision specified in app spec.
type: string type: string
revisions: revisions:
description: Revisions is the list of revision (Git) or description: |-
chart version (Helm) which to sync each source in sources Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
field for the application to If omitted, will use the If omitted, will use the revision specified in app spec.
revision specified in app spec.
items: items:
type: string type: string
type: array type: array
source: source:
description: Source overrides the source definition set description: |-
in the application. This is typically set in a Rollback Source overrides the source definition set in the application.
operation and is nil during a Sync operation This is typically set in a Rollback operation and is nil during a Sync operation
properties: properties:
chart: chart:
description: Chart is a Helm chart name, and must description: Chart is a Helm chart name, and must
@ -2937,19 +2939,18 @@ spec:
(Git or Helm) that contains the application manifests (Git or Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of description: |-
the source to sync the application to. In case of TargetRevision defines the revision of the source to sync the application to.
Git, this can be commit, tag, or branch. If omitted, In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
will equal to HEAD. In case of Helm, this is a semver In case of Helm, this is a semver tag for the Chart's version.
tag for the Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
type: object type: object
sources: sources:
description: Sources overrides the source definition set description: |-
in the application. This is typically set in a Rollback Sources overrides the source definition set in the application.
operation and is nil during a Sync operation This is typically set in a Rollback operation and is nil during a Sync operation
items: items:
description: ApplicationSource contains all required description: ApplicationSource contains all required
information about the source of an application information about the source of an application
@ -3300,11 +3301,10 @@ spec:
(Git or Helm) that contains the application manifests (Git or Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision description: |-
of the source to sync the application to. In case TargetRevision defines the revision of the source to sync the application to.
of Git, this can be commit, tag, or branch. If In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
omitted, will equal to HEAD. In case of Helm, In case of Helm, this is a semver tag for the Chart's version.
this is a semver tag for the Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -3325,11 +3325,10 @@ spec:
to perform the sync. to perform the sync.
properties: properties:
force: force:
description: Force indicates whether or not to description: |-
supply the --force flag to `kubectl apply`. Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
when PATCH encounters conflict and has retried retried for 5 times.
for 5 times.
type: boolean type: boolean
type: object type: object
hook: hook:
@ -3337,11 +3336,10 @@ spec:
to perform the sync. This is the default strategy to perform the sync. This is the default strategy
properties: properties:
force: force:
description: Force indicates whether or not to description: |-
supply the --force flag to `kubectl apply`. Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
when PATCH encounters conflict and has retried retried for 5 times.
for 5 times.
type: boolean type: boolean
type: object type: object
type: object type: object
@ -3385,9 +3383,9 @@ spec:
description: Group specifies the API group of the resource description: Group specifies the API group of the resource
type: string type: string
hookPhase: hookPhase:
description: HookPhase contains the state of any operation description: |-
associated with this resource OR hook This can also HookPhase contains the state of any operation associated with this resource OR hook
contain values for non-hook resources. This can also contain values for non-hook resources.
type: string type: string
hookType: hookType:
description: HookType specifies the type of the hook. description: HookType specifies the type of the hook.
@ -3772,11 +3770,10 @@ spec:
or Helm) that contains the application manifests or Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the description: |-
source to sync the application to. In case of Git, this TargetRevision defines the revision of the source to sync the application to.
can be commit, tag, or branch. If omitted, will equal In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
to HEAD. In case of Helm, this is a semver tag for the In case of Helm, this is a semver tag for the Chart's version.
Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -4127,11 +4124,10 @@ spec:
or Helm) that contains the application manifests or Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of description: |-
the source to sync the application to. In case of TargetRevision defines the revision of the source to sync the application to.
Git, this can be commit, tag, or branch. If omitted, In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
will equal to HEAD. In case of Helm, this is a semver In case of Helm, this is a semver tag for the Chart's version.
tag for the Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -4158,8 +4154,9 @@ spec:
description: Resources is a list of Kubernetes resources managed by description: Resources is a list of Kubernetes resources managed by
this application this application
items: items:
description: 'ResourceStatus holds the current sync and health status description: |-
of a resource TODO: describe members of this type' ResourceStatus holds the current sync and health status of a resource
TODO: describe members of this type
properties: properties:
group: group:
type: string type: string
@ -4242,10 +4239,9 @@ spec:
if Server is not set. if Server is not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace description: |-
for the application's resources. The namespace will Namespace specifies the target namespace for the application's resources.
only be set for namespace-scoped resources that have The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster's description: Server specifies the URL of the target cluster's
@ -4274,10 +4270,9 @@ spec:
kind: kind:
type: string type: string
managedFieldsManagers: managedFieldsManagers:
description: ManagedFieldsManagers is a list of trusted description: |-
managers. Fields mutated by those managers will take ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
precedence over the desired state defined in the SCM desired state defined in the SCM and won't be displayed in diffs
and won't be displayed in diffs
items: items:
type: string type: string
type: array type: array
@ -4623,11 +4618,10 @@ spec:
or Helm) that contains the application manifests or Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of the description: |-
source to sync the application to. In case of Git, this TargetRevision defines the revision of the source to sync the application to.
can be commit, tag, or branch. If omitted, will equal In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
to HEAD. In case of Helm, this is a semver tag for the In case of Helm, this is a semver tag for the Chart's version.
Chart's version.
type: string type: string
required: required:
- repoURL - repoURL
@ -4978,11 +4972,10 @@ spec:
or Helm) that contains the application manifests or Helm) that contains the application manifests
type: string type: string
targetRevision: targetRevision:
description: TargetRevision defines the revision of description: |-
the source to sync the application to. In case of TargetRevision defines the revision of the source to sync the application to.
Git, this can be commit, tag, or branch. If omitted, In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
will equal to HEAD. In case of Helm, this is a semver In case of Helm, this is a semver tag for the Chart's version.
tag for the Chart's version.
type: string type: string
required: required:
- repoURL - repoURL

45
charts/argo-cd/templates/crds/crd-applicationset.yaml
View file

@ -72,6 +72,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
name: name:
type: string type: string
requeueAfterSeconds: requeueAfterSeconds:
@ -672,6 +673,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
template: template:
properties: properties:
metadata: metadata:
@ -2446,6 +2448,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
name: name:
type: string type: string
requeueAfterSeconds: requeueAfterSeconds:
@ -3046,6 +3049,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
template: template:
properties: properties:
metadata: metadata:
@ -6935,6 +6939,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
type: object type: object
type: array type: array
template: template:
@ -7535,6 +7540,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
name: name:
type: string type: string
requeueAfterSeconds: requeueAfterSeconds:
@ -8135,6 +8141,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
template: template:
properties: properties:
metadata: metadata:
@ -12024,6 +12031,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
type: object type: object
type: array type: array
mergeKeys: mergeKeys:
@ -14740,6 +14748,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic
type: object type: object
type: array type: array
goTemplate: goTemplate:
@ -15402,11 +15411,16 @@ spec:
type: string type: string
step: step:
type: string type: string
targetRevisions:
items:
type: string
type: array
required: required:
- application - application
- message - message
- status - status
- step - step
- targetRevisions
type: object type: object
type: array type: array
conditions: conditions:
@ -15430,6 +15444,37 @@ spec:
- type - type
type: object type: object
type: array type: array
resources:
items:
properties:
group:
type: string
health:
properties:
message:
type: string
status:
type: string
type: object
hook:
type: boolean
kind:
type: string
name:
type: string
namespace:
type: string
requiresPruning:
type: boolean
status:
type: string
syncWave:
format: int64
type: integer
version:
type: string
type: object
type: array
type: object type: object
required: required:
- metadata - metadata

60
charts/argo-cd/templates/crds/crd-project.yaml
View file

@ -31,22 +31,28 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing description: |-
controls for: * where the apps may deploy to (cluster whitelist) * what AppProject provides a logical grouping of applications, providing controls for:
may be deployed (repository whitelist, resource whitelist/blacklist) * who * where the apps may deploy to (cluster whitelist)
can access these applications (roles, OIDC group claims bindings) * and * what may be deployed (repository whitelist, resource whitelist/blacklist)
what they can do (RBAC policies) * automation access to these roles (JWT * who can access these applications (roles, OIDC group claims bindings)
tokens)' * and what they can do (RBAC policies)
* automation access to these roles (JWT tokens)
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -57,9 +63,9 @@ spec:
description: ClusterResourceBlacklist contains list of blacklisted description: ClusterResourceBlacklist contains list of blacklisted
cluster level resources cluster level resources
items: items:
description: GroupKind specifies a Group and a Kind, but does not description: |-
force a version. This is useful for identifying concepts during GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
lookup stages without having partially valid types concepts during lookup stages without having partially valid types
properties: properties:
group: group:
type: string type: string
@ -74,9 +80,9 @@ spec:
description: ClusterResourceWhitelist contains list of whitelisted description: ClusterResourceWhitelist contains list of whitelisted
cluster level resources cluster level resources
items: items:
description: GroupKind specifies a Group and a Kind, but does not description: |-
force a version. This is useful for identifying concepts during GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
lookup stages without having partially valid types concepts during lookup stages without having partially valid types
properties: properties:
group: group:
type: string type: string
@ -103,9 +109,9 @@ spec:
not set. not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace for the description: |-
application's resources. The namespace will only be set for Namespace specifies the target namespace for the application's resources.
namespace-scoped resources that have not set a value for .metadata.namespace The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster's description: Server specifies the URL of the target cluster's
@ -118,9 +124,9 @@ spec:
description: NamespaceResourceBlacklist contains list of blacklisted description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources namespace level resources
items: items:
description: GroupKind specifies a Group and a Kind, but does not description: |-
force a version. This is useful for identifying concepts during GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
lookup stages without having partially valid types concepts during lookup stages without having partially valid types
properties: properties:
group: group:
type: string type: string
@ -135,9 +141,9 @@ spec:
description: NamespaceResourceWhitelist contains list of whitelisted description: NamespaceResourceWhitelist contains list of whitelisted
namespace level resources namespace level resources
items: items:
description: GroupKind specifies a Group and a Kind, but does not description: |-
force a version. This is useful for identifying concepts during GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
lookup stages without having partially valid types concepts during lookup stages without having partially valid types
properties: properties:
group: group:
type: string type: string

1
charts/argo-cd/templates/dex/service.yaml
View file

@ -16,6 +16,7 @@ metadata:
{{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: {{ .Values.dex.servicePortHttpName }} - name: {{ .Values.dex.servicePortHttpName }}
protocol: TCP protocol: TCP

2
charts/argo-cd/templates/dex/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "argo-cd.dex.fullname" . }} name: {{ template "argo-cd.dex.fullname" . }}
namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }} namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
{{- with .Values.dex.metrics.serviceMonitor.selector }} {{- with .Values.dex.metrics.serviceMonitor.selector }}

3
charts/argo-cd/templates/redis-secret-init/job.yaml
View file

@ -3,7 +3,7 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: {{ include "argo-cd.redisSecretInit.fullname" . }} name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "argo-cd.namespace" . | quote }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation "helm.sh/hook-delete-policy": before-hook-creation
@ -13,6 +13,7 @@ metadata:
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
spec: spec:
ttlSecondsAfterFinished: 60
template: template:
metadata: metadata:
labels: labels:

2
charts/argo-cd/templates/redis-secret-init/role.yaml
View file

@ -8,7 +8,7 @@ metadata:
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
name: {{ include "argo-cd.redisSecretInit.fullname" . }} name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "argo-cd.namespace" . | quote }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

2
charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
View file

@ -8,7 +8,7 @@ metadata:
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
name: {{ include "argo-cd.redisSecretInit.fullname" . }} name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "argo-cd.namespace" . | quote }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role

4
charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
View file

@ -1,10 +1,10 @@
{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} {{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }}
metadata: metadata:
name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ include "argo-cd.namespace" . | quote }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation "helm.sh/hook-delete-policy": before-hook-creation

5
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -130,6 +130,11 @@ spec:
value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: argocd-redis
key: auth
{{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- with (concat .Values.global.env .Values.redis.exporter.env) }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

1
charts/argo-cd/templates/redis/service.yaml
View file

@ -17,6 +17,7 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
spec: spec:
{{- include "argo-cd.dualStack" . | indent 2 }}
ports: ports:
- name: redis - name: redis
port: {{ .Values.redis.servicePort }} port: {{ .Values.redis.servicePort }}

2
charts/argo-cd/templates/redis/servicemonitor.yaml
View file

@ -4,7 +4,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "argo-cd.redis.fullname" . }} name: {{ template "argo-cd.redis.fullname" . }}
namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }} namespace: {{ default (include "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
{{- with .Values.redis.metrics.serviceMonitor.selector }} {{- with .Values.redis.metrics.serviceMonitor.selector }}

67
charts/argo-cd/values.yaml
View file

@ -104,6 +104,13 @@ global:
# hostnames: # hostnames:
# - git.myhostname # - git.myhostname
# Configure dual-stack used by all component services
dualStack:
# -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
ipFamilyPolicy: ""
# -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
ipFamilies: []
# Default network policy rules used by all components # Default network policy rules used by all components
networkPolicy: networkPolicy:
# -- Create NetworkPolicy objects for all components # -- Create NetworkPolicy objects for all components
@ -428,13 +435,13 @@ configs:
# command: [sh, -c, find . -name env.yaml] # command: [sh, -c, find . -name env.yaml]
# -- Provide one or multiple [external cluster credentials] # -- Provide one or multiple [external cluster credentials]
# @default -- `[]` (See [values.yaml]) # @default -- `{}` (See [values.yaml])
## Ref: ## Ref:
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
clusterCredentials: [] clusterCredentials: {}
# - name: mycluster # mycluster:
# server: https://mycluster.example.com # server: https://mycluster.example.com
# labels: {} # labels: {}
# annotations: {} # annotations: {}
@ -443,7 +450,7 @@ configs:
# tlsClientConfig: # tlsClientConfig:
# insecure: false # insecure: false
# caData: "<base64 encoded certificate>" # caData: "<base64 encoded certificate>"
# - name: mycluster2 # mycluster2:
# server: https://mycluster2.example.com # server: https://mycluster2.example.com
# labels: {} # labels: {}
# annotations: {} # annotations: {}
@ -454,7 +461,7 @@ configs:
# tlsClientConfig: # tlsClientConfig:
# insecure: false # insecure: false
# caData: "<base64 encoded certificate>" # caData: "<base64 encoded certificate>"
# - name: mycluster3-project-scoped # mycluster3-project-scoped:
# server: https://mycluster3.example.com # server: https://mycluster3.example.com
# labels: {} # labels: {}
# annotations: {} # annotations: {}
@ -464,6 +471,16 @@ configs:
# tlsClientConfig: # tlsClientConfig:
# insecure: false # insecure: false
# caData: "<base64 encoded certificate>" # caData: "<base64 encoded certificate>"
# mycluster4-sharded:
# shard: 1
# server: https://mycluster4.example.com
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# -- Repository credentials to be used as Templates for other repos # -- Repository credentials to be used as Templates for other repos
## Creates a secret for each key/value specified below to create repository credentials ## Creates a secret for each key/value specified below to create repository credentials
@ -1604,7 +1621,7 @@ externalRedis:
password: "" password: ""
# -- External Redis server port # -- External Redis server port
port: 6379 port: 6379
# -- The name of an existing secret with Redis credentials (must contain key `redis-password`). # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials.
# When it's set, the `externalRedis.password` parameter is ignored # When it's set, the `externalRedis.password` parameter is ignored
existingSecret: "" existingSecret: ""
# -- External Redis Secret annotations # -- External Redis Secret annotations
@ -1993,8 +2010,6 @@ server:
certificate: certificate:
# -- Deploy a Certificate resource (requires cert-manager) # -- Deploy a Certificate resource (requires cert-manager)
enabled: false enabled: false
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-server-tls
# -- Certificate primary domain (commonName) # -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain) # @default -- `""` (defaults to global.domain)
domain: "" domain: ""
@ -2032,6 +2047,8 @@ server:
# -- Usages for the certificate # -- Usages for the certificate
### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
usages: [] usages: []
# -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
secretTemplateAnnotations: {}
# TLS certificate configuration via Secret # TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
@ -2070,6 +2087,8 @@ server:
# -- Server service https port appProtocol # -- Server service https port appProtocol
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
servicePortHttpsAppProtocol: "" servicePortHttpsAppProtocol: ""
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- LoadBalancer will get created with the IP specified in this field # -- LoadBalancer will get created with the IP specified in this field
loadBalancerIP: "" loadBalancerIP: ""
# -- Source IP ranges to allow access to service from # -- Source IP ranges to allow access to service from
@ -2997,8 +3016,6 @@ applicationSet:
certificate: certificate:
# -- Deploy a Certificate resource (requires cert-manager) # -- Deploy a Certificate resource (requires cert-manager)
enabled: false enabled: false
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-applicationset-controller-tls
# -- Certificate primary domain (commonName) # -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain) # @default -- `""` (defaults to global.domain)
domain: "" domain: ""
@ -3300,6 +3317,36 @@ notifications:
drop: drop:
- ALL - ALL
## Probes for notifications controller Pods (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
livenessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- terminationGracePeriodSeconds for container lifecycle hook # -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30

8
charts/argo-events/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
appVersion: v1.9.1 appVersion: v1.9.2
description: A Helm chart for Argo Events, the event-driven workflow automation framework description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events name: argo-events
version: 2.4.4 version: 2.4.7
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords: keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: added - kind: fixed
description: Support ability to set .Values.namespaceOverride description: Update Jetstream versions as following upstream

46
charts/argo-events/README.md
View file

@ -65,11 +65,51 @@ done
| configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | |
| configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message |
| configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 |
| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:latest"` | | | configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | |
| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:latest"` | | | configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | |
| configs.jetstream.versions[0].natsImage | string | `"nats:latest"` | | | configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | |
| configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | | configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[0].version | string | `"latest"` | | | configs.jetstream.versions[0].version | string | `"latest"` | |
| configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` | |
| configs.jetstream.versions[1].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[1].version | string | `"2.8.1"` | |
| configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` | |
| configs.jetstream.versions[2].startCommand | string | `"nats-server"` | |
| configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` | |
| configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` | |
| configs.jetstream.versions[3].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[3].version | string | `"2.8.2"` | |
| configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` | |
| configs.jetstream.versions[4].startCommand | string | `"nats-server"` | |
| configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` | |
| configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` | |
| configs.jetstream.versions[5].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[5].version | string | `"2.9.1"` | |
| configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` | |
| configs.jetstream.versions[6].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[6].version | string | `"2.9.12"` | |
| configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` | |
| configs.jetstream.versions[7].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[7].version | string | `"2.9.16"` | |
| configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | |
| configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | |
| configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` | |
| configs.jetstream.versions[8].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[8].version | string | `"2.10.10"` | |
| configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus | | configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs | | crds.install | bool | `true` | Install and upgrade CRDs |

3
charts/argo-events/templates/_helpers.tpl
View file

@ -104,6 +104,9 @@ helm.sh/chart: {{ include "argo-events.chart" .context }}
{{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }} {{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argo-events app.kubernetes.io/part-of: argo-events
{{- with .context.Values.global.additionalLabels }}
{{ toYaml . }}
{{- end }}
{{- end }} {{- end }}
{{/* {{/*

48
charts/argo-events/values.yaml
View file

@ -96,10 +96,50 @@ configs:
duplicates: 300s duplicates: 300s
# Supported versions of JetStream eventbus # Supported versions of JetStream eventbus
versions: versions:
- version: "latest" - version: latest
natsImage: nats:latest natsImage: nats:2.10.10
metricsExporterImage: natsio/prometheus-nats-exporter:latest metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
configReloaderImage: natsio/nats-server-config-reloader:latest configReloaderImage: natsio/nats-server-config-reloader:0.14.0
startCommand: /nats-server
- version: 2.8.1
natsImage: nats:2.8.1
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.8.1-alpine
natsImage: nats:2.8.1-alpine
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: nats-server
- version: 2.8.2
natsImage: nats:2.8.2
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.8.2-alpine
natsImage: nats:2.8.2-alpine
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: nats-server
- version: 2.9.1
natsImage: nats:2.9.1
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.9.12
natsImage: nats:2.9.12
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.9.16
natsImage: nats:2.9.16
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.10.10
natsImage: nats:2.10.10
metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
configReloaderImage: natsio/nats-server-config-reloader:0.14.0
startCommand: /nats-server startCommand: /nats-server
# -- Array of extra K8s manifests to deploy # -- Array of extra K8s manifests to deploy

8
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
appVersion: v1.6.6 appVersion: v1.7.2
description: A Helm chart for Argo Rollouts description: A Helm chart for Argo Rollouts
name: argo-rollouts name: argo-rollouts
version: 2.35.3 version: 2.37.5
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords: keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: added - kind: changed
description: Support revisionHistoryLimit description: Bump argo-rollouts to v1.7.2

5
charts/argo-rollouts/README.md
View file

@ -57,9 +57,12 @@ For full list of changes please check ArtifactHub [changelog].
| keepCRDs | bool | `true` | Keep CRD's on helm uninstall | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
| nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template | | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template |
| notifications.configmap.create | bool | `true` | Whether to create notifications configmap |
| notifications.notifiers | object | `{}` | Configures notification services | | notifications.notifiers | object | `{}` | Configures notification services |
| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret |
| notifications.secret.create | bool | `false` | Whether to create notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret |
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts |
| notifications.templates | object | `{}` | Notification templates | | notifications.templates | object | `{}` | Notification templates |
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers |
@ -79,7 +82,7 @@ For full list of changes please check ArtifactHub [changelog].
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| containerSecurityContext | object | `{}` | Security Context to set on container level | | containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level |
| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
| controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
| controller.containerPorts.healthz | int | `8080` | Healthz container port | | controller.containerPorts.healthz | int | `8080` | Healthz container port |

308
charts/argo-rollouts/templates/_helpers.tpl
View file

@ -109,3 +109,311 @@ Return the appropriate apiVersion for pod disruption budget
{{- print "policy/v1" -}} {{- print "policy/v1" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Return the rules for controller's Role and ClusterRole
*/}}
{{- define "argo-rollouts.controller.roleRules" -}}
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
- update
# services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- patch
- create
- delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
- traefik.io
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.contour }}
# Access needed when using the Contour provider
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- list
- watch
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- with .Values.providerRBAC.additionalRules }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- end -}}

301
charts/argo-rollouts/templates/controller/clusterrole.yaml
View file

@ -7,304 +7,5 @@ metadata:
app.kubernetes.io/component: {{ .Values.controller.component }} app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }} {{- include "argo-rollouts.labels" . | nindent 4 }}
rules: rules:
- apiGroups: {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }}
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
# services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- patch
- create
- delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.contour }}
# Access needed when using the Contour provider
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- list
- watch
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- with .Values.providerRBAC.additionalRules }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- end }} {{- end }}

14
charts/argo-rollouts/templates/controller/deployment.yaml
View file

@ -21,7 +21,7 @@ spec:
app.kubernetes.io/component: {{ .Values.controller.component }} app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.selectorLabels" . | nindent 6 }} {{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
strategy: strategy:
type: Recreate type: RollingUpdate
replicas: {{ .Values.controller.replicas }} replicas: {{ .Values.controller.replicas }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
template: template:
@ -80,8 +80,12 @@ spec:
{{- toYaml .Values.containerSecurityContext | nindent 10 }} {{- toYaml .Values.containerSecurityContext | nindent 10 }}
resources: resources:
{{- toYaml .Values.controller.resources | nindent 10 }} {{- toYaml .Values.controller.resources | nindent 10 }}
{{- with .Values.controller.volumeMounts }}
volumeMounts: volumeMounts:
- name: plugin-bin
mountPath: /home/argo-rollouts/plugin-bin
- name: tmp
mountPath: /tmp
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.controller.extraContainers }} {{- with .Values.controller.extraContainers }}
@ -120,7 +124,11 @@ spec:
{{- with .Values.controller.priorityClassName }} {{- with .Values.controller.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
{{- with .Values.controller.volumes }}
volumes: volumes:
- name: plugin-bin
emptyDir: {}
- name: tmp
emptyDir: {}
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }} {{- toYaml . | nindent 6 }}
{{- end }} {{- end }}

6
charts/argo-rollouts/templates/controller/notifcations-configmap.yaml → charts/argo-rollouts/templates/controller/notifications-configmap.yaml
View file

@ -1,3 +1,4 @@
{{ if .Values.notifications.configmap.create }}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -16,3 +17,8 @@ data:
{{- with .Values.notifications.triggers }} {{- with .Values.notifications.triggers }}
{{- toYaml . | nindent 2 }} {{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- with .Values.notifications.subscriptions }}
subscriptions: |
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

6
charts/argo-rollouts/templates/controller/notifications-secret.yaml
View file

@ -4,6 +4,12 @@ kind: Secret
metadata: metadata:
name: argo-rollouts-notification-secret name: argo-rollouts-notification-secret
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
{{- with .Values.notifications.secret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels: labels:
app.kubernetes.io/component: {{ .Values.controller.component }} app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }} {{- include "argo-rollouts.labels" . | nindent 4 }}

286
charts/argo-rollouts/templates/controller/role.yaml
View file

@ -8,289 +8,5 @@ metadata:
app.kubernetes.io/component: {{ .Values.controller.component }} app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }} {{- include "argo-rollouts.labels" . | nindent 4 }}
rules: rules:
- apiGroups: {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }}
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
# services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- patch
- create
- delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- end }}
{{- end }} {{- end }}

238
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -188,6 +188,18 @@ spec:
type: object type: object
datadog: datadog:
properties: properties:
aggregator:
enum:
- avg
- min
- max
- sum
- last
- percentile
- mean
- l2norm
- area
type: string
apiVersion: apiVersion:
default: v1 default: v1
enum: enum:
@ -241,6 +253,9 @@ spec:
backoffLimit: backoffLimit:
format: int32 format: int32
type: integer type: integer
backoffLimitPerIndex:
format: int32
type: integer
completionMode: completionMode:
type: string type: string
completions: completions:
@ -248,6 +263,9 @@ spec:
type: integer type: integer
manualSelector: manualSelector:
type: boolean type: boolean
maxFailedIndexes:
format: int32
type: integer
parallelism: parallelism:
format: int32 format: int32
type: integer type: integer
@ -289,13 +307,14 @@ spec:
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- action - action
- onPodConditions
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- rules - rules
type: object type: object
podReplacementPolicy:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -467,6 +486,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -535,6 +564,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -601,6 +640,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -669,6 +718,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -848,6 +907,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -898,6 +965,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1094,13 +1169,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1453,6 +1555,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1503,6 +1613,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1699,13 +1817,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2065,6 +2210,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2115,6 +2268,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2311,13 +2472,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2543,12 +2731,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -2948,11 +3167,26 @@ spec:
type: array type: array
terminate: terminate:
type: boolean type: boolean
ttlStrategy:
properties:
secondsAfterCompletion:
format: int32
type: integer
secondsAfterFailure:
format: int32
type: integer
secondsAfterSuccess:
format: int32
type: integer
type: object
required: required:
- metrics - metrics
type: object type: object
status: status:
properties: properties:
completedAt:
format: date-time
type: string
dryRunSummary: dryRunSummary:
properties: properties:
count: count:

234
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -184,6 +184,18 @@ spec:
type: object type: object
datadog: datadog:
properties: properties:
aggregator:
enum:
- avg
- min
- max
- sum
- last
- percentile
- mean
- l2norm
- area
type: string
apiVersion: apiVersion:
default: v1 default: v1
enum: enum:
@ -237,6 +249,9 @@ spec:
backoffLimit: backoffLimit:
format: int32 format: int32
type: integer type: integer
backoffLimitPerIndex:
format: int32
type: integer
completionMode: completionMode:
type: string type: string
completions: completions:
@ -244,6 +259,9 @@ spec:
type: integer type: integer
manualSelector: manualSelector:
type: boolean type: boolean
maxFailedIndexes:
format: int32
type: integer
parallelism: parallelism:
format: int32 format: int32
type: integer type: integer
@ -285,13 +303,14 @@ spec:
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- action - action
- onPodConditions
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- rules - rules
type: object type: object
podReplacementPolicy:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -463,6 +482,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -531,6 +560,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -597,6 +636,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -665,6 +714,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -844,6 +903,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -894,6 +961,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1090,13 +1165,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1449,6 +1551,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1499,6 +1609,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1695,13 +1813,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2061,6 +2206,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2111,6 +2264,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2307,13 +2468,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2539,12 +2727,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -2939,8 +3158,15 @@ spec:
- provider - provider
type: object type: object
type: array type: array
required: templates:
- metrics items:
properties:
clusterScope:
type: boolean
templateName:
type: string
type: object
type: array
type: object type: object
required: required:
- spec - spec

234
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -184,6 +184,18 @@ spec:
type: object type: object
datadog: datadog:
properties: properties:
aggregator:
enum:
- avg
- min
- max
- sum
- last
- percentile
- mean
- l2norm
- area
type: string
apiVersion: apiVersion:
default: v1 default: v1
enum: enum:
@ -237,6 +249,9 @@ spec:
backoffLimit: backoffLimit:
format: int32 format: int32
type: integer type: integer
backoffLimitPerIndex:
format: int32
type: integer
completionMode: completionMode:
type: string type: string
completions: completions:
@ -244,6 +259,9 @@ spec:
type: integer type: integer
manualSelector: manualSelector:
type: boolean type: boolean
maxFailedIndexes:
format: int32
type: integer
parallelism: parallelism:
format: int32 format: int32
type: integer type: integer
@ -285,13 +303,14 @@ spec:
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- action - action
- onPodConditions
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
required: required:
- rules - rules
type: object type: object
podReplacementPolicy:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -463,6 +482,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -531,6 +560,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -597,6 +636,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -665,6 +714,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -844,6 +903,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -894,6 +961,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1090,13 +1165,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1449,6 +1551,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1499,6 +1609,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1695,13 +1813,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2061,6 +2206,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2111,6 +2264,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2307,13 +2468,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2539,12 +2727,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -2939,8 +3158,15 @@ spec:
- provider - provider
type: object type: object
type: array type: array
required: templates:
- metrics items:
properties:
clusterScope:
type: boolean
templateName:
type: string
type: object
type: array
type: object type: object
required: required:
- spec - spec

213
charts/argo-rollouts/templates/crds/experiment-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -94,6 +94,17 @@ spec:
- templateName - templateName
type: object type: object
type: array type: array
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
dryRun: dryRun:
items: items:
properties: properties:
@ -309,6 +320,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -377,6 +398,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -443,6 +474,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -511,6 +552,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -690,6 +741,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -740,6 +799,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -936,13 +1003,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1295,6 +1389,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1345,6 +1447,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1541,13 +1651,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -1907,6 +2044,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1957,6 +2102,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2153,13 +2306,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2385,12 +2565,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:

227
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.1 controller-gen.kubebuilder.io/version: v0.13.0
{{- if .Values.keepCRDs }} {{- if .Values.keepCRDs }}
"helm.sh/resource-policy": keep "helm.sh/resource-policy": keep
{{- end }} {{- end }}
@ -581,6 +581,26 @@ spec:
- templateName - templateName
type: object type: object
type: array type: array
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
dryRun:
items:
properties:
metricName:
type: string
required:
- metricName
type: object
type: array
duration: duration:
type: string type: string
templates: templates:
@ -913,6 +933,9 @@ spec:
- name - name
type: object type: object
type: array type: array
maxTrafficWeight:
format: int32
type: integer
nginx: nginx:
properties: properties:
additionalIngressAnnotations: additionalIngressAnnotations:
@ -1093,6 +1116,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1161,6 +1194,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1227,6 +1270,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1295,6 +1348,16 @@ spec:
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector: namespaceSelector:
properties: properties:
matchExpressions: matchExpressions:
@ -1474,6 +1537,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1524,6 +1595,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -1720,13 +1799,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2079,6 +2185,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2129,6 +2243,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2325,13 +2447,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -2691,6 +2840,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2741,6 +2898,14 @@ spec:
required: required:
- port - port
type: object type: object
sleep:
properties:
seconds:
format: int64
type: integer
required:
- seconds
type: object
tcpSocket: tcpSocket:
properties: properties:
host: host:
@ -2937,13 +3102,40 @@ spec:
format: int32 format: int32
type: integer type: integer
type: object type: object
resizePolicy:
items:
properties:
resourceName:
type: string
restartPolicy:
type: string
required:
- resourceName
- restartPolicy
type: object
type: array
x-kubernetes-list-type: atomic
resources: resources:
properties: properties:
claims:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits: limits:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
requests: requests:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
restartPolicy:
type: string
securityContext: securityContext:
properties: properties:
allowPrivilegeEscalation: allowPrivilegeEscalation:
@ -3169,12 +3361,43 @@ spec:
- conditionType - conditionType
type: object type: object
type: array type: array
resourceClaims:
items:
properties:
name:
type: string
source:
properties:
resourceClaimName:
type: string
resourceClaimTemplateName:
type: string
type: object
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
restartPolicy: restartPolicy:
type: string type: string
runtimeClassName: runtimeClassName:
type: string type: string
schedulerName: schedulerName:
type: string type: string
schedulingGates:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
securityContext: securityContext:
properties: properties:
fsGroup: fsGroup:
@ -3340,6 +3563,8 @@ spec:
type: string type: string
name: name:
type: string type: string
scaleDown:
type: string
type: object type: object
type: object type: object
status: status:

30
charts/argo-rollouts/values.yaml
View file

@ -120,6 +120,7 @@ controller:
# limits: # limits:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
# ephemeral-storage: 1Gi
# requests: # requests:
# cpu: 50m # cpu: 50m
# memory: 64Mi # memory: 64Mi
@ -240,13 +241,14 @@ podSecurityContext:
runAsNonRoot: true runAsNonRoot: true
# -- Security Context to set on container level # -- Security Context to set on container level
containerSecurityContext: {} containerSecurityContext:
# capabilities: allowPrivilegeEscalation: false
# drop: capabilities:
# - ALL drop:
# readOnlyRootFilesystem: true - ALL
# runAsNonRoot: true readOnlyRootFilesystem: true
# runAsUser: 1000 seccompProfile:
type: RuntimeDefault
# -- Annotations to be added to the Rollout service # -- Annotations to be added to the Rollout service
serviceAnnotations: {} serviceAnnotations: {}
@ -447,12 +449,18 @@ dashboard:
volumeMounts: [] volumeMounts: []
notifications: notifications:
configmap:
# -- Whether to create notifications configmap
create: true
secret: secret:
# -- Whether to create notifications secret # -- Whether to create notifications secret
create: false create: false
# -- Generic key:value pairs to be inserted into the notifications secret # -- Generic key:value pairs to be inserted into the notifications secret
items: {} items: {}
# slack-token: # slack-token:
# -- Annotations to be added to the notifications secret
annotations: {}
# -- Configures notification services # -- Configures notification services
notifiers: {} notifiers: {}
@ -476,3 +484,11 @@ notifications:
# trigger.on-purple: | # trigger.on-purple: |
# - send: [my-purple-template] # - send: [my-purple-template]
# when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple' # when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple'
# -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts
subscriptions: []
# - recipients:
# - slack:<channel>
# triggers:
# - on-rollout-completed
# - on-rollout-aborted

8
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2 apiVersion: v2
appVersion: v3.5.6 appVersion: v3.5.10
name: argo-workflows name: argo-workflows
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
type: application type: application
version: 0.41.6 version: 0.42.0
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
sources: sources:
@ -16,5 +16,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: fixed - kind: added
description: Add missing serviceLabels to server service description: Added support for setting annotations on argo workflows controller configmap

1
charts/argo-workflows/README.md
View file

@ -149,6 +149,7 @@ Fields to note:
| controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | | controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding |
| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] |
| controller.configMap.annotations | object | `{}` | ConfigMap annotations |
| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | | controller.configMap.create | bool | `true` | Create a ConfigMap for the controller |
| controller.configMap.name | string | `""` | ConfigMap name | | controller.configMap.name | string | `""` | ConfigMap name |
| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | | controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ |

1
charts/argo-workflows/templates/_helpers.tpl
View file

@ -94,6 +94,7 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
app.kubernetes.io/instance: {{ .context.Release.Name }} app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }} {{- if .component }}
app.kubernetes.io/component: {{ .component }} app.kubernetes.io/component: {{ .component }}
app: {{ .component }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -6,6 +6,10 @@ metadata:
namespace: {{ include "argo-workflows.namespace" . | quote }} namespace: {{ include "argo-workflows.namespace" . | quote }}
labels: labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
{{- with .Values.controller.configMap.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data: data:
config: | config: |
{{- if .Values.controller.instanceID.enabled }} {{- if .Values.controller.instanceID.enabled }}

4
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -17,7 +17,9 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }} name: {{ $.Values.workflow.serviceAccount.name }}
namespace: {{ $namespace }} {{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }} {{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount - kind: ServiceAccount
name: {{ .name }} name: {{ .name }}

2
charts/argo-workflows/values.yaml
View file

@ -106,6 +106,8 @@ controller:
create: true create: true
# -- ConfigMap name # -- ConfigMap name
name: "" name: ""
# -- ConfigMap annotations
annotations: {}
# -- Limits the maximum number of incomplete workflows in a namespace # -- Limits the maximum number of incomplete workflows in a namespace
namespaceParallelism: namespaceParallelism:

6
charts/argocd-image-updater/Chart.yaml
View file

@ -2,8 +2,8 @@ apiVersion: v2
name: argocd-image-updater name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application type: application
version: 0.10.0 version: 0.11.0
appVersion: v0.13.0 appVersion: v0.14.0
home: https://github.com/argoproj-labs/argocd-image-updater home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
keywords: keywords:
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: changed
description: Bump argocd-image-updater to v0.13.0 description: Bump argocd-image-updater to v0.14.0

3
charts/argocd-image-updater/README.md
View file

@ -79,6 +79,9 @@ The `config.registries` value can be used exactly as it looks in the documentati
| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | | config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. |
| config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.disableKubeEvents | bool | `false` | Disable kubernetes events |
| config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits |
| config.gitCommitSignOff | bool | `false` | Enables sign off on commits |
| config.gitCommitSigningKey | string | `""` | Path to public SSH key mounted in container, or GPG key ID used to sign commits |
| config.gitCommitSigningMethod | string | `""` | Method used to sign Git commits. `openpgp` or `ssh` |
| config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitTemplate | string | `""` | Changing the Git commit message |
| config.gitCommitUser | string | `""` | Username to use for Git commits | | config.gitCommitUser | string | `""` | Username to use for Git commits |
| config.logLevel | string | `"info"` | Argo CD Image Update log level | | config.logLevel | string | `"info"` | Argo CD Image Update log level |

9
charts/argocd-image-updater/templates/configmap.yaml
View file

@ -31,6 +31,15 @@ data:
git.commit-message-template: | git.commit-message-template: |
{{- nindent 4 . }} {{- nindent 4 . }}
{{- end }} {{- end }}
{{- with .Values.config.gitCommitSigningKey }}
git.commit-signing-key: {{ . | quote }}
{{- end }}
{{- with .Values.config.gitCommitSignOff }}
git.commit-sign-off: {{ . | quote }}
{{- end }}
{{- with .Values.config.gitCommitSigningMethod }}
git.commit-signing-method: {{ . | quote }}
{{- end }}
kube.events: {{ .Values.config.disableKubeEvents | quote }} kube.events: {{ .Values.config.disableKubeEvents | quote }}
{{- with .Values.config.registries }} {{- with .Values.config.registries }}
registries.conf: | registries.conf: |

26
charts/argocd-image-updater/templates/deployment.yaml
View file

@ -100,6 +100,24 @@ spec:
key: kube.events key: kube.events
name: argocd-image-updater-config name: argocd-image-updater-config
optional: true optional: true
- name: GIT_COMMIT_SIGNING_KEY
valueFrom:
configMapKeyRef:
key: git.commit-signing-key
name: argocd-image-updater-config
optional: true
- name: GIT_COMMIT_SIGNING_METHOD
valueFrom:
configMapKeyRef:
key: git.commit-signing-method
name: argocd-image-updater-config
optional: true
- name: GIT_COMMIT_SIGN_OFF
valueFrom:
configMapKeyRef:
key: git.commit-sign-off
name: argocd-image-updater-config
optional: true
{{- with .Values.extraEnv }} {{- with .Values.extraEnv }}
{{- toYaml . | nindent 10 }} {{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
@ -141,6 +159,10 @@ spec:
name: ssh-config name: ssh-config
- mountPath: /tmp - mountPath: /tmp
name: tmp name: tmp
- name: ssh-signing-key
mountPath: /app/ssh-keys/id_rsa
readOnly: true
subPath: sshPrivateKey
{{- if .Values.authScripts.enabled }} {{- if .Values.authScripts.enabled }}
- mountPath: /scripts - mountPath: /scripts
name: authscripts name: authscripts
@ -172,6 +194,10 @@ spec:
name: argocd-image-updater-ssh-config name: argocd-image-updater-ssh-config
optional: true optional: true
name: ssh-config name: ssh-config
- name: ssh-signing-key
secret:
secretName: ssh-git-creds
optional: true
- emptyDir: {} - emptyDir: {}
name: tmp name: tmp
{{- with .Values.volumes }} {{- with .Values.volumes }}

11
charts/argocd-image-updater/values.yaml
View file

@ -107,7 +107,7 @@ config:
# -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`)
applicationsAPIKind: "" applicationsAPIKind: ""
# Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags
# Note: this is only relevant if config.applicationsAPIKind == 'argocd' # Note: this is only relevant if config.applicationsAPIKind == 'argocd'
argocd: argocd:
# -- Use the gRPC-web protocol to connect to the Argo CD API # -- Use the gRPC-web protocol to connect to the Argo CD API
@ -133,6 +133,15 @@ config:
# -- Changing the Git commit message # -- Changing the Git commit message
gitCommitTemplate: "" gitCommitTemplate: ""
# -- Path to public SSH key mounted in container, or GPG key ID used to sign commits
gitCommitSigningKey: ""
# -- Enables sign off on commits
gitCommitSignOff: false
# -- Method used to sign Git commits. `openpgp` or `ssh`
gitCommitSigningMethod: ""
# -- Argo CD Image Update log level # -- Argo CD Image Update log level
logLevel: "info" logLevel: "info"