DevFW-CICD/argocd-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(argo-cd): Finalize update to argocd 2.1.0 (#884)

Browse source 
Signed-off-by: Emanuel Oliveira <emanuelolive@grupoboticario.com.br>

Co-authored-by: Mateus Miranda <mateus.miranda@sumup.com>
Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
This commit is contained in:
Emanuel Oliveira 2021-08-26 10:42:47 -03:00 committed by GitHub
parent 8e11387e7d
commit 31803c05d6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 138 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
charts/argo-cd/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: 2.1.0 appVersion: 2.1.0
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd name: argo-cd
version: 3.16.0 version: 3.17.0
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-cd/assets/logo.png icon: https://argoproj.github.io/argo-cd/assets/logo.png
keywords: keywords:
@ -21,5 +21,6 @@ dependencies:
condition: redis-ha.enabled condition: redis-ha.enabled
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "[Added]: Service monitor relabelings and metricsRelabelings" - "[Changed]: Sync CRDs of ArgoCD v2.1.0"
- "[Fixed]: Service monitor interval configuration for all components" - "[Added]: Enable use of separated secret just for repositories"
- "[Deprecated]: configs.repositoryCredentials is deprecated now. Instead, use configs.credentialTemplates and/or configs.repositories"

4
charts/argo-cd/README.md
View file

@ -167,6 +167,9 @@ NAME: my-release
| configs.secret.createSecret | Create the argocd-secret. | `true` | | configs.secret.createSecret | Create the argocd-secret. | `true` |
| configs.secret.githubSecret | GitHub incoming webhook secret | `""` | | configs.secret.githubSecret | GitHub incoming webhook secret | `""` |
| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | | configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` |
| configs.repositoryCredentials | DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories. | `{}` |
| configs.credentialTemplates | Repository credentials to be used as Templates for other repos. | `{}` |
| configs.repositories | Repositories list to be used by applications. | `{}` |
| configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` | | configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` |
| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
@ -301,6 +304,7 @@ NAME: my-release
| server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | | server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
| server.configAnnotations | ArgoCD configuration configmap annotations | `{}` | | server.configAnnotations | ArgoCD configuration configmap annotations | `{}` |
| server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) | | server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) |
| server.config.repositories | [DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories.](https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour) | See [values.yaml](values.yaml) |
| server.containerPort | Server container port. | `8080` | | server.containerPort | Server container port. | `8080` |
| server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | | server.extraArgs | Additional arguments for the server. A list of flags. | `[]` |
| server.staticAssets.enabled | Disable deprecated flag --staticassets | `false` | | server.staticAssets.enabled | Disable deprecated flag --staticassets | `false` |

41
charts/argo-cd/crds/crd-application.yaml
View file

@ -267,6 +267,12 @@ spec:
type: string type: string
description: CommonLabels is a list of additional labels to add to rendered manifests description: CommonLabels is a list of additional labels to add to rendered manifests
type: object type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
images: images:
description: Images is a list of Kustomize image override specifications description: Images is a list of Kustomize image override specifications
items: items:
@ -365,6 +371,10 @@ spec:
properties: properties:
group: group:
type: string type: string
jqPathExpressions:
items:
type: string
type: array
jsonPointers: jsonPointers:
items: items:
type: string type: string
@ -376,7 +386,6 @@ spec:
namespace: namespace:
type: string type: string
required: required:
- jsonPointers
- kind - kind
type: object type: object
type: array type: array
@ -543,6 +552,12 @@ spec:
type: string type: string
description: CommonLabels is a list of additional labels to add to rendered manifests description: CommonLabels is a list of additional labels to add to rendered manifests
type: object type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
images: images:
description: Images is a list of Kustomize image override specifications description: Images is a list of Kustomize image override specifications
items: items:
@ -838,6 +853,12 @@ spec:
type: string type: string
description: CommonLabels is a list of additional labels to add to rendered manifests description: CommonLabels is a list of additional labels to add to rendered manifests
type: object type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether toforce applying common labels to resources for Kustomizeapps
type: boolean
images: images:
description: Images is a list of Kustomize image override specifications description: Images is a list of Kustomize image override specifications
items: items:
@ -1134,6 +1155,12 @@ spec:
type: string type: string
description: CommonLabels is a list of additional labels to add to rendered manifests description: CommonLabels is a list of additional labels to add to rendered manifests
type: object type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
images: images:
description: Images is a list of Kustomize image override specifications description: Images is a list of Kustomize image override specifications
items: items:
@ -1412,6 +1439,12 @@ spec:
type: string type: string
description: CommonLabels is a list of additional labels to add to rendered manifests description: CommonLabels is a list of additional labels to add to rendered manifests
type: object type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
images: images:
description: Images is a list of Kustomize image override specifications description: Images is a list of Kustomize image override specifications
items: items:
@ -1687,6 +1720,12 @@ spec:
type: string type: string
description: CommonLabels is a list of additional labels to add to rendered manifests description: CommonLabels is a list of additional labels to add to rendered manifests
type: object type: object
forceCommonAnnotations:
description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
type: boolean
forceCommonLabels:
description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
type: boolean
images: images:
description: Images is a list of Kustomize image override specifications description: Images is a list of Kustomize image override specifications
items: items:

6
charts/argo-cd/templates/NOTES.txt
View file

@ -1,3 +1,9 @@
{{- if or .Values.configs.repositoryCredentials .Values.server.config.repositories }}
WARNING: You are using configs.repositoryCredentials and/or server.config.repositories parameter that are DEPRECATED
Instead, use configs.repositoryTemplates and/or configs.repositories parameters
Read More about here: https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour
{{- end}}
In order to access the server UI you have the following options: In order to access the server UI you have the following options:
1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443

7
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -48,6 +48,8 @@ spec:
- {{ .Values.controller.args.selfHealTimeout | quote }} - {{ .Values.controller.args.selfHealTimeout | quote }}
- --repo-server - --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --repo-server-timeout-seconds
- {{ .Values.controller.args.repoServerTimeoutSeconds | quote }}
- --logformat - --logformat
- {{ .Values.controller.logFormat }} - {{ .Values.controller.logFormat }}
- --loglevel - --loglevel
@ -93,7 +95,10 @@ spec:
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
workingDir: /home/argocd
volumeMounts: volumeMounts:
- name: argocd-home
mountPath: /home/argocd
- mountPath: /app/config/controller/tls - mountPath: /app/config/controller/tls
name: argocd-repo-server-tls name: argocd-repo-server-tls
{{- with .Values.controller.volumeMounts }} {{- with .Values.controller.volumeMounts }}
@ -119,6 +124,8 @@ spec:
{{ toYaml . | indent 6 }} {{ toYaml . | indent 6 }}
{{- end }} {{- end }}
volumes: volumes:
- emptyDir: {}
name: argocd-home
- name: argocd-repo-server-tls - name: argocd-repo-server-tls
secret: secret:
items: items:

2
charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml → charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml
View file

@ -10,4 +10,4 @@ data:
{{- range $key, $value := .Values.configs.repositoryCredentials }} {{- range $key, $value := .Values.configs.repositoryCredentials }}
{{ $key }}: {{ $value | b64enc }} {{ $key }}: {{ $value | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

14
charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml Normal file
View file

@ -0,0 +1,14 @@
{{- range $repo_cred_key, $repo_cred_value := .Values.configs.credentialTemplates }}
---
apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-creds-{{ $repo_cred_key }}
labels:
argocd.argoproj.io/secret-type: repo-creds
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
data:
{{- range $key, $value := $repo_cred_value }}
{{ $key }}: {{ $value | toString | b64enc }}
{{- end }}
{{- end }}

14
charts/argo-cd/templates/argocd-configs/repository-secret.yaml Normal file
View file

@ -0,0 +1,14 @@
{{- range $repo_key, $repo_value := .Values.configs.repositories }}
---
apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-{{ $repo_key }}
labels:
argocd.argoproj.io/secret-type: repository
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
data:
{{- range $key, $value := $repo_value }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}

70
charts/argo-cd/values.yaml
View file

@ -61,6 +61,7 @@ controller:
operationProcessors: "10" operationProcessors: "10"
appResyncPeriod: "180" appResyncPeriod: "180"
selfHealTimeout: "5" selfHealTimeout: "5"
repoServerTimeoutSeconds: "60"
## Argo controller log format: text|json ## Argo controller log format: text|json
logFormat: text logFormat: text
@ -101,6 +102,7 @@ controller:
# drop: # drop:
# - all # - all
# readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
# runAsNonRoot: true
## Configures the controller port ## Configures the controller port
containerPort: 8082 containerPort: 8082
@ -395,10 +397,8 @@ redis:
## Redis Pod specific security context ## Redis Pod specific security context
securityContext: securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true runAsNonRoot: true
runAsUser: 999
serviceAccount: serviceAccount:
create: false create: false
@ -696,6 +696,8 @@ server:
url: https://argocd.example.com url: https://argocd.example.com
# Argo CD instance label key # Argo CD instance label key
application.instanceLabelKey: argocd.argoproj.io/instance application.instanceLabelKey: argocd.argoproj.io/instance
# DEPRECATED: Please instead use configs.credentialTemplates and configs.repositories
# repositories: | # repositories: |
# - url: git@github.com:group/repo.git # - url: git@github.com:group/repo.git
# sshPrivateKeySecret: # sshPrivateKeySecret:
@ -707,6 +709,7 @@ server:
# - type: helm # - type: helm
# url: https://argoproj.github.io/argo-helm # url: https://argoproj.github.io/argo-helm
# name: argo # name: argo
# oidc.config: | # oidc.config: |
# name: AzureAD # name: AzureAD
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
@ -1115,25 +1118,48 @@ configs:
# +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
# XWyb96wrUlv+E8I= # XWyb96wrUlv+E8I=
# -----END CERTIFICATE----- # -----END CERTIFICATE-----
# Creates a secret with optional repository credentials ## # Creates a secret with optional repository credentials
repositoryCredentials: ## DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories
{} repositoryCredentials: {}
# sample-ssh-key: |
# -----BEGIN RSA PRIVATE KEY----- ## Creates a secret for each key/value specified below to create repository credentials
# MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N credentialTemplates: {}
# z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 # github-enterprise-creds-1:
# nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB # url: https://github.com/argoproj
# AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x # githubAppID: 1
# O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe # githubAppInstallationID: 2
# tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
# cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 # githubAppPrivateKey: |
# 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM # -----BEGIN OPENSSH PRIVATE KEY-----
# hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK # ...
# xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ # -----END OPENSSH PRIVATE KEY-----
# FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc # https-creds:
# NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le # url: https://github.com/argoproj
# XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= # password: my-password
# -----END RSA PRIVATE KEY----- # username: my-username
# ssh-creds:
# url: git@github.com:argoproj-labs
# sshPrivateKey: |
# -----BEGIN OPENSSH PRIVATE KEY-----
# ...
# -----END OPENSSH PRIVATE KEY-----
## Creates a secret for each key/value specified below to create repositories
## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials".
repositories: {}
# istio-helm-repo:
# url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
# name: istio.io
# type: helm
# private-helm-repo:
# url: https://my-private-chart-repo.internal
# name: private-repo
# type: helm
# password: my-password
# username: my-username
# private-repo:
# url: https://github.com/argoproj/private-repo
secret: secret:
createSecret: true createSecret: true
## Annotations to be added to argocd-secret ## Annotations to be added to argocd-secret