Merge branch 'master' into patch-1

charts/argo-cd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.5
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 3.11.6
+version: 3.12.1
 home: https://github.com/argoproj/argo-helm
 icon: https://argoproj.github.io/argo-cd/assets/logo.png
 keywords:

charts/argo-cd/README.md

@@ -148,6 +148,7 @@ NAME: my-release
 | fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` |
 | apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` |
 | apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` |
+| createAggregateRoles | Create clusterroles that extend aggregated roles to use argo-cd crds | `false` |
 | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
 | configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` |
 | configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) |

charts/argo-cd/templates/argocd-aggregate-roles.yaml

@@ -0,0 +1,67 @@
+{{- if .Values.createAggregateRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.fullname" . }}-aggregate-to-view
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - applications
+  - appprojects
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - applications
+  - appprojects
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - applications
+  - appprojects
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+{{- end }}

charts/argo-cd/values.yaml

@@ -31,6 +31,10 @@ apiVersionOverrides:
   certmanager: "" # cert-manager.io/v1
   ingress: "" # networking.k8s.io/v1beta1
 
+## Create clusterroles that extend existing clusterroles to interact with argo-cd crds
+## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
+createAggregateRoles: false
+
 ## Controller
 controller:
   name: application-controller

charts/argocd-applicationset/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-applicationset
 description: A Helm chart for installing ArgoCD ApplicationSet
 type: application
-version: 1.0.0
+version: 1.1.0
 appVersion: "v0.1.0"
 home: https://github.com/argoproj/argo-helm
 icon: https://argocd-applicationset.readthedocs.io/en/stable/assets/logo.png
@@ -14,6 +14,5 @@ maintainers:
   - name: maruina
 annotations:
   artifacthub.io/changes: |
-    - "[Removed]: CRD installation via templates folder. CRDs are now only handled via the '/crds' folder in the same way like the ArgoCD chart."
+    - "[Added]: /tmp is an emptyDir now (enables users to use readOnlyRootFilesystem)"
-    - "[Removed]: Exclude '/ci' folder from being packaged into the final chart archive."
+    - "[Added]: Ability to add extraVolumes and extraVolumeMounts"
-    - "[Changed]: Fix icon url"

charts/argocd-applicationset/README.md

@@ -65,6 +65,8 @@ kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/c
 | args.policy | string | `sync` | How application is synced between the generator and the cluster |
 | args.debug | bool | `false` | Print debug logs |
 | args.dryRun | bool | `false` | Enable dry run mode |
+| extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) |
+| extraVolumes | list | `[]` | List of extra volumes to add |
 | fullnameOverride | string | `""` | Override the default fully qualified app name |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
 | image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. |

charts/argocd-applicationset/templates/deployment.yaml

@@ -50,6 +50,8 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
+            - mountPath: /tmp
+              name: tmp-dir
             {{- if .Values.mountSSHKnownHostsVolume }}
             - mountPath: /app/config/ssh
               name: ssh-known-hosts
@@ -66,7 +68,12 @@ spec:
             - mountPath: /app/config/gpg/keys
               name: gpg-keyring
             {{- end }}
+            {{- with .Values.extraVolumeMounts }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
       volumes:
+      - emptyDir: {}
+        name: tmp-dir
       {{- if .Values.mountSSHKnownHostsVolume }}
       - configMap:
           name: argocd-ssh-known-hosts-cm
@@ -86,6 +93,9 @@ spec:
       - emptyDir: {}
         name: gpg-keyring
       {{- end }}
+      {{- with .Values.extraVolumes }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/argocd-applicationset/values.yaml

@@ -75,3 +75,12 @@ mountSSHKnownHostsVolume: true
 mountTLSCertsVolume: true
 mountGPGKeysVolume: false
 mountGPGKeyringVolume: true
+
+# -- List of extra mounts to add (normally used with extraVolumes)
+extraVolumeMounts: []
+  # - mountPath: /tmp/foobar
+  #   name: foobar
+# -- List of extra volumes to add
+extraVolumes: []
+  # - name: foobar
+  #   emptyDir: {}