fix(argo-cd): Sync ArgoCD helm chart with kustomize (#659)

* copy CRD resource files from https://github.com/argoproj/argo-cd/tree/v2.0.0/manifests/crds Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * update `global.image` values in `values.yaml` to quay.io Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * update redis image to 6.2.1 Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * add optional volume mount to secret `argocd-repo-server-tls` according to 7a68880e2e Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * increase patch version of chart to 3.0.1 Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * add `redis.extraArgs` to enable customization of `redis-server` arguments Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * add some notes to the `README` about syncing changes from original `manifests/install.yaml` Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * fix example for `extraArgs` in `values.yaml` of argo-cd chart Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * Bump chart version to 3.1.2 Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * Bump argo-cd version to 3.2.2 Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> Co-authored-by: Oliver Bähler <oliverbaehler@hotmail.com> Co-authored-by: Oliver Bähler <oliverbaehler@hotmail.com>
2021-04-24 12:50:25 +02:00 · 2021-04-24 12:50:25 +02:00 · 3ba4cdb1ca
commit 3ba4cdb1ca
parent 71cbdbb811
9 changed files with 386 additions and 252 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.0
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 3.2.1
+version: 3.2.2
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -12,6 +12,26 @@ The default installation is intended to be similar to the provided ArgoCD [relea
 This chart currently installs the non-HA version of ArgoCD.
 ### Synchronizing Changes from Original Repository
 In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
 When installing ArgoCD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`.
 To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`:
 https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket
 Or you clone the repository and do a local `git-diff`:
 ```bash
 git clone https://github.com/argoproj/argo-cd.git
 cd argo-cd
 git diff v1.8.7 v2.0.0 -- manifests/install.yaml
 ```
 Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds).
 ## Upgrading
 ### 3.0.0 and above
@ -334,7 +354,8 @@ through `xxx.extraArgs`
 | redis.enabled | Enable redis | `true` |
 | redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
 | redis.image.repository | Redis repository | `"redis"` |
-| redis.image.tag | Redis tag | `"5.0.8"` |
+| redis.image.tag | Redis tag | `"6.2.1-alpine"` |
 | redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` |
 | redis.name | Redis name | `"redis"` |
 | redis.env | Environment variables for the Redis server. | `[]` |
 | redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
@ -354,6 +375,6 @@ through `xxx.extraArgs`
 | redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""`  is disabled | `""` |
 | redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` |
 | redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |
-| redis-ha.image.tag | Redis tag | `"5.0.8-alpine"` |
+| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` |
 [gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/
--- a/charts/argo-cd/crds/crd-application.yaml
+++ b/charts/argo-cd/crds/crd-application.yaml
--- a/charts/argo-cd/crds/crd-project.yaml
+++ b/charts/argo-cd/crds/crd-project.yaml
@ -20,8 +20,6 @@ spec:
  scope: Namespaced
  versions:
  - name: v1alpha1
    served: true
    storage: true
    schema:
      openAPIV3Schema:
        description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
@ -71,16 +69,16 @@ spec:
              destinations:
                description: Destinations contains list of destinations available for deployment
                items:
-                  description: ApplicationDestination contains deployment destination information
+                  description: ApplicationDestination holds information about the application's destination
                  properties:
                    name:
-                      description: Name of the destination cluster which can be used instead of server (url) field
+                      description: Name is an alternate way of specifying the target cluster by its symbolic name
                      type: string
                    namespace:
-                      description: Namespace overrides the environment namespace value in the ksonnet app.yaml
+                      description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
                      type: string
                    server:
-                      description: Server overrides the environment server value in the ksonnet app.yaml
+                      description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API
                      type: string
                  type: object
                type: array
@ -116,7 +114,9 @@ spec:
                description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
                properties:
                  ignore:
                    description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
                    items:
                      description: OrphanedResourceKey is a reference to a resource to be ignored from
                      properties:
                        group:
                          type: string
@ -173,7 +173,7 @@ spec:
                  type: object
                type: array
              signatureKeys:
-                description: List of PGP key IDs that commits to be synced to must be signed with
+                description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
                items:
                  description: SignatureKey is the specification of a key required to verify commit signatures with
                  properties:
@ -225,34 +225,35 @@ spec:
                type: array
            type: object
          status:
-            description: Status of the AppProject
+            description: AppProjectStatus contains status information for AppProject CRs
            properties:
              jwtTokensByRole:
                description: JWT Tokens issued for each of the roles in the project
                additionalProperties:
                  description: JWTTokens represents a list of JWT tokens
                  properties:
-                    items: 
+                    items:
-                      description: List of JWT Tokens issued for the role
+                      items:
-                      items: 
+                        description: JWTToken holds the issuedAt and expiresAt values of a token
                        description: Holds the issuedAt and expiresAt values of the token
                        properties:
                          exp:
                            description: The expiresAt value of a token
                            format: int64
                            type: integer
                          iat:
                            description: The issuedAt value of a token
                            format: int64
                            type: integer
                          id:
                            description: ID of the token
                            type: string
                        required:
                        - iat
                        type: object
                      type: array
                  type: object
                description: JWTTokensByRole contains a list of JWT tokens issued for a given role
                type: object
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -92,8 +92,10 @@ spec:
          timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
          successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
 {{- if .Values.controller.volumeMounts }}
        volumeMounts:
        - mountPath: /app/config/controller/tls
          name: argocd-repo-server-tls
 {{- if .Values.controller.volumeMounts }}
 {{- toYaml .Values.controller.volumeMounts | nindent 10}}
 {{- end }}
        resources:
@ -115,8 +117,19 @@ spec:
      hostAliases:
 {{ toYaml . | indent 6 }}
 {{- end }}
 {{- if .Values.controller.volumes }}
      volumes:
      - name: argocd-repo-server-tls
        secret:
          items:
          - key: tls.crt
            path: tls.crt
          - key: tls.key
            path: tls.key
          - key: ca.crt
            path: ca.crt
          optional: true
          secretName: argocd-repo-server-tls
 {{- if .Values.controller.volumes }}
 {{- toYaml .Values.controller.volumes | nindent 8 }}
 {{- end }}
 {{- if .Values.controller.priorityClassName }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -81,6 +81,8 @@ spec:
        - mountPath: /app/config/tls
          name: tls-certs
        {{- end }}
        - mountPath: /app/config/reposerver/tls
          name: argocd-repo-server-tls
        - mountPath: /tmp
          name: tmp-dir
        ports:
@ -143,6 +145,17 @@ spec:
          name: argocd-tls-certs-cm
        name: tls-certs
      {{- end }}
      - name: argocd-repo-server-tls
        secret:
          items:
          - key: tls.crt
            path: tls.crt
          - key: tls.key
            path: tls.key
          - key: ca.crt
            path: ca.crt
          optional: true
          secretName: argocd-repo-server-tls
      - emptyDir: {}
        name: tmp-dir
      {{- if .Values.repoServer.initContainers }}
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -80,6 +80,8 @@ spec:
        - mountPath: /app/config/tls
          name: tls-certs
        {{- end }}
        - mountPath: /app/config/server/tls
          name: argocd-repo-server-tls
        ports:
        - name: {{ .Values.server.name }}
          containerPort: {{ .Values.server.containerPort }}
@ -149,6 +151,17 @@ spec:
          name: argocd-tls-certs-cm
        name: tls-certs
      {{- end }}
      - name: argocd-repo-server-tls
        secret:
          items:
          - key: tls.crt
            path: tls.crt
          - key: tls.key
            path: tls.key
          - key: ca.crt
            path: ca.crt
          optional: true
          secretName: argocd-repo-server-tls
 {{- if .Values.server.priorityClassName }}
      priorityClassName: {{ .Values.server.priorityClassName }}
 {{- end }}
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -41,11 +41,14 @@ spec:
        - ""
        - --appendonly
        - "no"
        {{- with .Values.redis.extraArgs }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
        image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
        imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
        {{- if .Values.redis.containerSecurityContext }}
        securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
-        {{- end }}          
+        {{- end }}
        {{- if .Values.redis.env }}
        env:
 {{- toYaml .Values.redis.env | nindent 8 }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -9,7 +9,7 @@ installCRDs: true
 global:
  image:
-    repository: argoproj/argocd
+    repository: quay.io/argoproj/argocd
    tag: v2.0.0
    imagePullPolicy: IfNotPresent
  securityContext: {}
@ -27,8 +27,8 @@ controller:
  name: application-controller
  image:
-    repository: # argoproj/argocd
+    repository: # defaults to global.image.repository
-    tag: # v1.7.11
+    tag: # defaults to global.image.tag
    imagePullPolicy: # IfNotPresent
  # If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable
@ -276,9 +276,15 @@ redis:
  image:
    repository: redis
-    tag: 5.0.10-alpine
+    tag: 6.2.1-alpine
    imagePullPolicy: IfNotPresent
  ## Additional command line arguments to pass to redis-server
  ##
  extraArgs: []
  # - --bind
  # - "0.0.0.0"
  containerPort: 6379
  servicePort: 6379
@ -347,7 +353,7 @@ redis-ha:
    metrics:
      enabled: true
  image:
-    tag: 5.0.8-alpine
+    tag: 6.2.1-alpine
 ## Server
 server:
@ -363,8 +369,8 @@ server:
    targetMemoryUtilizationPercentage: 50
  image:
-    repository: # argoproj/argocd
+    repository: # defaults to global.image.repository
-    tag: # v1.7.11
+    tag: # defaults to global.image.tag
    imagePullPolicy: # IfNotPresent
  ## Additional command line arguments to pass to argocd-server
@ -733,8 +739,8 @@ repoServer:
    targetMemoryUtilizationPercentage: 50
  image:
-    repository: # argoproj/argocd
+    repository: # defaults to global.image.repository
-    tag: # v1.7.11
+    tag: # defaults to global.image.tag
    imagePullPolicy: # IfNotPresent
  ## Additional command line arguments to pass to argocd-repo-server