From dbec4ad82e98770e7768eda751e771683fadf0db Mon Sep 17 00:00:00 2001 From: jandersen-plaid <52045989+jandersen-plaid@users.noreply.github.com> Date: Wed, 5 May 2021 18:59:18 -0400 Subject: [PATCH 01/26] fix: spec.preserveUnknownFields must be set to false to allow upgrades from v1beta1 (#709) Signed-off-by: Jack Andersen --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/templates/crds/analysis-run-crd.yaml | 1 + charts/argo-rollouts/templates/crds/analysis-template-crd.yaml | 1 + .../templates/crds/cluster-analysis-template-crd.yaml | 1 + charts/argo-rollouts/templates/crds/experiment-crd.yaml | 1 + charts/argo-rollouts/templates/crds/rollout-crd.yaml | 1 + 6 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index bf8cd3b3..99269837 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.0 +version: 0.5.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 0ddf3ca3..b70b6f0b 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - ar singular: analysisrun + preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 0854fc4c..4712ae2d 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - at singular: analysistemplate + preserveUnknownFields: false scope: Namespaced versions: - name: v1alpha1 diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index dd9d89cd..72832f03 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - cat singular: clusteranalysistemplate + preserveUnknownFields: false scope: Cluster versions: - name: v1alpha1 diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 6fec00ab..1fa5b261 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - exp singular: experiment + preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 01eaccac..888ca599 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - ro singular: rollout + preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: From e39ccfe31585a9843ac64cbdc0706e098e992df4 Mon Sep 17 00:00:00 2001 From: cskh Date: Fri, 7 May 2021 13:29:36 -0400 Subject: [PATCH 02/26] feat: add resources to argo-rollouts deployment (#711) - add destinationrule to clusterrolebinding Signed-off-by: Hui Kang Co-authored-by: Hui Kang --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml | 1 + charts/argo-rollouts/templates/argo-rollouts-deployment.yaml | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 99269837..84752bf3 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.1 +version: 0.5.2 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml index b9595710..c3fb9f0c 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml @@ -130,6 +130,7 @@ rules: - networking.istio.io resources: - virtualservices + - destinationrules verbs: - watch - get diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index dd04516a..1c4342bf 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -38,6 +38,10 @@ spec: imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: {{ .Values.controller.name }} resources: +{{- toYaml .Values.controller.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} nodeSelector: From 26b3d9167243291e98286fb09893db74c33439cd Mon Sep 17 00:00:00 2001 From: Alec Rajeev Date: Sun, 9 May 2021 15:55:53 -0400 Subject: [PATCH 03/26] chore(argo-events): update argo-events to 1.3.3 (#720) Signed-off-by: Alec Rajeev --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index c9f2ae12..5def36c7 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.3.3 +version: 1.4.0 keywords: - argo-events - sensor-controller @@ -12,6 +12,6 @@ sources: maintainers: - name: VaibhavPage - name: whynowy -appVersion: 1.2.3 +appVersion: 1.3.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index b786e260..a54ec010 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -45,7 +45,7 @@ singleNamespace: true sensorController: name: sensor-controller image: sensor-controller - tag: v1.2.3 + tag: v1.3.1 replicaCount: 1 sensorImage: sensor podAnnotations: {} @@ -58,7 +58,7 @@ sensorController: eventsourceController: name: eventsource-controller image: eventsource-controller - tag: v1.2.3 + tag: v1.3.1 replicaCount: 1 eventsourceImage: eventsource podAnnotations: {} @@ -71,7 +71,7 @@ eventsourceController: eventbusController: name: eventbus-controller image: eventbus-controller - tag: v1.2.3 + tag: v1.3.1 replicaCount: 1 podAnnotations: {} nodeSelector: {} From 19d019039c78fe7b60a1cb6f0649b8b9ac04b68b Mon Sep 17 00:00:00 2001 From: aniekgul Date: Sun, 9 May 2021 16:05:51 -0400 Subject: [PATCH 04/26] chore(argo-cd): upgrade redis-ha version to 4.12.14 (#710) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aniek Gul Co-authored-by: Oliver Bähler --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 497aa297..52941728 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.10.4 -digest: sha256:e36321520ffd6f91962b0bcfeae947a86983d6b6d273eb616f08425e2b8ab9c2 -generated: "2021-04-14T13:41:16.151666-07:00" + version: 4.12.14 +digest: sha256:34275a4f4df92c570d07b0553da5d1fa200b6f057f7091746c853fd7399ee30a +generated: "2021-05-03T16:02:41.4356045-04:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 766578ef..584ef6e2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.2 +version: 3.2.3 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: @@ -16,6 +16,6 @@ maintainers: - name: seanson dependencies: - name: redis-ha - version: 4.10.4 + version: 4.12.14 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled From 6735d66f1ab58c82474f38e114092c3036cd82b1 Mon Sep 17 00:00:00 2001 From: sgavrylenko <13081190+sgavrylenko@users.noreply.github.com> Date: Tue, 11 May 2021 14:19:17 +0300 Subject: [PATCH 05/26] feat(argocd-notification): add context variable for templating purpose (#713) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add context variable for templating purpose Signed-off-by: Sergiy Gavrylenko Signed-off-by: Sergiy Gavrylenko * update version of argocd-notification chart Signed-off-by: Sergiy Gavrylenko Signed-off-by: Sergiy Gavrylenko * fix: spec.preserveUnknownFields must be set to false to allow upgrades from v1beta1 (#709) Signed-off-by: Jack Andersen Signed-off-by: Sergiy Gavrylenko * feat: add resources to argo-rollouts deployment (#711) - add destinationrule to clusterrolebinding Signed-off-by: Hui Kang Co-authored-by: Hui Kang Signed-off-by: Sergiy Gavrylenko * chore(argo-events): update argo-events to 1.3.3 (#720) Signed-off-by: Alec Rajeev Signed-off-by: Sergiy Gavrylenko * chore(argo-cd): upgrade redis-ha version to 4.12.14 (#710) Signed-off-by: Aniek Gul Co-authored-by: Oliver Bähler Signed-off-by: Sergiy Gavrylenko * Update charts/argocd-notifications/Chart.yaml Co-authored-by: Oliver Bähler Signed-off-by: Sergiy Gavrylenko * Update charts/argocd-notifications/templates/configmap.yaml Co-authored-by: Oliver Bähler Signed-off-by: Sergiy Gavrylenko Co-authored-by: Sergiy Gavrylenko Co-authored-by: jandersen-plaid <52045989+jandersen-plaid@users.noreply.github.com> Co-authored-by: cskh Co-authored-by: Hui Kang Co-authored-by: Alec Rajeev Co-authored-by: aniekgul Co-authored-by: Oliver Bähler --- charts/argocd-notifications/Chart.yaml | 2 +- charts/argocd-notifications/templates/configmap.yaml | 5 ++++- charts/argocd-notifications/values.yaml | 5 +++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 12c03d53..8a1e04d8 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.2.0 +version: 1.3.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/configmap.yaml b/charts/argocd-notifications/templates/configmap.yaml index 442234bc..37f95b53 100644 --- a/charts/argocd-notifications/templates/configmap.yaml +++ b/charts/argocd-notifications/templates/configmap.yaml @@ -8,6 +8,9 @@ metadata: data: context: | argocdUrl: {{ .Values.argocdUrl | quote }} + {{- with .Values.context }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.notifiers }} {{- toYaml . | nindent 2 }} {{- end }} @@ -21,4 +24,4 @@ data: {{- with .Values.triggers }} {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index ace4c84e..bfe746c3 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -19,6 +19,11 @@ nodeSelector: {} updateStrategy: type: Recreate +context: + # Add custom values into context + # region: east + # environmentName: staging + secret: # Whether helm chart creates controller secret create: true From a25cfd221cd8093cd79282413b2201c9a1e789d9 Mon Sep 17 00:00:00 2001 From: loreleimccollum-work <66749079+loreleimccollum-work@users.noreply.github.com> Date: Thu, 13 May 2021 01:36:13 -0400 Subject: [PATCH 06/26] feat: Support custom rules for the Application Controller Cluster Role (#730) * feat: Support custom rules for the Application Controller Cluster Role Signed-off-by: Lorelei McCollum * Add newline at end of file Signed-off-by: Lorelei McCollum --- CONTRIBUTING.md | 6 ++++++ charts/argo-cd/Chart.yaml | 2 +- .../argocd-application-controller/clusterrole.yaml | 6 +++++- charts/argo-cd/values.yaml | 7 +++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b64861bb..f4c7d89c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -22,6 +22,12 @@ helm delete argo-cd --purge kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` +Pre-requisites: +``` +helm repo add redis-ha https://dandydeveloper.github.io/charts/ +helm dependency update +``` + Minimally: ``` diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 584ef6e2..07d6fb7b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.3 +version: 3.2.4 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 3426c9c8..bd6ff8aa 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: +{{- if .Values.controller.clusterRoleRules.enabled }} +{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} +{{ else }} - apiGroups: - '*' resources: @@ -16,4 +19,5 @@ rules: - '*' verbs: - '*' -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index dc04e3eb..ef68a320 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -183,6 +183,13 @@ controller: ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. clusterAdminAccess: enabled: true + ## Enable Custom Rules for the Application Controller's Cluster Role resource + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + enabled: false + rules: [] + ## Dex dex: From 331d3445d2b5abb37cbf24dc29d2af5fb475b8eb Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 14 May 2021 21:04:24 +0200 Subject: [PATCH 07/26] chore: Nominate mkilchhofer as an approver (#714) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Oliver Bähler --- CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index bb890183..a3926889 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,5 +1,8 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners +# All charts +/charts/* @mkilchhofer + # Argo Workflows /charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler From 9548bffc6959f965b1edc259f1c29400c5f1e351 Mon Sep 17 00:00:00 2001 From: Aman Shah Date: Sun, 16 May 2021 18:18:39 +0530 Subject: [PATCH 08/26] chore(argo-cd): Bumped argo-cd to 2.0.1 (#732) Signed-off-by: aman chore(argo-cd): bumped chart version Signed-off-by: aman Co-authored-by: aman Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 07d6fb7b..e154e4b0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.0.0 +appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.4 +version: 3.2.5 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ef68a320..f5bff3b4 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -10,7 +10,7 @@ installCRDs: true global: image: repository: quay.io/argoproj/argocd - tag: v2.0.0 + tag: v2.0.1 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 From 0919bbc11639499d240325265a84f7383b2b1c8b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Sun, 16 May 2021 14:57:24 +0200 Subject: [PATCH 09/26] feat(argo-ci): remove deprecated helm chart (#734) Signed-off-by: Marco Kilchhofer --- charts/argo-ci/.helmignore | 21 ----------- charts/argo-ci/Chart.yaml | 12 ------- charts/argo-ci/README.md | 5 --- charts/argo-ci/templates/NOTES.txt | 0 charts/argo-ci/templates/_helpers.tpl | 16 --------- charts/argo-ci/templates/ci-deployment.yaml | 39 --------------------- charts/argo-ci/templates/ci-service.yaml | 17 --------- charts/argo-ci/values.yaml | 14 -------- 8 files changed, 124 deletions(-) delete mode 100644 charts/argo-ci/.helmignore delete mode 100644 charts/argo-ci/Chart.yaml delete mode 100644 charts/argo-ci/README.md delete mode 100644 charts/argo-ci/templates/NOTES.txt delete mode 100644 charts/argo-ci/templates/_helpers.tpl delete mode 100644 charts/argo-ci/templates/ci-deployment.yaml delete mode 100644 charts/argo-ci/templates/ci-service.yaml delete mode 100644 charts/argo-ci/values.yaml diff --git a/charts/argo-ci/.helmignore b/charts/argo-ci/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/charts/argo-ci/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/argo-ci/Chart.yaml b/charts/argo-ci/Chart.yaml deleted file mode 100644 index c41334d9..00000000 --- a/charts/argo-ci/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -description: A Helm chart for Argo-CI -name: argo-ci -version: 1.0.0 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -appVersion: v1.0.0-alpha2 -home: https://github.com/argoproj/argo-helm -deprecated: true -dependencies: - - name: argo - version: "^0.16.0" - repository: https://argoproj.github.io/argo-helm diff --git a/charts/argo-ci/README.md b/charts/argo-ci/README.md deleted file mode 100644 index 7eaa9039..00000000 --- a/charts/argo-ci/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Argo CI Chart - -**Deprecated** - Use [Argo-Events](./argo-events) instead. - -This is a **community maintained** chart. diff --git a/charts/argo-ci/templates/NOTES.txt b/charts/argo-ci/templates/NOTES.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/argo-ci/templates/_helpers.tpl b/charts/argo-ci/templates/_helpers.tpl deleted file mode 100644 index f0d83d2e..00000000 --- a/charts/argo-ci/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/argo-ci/templates/ci-deployment.yaml b/charts/argo-ci/templates/ci-deployment.yaml deleted file mode 100644 index bf2e4121..00000000 --- a/charts/argo-ci/templates/ci-deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-ci - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-ci - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-ci - release: {{ .Release.Name }} - spec: - containers: - - name: ci - image: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - env: - - name: IN_CLUSTER - value: "true" - - name: NAMESPACE - value: {{ .Values.workflowNamespace }} - - name: ARGO_CI_IMAGE - value: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}" - - name: CONTROLLER_INSTANCE_ID - value: {{ .Release.Name }} - ports: - - containerPort: 8001 - - containerPort: 8002 - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/argo-ci/templates/ci-service.yaml b/charts/argo-ci/templates/ci-service.yaml deleted file mode 100644 index 3c335c62..00000000 --- a/charts/argo-ci/templates/ci-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-ci - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8001 - selector: - app: {{ .Release.Name }}-ci - sessionAffinity: None - type: LoadBalancer diff --git a/charts/argo-ci/values.yaml b/charts/argo-ci/values.yaml deleted file mode 100644 index 86dadf98..00000000 --- a/charts/argo-ci/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -imageNamespace: argoproj -ciImage: argoci -imageTag: v1.0.0-alpha2 -imagePullPolicy: Always -# Secrets with credentials to pull images from a private registry -imagePullSecrets: [] -# - name: argo-pull-secret -workflowNamespace: default - -argo: - imagesNamespace: argoproj - installMinio: true - minioBucketName: argo-artifacts - useReleaseAsInstanceID: true From a70e1779afbda0b8d0385f96f460ecbff53abe2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Sun, 16 May 2021 17:32:19 +0200 Subject: [PATCH 10/26] feat: Define custom styles via values (#689) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: define custom styles via values Signed-off-by: Oliver Bähler * Version Bump Signed-off-by: Oliver Bähler * Mount to correct server Signed-off-by: Oliver Bähler * fix(argo-cd): correct alphabetical place of new values Signed-off-by: Marco Kilchhofer * fix(argo-cd): correct alphabetical place of new values in README Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/_helpers.tpl | 18 ++++++++++++++++++ .../templates/argocd-configs/argocd-cm.yaml | 3 +-- .../argocd-configs/argocd-styles-cm.yaml | 11 +++++++++++ .../templates/argocd-server/deployment.yaml | 10 ++++++++++ charts/argo-cd/values.yaml | 9 ++++++++- 7 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e154e4b0..07e35492 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.5 +version: 3.3.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7716e41e..5513a8fd 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -113,6 +113,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` | | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | +| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) | | openshift.enabled | enables using arbitrary uid for argo repo server | `false` | ## ArgoCD Controller diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 9ab07ef4..79723e71 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -151,4 +151,22 @@ Return the appropriate apiVersion for ingress {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} +{{- end -}} + +{{/* +Argo Configuration Preset Values (Incluenced by Values configuration) +*/}} +{{- define "argo-cd.config.presets" -}} + {{- if .Values.configs.styles }} +ui.cssurl: "./custom/custom.styles.css" + {{- end }} +{{- end -}} + +{{/* +Merge Argo Configuration with Preset Configuration +*/}} +{{- define "argo-cd.config" -}} + {{- if .Values.server.configEnabled -}} +{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }} + {{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index b17f4f1b..0da0c1ed 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -11,6 +11,5 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -data: -{{- toYaml .Values.server.config | nindent 4 }} +data: {{- include "argo-cd.config" $ | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml new file mode 100644 index 00000000..a8079671 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -0,0 +1,11 @@ +{{- if .Values.configs.styles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-custom-styles + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +data: + custom.styles.css: | + {{- .Values.configs.styles | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index d12c8446..2ee5b7e3 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -82,6 +82,11 @@ spec: {{- end }} - mountPath: /app/config/server/tls name: argocd-repo-server-tls + {{- if .Values.configs.styles }} + - mountPath: "/shared/app/custom/custom.styles.css" + subPath: "custom.styles.css" + name: custom-styles + {{- end }} ports: - name: {{ .Values.server.name }} containerPort: {{ .Values.server.containerPort }} @@ -141,6 +146,11 @@ spec: {{- end }} - emptyDir: {} name: static-files + {{- if .Values.configs.styles }} + - configMap: + name: argocd-custom-styles + name: custom-styles + {{- end }} {{- if .Values.configs.knownHosts }} - configMap: name: argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f5bff3b4..d0f813bb 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1015,9 +1015,16 @@ configs: # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - # argocdServerAdminPassword: + # argocdServerAdminPassword: "" # Password modification time defaults to current time if not set # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z" + ## Custom CSS Styles + ## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + # styles: | + # .nav-bar { + # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); + # } + openshift: enabled: false From 17ad65e635f5a585419c40975b60f785e42edb7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Sun, 16 May 2021 19:50:39 +0200 Subject: [PATCH 11/26] fix: Increased Redis Version (#700) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 07e35492..189a3eb3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.0 +version: 3.3.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d0f813bb..1a9fab3b 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -283,7 +283,7 @@ redis: image: repository: redis - tag: 6.2.1-alpine + tag: 6.2.2-alpine imagePullPolicy: IfNotPresent ## Additional command line arguments to pass to redis-server @@ -360,7 +360,7 @@ redis-ha: metrics: enabled: true image: - tag: 6.2.1-alpine + tag: 6.2.2-alpine ## Server server: From 7c94b7af7e69a61cf92e7ff00ef9c2ee3818f3dc Mon Sep 17 00:00:00 2001 From: Marco Zoveralli Date: Mon, 17 May 2021 07:40:38 +0200 Subject: [PATCH 12/26] fix(argo-cd): properly generate volumes and volumeMounts for application controller (#724) * fix: volumes and volumeMounts configurations are properly generated for the application controller (#723) Signed-off-by: marcozov * fix: Chart.yaml bump (#723) Signed-off-by: marcozov * fix: use consistent indentation Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- .../argocd-application-controller/deployment.yaml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 189a3eb3..c2e9e948 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.1 +version: 3.3.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 7c87bce8..524f302e 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -95,9 +95,9 @@ spec: volumeMounts: - mountPath: /app/config/controller/tls name: argocd-repo-server-tls -{{- if .Values.controller.volumeMounts }} -{{- toYaml .Values.controller.volumeMounts | nindent 10}} -{{- end }} + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} @@ -129,9 +129,9 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls -{{- if .Values.controller.volumes }} -{{- toYaml .Values.controller.volumes | nindent 8 }} -{{- end }} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- if .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName }} {{- end }} From c311a91921c338d846ac90683a94aaa0f9109b2a Mon Sep 17 00:00:00 2001 From: Meiblorn Date: Mon, 17 May 2021 10:21:53 +0400 Subject: [PATCH 13/26] fix(argocd-applicationset): Removed duplicated "app.kubernetes.io/name" label (#728) * Removed duplicated "app.kubernetes.io/name" label Updated helpers.tpl Signed-off-by: Vadim Fedorenko * Bump argocd-applicationset chart's version Signed-off-by: Vadim Fedorenko Co-authored-by: Marco Kilchhofer --- charts/argocd-applicationset/Chart.yaml | 2 +- charts/argocd-applicationset/templates/_helpers.tpl | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index ebb5ee1c..fba7f6bd 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.3 +version: 0.1.4 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argocd-applicationset/templates/_helpers.tpl b/charts/argocd-applicationset/templates/_helpers.tpl index 4d0e98b5..e86139e1 100644 --- a/charts/argocd-applicationset/templates/_helpers.tpl +++ b/charts/argocd-applicationset/templates/_helpers.tpl @@ -40,7 +40,6 @@ helm.sh/chart: {{ include "argo-applicationset.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/name: {{ include "argo-applicationset.name" . }} app.kubernetes.io/part-of: argo-cd-applicationset app.kubernetes.io/component: controller {{- end }} From fdc6daa970a75e3bc05cf78a0facfc5df21ad0b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= Date: Mon, 17 May 2021 10:05:38 +0300 Subject: [PATCH 14/26] fix(argo-cd): fixed typos in chart's README.md file (#727) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Batuhan Apaydın --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c2e9e948..720ea31d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.2 +version: 3.3.3 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5513a8fd..3c7a8be7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -40,7 +40,7 @@ Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Re ### 2.14.7 and above -The `matchLabels` key in the ArgoCD Appliaction Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. +The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. ### 2.10.x to 2.11.0 From 8ab948d1e332c6f98950e8f3e4eb5366774527d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Lemos?= Date: Tue, 18 May 2021 08:24:45 +0100 Subject: [PATCH 15/26] feat(argocd): Added externalTrafficPolicy to server service (#736) * feat(argocd): Added externalTrafficPolicy to server service Signed-off-by: flavio.lemos * chore: apply review changes Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-server/service.yaml | 3 +++ charts/argo-cd/values.yaml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 720ea31d..05e0df40 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.3 +version: 3.3.4 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 72a4018c..87877d92 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -44,3 +44,6 @@ spec: {{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} {{- end }} {{- end -}} +{{- with .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1a9fab3b..f1ddd6d3 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -479,6 +479,7 @@ server: loadBalancerIP: "" loadBalancerSourceRanges: [] externalIPs: [] + externalTrafficPolicy: "" ## Server metrics service configuration metrics: From adfe72f72b582992af7442ab54d18040e086b648 Mon Sep 17 00:00:00 2001 From: valerauko Date: Tue, 18 May 2021 16:39:56 +0900 Subject: [PATCH 16/26] fix(argo-cd): update initial password guidance in NOTES (#707) * fix: Update NOTES to match the latest version Signed-off-by: Vale * chore: Bump chart version Signed-off-by: Vale * Add colon for better format Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/NOTES.txt | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 05e0df40..f4cb6e67 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.4 +version: 3.3.5 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 138ba588..a5f59108 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -9,7 +9,8 @@ In order to access the server UI you have the following options: - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts -After reaching the UI the first time you can login with username: admin and the password will be the -name of the server pod. You can get the pod name by running: +After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 +kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d + +(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli) From 454a6576251b95fa36f5dac53e638b659736d44e Mon Sep 17 00:00:00 2001 From: Scott Cabrinha Date: Tue, 18 May 2021 08:37:24 -0700 Subject: [PATCH 17/26] chore: Remove cabrinha from CODEOWNERS (#716) Co-authored-by: Marco Kilchhofer --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index a3926889..eff2aab2 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -13,7 +13,7 @@ /charts/argo-events @jbehling @VaibhavPage @oliverbaehler # Argo Rollouts -/charts/argo-rollouts @cabrinha @oliverbaehler +/charts/argo-rollouts @oliverbaehler # Argo CD Notifications /charts/argocd-notifications @alexmt @andyfeller @oliverbaehler From 70234a635eea57940594620a6de5b468fe818f11 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Tue, 18 May 2021 17:37:55 +0200 Subject: [PATCH 18/26] chore: remove '*' in CODEOWNERS to allow recursive approvals (#737) According to documentation, the pattern /path/* only allows approval on this level: ~~~ # The `docs/*` pattern will match files like # `docs/getting-started.md` but not further nested files like # `docs/build-app/troubleshooting.md`. docs/* docs@example.com # In this example, @doctocat owns any file in the `/docs` # directory in the root of your repository and any of its # subdirectories. /docs/ @doctocat ~~~ Ref: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax Signed-off-by: Marco Kilchhofer --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index eff2aab2..0cf6f6db 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,7 +1,7 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners # All charts -/charts/* @mkilchhofer +/charts/ @mkilchhofer # Argo Workflows /charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler From 82b655dadcaba8aad895465b0033ba26aed170da Mon Sep 17 00:00:00 2001 From: chgl Date: Fri, 21 May 2021 14:19:05 +0200 Subject: [PATCH 19/26] feat(argo-workflows): added new argo-workflows chart and deprecated argo chart (#668) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: added new argo-workflows chart and deprecated argo chart Signed-off-by: chgl * fix: removed maintainers from deprecated argo chart Signed-off-by: chgl * docs: rm pullPolicy from snippet since the global images.pullPolicy is actually used Signed-off-by: chgl * use Chart.AppVersion as the default image tag Signed-off-by: chgl * updated various links Signed-off-by: chgl * enabled metrics endpoint and liveness probe by default Signed-off-by: chgl * fix: use new-style labels Signed-off-by: chgl * fix: set securitycontext for server to something more secure Signed-off-by: chgl * Update charts/argo-workflows/templates/_helpers.tpl Signed-off-by: chgl Co-authored-by: Brandon Mayfield <563214+bmayfi3ld@users.noreply.github.com> Signed-off-by: chgl * bumped argo chart version Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-service.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Apply suggestions from code review Co-authored-by: Brandon Mayfield <563214+bmayfi3ld@users.noreply.github.com> Co-authored-by: Oliver Bähler Signed-off-by: chgl * used ingress from argo-cd Signed-off-by: chgl * Update charts/argo-workflows/templates/server/server-deployment.yaml Signed-off-by: chgl Co-authored-by: Brandon Mayfield * updated argo-wf to v3.0.2 Signed-off-by: chgl * aligned serviceAccount configuration with argo-cd values Signed-off-by: chgl * docs: updated breaking changes in README Signed-off-by: chgl * fix: use .Capabilities.APIVersions.Has in Ingress template Signed-off-by: chgl Co-authored-by: Brandon Mayfield <563214+bmayfi3ld@users.noreply.github.com> Co-authored-by: Oliver Bähler Co-authored-by: Brandon Mayfield --- charts/argo-workflows/.helmignore | 21 ++ charts/argo-workflows/Chart.yaml | 15 + charts/argo-workflows/README.md | 48 +++ .../ci/enable-ingress-values.yaml | 5 + .../ci/enable-metrics-values.yaml | 7 + .../argo-workflows/ci/enable-rbac-values.yaml | 5 + .../argoproj.io_clusterworkflowtemplates.yaml | 35 ++ .../crds/argoproj.io_cronworkflows.yaml | 38 ++ .../argoproj.io_workfloweventbindings.yaml | 34 ++ .../crds/argoproj.io_workflows.yaml | 48 +++ .../crds/argoproj.io_workflowtemplates.yaml | 34 ++ charts/argo-workflows/templates/NOTES.txt | 7 + charts/argo-workflows/templates/_helpers.tpl | 96 +++++ .../controller/workflow-aggregate-roles.yaml | 95 +++++ .../workflow-controller-cluster-roles.yaml | 148 ++++++++ .../workflow-controller-config-map.yaml | 87 +++++ .../controller/workflow-controller-crb.yaml | 48 +++ .../workflow-controller-deployment-pdb.yaml | 19 + .../workflow-controller-deployment.yaml | 104 ++++++ .../controller/workflow-controller-sa.yaml | 8 + .../workflow-controller-service.yaml | 38 ++ .../workflow-controller-servicemonitor.yaml | 29 ++ .../templates/controller/workflow-rb.yaml | 19 + .../templates/controller/workflow-role.yaml | 25 ++ .../templates/controller/workflow-sa.yaml | 13 + .../server/server-cluster-roles.yaml | 136 +++++++ .../templates/server/server-crb.yaml | 39 +++ .../server/server-deployment-pdb.yaml | 19 + .../templates/server/server-deployment.yaml | 105 ++++++ .../templates/server/server-ingress.yaml | 88 +++++ .../templates/server/server-sa.yaml | 10 + .../templates/server/server-service.yaml | 31 ++ charts/argo-workflows/values.yaml | 331 ++++++++++++++++++ charts/argo/Chart.yaml | 8 +- charts/argo/README.md | 2 + 35 files changed, 1789 insertions(+), 6 deletions(-) create mode 100644 charts/argo-workflows/.helmignore create mode 100644 charts/argo-workflows/Chart.yaml create mode 100644 charts/argo-workflows/README.md create mode 100644 charts/argo-workflows/ci/enable-ingress-values.yaml create mode 100644 charts/argo-workflows/ci/enable-metrics-values.yaml create mode 100644 charts/argo-workflows/ci/enable-rbac-values.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_workflows.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml create mode 100644 charts/argo-workflows/templates/NOTES.txt create mode 100644 charts/argo-workflows/templates/_helpers.tpl create mode 100644 charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-crb.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-sa.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-service.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-rb.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-role.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-sa.yaml create mode 100644 charts/argo-workflows/templates/server/server-cluster-roles.yaml create mode 100644 charts/argo-workflows/templates/server/server-crb.yaml create mode 100644 charts/argo-workflows/templates/server/server-deployment-pdb.yaml create mode 100644 charts/argo-workflows/templates/server/server-deployment.yaml create mode 100644 charts/argo-workflows/templates/server/server-ingress.yaml create mode 100644 charts/argo-workflows/templates/server/server-sa.yaml create mode 100644 charts/argo-workflows/templates/server/server-service.yaml create mode 100644 charts/argo-workflows/values.yaml diff --git a/charts/argo-workflows/.helmignore b/charts/argo-workflows/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/argo-workflows/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml new file mode 100644 index 00000000..32eb38d9 --- /dev/null +++ b/charts/argo-workflows/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: argo-workflows +description: A Helm chart for Argo Workflows +type: application +version: 0.1.0 +appVersion: "v3.0.2" +icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +home: https://github.com/argoproj/argo-helm +sources: + - https://github.com/argoproj/argo-workflows +maintainers: + - name: alexec + - name: alexmt + - name: jessesuen + - name: benjaminws diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md new file mode 100644 index 00000000..7e1c9dd7 --- /dev/null +++ b/charts/argo-workflows/README.md @@ -0,0 +1,48 @@ +# Argo Workflows Chart + +This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). + +If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. + +## Pre-Requisites + +This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. + +A few options are: + +- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute +- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions + +## Usage Notes + +This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. + +## Values + +The `values.yaml` contains items used to tweak a deployment of this chart. +Fields to note: + +- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute +- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name +- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor +- `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran + +## Breaking changes from the deprecated `argo` chart + +1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory +1. the CRDs were updated to `apiextensions.k8s.io/v1` +1. the container image registry/project/tag format was changed to be more in line with the more common + + ```yaml + image: + registry: quay.io + repository: argoproj/argocli + tag: v3.0.1 + ``` + + this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images. + +1. switched to quay.io as the default registry for all images +1. removed any included usage of Minio +1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create` +1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml new file mode 100644 index 00000000..d3485603 --- /dev/null +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -0,0 +1,5 @@ +server: + ingress: + enabled: true + hosts: + - argo-workflows.127.0.0.1.xip.io diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml new file mode 100644 index 00000000..9818ebe5 --- /dev/null +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -0,0 +1,7 @@ +controller: + serviceMonitor: + enabled: true + metricsConfig: + enabled: true + telemetryConfig: + enabled: true diff --git a/charts/argo-workflows/ci/enable-rbac-values.yaml b/charts/argo-workflows/ci/enable-rbac-values.yaml new file mode 100644 index 00000000..10f717ac --- /dev/null +++ b/charts/argo-workflows/ci/enable-rbac-values.yaml @@ -0,0 +1,5 @@ +workflow: + serviceAccount: + create: true # Specifies whether a service account should be created + rbac: + create: true # adds Role and RoleBinding for the above specified service account to be able to run workflows diff --git a/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml new file mode 100644 index 00000000..fa7da83a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml new file mode 100644 index 00000000..2878fe9b --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000..9585686a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workflows.yaml b/charts/argo-workflows/crds/argoproj.io_workflows.yaml new file mode 100644 index 00000000..f3751e18 --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflows.yaml @@ -0,0 +1,48 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml new file mode 100644 index 00000000..f6fa080a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt new file mode 100644 index 00000000..b6ac65d4 --- /dev/null +++ b/charts/argo-workflows/templates/NOTES.txt @@ -0,0 +1,7 @@ +1. Get Argo Server external IP/domain by running: + +kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }} + +2. Submit the hello-world workflow by running: + +argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl new file mode 100644 index 00000000..f5c8a4c3 --- /dev/null +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -0,0 +1,96 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create argo workflows server name and version as used by the chart label. +*/}} +{{- define "argo-workflows.server.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-workflows.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-workflows.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "argo-workflows.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-workflows.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-workflows.labels" -}} +helm.sh/chart: {{ include "argo-workflows.chart" .context }} +{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argo-workflows +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-workflows.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Create the name of the server service account to use +*/}} +{{- define "argo-workflows.serverServiceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-workflows.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-workflows.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-workflows.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress +*/}} +{{- define "argo-workflows.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml new file mode 100644 index 00000000..2143f208 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -0,0 +1,95 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-workflows-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-workflows-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-workflows-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml new file mode 100644 index 00000000..de5e88a3 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -0,0 +1,148 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "policy" + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +{{- if .Values.controller.persistence }} +- apiGroups: + - "" + resources: + - secrets + resourceNames: + {{- if .Values.controller.persistence.postgresql }} + - {{ .Values.controller.persistence.postgresql.userNameSecret.name }} + - {{ .Values.controller.persistence.postgresql.passwordSecret.name }} + {{- end}} + {{- if .Values.controller.persistence.mysql }} + - {{ .Values.controller.persistence.mysql.userNameSecret.name }} + - {{ .Values.controller.persistence.mysql.passwordSecret.name }} + {{- end}} + verbs: + - get +{{- end}} +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - workflow-controller + - workflow-controller-lease + verbs: + - get + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template +rules: +- apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml new file mode 100644 index 00000000..afddb194 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -0,0 +1,87 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "argo-workflows.controller.fullname" . }}-configmap + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} +data: + config: | + {{- if .Values.controller.instanceID.enabled }} + {{- if .Values.controller.instanceID.useReleaseName }} + instanceID: {{ .Release.Name }} + {{- else }} + instanceID: {{ .Values.controller.instanceID.explicitID }} + {{- end }} + {{- end }} + containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} + {{- if .Values.controller.parallelism }} + parallelism: {{ .Values.controller.parallelism }} + {{- end }} + {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} + executor: + {{- with .Values.executor.resources }} + resources: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.executor.env }} + env: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.executor.securityContext }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.useDefaultArtifactRepo }} + artifactRepository: + {{- if .Values.artifactRepository.archiveLogs }} + archiveLogs: {{ .Values.artifactRepository.archiveLogs }} + {{- end }} + {{- if .Values.artifactRepository.gcs }} + gcs: +{{ toYaml .Values.artifactRepository.gcs | indent 8}} + {{- else }} + s3: + {{- if .Values.useStaticCredentials }} + accessKeySecret: + key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} + name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} + secretKeySecret: + key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} + name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} + {{- end }} + bucket: {{ .Values.artifactRepository.s3.bucket }} + endpoint: {{ .Values.artifactRepository.s3.endpoint }} + insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.keyFormat }} + keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} + {{- end }} + {{- if .Values.artifactRepository.s3.region }} + region: {{ .Values.artifactRepository.s3.region }} + {{- end }} + {{- if .Values.artifactRepository.s3.roleARN }} + roleARN: {{ .Values.artifactRepository.s3.roleARN }} + {{- end }} + {{- if .Values.artifactRepository.s3.useSDKCreds }} + useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }} + {{- end }} + {{- end }} + {{- end}} + {{- if .Values.controller.metricsConfig.enabled }} + metricsConfig: +{{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + telemetryConfig: +{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }} + {{- if .Values.controller.persistence }} + persistence: +{{ toYaml .Values.controller.persistence | indent 6 }}{{- end }} + {{- if .Values.controller.workflowDefaults }} + workflowDefaults: +{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} + {{- with .Values.server.sso }} + sso: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.workflowRestrictions }} + workflowRestrictions: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.links }} + links: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml new file mode 100644 index 00000000..6879d282 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +{{ else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + {{ else }} + kind: ClusterRole + {{- end }} + name: {{ template "argo-workflows.controller.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.controller.workflowNamespaces }} +{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }} +{{- $namespace := .Release.Namespace }} +{{- range $key := .Values.controller.workflowNamespaces }} + {{- if not (eq $key $namespace) }} + - kind: ServiceAccount + name: {{ $uiServiceAccount }} + namespace: {{ $key }} + {{- end }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template +subjects: + - kind: ServiceAccount + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml new file mode 100644 index 00000000..564ba412 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + {{- if .Values.controller.pdb.minAvailable }} + minAvailable: {{ .Values.controller.pdb.minAvailable }} + {{- else if .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml new file mode 100644 index 00000000..c35894ec --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with.Values.controller.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{- with .Values.controller.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: controller + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + command: [ "workflow-controller" ] + args: + - "--configmap" + - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "--executor-image" + - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}" + - "--loglevel" + - "{{ .Values.controller.logging.level }}" + - "--gloglevel" + - "{{ .Values.controller.logging.globallevel }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + {{- with .Values.controller.workflowWorkers }} + - "--workflow-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podWorkers }} + - "--pod-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + securityContext: + {{- toYaml .Values.controller.securityContext | nindent 12 }} + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- with .Values.controller.extraEnv }} + {{ toYaml . | nindent 10 }} + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + ports: + - name: metrics + containerPort: {{ .Values.controller.metricsConfig.port }} + livenessProbe: + httpGet: + port: metrics + path: {{ .Values.controller.metricsConfig.path }} + initialDelaySeconds: 30 + periodSeconds: 30 + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml new file mode 100644 index 00000000..e917bb41 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{ with .Values.controller.serviceAccount.annotations }} + annotations: + {{- toYaml .| nindent 4 }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml new file mode 100644 index 00000000..5c248f49 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -0,0 +1,38 @@ +{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with .Values.controller.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} +spec: + ports: + {{- if .Values.controller.metricsConfig.enabled }} + - name: {{ .Values.controller.metricsConfig.servicePortName }} + port: {{ .Values.controller.metricsConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.metricsConfig.port }} + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - name: {{ .Values.controller.telemetryConfig.servicePortName }} + port: {{ .Values.controller.telemetryConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.telemetryConfig.port }} + {{- end }} + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml new file mode 100644 index 00000000..54cf1b31 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- if .Values.controller.metricsConfig.enabled }} + - port: metrics + path: {{ .Values.controller.metricsConfig.path }} + interval: 30s + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - port: telemetry + path: {{ .Values.controller.telemetryConfig.path }} + interval: 30s + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml new file mode 100644 index 00000000..9b27c045 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.workflow.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" . }}-workflow + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" . }}-workflow +subjects: +- kind: ServiceAccount + name: {{ .Values.workflow.serviceAccount.name }} + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml new file mode 100644 index 00000000..bf8b3cff --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -0,0 +1,25 @@ +{{- if .Values.workflow.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" . }}-workflow + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml new file mode 100644 index 00000000..dc84f2b1 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -0,0 +1,13 @@ +{{- if .Values.workflow.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.workflow.serviceAccount.name }} + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} + {{- with .Values.workflow.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml new file mode 100644 index 00000000..5901bbd1 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -0,0 +1,136 @@ +{{- if .Values.server.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 + {{- if .Values.singleNamespace }} +kind: Role + {{- else }} +kind: ClusterRole + {{- end }} +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete + {{- if .Values.server.sso }} +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - sso + verbs: + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + {{- if .Values.server.sso.rbac }} +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + {{- end }} + {{- end }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +{{- if .Values.server.sso }} + {{- if .Values.server.sso.rbac }} + {{- with .Values.server.sso.rbac.secretWhitelist }} + resourceNames: {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} +- apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch +{{- if .Values.controller.persistence }} +- apiGroups: + - "" + resources: + - secrets + resourceNames: + {{- with .Values.controller.persistence.postgresql }} + - {{ .userNameSecret.name }} + - {{ .passwordSecret.name }} + {{- end}} + {{- with .Values.controller.persistence.mysql }} + - {{ .userNameSecret.name }} + - {{ .passwordSecret.name }} + {{- end}} + verbs: + - get +{{- end}} +- apiGroups: + - argoproj.io + resources: + - eventsources + - sensors + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + verbs: + - get + - list + - watch + {{- if .Values.server.clusterWorkflowTemplates.enableEditing }} + - create + - update + - patch + - delete + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml new file mode 100644 index 00000000..fd9450d5 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +{{ else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + {{ else }} + kind: ClusterRole + {{- end }} + name: {{ template "argo-workflows.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml new file mode 100644 index 00000000..aeba6547 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.server.enabled .Values.server.pdb.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- if .Values.server.pdb.minAvailable }} + minAvailable: {{ .Values.server.pdb.minAvailable }} + {{- else if .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml new file mode 100644 index 00000000..9d1696dd --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -0,0 +1,105 @@ +{{- if .Values.server.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} +spec: + replicas: {{ .Values.server.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.podAnnotations }} + annotations: + {{- toYaml .Values.server.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: argo-server + image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + securityContext: + {{- toYaml .Values.server.securityContext | nindent 12 }} + args: + - server + - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + {{- with .Values.server.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + - "--secure={{ .Values.server.secure }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + ports: + - name: web + containerPort: 2746 + readinessProbe: + httpGet: + path: / + port: 2746 + {{- if .Values.server.secure }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 20 + env: + - name: IN_CLUSTER + value: "true" + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: BASE_HREF + value: {{ .Values.server.baseHref | quote }} + resources: + {{- toYaml .Values.server.resources | nindent 12 }} + volumeMounts: + - name: tmp + mountPath: /tmp + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 10}} + {{- end }} + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + {{- with .Values.server.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml new file mode 100644 index 00000000..fe67c0a3 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -0,0 +1,88 @@ +{{- if .Values.server.ingress.enabled -}} +{{- $serviceName := include "argo-workflows.server.fullname" . -}} +{{- $servicePort := .Values.server.servicePort -}} +{{- $paths := .Values.server.ingress.paths -}} +{{- $extraPaths := .Values.server.ingress.extraPaths -}} +apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- if .Values.server.ingress.labels }} + {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- end }} +spec: + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} + rules: + {{- if .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: Prefix + {{- end }} + backend: + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: Prefix + {{- end }} + backend: + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.server.ingress.tls }} + tls: + {{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml new file mode 100644 index 00000000..10e03d0e --- /dev/null +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.serviceAccount.annotations }} + annotations: + {{- toYaml . | indent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml new file mode 100644 index 00000000..5d161ee8 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.server.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - port: {{ .Values.server.servicePort }} + {{- with .Values.server.servicePortName }} + name: {{ . }} + {{- end }} + targetPort: 2746 + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.serviceType }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} + loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- end }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml new file mode 100644 index 00000000..375c5eb1 --- /dev/null +++ b/charts/argo-workflows/values.yaml @@ -0,0 +1,331 @@ +images: + # imagePullPolicy to apply to all containers + pullPolicy: Always + # Secrets with credentials to pull images from a private registry + pullSecrets: [] + # - name: argo-pull-secret + +init: + # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is + # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. + serviceAccount: "" + +createAggregateRoles: true + +# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, +# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. +singleNamespace: false + +workflow: + namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. + serviceAccount: + create: false # Specifies whether a service account should be created + annotations: {} + name: "argo-workflow" # Service account which is used to run workflows + rbac: + create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows + +controller: + image: + registry: quay.io + repository: argoproj/workflow-controller + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # parallelism dictates how many workflows can be running at the same time + parallelism: + # podAnnotations is an optional map of annotations to be applied to the controller Pods + podAnnotations: {} + # Optional labels to add to the controller pods + podLabels: {} + # SecurityContext to set on the controller pods + podSecurityContext: {} + # podPortName: http + metricsConfig: + enabled: false + path: /metrics + port: 9090 + servicePort: 8080 + servicePortName: metrics + # the controller container's securityContext + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + persistence: {} + # connectionPool: + # maxIdleConns: 100 + # maxOpenConns: 0 + # # save the entire workflow into etcd and DB + # nodeStatusOffLoad: false + # # enable archiving of old workflows + # archive: false + # postgresql: + # host: localhost + # port: 5432 + # database: postgres + # tableName: argo_workflows + # # the database secrets must be in the same namespace of the controller + # userNameSecret: + # name: argo-postgres-config + # key: username + # passwordSecret: + # name: argo-postgres-config + # key: password + workflowDefaults: {} # Only valid for 2.7+ + # spec: + # ttlStrategy: + # secondsAfterCompletion: 84600 + # workflowWorkers: 32 + # podWorkers: 32 + workflowRestrictions: {} # Only valid for 2.9+ + # templateReferencing: Strict|Secure + telemetryConfig: + enabled: false + path: /telemetry + port: 8081 + servicePort: 8081 + servicePortName: telemetry + serviceMonitor: + enabled: false + additionalLabels: {} + serviceAccount: + create: true + name: argo + # Annotations applied to created service account + annotations: {} + name: workflow-controller + workflowNamespaces: + - default + containerRuntimeExecutor: docker + instanceID: + # `instanceID.enabled` configures the controller to filter workflow submissions + # to only those which have a matching instanceID attribute. + enabled: false + # NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName` + # or `instanceID.explicitID` must be defined. + # useReleaseName: true + # explicitID: unique-argo-controller-identifier + logging: + level: info + globallevel: "0" + serviceType: ClusterIP + # Annotations to be applied to the controller Service + serviceAnnotations: {} + # Optional labels to add to the controller Service + serviceLabels: {} + # Source ranges to allow access to service from. Only applies to + # service type `LoadBalancer` + loadBalancerSourceRanges: [] + resources: {} + # The list of environment variable definitions to be added to the controller + # manages container verbatim. + extraEnv: [] + # Extra arguments to be added to the controller + extraArgs: [] + replicas: 1 + pdb: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1 + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + affinity: {} + # Leverage a PriorityClass to ensure your pods survive resource shortages + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + # PriorityClass: system-cluster-critical + priorityClassName: "" + # https://argoproj.github.io/argo-workflows/links/ + links: [] + +# executor controls how the init and wait container should be customized +executor: + image: + registry: quay.io + repository: argoproj/argoexec + # Overrides the image tag whose default is the chart appVersion. + tag: "" + resources: {} + # Adds environment variables for the executor. + env: {} + # sets security context for the executor container + securityContext: {} + +server: + enabled: true + # only updates base url of resources on client side, + # it's expected that a proxy server rewrites the request URL and gets rid of this prefix + # https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190 + baseHref: / + image: + registry: quay.io + repository: argoproj/argocli + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # optional map of annotations to be applied to the ui Pods + podAnnotations: {} + # Optional labels to add to the UI pods + podLabels: {} + # SecurityContext to set on the server pods + podSecurityContext: {} + securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + name: server + serviceType: ClusterIP + servicePort: 2746 + # servicePortName: http + serviceAccount: + create: true + name: argo-server + annotations: {} + # Annotations to be applied to the UI Service + serviceAnnotations: {} + # Optional labels to add to the UI Service + serviceLabels: {} + # Static IP address to assign to loadBalancer + # service type `LoadBalancer` + loadBalancerIP: "" + # Source ranges to allow access to service from. Only applies to + # service type `LoadBalancer` + loadBalancerSourceRanges: [] + resources: {} + replicas: 1 + pdb: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1 + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + affinity: {} + # Leverage a PriorityClass to ensure your pods survive resource shortages + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + # PriorityClass: system-cluster-critical + priorityClassName: "" + + # Run the argo server in "secure" mode. Configure this value instead of + # "--secure" in extraArgs. See the following documentation for more details + # on secure mode: + # https://argoproj.github.io/argo-workflows/tls/ + secure: false + + # Extra arguments to provide to the Argo server binary. + extraArgs: [] + + ## Additional volumes to the server main container. + volumeMounts: [] + volumes: [] + + ## Ingress configuration. + ## ref: https://kubernetes.io/docs/user-guide/ingress/ + ## + ingress: + enabled: false + annotations: {} + labels: {} + ingressClassName: "" + + ## Argo Workflows Server Ingress. + ## Hostnames must be provided if Ingress is enabled. + ## Secrets must be manually created in the namespace + ## + hosts: + [] + # - argocd.example.com + paths: + - / + extraPaths: + [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + tls: + [] + # - secretName: argocd-example-tls + # hosts: + # - argocd.example.com + https: false + + clusterWorkflowTemplates: + # Give the server permissions to edit ClusterWorkflowTemplates. + enableEditing: true + sso: + ## SSO configuration when SSO is specified as a server auth mode. + ## All the values are required. SSO is activated by adding --auth-mode=sso + ## to the server command line. + # + ## The root URL of the OIDC identity provider. + # issuer: https://accounts.google.com + ## Name of a secret and a key in it to retrieve the app OIDC client ID from. + # clientId: + # name: argo-server-sso + # key: client-id + ## Name of a secret and a key in it to retrieve the app OIDC client secret from. + # clientSecret: + # name: argo-server-sso + # key: client-secret + ## The OIDC redirect URL. Should be in the form /oauth2/callback. + # redirectUrl: https://argo/oauth2/callback + # rbac: + # enabled: true + ## When present, restricts secrets the server can read to a given list. + ## You can use it to restrict the server to only be able to access the + ## service account token secrets that are associated with service accounts + ## used for authorization. + # secretWhitelist: [] + ## Scopes requested from the SSO ID provider. The 'groups' scope requests + ## group membership information, which is usually used for authorization + ## decisions. + # scopes: + # - groups + +# Influences the creation of the ConfigMap for the workflow-controller itself. +useDefaultArtifactRepo: false +useStaticCredentials: true +artifactRepository: + # archiveLogs will archive the main container logs as an artifact + archiveLogs: false + s3: + # Note the `key` attribute is not the actual secret, it's the PATH to + # the contents in the associated secret, as defined by the `name` attribute. + accessKeySecret: + # name: -minio + key: accesskey + secretKeySecret: + # name: -minio + key: secretkey + insecure: true + # bucket: + # endpoint: + # region: + # roleARN: + # useSDKCreds: true + # gcs: + # bucket: -argo + # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" + # serviceAccountKeySecret is a secret selector. + # It references the k8s secret named 'my-gcs-credentials'. + # This secret is expected to have have the key 'serviceAccountKey', + # containing the base64 encoded credentials + # to the bucket. + # + # If it's running on GKE and Workload Identity is used, + # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 3f10ee6f..8e82de87 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,16 +2,12 @@ apiVersion: v2 appVersion: v2.12.5 description: A Helm chart for Argo Workflows name: argo -version: 0.16.10 +version: 1.0.0 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm -maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: benjaminws dependencies: - name: minio version: 8.0.9 repository: https://helm.min.io/ condition: minio.install +deprecated: true diff --git a/charts/argo/README.md b/charts/argo/README.md index b0b5613a..024f0077 100644 --- a/charts/argo/README.md +++ b/charts/argo/README.md @@ -1,5 +1,7 @@ ## Argo Workflows Chart +> ⚠ DEPRECATION WARNING: this chart is for v2 of Argo Workflows. For v3, a new chart is available at + This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. From b971b36317c25c3926661c1012eddacca8de2fcb Mon Sep 17 00:00:00 2001 From: Sergey Shaykhullin <46970457+sergeyshaykhullin@users.noreply.github.com> Date: Fri, 21 May 2021 15:43:10 +0300 Subject: [PATCH 20/26] feat(argo-cd): Extract ServiceMonitor interval to values (#739) * Extract interval and path to values Signed-off-by: Sergey Shaykhullin * Bump chart Signed-off-by: Sergey Shaykhullin * Remove path from values Signed-off-by: Sergey Shaykhullin --- charts/argo-cd/Chart.yaml | 2 +- .../argocd-application-controller/servicemonitor.yaml | 4 +++- .../argo-cd/templates/argocd-repo-server/servicemonitor.yaml | 4 +++- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 4 +++- charts/argo-cd/templates/dex/servicemonitor.yaml | 4 +++- charts/argo-cd/values.yaml | 4 ++++ 6 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f4cb6e67..75e7cdba 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.5 +version: 3.4.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 51f81030..0b943982 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 0b343750..05b38acc 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index ddf52efa..00002faa 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index adc3394a..58bae6e2 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f1ddd6d3..066857e5 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -143,6 +143,7 @@ controller: servicePort: 8082 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -203,6 +204,7 @@ dex: labels: {} serviceMonitor: enabled: false + interval: 30s image: repository: quay.io/dexidp/dex @@ -490,6 +492,7 @@ server: servicePort: 8083 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -838,6 +841,7 @@ repoServer: servicePort: 8084 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring From 35c754364f68c8ce360270a1d7225fd75fdf5a98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 15:03:28 +0200 Subject: [PATCH 21/26] chore!: Rewrite Lint Workflow to Github (#685) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Move Linting to Github Actions Signed-off-by: Oliver Bähler Disable ServiceAccount on disabled Dex Signed-off-by: Oliver Bähler Swap Linting to Github Signed-off-by: Oliver Bähler Increase all chart versions Signed-off-by: Oliver Bähler Remove Circle & Improve Github Lint Signed-off-by: Oliver Bähler Remove Circle & Improve Github Lint Signed-off-by: Oliver Bähler Lookup Configmaps update Retest Retest reduce changes reduce changes * Bump argo-events Signed-off-by: Oliver Bähler * Move Config files Signed-off-by: Oliver Bähler * Readd Lint & Remove Argo Chart Signed-off-by: Oliver Bähler * Correct CT config name Signed-off-by: Oliver Bähler * Readd ARgo Signed-off-by: Oliver Bähler --- .circleci/chart-testing.yaml | 4 --- .circleci/config.yml | 7 ++-- .github/ct.yaml | 17 ++++++++++ {.circleci => .github}/lintconf.yaml | 0 .github/stale.yml | 1 - .github/workflows/lint-and-test.yml | 45 ++++++++++++++++++++++++++ .github/workflows/stale.yml | 4 --- charts/argo-events/Chart.yaml | 2 +- charts/argo-events/ci/test-values.yaml | 3 -- scripts/lint.sh | 26 +++++++-------- 10 files changed, 79 insertions(+), 30 deletions(-) delete mode 100644 .circleci/chart-testing.yaml create mode 100644 .github/ct.yaml rename {.circleci => .github}/lintconf.yaml (100%) delete mode 100644 .github/stale.yml create mode 100644 .github/workflows/lint-and-test.yml diff --git a/.circleci/chart-testing.yaml b/.circleci/chart-testing.yaml deleted file mode 100644 index 87e07618..00000000 --- a/.circleci/chart-testing.yaml +++ /dev/null @@ -1,4 +0,0 @@ -chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - - dandydeveloper=https://dandydeveloper.github.io/charts/ diff --git a/.circleci/config.yml b/.circleci/config.yml index 6c3306ec..e62f742c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,8 +5,8 @@ jobs: - image: quay.io/helmpack/chart-testing:v3.3.1 steps: - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml + - run: ct lint --config .github/ct.yaml --lint-conf .github/lintconf.yaml + # Technically this only needs to be run on master, but it's good to have it run on every PR # so that it is regularly tested. publish: @@ -21,6 +21,7 @@ jobs: - checkout - run: helm repo add stable https://charts.helm.sh/stable - run: helm repo add minio https://helm.min.io/ + - run: helm repo add argo https://argoproj.github.io/argo-helm - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ # Only actually publish charts on master. - run: | @@ -38,4 +39,4 @@ workflows: - lint - publish: requires: - - lint + - lint \ No newline at end of file diff --git a/.github/ct.yaml b/.github/ct.yaml new file mode 100644 index 00000000..4b22c6d5 --- /dev/null +++ b/.github/ct.yaml @@ -0,0 +1,17 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: [] diff --git a/.circleci/lintconf.yaml b/.github/lintconf.yaml similarity index 100% rename from .circleci/lintconf.yaml rename to .github/lintconf.yaml diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index b81bf109..00000000 --- a/.github/stale.yml +++ /dev/null @@ -1 +0,0 @@ -# See https://github.com/probot/stale diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml new file mode 100644 index 00000000..30e6b63a --- /dev/null +++ b/.github/workflows/lint-and-test.yml @@ -0,0 +1,45 @@ +## Reference: https://github.com/helm/chart-testing-action +--- +name: Linting and Testing +on: pull_request +jobs: + chart-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v1 + + - name: Set up python + uses: actions/setup-python@v2 + with: + python-version: 3.7 + + - name: Setup Chart Linting + id: lint + uses: helm/chart-testing-action@v2.0.1 + + - name: List changed charts + id: list-changed + run: | + ## If executed with debug this won't work anymore. + changed=$(ct --config ./.github/ct.yaml list-changed) + charts=$(echo "$changed" | tr '\n' ' ' | xargs) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + echo "::set-output name=changed_charts::$charts" + fi + - name: Run chart-testing (lint) + run: ct lint --debug --config ./.github/ct.yaml --lint-conf ./.github/lintconf.yaml + + - name: Create kind cluster + uses: helm/kind-action@v1.1.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + run: ct install --config ./.github/ct.yaml + if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b671fc09..8b16dff4 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,14 +1,10 @@ name: Mark stale issues and pull requests - on: schedule: - cron: "30 1 * * *" - jobs: stale: - runs-on: ubuntu-latest - steps: - uses: actions/stale@v3 with: diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 5def36c7..ea1878d3 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.0 +version: 1.4.1 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml index cd5d3916..3078a2d3 100644 --- a/charts/argo-events/ci/test-values.yaml +++ b/charts/argo-events/ci/test-values.yaml @@ -1,6 +1,3 @@ serviceAccount: argo-events-sa-test -additionalSaNamespaces: - - nsone - - nstwo instanceID: test-argo-events singleNamespace: false diff --git a/scripts/lint.sh b/scripts/lint.sh index 8f084c5b..c97b6863 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -1,19 +1,17 @@ #!/bin/bash +# This script runs the chart-testing tool locally. It simulates the linting that is also done by the github action. Run this without any errors before pushing. +# Reference: https://github.com/helm/chart-testing set -eux SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - name=$(basename $dir) - echo "Running Helm linting for $name" - docker run \ - -v "$SRCROOT:/workdir" \ - gcr.io/kubernetes-charts-ci/test-image:v3.1.0 \ - ct \ - lint \ - --config .circleci/chart-testing.yaml \ - --lint-conf .circleci/lintconf.yaml \ - --charts "/workdir/charts/${name}" -done +echo -e "\n-- Linting all Helm Charts --\n" +docker run \ + -v "$SRCROOT:/workdir" \ + --entrypoint /bin/sh \ + quay.io/helmpack/chart-testing:v3.3.1 \ + -c cd /workdir \ + ct lint \ + --config .github/ct.yaml \ + --lint-conf .github/lintconf.yaml \ + --debug From 9a3077afe2e08ec6b4ff9dd71ccb6d1ca345ce68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 17:59:30 +0200 Subject: [PATCH 22/26] chore!: Chart Publications via Github Workflow (#741) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Move Linting to Github Actions Signed-off-by: Oliver Bähler --- .circleci/config.yml | 28 ++----------- .github/configs/cr.yaml | 2 + .github/configs/ct-install.yaml | 19 +++++++++ .github/{ct.yaml => configs/ct-lint.yaml} | 1 + .github/{ => configs}/lintconf.yaml | 0 .github/workflows/lint-and-test.yml | 6 +-- .github/workflows/publish.yml | 42 +++++++++++++++++++ CONTRIBUTING.md | 11 +---- README.md | 2 + charts/argo-cd/Chart.yaml | 2 +- charts/argo-events/Chart.yaml | 2 +- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-workflows/Chart.yaml | 2 +- .../ci/enable-metrics-values.yaml | 2 +- charts/argocd-applicationset/Chart.yaml | 2 +- charts/argocd-notifications/Chart.yaml | 2 +- scripts/lint.sh | 4 +- scripts/publish.sh | 42 ------------------- 18 files changed, 84 insertions(+), 87 deletions(-) create mode 100644 .github/configs/cr.yaml create mode 100644 .github/configs/ct-install.yaml rename .github/{ct.yaml => configs/ct-lint.yaml} (94%) rename .github/{ => configs}/lintconf.yaml (100%) create mode 100644 .github/workflows/publish.yml delete mode 100755 scripts/publish.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index e62f742c..79e8d1dc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,33 +5,13 @@ jobs: - image: quay.io/helmpack/chart-testing:v3.3.1 steps: - checkout - - run: ct lint --config .github/ct.yaml --lint-conf .github/lintconf.yaml - - # Technically this only needs to be run on master, but it's good to have it run on every PR - # so that it is regularly tested. + - run: ct lint --config .github/configs/ct-lint.yaml --lint-conf .github/configs/lintconf.yaml publish: docker: - # We just need an image with `helm` on it. Handily we know of one already. - - image: quay.io/helmpack/chart-testing:v3.3.1 + - image: bash steps: - # install the additional keys needed to push to GitHub. Alex Collins owns these keys. - - add_ssh_keys - - run: git config --global user.email "nobody@circleci.com" - - run: git config --global user.name "Circle CI Build" - - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: helm repo add minio https://helm.min.io/ - - run: helm repo add argo https://argoproj.github.io/argo-helm - - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ - # Only actually publish charts on master. - - run: | - set -x - if [ "$CIRCLE_BRANCH" = "master" ]; then - export GIT_PUSH=true - else - export GIT_PUSH=false - fi - sh ./scripts/publish.sh + - run: echo "Replaced by Github Workflow - https://github.com/argoproj/argo-helm/actions/workflows/publish.yml" + workflows: version: 2 workflow: diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml new file mode 100644 index 00000000..01fdbe0c --- /dev/null +++ b/.github/configs/cr.yaml @@ -0,0 +1,2 @@ +## Reference: https://github.com/helm/chart-releaser +index-path: "./index.yaml" \ No newline at end of file diff --git a/.github/configs/ct-install.yaml b/.github/configs/ct-install.yaml new file mode 100644 index 00000000..e991d382 --- /dev/null +++ b/.github/configs/ct-install.yaml @@ -0,0 +1,19 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Install Stage +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: + - "argocd-applicationset" diff --git a/.github/ct.yaml b/.github/configs/ct-lint.yaml similarity index 94% rename from .github/ct.yaml rename to .github/configs/ct-lint.yaml index 4b22c6d5..e7188eb1 100644 --- a/.github/ct.yaml +++ b/.github/configs/ct-lint.yaml @@ -1,5 +1,6 @@ ## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md # Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Lint Stage remote: origin chart-dirs: - charts diff --git a/.github/lintconf.yaml b/.github/configs/lintconf.yaml similarity index 100% rename from .github/lintconf.yaml rename to .github/configs/lintconf.yaml diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 30e6b63a..1056a239 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -27,19 +27,19 @@ jobs: id: list-changed run: | ## If executed with debug this won't work anymore. - changed=$(ct --config ./.github/ct.yaml list-changed) + changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) charts=$(echo "$changed" | tr '\n' ' ' | xargs) if [[ -n "$changed" ]]; then echo "::set-output name=changed::true" echo "::set-output name=changed_charts::$charts" fi - name: Run chart-testing (lint) - run: ct lint --debug --config ./.github/ct.yaml --lint-conf ./.github/lintconf.yaml + run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml - name: Create kind cluster uses: helm/kind-action@v1.1.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) - run: ct install --config ./.github/ct.yaml + run: ct install --config ./.github/configs/ct-install.yaml if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..f01702a6 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,42 @@ +--- +name: Chart Publish +on: + push: + branches: + - master + - rewrite-build +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@v1 + + - name: Add dependency chart repos + run: | + helm repo add argo https://argoproj.github.io/argo-helm + helm repo add minio https://helm.min.io/ + helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ + helm repo add stable https://charts.helm.sh/stable + helm repo add incubator https://charts.helm.sh/incubator + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases. + - name: Fetch current Chart Index + run: | + git checkout origin/gh-pages index.yaml + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.2.0 + with: + config: "./.github/configs/cr.yaml" + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f4c7d89c..a4ad43dd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -86,7 +86,7 @@ As part of the Continuous Integration system we run Helm's [Chart Testing](https The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. -Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml) +Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml) The linting can be invoked manually with the following command: @@ -96,11 +96,4 @@ The linting can be invoked manually with the following command: ## Publishing Changes -Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this: - -``` -GIT_PUSH=true ./scripts/publish.sh -``` - -Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch. -Write access to https://github.com/argoproj/argo-helm.git is required to publish changes. +Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`). \ No newline at end of file diff --git a/README.md b/README.md index 63c3aa4b..2db0e70a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Argo Helm Charts +[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) + Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command: ``` diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 75e7cdba..1a9ea518 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.4.0 +version: 3.4.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index ea1878d3..b0770954 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.1 +version: 1.4.2 keywords: - argo-events - sensor-controller diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 84752bf3..63a1fd07 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.2 +version: 0.5.3 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 32eb38d9..fd576f3c 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.0 +version: 0.1.1 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml index 9818ebe5..64c56cc1 100644 --- a/charts/argo-workflows/ci/enable-metrics-values.yaml +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -1,6 +1,6 @@ controller: serviceMonitor: - enabled: true + enabled: false metricsConfig: enabled: true telemetryConfig: diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index fba7f6bd..936734b0 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.4 +version: 0.1.5 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 8a1e04d8..714b0474 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.3.0 +version: 1.3.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/scripts/lint.sh b/scripts/lint.sh index c97b6863..1f0e9104 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -12,6 +12,6 @@ docker run \ quay.io/helmpack/chart-testing:v3.3.1 \ -c cd /workdir \ ct lint \ - --config .github/ct.yaml \ - --lint-conf .github/lintconf.yaml \ + --config .github/configs/ct-lint.yaml \ + --lint-conf .github/configs/lintconf.yaml \ --debug diff --git a/scripts/publish.sh b/scripts/publish.sh deleted file mode 100755 index 025ba5d9..00000000 --- a/scripts/publish.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -set -eux - -SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -GIT_PUSH=${GIT_PUSH:-false} - -rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output - -helm repo add argoproj https://argoproj.github.io/argo-helm - -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - - name=$(basename $dir) - - if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ] - then - echo "Processing chart dependencies" - helm --debug dep build $dir - # Bug with Helm subcharts with hyphen on them - # https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684 - if [ "$name" == "argo-cd" ] - then - echo "Restore ArgoCD RedisHA subchart" - tar -C $dir/charts -xf $dir/charts/redis-ha-*.tgz - fi - fi - - echo "Processing $dir" - helm --debug package $dir -done - -cp $SRCROOT/*.tgz output/ -cd $SRCROOT/output && helm repo index . - -cd $SRCROOT/output && git status - -if [ "$GIT_PUSH" == "true" ] -then - cd $SRCROOT/output && git add . && git commit -m "Publish charts" && git push git@github.com:argoproj/argo-helm.git gh-pages -fi From 60a42675cbd3064e9836d0217266f0ec169beb5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 18:39:07 +0200 Subject: [PATCH 23/26] fix: Remove Argo Chart (#748) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- charts/argo/.helmignore | 21 -- charts/argo/Chart.lock | 6 - charts/argo/Chart.yaml | 13 - charts/argo/README.md | 29 -- .../crds/cluster-workflow-template-crd.yaml | 23 -- charts/argo/crds/cron-workflow-crd.yaml | 23 -- charts/argo/crds/workflow-crd.yaml | 33 -- .../argo/crds/workflow-eventbinding-crd.yaml | 19 - charts/argo/crds/workflow-template-crd.yaml | 22 -- charts/argo/templates/NOTES.txt | 16 - charts/argo/templates/_helpers.tpl | 16 - .../cluster-workflow-template-crd.yaml | 19 - charts/argo/templates/cron-workflow-crd.yaml | 19 - .../argo/templates/server-cluster-roles.yaml | 134 ------- charts/argo/templates/server-crb.yaml | 35 -- .../argo/templates/server-deployment-pdb.yaml | 25 -- charts/argo/templates/server-deployment.yaml | 108 ------ charts/argo/templates/server-ingress.yaml | 46 --- charts/argo/templates/server-sa.yaml | 8 - charts/argo/templates/server-service.yaml | 33 -- .../worfkflow-controller-secrets-access.yaml | 18 - .../templates/workflow-aggregate-roles.yaml | 89 ----- .../workflow-controller-cluster-roles.yaml | 146 -------- .../workflow-controller-config-map.yaml | 89 ----- .../templates/workflow-controller-crb.yaml | 44 --- .../workflow-controller-deployment-pdb.yaml | 23 -- .../workflow-controller-deployment.yaml | 94 ----- .../workflow-controller-minio-secret-crb.yaml | 25 -- .../templates/workflow-controller-sa.yaml | 6 - .../workflow-controller-service.yaml | 38 -- .../workflow-controller-servicemonitor.yaml | 33 -- charts/argo/templates/workflow-crd.yaml | 28 -- charts/argo/templates/workflow-rb.yaml | 19 - charts/argo/templates/workflow-role.yaml | 25 -- charts/argo/templates/workflow-sa.yaml | 13 - .../argo/templates/workflow-template-crd.yaml | 18 - charts/argo/values.yaml | 330 ------------------ 37 files changed, 1686 deletions(-) delete mode 100644 charts/argo/.helmignore delete mode 100644 charts/argo/Chart.lock delete mode 100644 charts/argo/Chart.yaml delete mode 100644 charts/argo/README.md delete mode 100644 charts/argo/crds/cluster-workflow-template-crd.yaml delete mode 100644 charts/argo/crds/cron-workflow-crd.yaml delete mode 100644 charts/argo/crds/workflow-crd.yaml delete mode 100644 charts/argo/crds/workflow-eventbinding-crd.yaml delete mode 100644 charts/argo/crds/workflow-template-crd.yaml delete mode 100644 charts/argo/templates/NOTES.txt delete mode 100644 charts/argo/templates/_helpers.tpl delete mode 100644 charts/argo/templates/cluster-workflow-template-crd.yaml delete mode 100644 charts/argo/templates/cron-workflow-crd.yaml delete mode 100644 charts/argo/templates/server-cluster-roles.yaml delete mode 100644 charts/argo/templates/server-crb.yaml delete mode 100644 charts/argo/templates/server-deployment-pdb.yaml delete mode 100644 charts/argo/templates/server-deployment.yaml delete mode 100644 charts/argo/templates/server-ingress.yaml delete mode 100644 charts/argo/templates/server-sa.yaml delete mode 100644 charts/argo/templates/server-service.yaml delete mode 100644 charts/argo/templates/worfkflow-controller-secrets-access.yaml delete mode 100644 charts/argo/templates/workflow-aggregate-roles.yaml delete mode 100644 charts/argo/templates/workflow-controller-cluster-roles.yaml delete mode 100644 charts/argo/templates/workflow-controller-config-map.yaml delete mode 100644 charts/argo/templates/workflow-controller-crb.yaml delete mode 100644 charts/argo/templates/workflow-controller-deployment-pdb.yaml delete mode 100755 charts/argo/templates/workflow-controller-deployment.yaml delete mode 100644 charts/argo/templates/workflow-controller-minio-secret-crb.yaml delete mode 100644 charts/argo/templates/workflow-controller-sa.yaml delete mode 100644 charts/argo/templates/workflow-controller-service.yaml delete mode 100644 charts/argo/templates/workflow-controller-servicemonitor.yaml delete mode 100644 charts/argo/templates/workflow-crd.yaml delete mode 100644 charts/argo/templates/workflow-rb.yaml delete mode 100644 charts/argo/templates/workflow-role.yaml delete mode 100644 charts/argo/templates/workflow-sa.yaml delete mode 100644 charts/argo/templates/workflow-template-crd.yaml delete mode 100644 charts/argo/values.yaml diff --git a/charts/argo/.helmignore b/charts/argo/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/charts/argo/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/argo/Chart.lock b/charts/argo/Chart.lock deleted file mode 100644 index 4b57ae05..00000000 --- a/charts/argo/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: minio - repository: https://helm.min.io/ - version: 8.0.9 -digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260 -generated: "2021-01-13T15:31:40.823086-08:00" diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml deleted file mode 100644 index 8e82de87..00000000 --- a/charts/argo/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -appVersion: v2.12.5 -description: A Helm chart for Argo Workflows -name: argo -version: 1.0.0 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -home: https://github.com/argoproj/argo-helm -dependencies: -- name: minio - version: 8.0.9 - repository: https://helm.min.io/ - condition: minio.install -deprecated: true diff --git a/charts/argo/README.md b/charts/argo/README.md deleted file mode 100644 index 024f0077..00000000 --- a/charts/argo/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Argo Workflows Chart - -> ⚠ DEPRECATION WARNING: this chart is for v2 of Argo Workflows. For v3, a new chart is available at - -This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). - -If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. - -## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. - -A few options are: -- Setup the CRD yourself manually and use `--set installCRD=false` when installing the helm chart. Find the CRDs in the [argo codebase](https://github.com/argoproj/argo-workflows/tree/master/manifests/base/crds/full) -- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - -## Usage Notes: -This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. - -## Values - -The `values.yaml` contains items used to tweak a deployment of this chart. -Fields to note: -* `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute -* `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name -* `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor -* `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran -* `minio.install`: If this is true, we'll install [minio](https://github.com/kubernetes/charts/tree/master/stable/minio) and build out the artifactRepository section in workflow controller config map. -* `artifactRepository.s3.accessKeySecret` and `artifactRepository.s3.secretKeySecret` These by default link to minio default credentials stored in the secret deployed by the minio chart. diff --git a/charts/argo/crds/cluster-workflow-template-crd.yaml b/charts/argo/crds/cluster-workflow-template-crd.yaml deleted file mode 100644 index a189f17c..00000000 --- a/charts/argo/crds/cluster-workflow-template-crd.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Cluster - names: - kind: ClusterWorkflowTemplate - listKind: ClusterWorkflowTemplateList - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft - singular: clusterworkflowtemplate - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/cron-workflow-crd.yaml b/charts/argo/crds/cron-workflow-crd.yaml deleted file mode 100644 index abd50b30..00000000 --- a/charts/argo/crds/cron-workflow-crd.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - listKind: CronWorkflowList - plural: cronworkflows - shortNames: - - cwf - - cronwf - singular: cronworkflow - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-crd.yaml b/charts/argo/crds/workflow-crd.yaml deleted file mode 100644 index 24f6abc2..00000000 --- a/charts/argo/crds/workflow-crd.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - listKind: WorkflowList - plural: workflows - shortNames: - - wf - singular: workflow - scope: Namespaced - subresources: {} - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-eventbinding-crd.yaml b/charts/argo/crds/workflow-eventbinding-crd.yaml deleted file mode 100644 index a58de8e7..00000000 --- a/charts/argo/crds/workflow-eventbinding-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workfloweventbindings.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings - shortNames: - - wfeb - singular: workfloweventbinding - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-template-crd.yaml b/charts/argo/crds/workflow-template-crd.yaml deleted file mode 100644 index 0be13451..00000000 --- a/charts/argo/crds/workflow-template-crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - listKind: WorkflowTemplateList - plural: workflowtemplates - shortNames: - - wftmpl - singular: workflowtemplate - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/templates/NOTES.txt b/charts/argo/templates/NOTES.txt deleted file mode 100644 index 7b4c02f0..00000000 --- a/charts/argo/templates/NOTES.txt +++ /dev/null @@ -1,16 +0,0 @@ -1. Get Argo Server external IP/domain by running: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }} - -2. Submit the hello-world workflow by running: - -argo submit https://raw.githubusercontent.com/argoproj/argo/master/examples/hello-world.yaml --watch - -{{ if .Values.minio.install }} - -3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following -command: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio - -{{ end }} diff --git a/charts/argo/templates/_helpers.tpl b/charts/argo/templates/_helpers.tpl deleted file mode 100644 index f0d83d2e..00000000 --- a/charts/argo/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/argo/templates/cluster-workflow-template-crd.yaml b/charts/argo/templates/cluster-workflow-template-crd.yaml deleted file mode 100644 index be688da3..00000000 --- a/charts/argo/templates/cluster-workflow-template-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Cluster - names: - kind: ClusterWorkflowTemplate - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft -{{- end }} diff --git a/charts/argo/templates/cron-workflow-crd.yaml b/charts/argo/templates/cron-workflow-crd.yaml deleted file mode 100644 index 923abdf2..00000000 --- a/charts/argo/templates/cron-workflow-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - plural: cronworkflows - shortNames: - - cronwf - - cwf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/server-cluster-roles.yaml b/charts/argo/templates/server-cluster-roles.yaml deleted file mode 100644 index b6d47c09..00000000 --- a/charts/argo/templates/server-cluster-roles.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - events - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - verbs: - - get - - list - - watch - - delete -{{- if .Values.server.sso }} -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - sso - verbs: - - get - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create -{{- end}} -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - {{- end }} -{{- end }} -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} - {{- with .Values.server.sso.rbac.secretWhitelist }} - resourceNames: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} -- apiGroups: - - "" - resources: - - events - verbs: - - watch - - create - - patch -{{- if .Values.controller.persistence }} -- apiGroups: - - "" - resources: - - secrets - resourceNames: - {{- with .Values.controller.persistence.postgresql }} - - {{ .userNameSecret.name }} - - {{ .passwordSecret.name }} - {{- end}} - {{- with .Values.controller.persistence.mysql }} - - {{ .userNameSecret.name }} - - {{ .passwordSecret.name }} - {{- end}} - verbs: - - get -{{- end}} -- apiGroups: - - argoproj.io - resources: - - workflows - - workfloweventbindings - - workflowtemplates - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - verbs: - - create - - get - - list - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template -rules: -- apiGroups: - - argoproj.io - resources: - - clusterworkflowtemplates - verbs: - - get - - list - - watch - {{- if .Values.server.clusterWorkflowTemplates.enableEditing }} - - create - - update - - patch - - delete - {{- end }} -{{- end }} diff --git a/charts/argo/templates/server-crb.yaml b/charts/argo/templates/server-crb.yaml deleted file mode 100644 index ad4cfeda..00000000 --- a/charts/argo/templates/server-crb.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: RoleBinding -{{ else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - {{ else }} - kind: ClusterRole - {{- end }} - name: {{ .Release.Name }}-{{ .Values.server.name}} -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/argo/templates/server-deployment-pdb.yaml b/charts/argo/templates/server-deployment-pdb.yaml deleted file mode 100644 index 31f1d4f8..00000000 --- a/charts/argo/templates/server-deployment-pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.pdb.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - {{- if .Values.server.pdb.minAvailable }} - minAvailable: {{ .Values.server.pdb.minAvailable }} - {{- else if .Values.server.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml deleted file mode 100644 index 832fd37d..00000000 --- a/charts/argo/templates/server-deployment.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.server.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - {{- if .Values.server.podLabels }} - {{- toYaml .Values.server.podLabels | nindent 8 }} - {{- end }} - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.server.serviceAccount | quote }} - {{- if .Values.server.podSecurityContext }} - securityContext: - {{- toYaml .Values.server.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: argo-server - args: - - server - - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap - {{- if .Values.server.extraArgs }} - {{- toYaml .Values.server.extraArgs | nindent 10 }} - {{- end }} - {{- if .Values.server.secure }} - - "--secure" - {{- end }} - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - {{- if .Values.server.podPortName }} - ports: - - name: {{ .Values.server.podPortName }} - containerPort: 2746 - {{- end }} - readinessProbe: - httpGet: - path: / - port: 2746 - {{- if .Values.server.secure }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 10 - periodSeconds: 20 - env: - - name: IN_CLUSTER - value: "true" - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: BASE_HREF - value: {{ .Values.server.baseHref | quote }} - resources: - {{- toYaml .Values.server.resources | nindent 12 }} - volumeMounts: - - name: tmp - mountPath: /tmp - {{- with .Values.server.volumeMounts }} - {{- toYaml . | nindent 10}} - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: tmp - emptyDir: {} - {{- with .Values.server.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - {{- with .Values.server.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} -{{- end -}} diff --git a/charts/argo/templates/server-ingress.yaml b/charts/argo/templates/server-ingress.yaml deleted file mode 100644 index 6eab3f50..00000000 --- a/charts/argo/templates/server-ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.ingress.enabled -}} -{{- $serviceName := printf "%s-%s" .Release.Name .Values.server.name -}} -{{- $servicePort := .Values.server.servicePort -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- range $key, $value := .Values.server.ingress.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $.Values.server.ingress.paths }} - {{- range $.Values.server.ingress.paths }} - - backend: - serviceName: {{ .serviceName }} - servicePort: {{ .servicePort }} - {{- end }} - {{- end }} - - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.server.ingress.tls }} - tls: -{{ toYaml .Values.server.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-sa.yaml b/charts/argo/templates/server-sa.yaml deleted file mode 100644 index 5b419a65..00000000 --- a/charts/argo/templates/server-sa.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.server.serviceAccount }} - annotations: -{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }} -{{- end -}} diff --git a/charts/argo/templates/server-service.yaml b/charts/argo/templates/server-service.yaml deleted file mode 100644 index ba4d74f6..00000000 --- a/charts/argo/templates/server-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.server.serviceLabels }} - {{- toYaml .Values.server.serviceLabels | nindent 4 }} - {{- end }} - {{- if .Values.server.serviceAnnotations }} - annotations: -{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - - port: {{ .Values.server.servicePort }} - {{- if .Values.server.servicePortName }} - name: {{ .Values.server.servicePortName }} - {{- end }} - targetPort: 2746 - selector: - app: {{ .Release.Name }}-{{ .Values.server.name }} - sessionAffinity: None - type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} - {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/worfkflow-controller-secrets-access.yaml b/charts/argo/templates/worfkflow-controller-secrets-access.yaml deleted file mode 100644 index f0d48519..00000000 --- a/charts/argo/templates/worfkflow-controller-secrets-access.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -rules: -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - - {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - verbs: - - get - - watch - - list -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo/templates/workflow-aggregate-roles.yaml deleted file mode 100644 index b89e7b13..00000000 --- a/charts/argo/templates/workflow-aggregate-roles.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{- if .Values.createAggregateRoles }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -{{- end }} diff --git a/charts/argo/templates/workflow-controller-cluster-roles.yaml b/charts/argo/templates/workflow-controller-cluster-roles.yaml deleted file mode 100644 index 4d596b1c..00000000 --- a/charts/argo/templates/workflow-controller-cluster-roles.yaml +++ /dev/null @@ -1,146 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete - - create -- apiGroups: - - argoproj.io - resources: - - workflowtemplates - - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - cronworkflows - - cronworkflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list -- apiGroups: - - "policy" - resources: - - poddisruptionbudgets - verbs: - - create - - get - - delete -{{- if .Values.controller.persistence }} -- apiGroups: - - "" - resources: - - secrets - resourceNames: - {{- if .Values.controller.persistence.postgresql }} - - {{ .Values.controller.persistence.postgresql.userNameSecret.name }} - - {{ .Values.controller.persistence.postgresql.passwordSecret.name }} - {{- end}} - {{- if .Values.controller.persistence.mysql }} - - {{ .Values.controller.persistence.mysql.userNameSecret.name }} - - {{ .Values.controller.persistence.mysql.passwordSecret.name }} - {{- end}} - verbs: - - get -{{- end}} -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - workflow-controller - - workflow-controller-lease - verbs: - - get - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template -rules: -- apiGroups: - - argoproj.io - resources: - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - get - - list - - watch diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml deleted file mode 100644 index 26fe2cd8..00000000 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - config: | - {{- if .Values.controller.instanceID.enabled }} - {{- if .Values.controller.instanceID.useReleaseName }} - instanceID: {{ .Release.Name }} - {{- else }} - instanceID: {{ .Values.controller.instanceID.explicitID }} - {{- end }} - {{- end }} - containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} - {{- if .Values.controller.parallelism }} - parallelism: {{ .Values.controller.parallelism }} - {{- end }} - {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} - executor: - {{- with .Values.executor.resources }} - resources: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.executor.env }} - env: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.executor.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} - artifactRepository: - {{- if .Values.artifactRepository.archiveLogs }} - archiveLogs: {{ .Values.artifactRepository.archiveLogs }} - {{- end }} - {{- if .Values.artifactRepository.gcs }} - gcs: -{{ toYaml .Values.artifactRepository.gcs | indent 8}} - {{- else }} - s3: - {{- if .Values.useStaticCredentials }} - accessKeySecret: - key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} - secretKeySecret: - key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} - {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }} - endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }} - insecure: {{ .Values.artifactRepository.s3.insecure }} - {{- if .Values.artifactRepository.s3.keyFormat }} - keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} - {{- end }} - {{- if .Values.artifactRepository.s3.region }} - region: {{ .Values.artifactRepository.s3.region }} - {{- end }} - {{- if .Values.artifactRepository.s3.roleARN }} - roleARN: {{ .Values.artifactRepository.s3.roleARN }} - {{- end }} - {{- if .Values.artifactRepository.s3.useSDKCreds }} - useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }} - {{- end }} - {{- end }} - {{- end}} - {{- if .Values.controller.metricsConfig.enabled }} - metricsConfig: -{{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - telemetryConfig: -{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }} - {{- if .Values.controller.persistence }} - persistence: -{{ toYaml .Values.controller.persistence | indent 6 }}{{- end }} - {{- if .Values.controller.workflowDefaults }} - workflowDefaults: -{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} - {{- with .Values.server.sso }} - sso: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.controller.workflowRestrictions }} - workflowRestrictions: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.controller.links }} - links: {{- toYaml . | nindent 6 }} - {{- end }} diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo/templates/workflow-controller-crb.yaml deleted file mode 100644 index 66cca4d0..00000000 --- a/charts/argo/templates/workflow-controller-crb.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: RoleBinding -{{ else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - {{ else }} - kind: ClusterRole - {{- end }} - name: {{ .Release.Name }}-{{ .Values.controller.name }} -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} -{{- $namespace := .Release.Namespace }} -{{- range $key := .Values.controller.workflowNamespaces }} - {{- if not (eq $key $namespace) }} - - kind: ServiceAccount - name: {{ $uiServiceAccount }} - namespace: {{ $key }} - {{- end }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} diff --git a/charts/argo/templates/workflow-controller-deployment-pdb.yaml b/charts/argo/templates/workflow-controller-deployment-pdb.yaml deleted file mode 100644 index a7352a04..00000000 --- a/charts/argo/templates/workflow-controller-deployment-pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.controller.pdb.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - {{- if .Values.controller.pdb.minAvailable }} - minAvailable: {{ .Values.controller.pdb.minAvailable }} - {{- else if .Values.controller.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml deleted file mode 100755 index 9ad509d0..00000000 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} - {{ toYaml .Values.controller.podLabels | nindent 8}} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.controller.serviceAccount | quote }} - {{- if .Values.controller.podSecurityContext }} - securityContext: - {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: controller - image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - command: [ "workflow-controller" ] - args: - - "--configmap" - - "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap" - - "--executor-image" - - "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ default .Values.images.tag .Values.executor.image.tag }}" - - "--loglevel" - - "{{ .Values.controller.logging.level }}" - - "--gloglevel" - - "{{ .Values.controller.logging.globallevel }}" - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - {{- with .Values.controller.workflowWorkers }} - - "--workflow-workers" - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.podWorkers }} - - "--pod-workers" - - {{ . | quote }} - {{- end }} - {{- if .Values.controller.extraArgs }} - {{- toYaml .Values.controller.extraArgs | nindent 10 }} - {{- end }} - env: - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- with .Values.controller.extraEnv }} - {{ toYaml . | nindent 10 }} - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.metricsConfig.enabled }} - ports: - - containerPort: 8080 - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} - {{- end }} diff --git a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml b/charts/argo/templates/workflow-controller-minio-secret-crb.yaml deleted file mode 100644 index 722776a4..00000000 --- a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} -{{- $namespace := .Release.Namespace }} -{{- range $key := .Values.controller.workflowNamespaces }} - {{- if not (eq $key $namespace) }} - - kind: ServiceAccount - name: {{ $uiServiceAccount }} - namespace: {{ $key }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-controller-sa.yaml b/charts/argo/templates/workflow-controller-sa.yaml deleted file mode 100644 index 02d274da..00000000 --- a/charts/argo/templates/workflow-controller-sa.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.controller.serviceAccount }} - annotations: -{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }} diff --git a/charts/argo/templates/workflow-controller-service.yaml b/charts/argo/templates/workflow-controller-service.yaml deleted file mode 100644 index 7985a54c..00000000 --- a/charts/argo/templates/workflow-controller-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceLabels }} - {{ toYaml .Values.controller.serviceLabels | nindent 4}} - {{- end }} - {{- if .Values.controller.serviceAnnotations }} - annotations: -{{ toYaml .Values.controller.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - {{- if .Values.controller.metricsConfig.enabled }} - - name: {{ .Values.controller.metricsServicePortName }} - port: {{ .Values.controller.metricsServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.metricsConfig.port }} - {{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - - name: {{ .Values.controller.telemetryServicePortName }} - port: {{ .Values.controller.telemetryServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.telemetryConfig.port }} - {{- end }} - selector: - app: {{ .Release.Name }}-{{ .Values.controller.name }} - sessionAffinity: None - type: {{ .Values.controller.serviceType }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/workflow-controller-servicemonitor.yaml b/charts/argo/templates/workflow-controller-servicemonitor.yaml deleted file mode 100644 index 425fedac..00000000 --- a/charts/argo/templates/workflow-controller-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - endpoints: - {{- if .Values.controller.metricsConfig.enabled }} - - port: metrics - path: {{ .Values.controller.metricsConfig.path }} - interval: 30s - {{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - - port: telemetry - path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/argo/templates/workflow-crd.yaml b/charts/argo/templates/workflow-crd.yaml deleted file mode 100644 index 44a6fa98..00000000 --- a/charts/argo/templates/workflow-crd.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - plural: workflows - shortNames: - - wf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/workflow-rb.yaml b/charts/argo/templates/workflow-rb.yaml deleted file mode 100644 index 17785257..00000000 --- a/charts/argo/templates/workflow-rb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.workflow.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-workflow -{{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-workflow -subjects: -- kind: ServiceAccount - name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} -{{- end }} diff --git a/charts/argo/templates/workflow-role.yaml b/charts/argo/templates/workflow-role.yaml deleted file mode 100644 index 37365f21..00000000 --- a/charts/argo/templates/workflow-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.workflow.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }}-workflow - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch -{{- end }} diff --git a/charts/argo/templates/workflow-sa.yaml b/charts/argo/templates/workflow-sa.yaml deleted file mode 100644 index 45d97cf0..00000000 --- a/charts/argo/templates/workflow-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.workflow.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} - {{- with .Values.workflow.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/argo/templates/workflow-template-crd.yaml b/charts/argo/templates/workflow-template-crd.yaml deleted file mode 100644 index 757fa098..00000000 --- a/charts/argo/templates/workflow-template-crd.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - plural: workflowtemplates - shortNames: - - wftmpl -{{- end }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml deleted file mode 100644 index 31a36041..00000000 --- a/charts/argo/values.yaml +++ /dev/null @@ -1,330 +0,0 @@ -images: - namespace: argoproj - controller: workflow-controller - server: argocli - executor: argoexec - pullPolicy: Always - # Secrets with credentials to pull images from a private registry - pullSecrets: [] - # - name: argo-pull-secret - tag: v2.12.5 - -crdVersion: v1alpha1 -installCRD: true - -init: - # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is - # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. - serviceAccount: "" - -createAggregateRoles: true - -# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, -# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. -singleNamespace: false - -workflow: - namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. - serviceAccount: - create: false # Specifies whether a service account should be created - annotations: {} - name: "argo-workflow" # Service account which is used to run workflows - rbac: - create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows - -controller: - image: - # Overrides .images.tag if defined. - tag: "" - # parallelism dictates how many workflows can be running at the same time - parallelism: - # podAnnotations is an optional map of annotations to be applied to the controller Pods - podAnnotations: {} - # Optional labels to add to the controller pods - podLabels: {} - # SecurityContext to set on the controller pods - podSecurityContext: {} - # podPortName: http - metricsConfig: - enabled: false - path: /metrics - port: 8080 - persistence: {} - # connectionPool: - # maxIdleConns: 100 - # maxOpenConns: 0 - # # save the entire workflow into etcd and DB - # nodeStatusOffLoad: false - # # enable archiving of old workflows - # archive: false - # postgresql: - # host: localhost - # port: 5432 - # database: postgres - # tableName: argo_workflows - # # the database secrets must be in the same namespace of the controller - # userNameSecret: - # name: argo-postgres-config - # key: username - # passwordSecret: - # name: argo-postgres-config - # key: password - workflowDefaults: {} # Only valid for 2.7+ - # spec: - # ttlStrategy: - # secondsAfterCompletion: 84600 - # workflowWorkers: 32 - # podWorkers: 32 - workflowRestrictions: {} # Only valid for 2.9+ - # templateReferencing: Strict|Secure - telemetryConfig: - enabled: false - path: /telemetry - port: 8081 - serviceMonitor: - enabled: false - additionalLabels: {} - serviceAccount: argo - # Service account annotations - serviceAccountAnnotations: {} - name: workflow-controller - workflowNamespaces: - - default - containerRuntimeExecutor: docker - instanceID: - # `instanceID.enabled` configures the controller to filter workflow submissions - # to only those which have a matching instanceID attribute. - enabled: false - # NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName` - # or `instanceID.explicitID` must be defined. - # useReleaseName: true - # explicitID: unique-argo-controller-identifier - logging: - level: info - globallevel: "0" - serviceType: ClusterIP - metricsServicePort: 8080 - metricsServicePortName: metrics - telemetryServicePort: 8081 - telemetryServicePortName: telemetry - # Annotations to be applied to the controller Service - serviceAnnotations: {} - # Optional labels to add to the controller Service - serviceLabels: {} - # Source ranges to allow access to service from. Only applies to - # service type `LoadBalancer` - loadBalancerSourceRanges: [] - resources: {} - # The list of environment variable definitions to be added to the controller - # manages container verbatim. - extraEnv: [] - # Extra arguments to be added to the controller - extraArgs: [] - replicas: 1 - pdb: - enabled: false - # minAvailable: 1 - # maxUnavailable: 1 - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: - kubernetes.io/os: linux - tolerations: [] - affinity: {} - # Leverage a PriorityClass to ensure your pods survive resource shortages - # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - # PriorityClass: system-cluster-critical - priorityClassName: "" - # https://argoproj.github.io/argo-workflows/links/ - links: [] - -# executor controls how the init and wait container should be customized -executor: - image: - # Overrides .images.tag if defined. - tag: "" - resources: {} - # Adds environment variables for the executor. - env: {} - # sets security context for the executor container - securityContext: {} - -server: - enabled: true - # only updates base url of resources on client side, - # it's expected that a proxy server rewrites the request URL and gets rid of this prefix - # https://github.com/argoproj/argo/issues/716#issuecomment-433213190 - baseHref: / - image: - # Overrides .images.tag if defined. - tag: "" - # optional map of annotations to be applied to the ui Pods - podAnnotations: {} - # Optional labels to add to the UI pods - podLabels: {} - # SecurityContext to set on the server pods - podSecurityContext: {} - name: server - serviceType: ClusterIP - servicePort: 2746 - # servicePortName: http - serviceAccount: argo-server - # Whether to create the service account with the name specified in - # server.serviceAccount and bind it to the server role. - createServiceAccount: true - # Service account annotations - serviceAccountAnnotations: {} - # Annotations to be applied to the UI Service - serviceAnnotations: {} - # Optional labels to add to the UI Service - serviceLabels: {} - # Static IP address to assign to loadBalancer - # service type `LoadBalancer` - loadBalancerIP: "" - # Source ranges to allow access to service from. Only applies to - # service type `LoadBalancer` - loadBalancerSourceRanges: [] - resources: {} - replicas: 1 - pdb: - enabled: false - # minAvailable: 1 - # maxUnavailable: 1 - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: - kubernetes.io/os: linux - tolerations: [] - affinity: {} - # Leverage a PriorityClass to ensure your pods survive resource shortages - # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - # PriorityClass: system-cluster-critical - priorityClassName: "" - - # Run the argo server in "secure" mode. Configure this value instead of - # "--secure" in extraArgs. See the following documentation for more details - # on secure mode: - # https://argoproj.github.io/argo-workflows/tls/#encrypted - secure: false - - # Extra arguments to provide to the Argo server binary. - extraArgs: [] - - ## Additional volumes to the server main container. - volumeMounts: [] - volumes: [] - - ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - enabled: false - - ## Annotations to be added to the web ingress. - ## - # annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - ## Labels to be added to the web ingress. - ## - # labels: - # use-cloudflare-solver: "true" - - ## Hostnames. - ## Must be provided if Ingress is enabled. - ## - # hosts: - # - argo.domain.com - - ## Additional Paths for each host - # paths: - # - serviceName: "ssl-redirect" - # servicePort: "use-annotation" - - ## TLS configuration. - ## Secrets must be manually created in the namespace. - ## - # tls: - # - secretName: argo-ui-tls - # hosts: - # - argo.domain.com - clusterWorkflowTemplates: - # Give the server permissions to edit ClusterWorkflowTemplates. - enableEditing: true - sso: - ## SSO configuration when SSO is specified as a server auth mode. - ## All the values are required. SSO is activated by adding --auth-mode=sso - ## to the server command line. - # - ## The root URL of the OIDC identity provider. - # issuer: https://accounts.google.com - ## Name of a secret and a key in it to retrieve the app OIDC client ID from. - # clientId: - # name: argo-server-sso - # key: client-id - ## Name of a secret and a key in it to retrieve the app OIDC client secret from. - # clientSecret: - # name: argo-server-sso - # key: client-secret - ## The OIDC redirect URL. Should be in the form /oauth2/callback. - # redirectUrl: https://argo/oauth2/callback - # rbac: - # enabled: true - ## When present, restricts secrets the server can read to a given list. - ## You can use it to restrict the server to only be able to access the - ## service account token secrets that are associated with service accounts - ## used for authorization. - # secretWhitelist: [] - ## Scopes requested from the SSO ID provider. The 'groups' scope requests - ## group membership information, which is usually used for authorization - ## decisions. - # scopes: - # - groups - -# Influences the creation of the ConfigMap for the workflow-controller itself. -useDefaultArtifactRepo: false -useStaticCredentials: true -artifactRepository: - # archiveLogs will archive the main container logs as an artifact - archiveLogs: false - s3: - # Note the `key` attribute is not the actual secret, it's the PATH to - # the contents in the associated secret, as defined by the `name` attribute. - accessKeySecret: - # name: -minio (default) - key: accesskey - secretKeySecret: - # name: -minio - key: secretkey - insecure: true - # bucket: - # endpoint: - # region: - # roleARN: - # useSDKCreds: true - # gcs: - # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey - - -# NOTE: These are setting attributes for the `minio` optional dependency -minio: - # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map - install: false - defaultBucket: - enabled: true - name: argo-artifacts From 083c46cf009e0e62fca5a6b80fe0c1526a6afe9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Czeraszkiewicz?= Date: Fri, 21 May 2021 18:43:24 +0200 Subject: [PATCH 24/26] feat(argo-cd): add support for envFrom (#743) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add support for envFrom Signed-off-by: Michał Czeraszkiewicz * config: bump chart version Signed-off-by: Michał Czeraszkiewicz * Apply suggestions from code review Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- .../deployment.yaml | 3 ++ .../argocd-repo-server/deployment.yaml | 3 ++ .../templates/argocd-server/deployment.yaml | 3 ++ charts/argo-cd/templates/dex/deployment.yaml | 3 ++ .../argo-cd/templates/redis/deployment.yaml | 3 ++ charts/argo-cd/values.yaml | 39 +++++++++++++++++++ 7 files changed, 55 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1a9ea518..502cad37 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.4.1 +version: 3.5.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 524f302e..7902be76 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -70,6 +70,9 @@ spec: {{- if .Values.controller.env }} env: {{- toYaml .Values.controller.env | nindent 8 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: controller diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 7350db37..b0458fad 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -67,6 +67,9 @@ spec: value: argocd {{- end }} {{- end }} + {{- with .Values.openshift.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} + {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} {{- toYaml .Values.repoServer.volumeMounts | nindent 8}} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 2ee5b7e3..44b89c0e 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -67,6 +67,9 @@ spec: {{- if .Values.server.env }} env: {{- toYaml .Values.server.env | nindent 8 }} + {{- end }} + {{- with .Values.server.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: {{- if .Values.server.volumeMounts }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 45a2e09e..557140ce 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -62,6 +62,9 @@ spec: {{- if .Values.dex.env }} env: {{- toYaml .Values.dex.env | nindent 8 }} + {{- end }} + {{- with .Values.dex.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: http diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index f3dd7f05..a6f0c46a 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -52,6 +52,9 @@ spec: {{- if .Values.redis.env }} env: {{- toYaml .Values.redis.env | nindent 8 }} + {{- end }} + {{- with .Values.redis.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - containerPort: {{ .Values.redis.containerPort }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 066857e5..d5ca989d 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -61,6 +61,14 @@ controller: # - name: "ARGOCD_CONTROLLER_REPLICAS" # value: "" + ## envFrom to pass to argocd-controller + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to controller pods ## podAnnotations: {} @@ -219,6 +227,13 @@ dex: ## env: [] + ## envFrom to pass to the Dex server + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Dex server pods ## podAnnotations: {} @@ -301,6 +316,14 @@ redis: ## env: [] + ## envFrom to pass to the Redis server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Redis server pods ## podAnnotations: {} @@ -391,6 +414,14 @@ server: ## env: [] + ## envFrom to pass to argocd-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container ## lifecycle: {} @@ -762,6 +793,14 @@ repoServer: ## env: [] + ## envFrom to pass to argocd-repo-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Argo repoServer log format: text|json logFormat: text ## Argo repoServer log level From 4cb8e058ac101f6d2883e16779ad87c8a9f38c1d Mon Sep 17 00:00:00 2001 From: Abhinav Khanna Date: Fri, 21 May 2021 11:50:05 -0500 Subject: [PATCH 25/26] fix(argo-workflows): fixes server sa annotations and ingress (#747) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(argo-workflows): fixed server sa annotations Signed-off-by: abhinav.khanna * fix(argo-workflows): fixed ingress Signed-off-by: abhinav.khanna * chore(argo-workflows): version bump Signed-off-by: abhinav.khanna Co-authored-by: Oliver Bähler --- charts/argo-workflows/Chart.yaml | 2 +- .../templates/server/server-ingress.yaml | 10 +++++----- charts/argo-workflows/templates/server/server-sa.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index fd576f3c..13b1ea78 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.1 +version: 0.1.2 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index fe67c0a3..f0488031 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -19,7 +19,7 @@ metadata: {{- toYaml .Values.server.ingress.labels | nindent 4 }} {{- end }} spec: - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} @@ -35,11 +35,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: @@ -62,11 +62,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index 10e03d0e..adcf7b48 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -5,6 +5,6 @@ metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} {{- with .Values.server.serviceAccount.annotations }} annotations: - {{- toYaml . | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end -}} From 9af9403ed42356430fb3a5fd490d0c31b0657aa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 18:55:23 +0200 Subject: [PATCH 26/26] feat: pr size labeling (#749) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- .github/workflows/pr-sizing.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/pr-sizing.yml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml new file mode 100644 index 00000000..d1ba98ee --- /dev/null +++ b/.github/workflows/pr-sizing.yml @@ -0,0 +1,14 @@ +## Reference: https://github.com/pascalgn/size-label-action +--- +name: 'PR Size' +on: + pull_request_target: + types: [opened, synchronize, reopened] +jobs: + size-label: + runs-on: ubuntu-latest + steps: + - name: size-label + uses: "pascalgn/size-label-action@v0.4.2" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file