docs(argo-workflows): Use helm docs for workflows (#1003)

* Use helm-docs for argo-workflows Signed-off-by: Tuan Anh Tran <me@tuananh.org> * bump version and update changelog Signed-off-by: Tuan Anh Tran <me@tuananh.org> * ci: add step to check if docs is staled and needs update Signed-off-by: Tuan Anh Tran <me@tuananh.org> * docs: run helm-docs to generate readme Signed-off-by: Tuan Anh Tran <me@tuananh.org> * Add missing parameter documentation Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * Add .helmdocsignore for charts which not yet use helm-docs Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * Do not exclude argocd-notifications anymore Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
2021-11-20 04:35:13 +07:00 · 2021-11-20 04:35:13 +07:00 · 46eb042763
commit 46eb042763
parent 26d0a54345
6 changed files with 492 additions and 110 deletions
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -36,6 +36,12 @@ jobs:
      - name: Run chart-testing (lint)
        run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
      - name: Run docs-testing (helm-docs)
        uses: buttahtoast/helm-release-action@v2.0.1
        with:
          charts: "${{ steps.list-changed.outputs.changed_charts }}"
        if: steps.list-changed.outputs.changed == 'true'
      - name: Create kind cluster
        uses: helm/kind-action@v1.2.0
        if: steps.list-changed.outputs.changed == 'true'
--- a/.helmdocsignore
+++ b/.helmdocsignore
@ -0,0 +1,2 @@
 charts/argo-events
 charts/argo-rollouts
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.8.1
+version: 0.8.2
 appVersion: v3.2.0
 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
@ -15,4 +15,4 @@ maintainers:
  - name: benjaminws
 annotations:
  artifacthub.io/changes: |
-    - "[Changed]: Restore RBAC permissions and clarify namespace settings."
+    - "[Changed]: Use helm-docs to generate README.md"
--- a/charts/argo-workflows/README.md
+++ b/charts/argo-workflows/README.md
@ -31,6 +31,162 @@ Fields to note:
  workflow controller will manage workflows. Only valid when `singleNamespace`
  is false.
 ### General parameters
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | createAggregateRoles | bool | `true` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds |
 | fullnameOverride | string | `nil` | String to fully override "argo-workflows.fullname" template |
 | images.pullPolicy | string | `"Always"` | imagePullPolicy to apply to all containers |
 | images.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
 | nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template |
 | singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. |
 ### Workflow
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. |
 | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
 | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
 | workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows |
 ### Workflow Controller
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | controller.affinity | object | `{}` | Assign custom [affinity] rules |
 | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
 | controller.containerRuntimeExecutor | string | `"docker"` | Specifies the container runtime interface to use (one of: `docker`, `kubelet`, `k8sapi`, `pns`, `emissary`) |
 | controller.containerRuntimeExecutors | list | `[]` | Specifies the executor to use. This has precedence over `controller.containerRuntimeExecutor`. |
 | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller |
 | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment |
 | controller.extraEnv | list | `[]` | Extra environment variables to provide to the controller container |
 | controller.image.registry | string | `"quay.io"` | Registry to use for the controller |
 | controller.image.repository | string | `"argoproj/workflow-controller"` | Registry to use for the controller |
 | controller.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | controller.initialDelay | string | `nil` | Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 |
 | controller.instanceID.enabled | bool | `false` | Configures the controller to filter workflow submissions to only those which have a matching instanceID attribute. |
 | controller.instanceID.explicitID | string | `""` | Use a custom instanceID |
 | controller.instanceID.useReleaseName | bool | `false` | Use ReleaseName as instanceID |
 | controller.links | list | `[]` | Configure Argo Server to show custom [links] |
 | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
 | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
 | controller.logging.globallevel | string | `"0"` | Set the glog logging level |
 | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
 | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server |
 | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". |
 | controller.metricsConfig.port | int | `9090` | Port is the port where metrics are emitted |
 | controller.metricsConfig.portName | string | `"metrics"` | Container metrics port name |
 | controller.metricsConfig.servicePort | int | `8080` | Service metrics port |
 | controller.metricsConfig.servicePortName | string | `"metrics"` | Service metrics port name |
 | controller.name | string | `"workflow-controller"` | Workflow controller name string |
 | controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace |
 | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] |
 | controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time |
 | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods |
 | controller.persistence | object | `{}` | enable persistence using postgres |
 | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods |
 | controller.podLabels | object | `{}` | Optional labels to add to the controller pods |
 | controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods |
 | controller.podWorkers | string | `nil` | Number of pod workers |
 | controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. |
 | controller.replicas | int | `1` | The number of controller pods to run |
 | controller.resources | object | `{}` | Resource limits and requests for the controller |
 | controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext |
 | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | controller.serviceAccount.create | bool | `true` | Create a service account for the controller |
 | controller.serviceAccount.name | string | `""` | Service account name |
 | controller.serviceAnnotations | object | `{}` | Annotations to be applied to the controller Service |
 | controller.serviceLabels | object | `{}` | Optional labels to add to the controller Service |
 | controller.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | controller.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service |
 | controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server |
 | controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path |
 | controller.telemetryConfig.port | int | `8081` | telemetry container port |
 | controller.telemetryConfig.servicePort | int | `8081` | telemetry service port |
 | controller.telemetryConfig.servicePortName | string | `"telemetry"` | telemetry service port name |
 | controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ |
 | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. |
 | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ |
 | controller.workflowWorkers | string | `nil` | Number of workflow workers |
 ### Workflow Executor
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | executor.env | object | `{}` | Adds environment variables for the executor. |
 | executor.image.registry | string | `"quay.io"` | Registry to use for the Workflow Executors |
 | executor.image.repository | string | `"argoproj/argoexec"` | Repository to use for the Workflow Executors |
 | executor.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | executor.resources | object | `{}` | Resource limits and requests for the Workflow Executors |
 | executor.securityContext | object | `{}` | sets security context for the executor container |
 ### Workflow Server
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | server.affinity | object | `{}` | Assign custom [affinity] rules |
 | server.baseHref | string | `"/"` | Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. |
 | server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. |
 | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. |
 | server.enabled | bool | `true` | Deploy the Argo Server |
 | server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. |
 | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment |
 | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container |
 | server.image.registry | string | `"quay.io"` | Registry to use for the server |
 | server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server |
 | server.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | server.ingress.annotations | object | `{}` | Additional ingress annotations |
 | server.ingress.enabled | bool | `false` | Enable an ingress resource |
 | server.ingress.extraPaths | list | `[]` | Additional ingress paths |
 | server.ingress.hosts | list | `[]` | List of ingress hosts |
 | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource |
 | server.ingress.labels | object | `{}` | Additional ingress labels |
 | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
 | server.ingress.paths | list | `["/"]` | List of ingress paths |
 | server.ingress.tls | list | `[]` | Ingress TLS configuration |
 | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` |
 | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
 | server.name | string | `"server"` | Server name string |
 | server.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] |
 | server.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the server pods |
 | server.podAnnotations | object | `{}` | optional map of annotations to be applied to the ui Pods |
 | server.podLabels | object | `{}` | Optional labels to add to the UI pods |
 | server.podSecurityContext | object | `{}` | SecurityContext to set on the server pods |
 | server.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages |
 | server.replicas | int | `1` | The number of server pods to run |
 | server.resources | object | `{}` | Resource limits and requests for the server |
 | server.secure | bool | `false` | Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. |
 | server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context |
 | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | server.serviceAccount.create | bool | `true` | Create a service account for the server |
 | server.serviceAccount.name | string | `""` | Service account name |
 | server.serviceAnnotations | object | `{}` | Annotations to be applied to the UI Service |
 | server.serviceLabels | object | `{}` | Optional labels to add to the UI Service |
 | server.serviceNodePort | string | `nil` | Service node port |
 | server.servicePort | int | `2746` | Service port for server |
 | server.servicePortName | string | `""` | Service port name |
 | server.serviceType | string | `"ClusterIP"` | Service type for server pods |
 | server.sso | object | `{}` | SSO configuration when SSO is specified as a server auth mode. |
 | server.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. |
 | server.volumes | list | `[]` | Additional volumes to the server pod. |
 ### Artifact Repository
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | artifactRepository.archiveLogs | bool | `false` | Archive the main container logs as an artifact |
 | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store |
 | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store |
 | useDefaultArtifactRepo | bool | `false` | Influences the creation of the ConfigMap for the workflow-controller itself. |
 | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) |
 ## Breaking changes from the deprecated `argo` chart
 1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory
@ -50,3 +206,11 @@ Fields to note:
 1. removed any included usage of Minio
 1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create`
 1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig`
 [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 [links]: https://argoproj.github.io/argo-workflows/links/
 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 [values.yaml]: values.yaml
--- a/charts/argo-workflows/README.md.gotmpl
+++ b/charts/argo-workflows/README.md.gotmpl
@ -0,0 +1,120 @@
 # Argo Workflows Chart
 This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm).
 If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace.
 ## Pre-Requisites
 This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these.
 A few options are:
 - Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec
 - Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
 ## Usage Notes
 This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
 ## Values
 The `values.yaml` contains items used to tweak a deployment of this chart.
 Fields to note:
 - `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute
 - `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name
 - `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor
 - `singleNamespace`:  When true, restricts the workflow controller to operate
  in just the single namespace (that one of the Helm release).
 - `controller.workflowNamespaces`: This is a list of namespaces where the
  workflow controller will manage workflows. Only valid when `singleNamespace`
  is false.
 ### General parameters
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if not (or (hasPrefix "workflow" .Key) (hasPrefix "controller" .Key) (hasPrefix "executor" .Key) (hasPrefix "server" .Key) (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) ) }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ### Workflow
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if hasPrefix "workflow" .Key }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ### Workflow Controller
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if hasPrefix "controller" .Key }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ### Workflow Executor
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if hasPrefix "executor" .Key }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ### Workflow Server
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if hasPrefix "server" .Key }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ### Artifact Repository
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if or (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ## Breaking changes from the deprecated `argo` chart
 1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory
 1. the CRDs were updated to `apiextensions.k8s.io/v1`
 1. the container image registry/project/tag format was changed to be more in line with the more common
   ```yaml
   image:
     registry: quay.io
     repository: argoproj/argocli
     tag: v3.0.1
   ```
   this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images.
 1. switched to quay.io as the default registry for all images
 1. removed any included usage of Minio
 1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create`
 1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig`
 [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 [links]: https://argoproj.github.io/argo-workflows/links/
 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 [values.yaml]: values.yaml
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@ -1,68 +1,79 @@
 images:
-  # imagePullPolicy to apply to all containers
+  # -- imagePullPolicy to apply to all containers
  pullPolicy: Always
-  # Secrets with credentials to pull images from a private registry
+  # -- Secrets with credentials to pull images from a private registry
  pullSecrets: []
  # - name: argo-pull-secret
 # -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds
 ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
 createAggregateRoles: true
-## String to partially override "argo-workflows.fullname" template
+# -- String to partially override "argo-workflows.fullname" template
 ##
 nameOverride:
-## String to fully override "argo-workflows.fullname" template
+# -- String to fully override "argo-workflows.fullname" template
 ##
 fullnameOverride:
-## Override the Kubernetes version, which is used to evaluate certain manifests
+# -- Override the Kubernetes version, which is used to evaluate certain manifests
 ##
 kubeVersionOverride: ""
-# Restrict Argo to operate only in a single namespace (the namespace of the
+# -- Restrict Argo to operate only in a single namespace (the namespace of the
 # Helm release) by apply Roles and RoleBindings instead of the Cluster
 # equivalents, and start workflow-controller with the --namespaced flag. Use it
 # in clusters with strict access policy.
 singleNamespace: false
 workflow:
-  namespace: # Deprecated; use controller.workflowNamespaces instead.
+  # -- Deprecated; use controller.workflowNamespaces instead.
  namespace:
  serviceAccount:
-    create: false # Specifies whether a service account should be created
+    # -- Specifies whether a service account should be created
    create: false
    # -- Annotations applied to created service account
    annotations: {}
-    name: "argo-workflow" # Service account which is used to run workflows
+    # -- Service account which is used to run workflows
    name: "argo-workflow"
  rbac:
-    # Adds Role and RoleBinding for the above specified service account to be able to run workflows
+    # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows.
    # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
    create: true
 controller:
  image:
    # -- Registry to use for the controller
    registry: quay.io
    # -- Registry to use for the controller
    repository: argoproj/workflow-controller
-    # Overrides the image tag whose default is the chart appVersion.
+    # -- Overrides the image tag whose default is the chart appVersion.
    tag: ""
-  # parallelism dictates how many workflows can be running at the same time
+  # -- parallelism dictates how many workflows can be running at the same time
  parallelism:
-  # Limits the maximum number of incomplete workflows in a namespace
+  # -- Limits the maximum number of incomplete workflows in a namespace
  namespaceParallelism:
-  # Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
+  # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
  initialDelay:
-  # podAnnotations is an optional map of annotations to be applied to the controller Pods
+  # -- podAnnotations is an optional map of annotations to be applied to the controller Pods
  podAnnotations: {}
-  # Optional labels to add to the controller pods
+  # -- Optional labels to add to the controller pods
  podLabels: {}
-  # SecurityContext to set on the controller pods
+  # -- SecurityContext to set on the controller pods
  podSecurityContext: {}
  # podPortName: http
  metricsConfig:
    # -- Enables prometheus metrics server
    enabled: false
    # -- Path is the path where metrics are emitted. Must start with a "/".
    path: /metrics
    # -- Port is the port where metrics are emitted
    port: 9090
    # -- Container metrics port name
    portName: metrics
    # -- Service metrics port
    servicePort: 8080
    # -- Service metrics port name
    servicePortName: metrics
-  # the controller container's securityContext
+  # -- the controller container's securityContext
  securityContext:
    readOnlyRootFilesystem: true
    runAsNonRoot: true
@ -70,6 +81,7 @@ controller:
    capabilities:
      drop:
        - ALL
  # -- enable persistence using postgres
  persistence: {}
  # connectionPool:
  #   maxIdleConns: 100
@ -90,132 +102,185 @@ controller:
  #   passwordSecret:
  #     name: argo-postgres-config
  #     key: password
-  workflowDefaults: {} # Only valid for 2.7+
+
  # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
  # Only valid for 2.7+
  ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/
  workflowDefaults: {}
  #  spec:
  #    ttlStrategy:
  #      secondsAfterCompletion: 84600
-  # workflowWorkers: 32
+
-  # podWorkers: 32
+  # -- Number of workflow workers
-  workflowRestrictions: {} # Only valid for 2.9+
+  workflowWorkers: # 32
  # -- Number of pod workers
  podWorkers: # 32
  # -- Restricts the Workflows that the controller will process.
  # Only valid for 2.9+
  workflowRestrictions: {}
    # templateReferencing: Strict|Secure
  # telemetryConfig controls the path and port for prometheus telemetry. Telemetry is enabled and emitted in the same endpoint
  # as metrics by default, but can be overridden using this config.
  telemetryConfig:
    # -- Enables prometheus telemetry server
    enabled: false
    # -- telemetry path
    path: /telemetry
    # -- telemetry container port
    port: 8081
    # -- telemetry service port
    servicePort: 8081
    # -- telemetry service port name
    servicePortName: telemetry
  serviceMonitor:
    # -- Enable a prometheus ServiceMonitor
    enabled: false
    # -- Prometheus ServiceMonitor labels
    additionalLabels: {}
  serviceAccount:
    # -- Create a service account for the controller
    create: true
    # -- Service account name
    name: ""
-    # Annotations applied to created service account
+    # -- Annotations applied to created service account
    annotations: {}
  # -- Workflow controller name string
  name: workflow-controller
-  # Specify all namespaces where this workflow controller instance will manage
+
  # -- Specify all namespaces where this workflow controller instance will manage
  # workflows. This controls where the service account and RBAC resources will
  # be created. Only valid when singleNamespace is false.
  workflowNamespaces:
    - default
  # -- Specifies the container runtime interface to use (one of: `docker`, `kubelet`, `k8sapi`, `pns`, `emissary`)
  ## Ref: https://argoproj.github.io/argo-workflows/workflow-executors/
  containerRuntimeExecutor: docker
-  # containerRuntimeExecutors:
+  # -- Specifies the executor to use. This has precedence over `controller.containerRuntimeExecutor`.
  containerRuntimeExecutors: []
    # - name: emissary
    #   selector:
    #     matchLabels:
    #       workflows.argoproj.io/container-runtime-executor: emissary
  instanceID:
-    # `instanceID.enabled` configures the controller to filter workflow submissions
+    # -- Configures the controller to filter workflow submissions
    # to only those which have a matching instanceID attribute.
    ## NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
    ## or `instanceID.explicitID` must be defined.
    enabled: false
-    # NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
+    # -- Use ReleaseName as instanceID
-    # or `instanceID.explicitID` must be defined.
+    useReleaseName: false
    # useReleaseName: true
    # -- Use a custom instanceID
    explicitID: ""
    # explicitID: unique-argo-controller-identifier
  logging:
    # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
    level: info
    # -- Set the glog logging level
    globallevel: "0"
  # -- Service type of the controller Service
  serviceType: ClusterIP
-  # Annotations to be applied to the controller Service
+  # -- Annotations to be applied to the controller Service
  serviceAnnotations: {}
-  # Optional labels to add to the controller Service
+  # -- Optional labels to add to the controller Service
  serviceLabels: {}
-  # Source ranges to allow access to service from. Only applies to
+  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
  # service type `LoadBalancer`
  loadBalancerSourceRanges: []
  # -- Resource limits and requests for the controller
  resources: {}
  # -- Configure liveness [probe] for the controller
  # @default -- See [values.yaml]
  livenessProbe:
    httpGet:
      port: 6060
      path: /healthz
    # Require three failures to tolerate transient errors.
    failureThreshold: 3
    initialDelaySeconds: 90
    periodSeconds: 60
    timeoutSeconds: 30
-  ## Extra environment variables to provide to the controller container
+  # -- Extra environment variables to provide to the controller container
  ## extraEnv:
  ##   - name: FOO
  ##     value: "bar"
  extraEnv: []
    # - name: FOO
    #   value: "bar"
-  # Extra arguments to be added to the controller
+  # -- Extra arguments to be added to the controller
  extraArgs: []
  # -- The number of controller pods to run
  replicas: 1
  pdb:
    # -- Configure [Pod Disruption Budget] for the controller pods
    enabled: false
    # minAvailable: 1
    # maxUnavailable: 1
-  ## Node selectors and tolerations for server scheduling to nodes with taints
+
-  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  # -- [Node selector]
  ##
  nodeSelector:
    kubernetes.io/os: linux
  # -- [Tolerations] for use with node taints
  tolerations: []
  # -- Assign custom [affinity] rules
  affinity: {}
-  # Leverage a PriorityClass to ensure your pods survive resource shortages
+  # -- Leverage a PriorityClass to ensure your pods survive resource shortages.
-  # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  # PriorityClass: system-cluster-critical
  priorityClassName: ""
-  # https://argoproj.github.io/argo-workflows/links/
+
  # -- Configure Argo Server to show custom [links]
  ## Ref: https://argoproj.github.io/argo-workflows/links/
  links: []
  clusterWorkflowTemplates:
-    # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
+    # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
    enabled: true
-  # Extra containers to be added to the controller deployment
+  # -- Extra containers to be added to the controller deployment
  extraContainers: []
 # executor controls how the init and wait container should be customized
 executor:
  image:
    # -- Registry to use for the Workflow Executors
    registry: quay.io
    # -- Repository to use for the Workflow Executors
    repository: argoproj/argoexec
-    # Overrides the image tag whose default is the chart appVersion.
+    # -- Overrides the image tag whose default is the chart appVersion.
    tag: ""
  # -- Resource limits and requests for the Workflow Executors
  resources: {}
-  # Adds environment variables for the executor.
+  # -- Adds environment variables for the executor.
  env: {}
-  # sets security context for the executor container
+  # -- sets security context for the executor container
  securityContext: {}
 server:
  # -- Deploy the Argo Server
  enabled: true
-  # only updates base url of resources on client side,
+  # -- Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /.
-  # it's expected that a proxy server rewrites the request URL and gets rid of this prefix
+  ## only updates base url of resources on client side,
-  # https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
+  ## it's expected that a proxy server rewrites the request URL and gets rid of this prefix
  ## https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
  baseHref: /
  image:
    # -- Registry to use for the server
    registry: quay.io
    # -- Repository to use for the server
    repository: argoproj/argocli
-    # Overrides the image tag whose default is the chart appVersion.
+    # -- Overrides the image tag whose default is the chart appVersion.
    tag: ""
-  # optional map of annotations to be applied to the ui Pods
+  # -- optional map of annotations to be applied to the ui Pods
  podAnnotations: {}
-  # Optional labels to add to the UI pods
+  # -- Optional labels to add to the UI pods
  podLabels: {}
-  # SecurityContext to set on the server pods
+  # -- SecurityContext to set on the server pods
  podSecurityContext: {}
  # -- Servers container-level security context
  securityContext:
    readOnlyRootFilesystem: false
    runAsNonRoot: true
@ -223,83 +288,101 @@ server:
    capabilities:
      drop:
        - ALL
  # -- Server name string
  name: server
  # -- Service type for server pods
  serviceType: ClusterIP
  # -- Service port for server
  servicePort: 2746
-  # serviceNodePort: 32746
+  # -- Service node port
-  # servicePortName: http
+  serviceNodePort: # 32746
  # -- Service port name
  servicePortName: "" # http
  serviceAccount:
    # -- Create a service account for the server
    create: true
    # -- Service account name
    name: ""
    # -- Annotations applied to created service account
    annotations: {}
-  # Annotations to be applied to the UI Service
+
  # -- Annotations to be applied to the UI Service
  serviceAnnotations: {}
-  # Optional labels to add to the UI Service
+  # -- Optional labels to add to the UI Service
  serviceLabels: {}
-  # Static IP address to assign to loadBalancer
+  # -- Static IP address to assign to loadBalancer service type `LoadBalancer`
  # service type `LoadBalancer`
  loadBalancerIP: ""
-  # Source ranges to allow access to service from. Only applies to
+  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
  # service type `LoadBalancer`
  loadBalancerSourceRanges: []
  # -- Resource limits and requests for the server
  resources: {}
  # -- The number of server pods to run
  replicas: 1
  pdb:
    # -- Configure [Pod Disruption Budget] for the server pods
    enabled: false
    # minAvailable: 1
    # maxUnavailable: 1
-  ## Node selectors and tolerations for server scheduling to nodes with taints
+
-  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  # -- [Node selector]
  ##
  nodeSelector:
    kubernetes.io/os: linux
  # -- [Tolerations] for use with node taints
  tolerations: []
  # -- Assign custom [affinity] rules
  affinity: {}
-  # Leverage a PriorityClass to ensure your pods survive resource shortages
+
-  # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+  # -- Leverage a PriorityClass to ensure your pods survive resource shortages
-  # PriorityClass: system-cluster-critical
+  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  priorityClassName: ""
-  # Run the argo server in "secure" mode. Configure this value instead of
+  # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs.
-  # "--secure" in extraArgs. See the following documentation for more details
+  ## See the following documentation for more details on secure mode:
-  # on secure mode:
+  ## https://argoproj.github.io/argo-workflows/tls/
  # https://argoproj.github.io/argo-workflows/tls/
  secure: false
-  ## Extra environment variables to provide to the argo-server container
+  # -- Extra environment variables to provide to the argo-server container
  ## extraEnv:
  ##   - name: FOO
  ##     value: "bar"
  extraEnv: []
    # - name: FOO
    #   value: "bar"
-  # Extra arguments to provide to the Argo server binary.
+  # -- Extra arguments to provide to the Argo server binary.
  extraArgs: []
-  ## Additional volumes to the server main container.
+  # -- Additional volume mounts to the server main container.
  volumeMounts: []
  # -- Additional volumes to the server pod.
  volumes: []
  ## Ingress configuration.
-  ## ref: https://kubernetes.io/docs/user-guide/ingress/
+  # ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    # -- Enable an ingress resource
    enabled: false
    # -- Additional ingress annotations
    annotations: {}
    # -- Additional ingress labels
    labels: {}
    # -- Defines which ingress controller will implement the resource
    ingressClassName: ""
-    ## Argo Workflows Server Ingress.
+    # -- List of ingress hosts
    ## Hostnames must be provided if Ingress is enabled.
    ## Secrets must be manually created in the namespace
-    ##
+    hosts: []
    hosts:
      []
      # - argoworkflows.example.com
    # -- List of ingress paths
    paths:
      - /
    # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
    pathType: Prefix
-    extraPaths:
+    # -- Additional ingress paths
-      []
+    extraPaths: []
      # - path: /*
      #   backend:
      #     serviceName: ssl-redirect
@ -312,20 +395,21 @@ server:
      #       name: ssl-redirect
      #       port:
      #         name: use-annotation
-    tls:
+
-      []
+    # -- Ingress TLS configuration
    tls: []
      # - secretName: argoworkflows-example-tls
      #   hosts:
      #     - argoworkflows.example.com
    https: false
  clusterWorkflowTemplates:
-    # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
+    # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
    enabled: true
-    # Give the server permissions to edit ClusterWorkflowTemplates.
+    # -- Give the server permissions to edit ClusterWorkflowTemplates.
    enableEditing: true
-  sso:
+
-    ## SSO configuration when SSO is specified as a server auth mode.
+  # -- SSO configuration when SSO is specified as a server auth mode.
  sso: {}
    ## All the values are required. SSO is activated by adding --auth-mode=sso
    ## to the server command line.
    #
@ -353,15 +437,19 @@ server:
    ## decisions.
    # scopes:
    # - groups
-  # Extra containers to be added to the server deployment
+
  # -- Extra containers to be added to the server deployment
  extraContainers: []
-# Influences the creation of the ConfigMap for the workflow-controller itself.
+# -- Influences the creation of the ConfigMap for the workflow-controller itself.
 useDefaultArtifactRepo: false
 # -- Use static credentials for S3 (eg. when not using AWS IRSA)
 useStaticCredentials: true
 artifactRepository:
-  # archiveLogs will archive the main container logs as an artifact
+  # -- Archive the main container logs as an artifact
  archiveLogs: false
  # -- Store artifact in a S3-compliant object store
  # @default -- See [values.yaml]
  s3:
    # Note the `key` attribute is not the actual secret, it's the PATH to
    # the contents in the associated secret, as defined by the `name` attribute.
@ -377,7 +465,9 @@ artifactRepository:
    # region:
    # roleARN:
    # useSDKCreds: true
-  # gcs:
+  # -- Store artifact in a GCS object store
  # @default -- `{}` (See [values.yaml])
  gcs: {}
  # bucket: <project>-argo
  # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
  # serviceAccountKeySecret is a secret selector.