Merge branch 'master' into master

2020-05-07 15:27:05 -04:00 · 2020-05-07 15:27:05 -04:00 · 4a0002c25c
commit 4a0002c25c
parent 81b9fa48b9 e0a49d914d
21 changed files with 187 additions and 39 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,5 @@
 output
 .vscode
 .DS_Store
+.idea
 **/*.tgz
--- a/2
+++ b/2
@ -7,7 +7,7 @@
 /charts/argo-events @jbehling

 # Argo Workflows
-/charts/argo @benjaminws
+/charts/argo @benjaminws @stefansedich @paguos

 # Argo Rollouts
 /charts/argo-rollouts @cabrinha
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: "1.5.2"
+appVersion: "1.5.4"
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 2.2.8
+version: 2.3.0
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -19,9 +19,8 @@ This chart currently installs the non-HA version of ArgoCD.
 `controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs`  are not arrays of strings intead of a map

 What was
-
 ```yaml
-controller:
+server:
  extraArgs:
    insecure: ""
 ```
@ -29,7 +28,7 @@ controller:
 is now

 ```yaml
-controller:
+server:
  extraArgs:
  - --insecure
 ```
@ -63,7 +62,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 |-----|------|---------|
 | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
 | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
-| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.2"` |
+| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.3"` |
 | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
 | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
 | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
@ -71,7 +70,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | installCRDs | Install CRDs if you are using Helm2. | `true` |
 | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
 | configs.secret.annotations | Annotations for argocd-secret | `{}` |
-| configs.secret.argocdServerAdminPassword | Admin password | `null` |
+| configs.secret.argocdServerAdminPassword | Bcrypt hashed admin password | `null` |
 | configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set |
 | configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` |
 | configs.secret.createSecret | Create the argocd-secret. | `true` |
@ -79,6 +78,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` |
 | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
 | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
+| openshift.enabled | enables using arbitrary uid for argo repo server | `false` |

 ## ArgoCD Controller

@ -183,6 +183,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` |
 | server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
 | server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
+| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` |
+| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` |
 | server.certificate.additionalHosts | Certificate manager additional hosts | `[]` |
 | server.certificate.domain | Certificate manager domain | `"argocd.example.com"` |
 | server.certificate.enabled | Enables a certificate manager certificate. | `false` |
@ -231,6 +233,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | server.service.labels | Server service labels | `{}` |
 | server.service.servicePortHttp | Server service http port | `80` |
 | server.service.servicePortHttps | Server service https port | `443` |
+| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` |
+| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` |
 | server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` |
 | server.service.type | Server service type | `"ClusterIP"` |
 | server.serviceAccount.create | Create server service account | `true` |
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -52,10 +52,10 @@ spec:
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        command:
-        - argocd-repo-server
        {{- if .Values.openshift.enabled }}
        - uid_entrypoint.sh
        {{- end }}
+        - argocd-repo-server
        {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
        - --redis
        - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
--- a/charts/argo-cd/templates/argocd-server/backendconfig.yaml
+++ b/charts/argo-cd/templates/argocd-server/backendconfig.yaml
@ -0,0 +1,15 @@
+{{- if .Values.server.GKEbackendConfig.enabled }}
+apiVersion: cloud.google.com/v1beta1
+kind: BackendConfig
+metadata:
+  name: {{ template "argo-cd.server.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: {{ .Values.server.name }}
+spec:
+  {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-server/projects.yaml
+++ b/charts/argo-cd/templates/argocd-server/projects.yaml
@ -33,6 +33,10 @@ items:
      {{- if .namespaceResourceBlacklist }}
      namespaceResourceBlacklist:
 {{- toYaml .namespaceResourceBlacklist | nindent 8 }}
+      {{- end }}
+      {{- if .namespaceResourceWhitelist }}
+      namespaceResourceWhitelist:
+{{- toYaml .namespaceResourceWhitelist | nindent 8 }}
      {{- end }}
      {{- if .orphanedResources }}
      orphanedResources:
--- a/charts/argo-cd/templates/argocd-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-server/service.yaml
@ -21,11 +21,11 @@ metadata:
 spec:
  type: {{ .Values.server.service.type }}
  ports:
-  - name: http
+  - name: {{ .Values.server.service.servicePortHttpName }}
    protocol: TCP
    port: {{ .Values.server.service.servicePortHttp }}
    targetPort: {{ .Values.server.name }}
-  - name: https
+  - name: {{ .Values.server.service.servicePortHttpsName }}
    protocol: TCP
    port: {{ .Values.server.service.servicePortHttps }}
    targetPort: {{ .Values.server.name }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -10,7 +10,7 @@ installCRDs: true
 global:
  image:
    repository: argoproj/argocd
-    tag: v1.5.2
+    tag: v1.5.4
    imagePullPolicy: IfNotPresent
  securityContext: {}
  #  runAsUser: 999
@ -28,7 +28,7 @@ controller:

  image:
    repository: # argoproj/argocd
-    tag: # v1.5.2
+    tag: # v1.5.4
    imagePullPolicy: # IfNotPresent

  ## Argo controller commandline flags
@ -319,7 +319,7 @@ server:

  image:
    repository: # argoproj/argocd
-    tag: # v1.5.2
+    tag: # v1.5.4
    imagePullPolicy: # IfNotPresent

  ## Additional command line arguments to pass to argocd-server
@ -404,6 +404,8 @@ server:
    type: ClusterIP
    servicePortHttp: 80
    servicePortHttps: 443
+    servicePortHttpName: http
+    servicePortHttpsName: https
    loadBalancerIP: ""
    loadBalancerSourceRanges: []

@ -553,6 +555,11 @@ server:
  #     kind: NetworkPolicy
  #     orphanedResources: {}
  #     roles: []
+  #   namespaceResourceWhitelist:
+  #   - group: 'apps'
+  #     kind: Deployment
+  #   - group: 'apps'
+  #     kind: StatefulSet
  #   orphanedResources: {}
  #   roles: []

@ -561,6 +568,16 @@ server:
  clusterAdminAccess:
    enabled: true

+  ## Enable BackendConfig custom resource for Google Kubernetes Engine
+  GKEbackendConfig:
+    enabled: false
+    spec: {}
+  #  spec:
+  #    iap:
+  #      enabled: true
+  #      oauthclientCredentials:
+  #        secretName: argocd-secret
+
 ## Repo Server
 repoServer:
  name: repo-server
@ -576,7 +593,7 @@ repoServer:

  image:
    repository: # argoproj/argocd
-    tag: # v1.5.2
+    tag: # v1.5.4
    imagePullPolicy: # IfNotPresent

  ## Additional command line arguments to pass to argocd-repo-server
--- a/charts/argo/Chart.yaml
+++ b/charts/argo/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: "v2.6.1"
+appVersion: "v2.7.6"
 description: A Helm chart for Argo Workflows
 name: argo
-version: 0.7.5
+version: 0.8.5
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
--- a/charts/argo/templates/server-cluster-role.yaml
+++ b/charts/argo/templates/server-cluster-role.yaml
@ -1,8 +1,14 @@
 {{- if .Values.server.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.server.name }}-role
+{{ else }}
 kind: ClusterRole
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role
+  name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-role
+{{- end }}
 rules:
 - apiGroups:
  - ""
@ -28,12 +34,24 @@ rules:
  - get
  - list
  - watch
+  - delete
+{{- if .Values.controller.persistence }}
 - apiGroups:
  - ""
  resources:
  - secrets
+  resourceNames:
+  {{- if .Values.controller.persistence.postgresql }}
+  - {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
+  {{- end}}
+  {{- if .Values.controller.persistence.mysql }}
+  - {{ .Values.controller.persistence.mysql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.mysql.passwordSecret.name }}
+  {{- end}}
  verbs:
  - get
+{{- end}}
 - apiGroups:
  - argoproj.io
  resources:
--- a/charts/argo/templates/server-crb.yaml
+++ b/charts/argo/templates/server-crb.yaml
@ -1,12 +1,23 @@
 {{- if .Values.server.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.server.name}}-rb
+{{ else }}
 kind: ClusterRoleBinding
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}-crb
+{{- end }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  name: {{ .Release.Name }}-{{ .Values.server.name}}-role
+  {{ else }}
  kind: ClusterRole
  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role
+  {{- end }}
 subjects:
 - kind: ServiceAccount
  name: {{ .Values.server.serviceAccount }}
--- a/charts/argo/templates/server-deployment.yaml
+++ b/charts/argo/templates/server-deployment.yaml
@ -1,5 +1,5 @@
-
-{{- if .Values.server.enabled -}}apiVersion: apps/v1
+{{- if .Values.server.enabled -}}
+apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}
@ -13,7 +13,6 @@ spec:
    matchLabels:
      app: {{ .Release.Name }}-{{ .Values.server.name}}
      release: {{ .Release.Name }}
-      app: {{ .Release.Name }}-{{ .Values.server.name}}
  template:
    metadata:
      labels:
@ -31,29 +30,28 @@ spec:
        - name: argo-server
          args:
          - server
+          - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap
          {{- if .Values.server.extraArgs }}
          {{- toYaml .Values.server.extraArgs | nindent 10 }}
          {{- end }}
+          {{- if .Values.singleNamespace }}
+          - "--namespaced"
+          {{- end }}
          image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}"
          imagePullPolicy: {{ .Values.images.pullPolicy }}
          {{- if .Values.server.podPortName }}
          ports:
          - name: {{ .Values.server.podPortName }}
-            ports:
            containerPort: 2746
-            readinessProbe:
-              httpGet:
-                path: /
-                port: 2746
-                scheme: HTTP
-              initialDelaySeconds: 10
-              periodSeconds: 20
          {{- end }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 2746
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 20
          env:
-          {{- if .Values.server.forceNamespaceIsolation }}
-          - name: FORCE_NAMESPACE_ISOLATION
-            value: "true"
-          {{- end }}
          - name: IN_CLUSTER
            value: "true"
          - name: ARGO_NAMESPACE
--- a/charts/argo/templates/server-ingress.yaml
+++ b/charts/argo/templates/server-ingress.yaml
@ -24,6 +24,13 @@ spec:
    - host: {{ . }}
      http:
        paths:
+          {{- if $.Values.server.ingress.paths }}
+          {{- range $.Values.server.ingress.paths }}
+          - backend:
+              serviceName: {{ .serviceName }}
+              servicePort: {{ .servicePort }}
+          {{- end }}
+          {{- end }}
          - backend:
              serviceName: {{ $serviceName }}
              servicePort: {{ $servicePort }}
--- a/charts/argo/templates/server-sa.yaml
+++ b/charts/argo/templates/server-sa.yaml
@ -3,4 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ .Values.server.serviceAccount }}
+  annotations:
+{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }}
 {{- end -}}
--- a/charts/argo/templates/workflow-controller-clusterrole.yaml
+++ b/charts/argo/templates/workflow-controller-clusterrole.yaml
@ -1,7 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.controller.name }}-role
+{{ else }}
 kind: ClusterRole
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role
+  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role
+{{- end }}
 rules:
 - apiGroups:
  - ""
@ -78,4 +84,22 @@ rules:
  verbs:
  - get
  - list
+{{- if .Values.controller.persistence }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  {{- if .Values.controller.persistence.postgresql }}
+  - {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
+  {{- end}}
+  {{- if .Values.controller.persistence.mysql }}
+  - {{ .Values.controller.persistence.mysql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.mysql.passwordSecret.name }}
+  {{- end}}
+  verbs:
+  - get
+{{- end}}
+

--- a/charts/argo/templates/workflow-controller-config-map.yaml
+++ b/charts/argo/templates/workflow-controller-config-map.yaml
@ -16,6 +16,11 @@ data:
    {{- end }}
    {{- end }}
    containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
+    {{- with .Values.executor.resources }}
+    executor:
+      resources:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
    artifactRepository:
      {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
      {{- if .Values.artifactRepository.archiveLogs }}
@ -39,6 +44,12 @@ data:
        {{- if .Values.artifactRepository.s3.region }}
        region: {{ .Values.artifactRepository.s3.region }}
        {{- end }}
+        {{- if .Values.artifactRepository.s3.roleARN }}
+        roleARN: {{ .Values.artifactRepository.s3.roleARN }}
+        {{- end }}
+        {{- if .Values.artifactRepository.s3.useSDKCreds }}
+        useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
+        {{- end }}
      {{- end}}
    {{- if .Values.controller.metricsConfig.enabled }}
    metricsConfig:
@ -49,3 +60,6 @@ data:
    {{- if .Values.controller.persistence }}
    persistence:
 {{ toYaml .Values.controller.persistence | indent 6 }}{{- end }}
+    {{- if .Values.controller.workflowDefaults }}
+    workflowDefaults:
+{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
--- a/charts/argo/templates/workflow-controller-crb.yaml
+++ b/charts/argo/templates/workflow-controller-crb.yaml
@ -1,11 +1,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: RoleBinding
+{{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}-binding
+  name: {{ .Release.Name }}-{{ .Values.controller.name }}-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  name: {{ .Release.Name }}-{{ .Values.controller.name }}-role
+  {{ else }}
  kind: ClusterRole
-  name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role
+  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role
+  {{- end }}
 subjects:
  - kind: ServiceAccount
    name: {{ .Values.controller.serviceAccount }}
--- a/charts/argo/templates/workflow-controller-deployment.yaml
+++ b/charts/argo/templates/workflow-controller-deployment.yaml
@ -40,6 +40,9 @@ spec:
          - "{{ .Values.controller.logging.level }}"
          - "--gloglevel"
          - "{{ .Values.controller.logging.globallevel }}"
+          {{- if .Values.singleNamespace }}
+          - "--namespaced"
+          {{- end }}
          env:
          - name: ARGO_NAMESPACE
            valueFrom:
--- a/charts/argo/templates/workflow-controller-sa.yaml
+++ b/charts/argo/templates/workflow-controller-sa.yaml
@ -2,3 +2,5 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ .Values.controller.serviceAccount }}
+  annotations:
+{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }}
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@ -4,7 +4,7 @@ images:
  server: argocli
  executor: argoexec
  pullPolicy: Always
-  tag: v2.6.1
+  tag: v2.7.6

 crdVersion: v1alpha1
 installCRD: true
@ -16,6 +16,10 @@ init:

 createAggregateRoles: true

+# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents,
+# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
+singleNamespace: false
+
 controller:
  image:
    # Overrides .images.tag if defined.
@ -47,6 +51,10 @@ controller:
    #    passwordSecret:
    #      name: argo-postgres-config
    #      key: password
+  workflowDefaults: {}  # Only valid for 2.7+
+  #  spec:
+  #    ttlStrategy:
+  #      secondsAfterCompletion: 84600
  telemetryConfig:
    enabled: false
    path: /telemetry
@ -55,6 +63,8 @@ controller:
    enabled: false
    additionalLabels: {}
  serviceAccount: argo
+  # Service account annotations
+  serviceAccountAnnotations: {}
  name: workflow-controller
  workflowNamespaces:
    - default
@ -95,15 +105,15 @@ controller:
  tolerations: []
  affinity: {}

+# executor controls how the init and wait container should be customized
 executor:
  image:
    # Overrides .images.tag if defined.
    tag: ""
+  resources: {}

 server:
  enabled: true
-  # only show workflows where UI installed
-  forceNamespaceIsolation: false
  # only updates base url of resources on client side,
  # it's expected that a proxy server rewrites the request URL and gets rid of this prefix
  # https://github.com/argoproj/argo/issues/716#issuecomment-433213190
@ -120,6 +130,8 @@ server:
  servicePort: 2746
  # servicePortName: http
  serviceAccount: argo-server
+  # Service account annotations
+  serviceAccountAnnotations: {}
  # Annotations to be applied to the UI Service
  serviceAnnotations: {}
  # Optional labels to add to the UI Service
@ -164,6 +176,11 @@ server:
    # hosts:
    #   - argo.domain.com

+    ## Additional Paths for each host
+    # paths:
+    #   - serviceName: "ssl-redirect"
+    #     servicePort: "use-annotation"
+
    ## TLS configuration.
    ## Secrets must be manually created in the namespace.
    ##
@ -191,6 +208,8 @@ artifactRepository:
    # bucket:
    # endpoint:
    # region:
+    # roleARN:
+    # useSDKCreds: true

 # NOTE: These are setting attributes for the `minio` optional dependency
 minio: