diff --git a/.gitignore b/.gitignore index f501fc92..2529e3b1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ output .vscode .DS_Store +.idea **/*.tgz diff --git a/CODEOWNERS b/CODEOWNERS index 50d3195b..7de4e9c4 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -7,7 +7,7 @@ /charts/argo-events @jbehling # Argo Workflows -/charts/argo @benjaminws +/charts/argo @benjaminws @stefansedich @paguos # Argo Rollouts /charts/argo-rollouts @cabrinha diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b671caf3..397d21b0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "1.5.2" +appVersion: "1.5.4" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.2.8 +version: 2.3.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index adfe7004..9255e903 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -19,9 +19,8 @@ This chart currently installs the non-HA version of ArgoCD. `controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are not arrays of strings intead of a map What was - ```yaml -controller: +server: extraArgs: insecure: "" ``` @@ -29,7 +28,7 @@ controller: is now ```yaml -controller: +server: extraArgs: - --insecure ``` @@ -63,7 +62,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i |-----|------|---------| | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.2"` | +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.3"` | | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | @@ -71,7 +70,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | installCRDs | Install CRDs if you are using Helm2. | `true` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | | configs.secret.annotations | Annotations for argocd-secret | `{}` | -| configs.secret.argocdServerAdminPassword | Admin password | `null` | +| configs.secret.argocdServerAdminPassword | Bcrypt hashed admin password | `null` | | configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set | | configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` | | configs.secret.createSecret | Create the argocd-secret. | `true` | @@ -79,6 +78,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | +| openshift.enabled | enables using arbitrary uid for argo repo server | `false` | ## ArgoCD Controller @@ -183,6 +183,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | | server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | | server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` | +| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` | | server.certificate.additionalHosts | Certificate manager additional hosts | `[]` | | server.certificate.domain | Certificate manager domain | `"argocd.example.com"` | | server.certificate.enabled | Enables a certificate manager certificate. | `false` | @@ -231,6 +233,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.service.labels | Server service labels | `{}` | | server.service.servicePortHttp | Server service http port | `80` | | server.service.servicePortHttps | Server service https port | `443` | +| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` | +| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` | | server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` | | server.service.type | Server service type | `"ClusterIP"` | | server.serviceAccount.create | Create server service account | `true` | diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index e38dd84e..9268cc65 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -52,10 +52,10 @@ spec: image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} command: - - argocd-repo-server {{- if .Values.openshift.enabled }} - uid_entrypoint.sh {{- end }} + - argocd-repo-server {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - --redis - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} diff --git a/charts/argo-cd/templates/argocd-server/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/backendconfig.yaml new file mode 100644 index 00000000..279b3487 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/backendconfig.yaml @@ -0,0 +1,15 @@ +{{- if .Values.server.GKEbackendConfig.enabled }} +apiVersion: cloud.google.com/v1beta1 +kind: BackendConfig +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +spec: + {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/projects.yaml b/charts/argo-cd/templates/argocd-server/projects.yaml index b48e12c2..3f768bf0 100644 --- a/charts/argo-cd/templates/argocd-server/projects.yaml +++ b/charts/argo-cd/templates/argocd-server/projects.yaml @@ -33,6 +33,10 @@ items: {{- if .namespaceResourceBlacklist }} namespaceResourceBlacklist: {{- toYaml .namespaceResourceBlacklist | nindent 8 }} + {{- end }} + {{- if .namespaceResourceWhitelist }} + namespaceResourceWhitelist: +{{- toYaml .namespaceResourceWhitelist | nindent 8 }} {{- end }} {{- if .orphanedResources }} orphanedResources: diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 292bf94b..396b0c06 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -21,11 +21,11 @@ metadata: spec: type: {{ .Values.server.service.type }} ports: - - name: http + - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} targetPort: {{ .Values.server.name }} - - name: https + - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} targetPort: {{ .Values.server.name }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c666453b..b47acbbf 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -10,7 +10,7 @@ installCRDs: true global: image: repository: argoproj/argocd - tag: v1.5.2 + tag: v1.5.4 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 @@ -28,7 +28,7 @@ controller: image: repository: # argoproj/argocd - tag: # v1.5.2 + tag: # v1.5.4 imagePullPolicy: # IfNotPresent ## Argo controller commandline flags @@ -319,7 +319,7 @@ server: image: repository: # argoproj/argocd - tag: # v1.5.2 + tag: # v1.5.4 imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-server @@ -404,6 +404,8 @@ server: type: ClusterIP servicePortHttp: 80 servicePortHttps: 443 + servicePortHttpName: http + servicePortHttpsName: https loadBalancerIP: "" loadBalancerSourceRanges: [] @@ -553,6 +555,11 @@ server: # kind: NetworkPolicy # orphanedResources: {} # roles: [] + # namespaceResourceWhitelist: + # - group: 'apps' + # kind: Deployment + # - group: 'apps' + # kind: StatefulSet # orphanedResources: {} # roles: [] @@ -561,6 +568,16 @@ server: clusterAdminAccess: enabled: true + ## Enable BackendConfig custom resource for Google Kubernetes Engine + GKEbackendConfig: + enabled: false + spec: {} + # spec: + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + ## Repo Server repoServer: name: repo-server @@ -576,7 +593,7 @@ repoServer: image: repository: # argoproj/argocd - tag: # v1.5.2 + tag: # v1.5.4 imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-repo-server diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 4a5e626b..df37b454 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "v2.6.1" +appVersion: "v2.7.6" description: A Helm chart for Argo Workflows name: argo -version: 0.7.5 +version: 0.8.5 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/server-cluster-role.yaml b/charts/argo/templates/server-cluster-role.yaml index fbf8d044..efb9d564 100644 --- a/charts/argo/templates/server-cluster-role.yaml +++ b/charts/argo/templates/server-cluster-role.yaml @@ -1,8 +1,14 @@ {{- if .Values.server.enabled }} apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: Role +metadata: + name: {{ .Release.Name }}-{{ .Values.server.name }}-role +{{ else }} kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role + name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-role +{{- end }} rules: - apiGroups: - "" @@ -28,12 +34,24 @@ rules: - get - list - watch + - delete +{{- if .Values.controller.persistence }} - apiGroups: - "" resources: - secrets + resourceNames: + {{- if .Values.controller.persistence.postgresql }} + - {{ .Values.controller.persistence.postgresql.userNameSecret.name }} + - {{ .Values.controller.persistence.postgresql.passwordSecret.name }} + {{- end}} + {{- if .Values.controller.persistence.mysql }} + - {{ .Values.controller.persistence.mysql.userNameSecret.name }} + - {{ .Values.controller.persistence.mysql.passwordSecret.name }} + {{- end}} verbs: - get +{{- end}} - apiGroups: - argoproj.io resources: diff --git a/charts/argo/templates/server-crb.yaml b/charts/argo/templates/server-crb.yaml index e764b847..ed7d7982 100644 --- a/charts/argo/templates/server-crb.yaml +++ b/charts/argo/templates/server-crb.yaml @@ -1,12 +1,23 @@ {{- if .Values.server.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-{{ .Values.server.name}}-rb +{{ else }} kind: ClusterRoleBinding metadata: name: {{ .Release.Name }}-{{ .Values.server.name}}-crb +{{- end }} roleRef: apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + name: {{ .Release.Name }}-{{ .Values.server.name}}-role + {{ else }} kind: ClusterRole name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role + {{- end }} subjects: - kind: ServiceAccount name: {{ .Values.server.serviceAccount }} diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml index bbf82dd1..5f5ff726 100644 --- a/charts/argo/templates/server-deployment.yaml +++ b/charts/argo/templates/server-deployment.yaml @@ -1,5 +1,5 @@ - -{{- if .Values.server.enabled -}}apiVersion: apps/v1 +{{- if .Values.server.enabled -}} +apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.server.name}} @@ -13,7 +13,6 @@ spec: matchLabels: app: {{ .Release.Name }}-{{ .Values.server.name}} release: {{ .Release.Name }} - app: {{ .Release.Name }}-{{ .Values.server.name}} template: metadata: labels: @@ -31,29 +30,28 @@ spec: - name: argo-server args: - server + - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap {{- if .Values.server.extraArgs }} {{- toYaml .Values.server.extraArgs | nindent 10 }} {{- end }} + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} {{- if .Values.server.podPortName }} ports: - name: {{ .Values.server.podPortName }} - ports: containerPort: 2746 - readinessProbe: - httpGet: - path: / - port: 2746 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 20 {{- end }} + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 20 env: - {{- if .Values.server.forceNamespaceIsolation }} - - name: FORCE_NAMESPACE_ISOLATION - value: "true" - {{- end }} - name: IN_CLUSTER value: "true" - name: ARGO_NAMESPACE diff --git a/charts/argo/templates/server-ingress.yaml b/charts/argo/templates/server-ingress.yaml index bee5a7f8..eb0f37e0 100644 --- a/charts/argo/templates/server-ingress.yaml +++ b/charts/argo/templates/server-ingress.yaml @@ -24,6 +24,13 @@ spec: - host: {{ . }} http: paths: + {{- if $.Values.server.ingress.paths }} + {{- range $.Values.server.ingress.paths }} + - backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} + {{- end }} - backend: serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} diff --git a/charts/argo/templates/server-sa.yaml b/charts/argo/templates/server-sa.yaml index 8027811e..c0d332e1 100644 --- a/charts/argo/templates/server-sa.yaml +++ b/charts/argo/templates/server-sa.yaml @@ -3,4 +3,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.server.serviceAccount }} + annotations: +{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }} {{- end -}} diff --git a/charts/argo/templates/workflow-controller-clusterrole.yaml b/charts/argo/templates/workflow-controller-clusterrole.yaml index 8df46229..20515321 100644 --- a/charts/argo/templates/workflow-controller-clusterrole.yaml +++ b/charts/argo/templates/workflow-controller-clusterrole.yaml @@ -1,7 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: Role +metadata: + name: {{ .Release.Name }}-{{ .Values.controller.name }}-role +{{ else }} kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role + name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role +{{- end }} rules: - apiGroups: - "" @@ -78,4 +84,22 @@ rules: verbs: - get - list +{{- if .Values.controller.persistence }} +- apiGroups: + - "" + resources: + - secrets + resourceNames: + {{- if .Values.controller.persistence.postgresql }} + - {{ .Values.controller.persistence.postgresql.userNameSecret.name }} + - {{ .Values.controller.persistence.postgresql.passwordSecret.name }} + {{- end}} + {{- if .Values.controller.persistence.mysql }} + - {{ .Values.controller.persistence.mysql.userNameSecret.name }} + - {{ .Values.controller.persistence.mysql.passwordSecret.name }} + {{- end}} + verbs: + - get +{{- end}} + diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index 712e4fd5..068b381c 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -16,6 +16,11 @@ data: {{- end }} {{- end }} containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} + {{- with .Values.executor.resources }} + executor: + resources: + {{- toYaml . | nindent 8 }} + {{- end }} artifactRepository: {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} {{- if .Values.artifactRepository.archiveLogs }} @@ -39,6 +44,12 @@ data: {{- if .Values.artifactRepository.s3.region }} region: {{ .Values.artifactRepository.s3.region }} {{- end }} + {{- if .Values.artifactRepository.s3.roleARN }} + roleARN: {{ .Values.artifactRepository.s3.roleARN }} + {{- end }} + {{- if .Values.artifactRepository.s3.useSDKCreds }} + useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }} + {{- end }} {{- end}} {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: @@ -49,3 +60,6 @@ data: {{- if .Values.controller.persistence }} persistence: {{ toYaml .Values.controller.persistence | indent 6 }}{{- end }} + {{- if .Values.controller.workflowDefaults }} + workflowDefaults: +{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo/templates/workflow-controller-crb.yaml index 5dc55111..3eba3cf2 100644 --- a/charts/argo/templates/workflow-controller-crb.yaml +++ b/charts/argo/templates/workflow-controller-crb.yaml @@ -1,11 +1,20 @@ apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +{{ else }} kind: ClusterRoleBinding +{{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-binding + name: {{ .Release.Name }}-{{ .Values.controller.name }}-binding roleRef: apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + name: {{ .Release.Name }}-{{ .Values.controller.name }}-role + {{ else }} kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role + name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role + {{- end }} subjects: - kind: ServiceAccount name: {{ .Values.controller.serviceAccount }} diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml index 06b708c6..2b8b1dbd 100644 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ b/charts/argo/templates/workflow-controller-deployment.yaml @@ -40,6 +40,9 @@ spec: - "{{ .Values.controller.logging.level }}" - "--gloglevel" - "{{ .Values.controller.logging.globallevel }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} env: - name: ARGO_NAMESPACE valueFrom: diff --git a/charts/argo/templates/workflow-controller-sa.yaml b/charts/argo/templates/workflow-controller-sa.yaml index af3ef519..02d274da 100644 --- a/charts/argo/templates/workflow-controller-sa.yaml +++ b/charts/argo/templates/workflow-controller-sa.yaml @@ -2,3 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.controller.serviceAccount }} + annotations: +{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 4e68c27e..b1324014 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -4,7 +4,7 @@ images: server: argocli executor: argoexec pullPolicy: Always - tag: v2.6.1 + tag: v2.7.6 crdVersion: v1alpha1 installCRD: true @@ -16,6 +16,10 @@ init: createAggregateRoles: true +# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, +# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. +singleNamespace: false + controller: image: # Overrides .images.tag if defined. @@ -47,6 +51,10 @@ controller: # passwordSecret: # name: argo-postgres-config # key: password + workflowDefaults: {} # Only valid for 2.7+ + # spec: + # ttlStrategy: + # secondsAfterCompletion: 84600 telemetryConfig: enabled: false path: /telemetry @@ -55,6 +63,8 @@ controller: enabled: false additionalLabels: {} serviceAccount: argo + # Service account annotations + serviceAccountAnnotations: {} name: workflow-controller workflowNamespaces: - default @@ -95,15 +105,15 @@ controller: tolerations: [] affinity: {} +# executor controls how the init and wait container should be customized executor: image: # Overrides .images.tag if defined. tag: "" + resources: {} server: enabled: true - # only show workflows where UI installed - forceNamespaceIsolation: false # only updates base url of resources on client side, # it's expected that a proxy server rewrites the request URL and gets rid of this prefix # https://github.com/argoproj/argo/issues/716#issuecomment-433213190 @@ -120,6 +130,8 @@ server: servicePort: 2746 # servicePortName: http serviceAccount: argo-server + # Service account annotations + serviceAccountAnnotations: {} # Annotations to be applied to the UI Service serviceAnnotations: {} # Optional labels to add to the UI Service @@ -164,6 +176,11 @@ server: # hosts: # - argo.domain.com + ## Additional Paths for each host + # paths: + # - serviceName: "ssl-redirect" + # servicePort: "use-annotation" + ## TLS configuration. ## Secrets must be manually created in the namespace. ## @@ -191,6 +208,8 @@ artifactRepository: # bucket: # endpoint: # region: + # roleARN: + # useSDKCreds: true # NOTE: These are setting attributes for the `minio` optional dependency minio: