fix(argo-applicationset): Fix deployment issue with AppSet v0.1.0 (#650)

* fix: Add supports for private repos configured using SSH

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

* fix(argo-applicationset): Allow to select with volumes to mount

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

* Fix RBAC rules

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

* Fix linting issue

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

* Fix chart version

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

Co-authored-by: Jonathan West <jgwest@users.noreply.github.com>

charts/argo-applicationset/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: argocd-applicationset
 description: A Helm chart for installing ArgoCD ApplicationSet
 type: application
-version: 0.1.0
+version: 0.1.1
-appVersion: "v0.1.0-prerelease"
+appVersion: "v0.1.0"
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:

charts/argo-applicationset/README.md

@@ -46,6 +46,10 @@ Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings
 | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
 | installCRDs | bool | `true` | Install Custom Resource Definition |
+| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume |
+| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume |
+| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume |
+| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` |
 | nameOverride | string | `""` | Provide a name in place of `argo-applicationset` |
 | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
 | podAnnotations | object | `{}` | Annotations for the controller pods |

charts/argo-applicationset/templates/deployment.yaml

@@ -49,6 +49,43 @@ spec:
               protocol: TCP
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            {{- if .Values.mountSSHKnownHostsVolume }}
+            - mountPath: /app/config/ssh
+              name: ssh-known-hosts
+            {{- end }}
+            {{- if .Values.mountTLSCertsVolume }}
+            - mountPath: /app/config/tls
+              name: tls-certs
+            {{- end }}
+            {{- if .Values.mountGPGKeysVolume }}
+            - mountPath: /app/config/gpg/source
+              name: gpg-keys
+            {{- end }}
+            {{- if .Values.mountGPGKeyringVolume }}
+            - mountPath: /app/config/gpg/keys
+              name: gpg-keyring
+            {{- end }}
+      volumes:
+      {{- if .Values.mountSSHKnownHostsVolume }}
+      - configMap:
+          name: argocd-ssh-known-hosts-cm
+        name: ssh-known-hosts
+      {{- end }}
+      {{- if .Values.mountTLSCertsVolume }}
+      - configMap:
+          name: argocd-tls-certs-cm
+        name: tls-certs
+      {{- end }}
+      {{- if .Values.mountGPGKeysVolume }}
+      - configMap:
+          name: argocd-gpg-keys-cm
+        name: gpg-keys
+      {{- end }}
+      {{- if .Values.mountGPGKeyringVolume }}
+      - emptyDir: {}
+        name: gpg-keyring
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/argo-applicationset/templates/rbac.yaml

@@ -6,73 +6,58 @@ metadata:
     {{- include "argo-applicationset.labels" . | nindent 4 }}
 rules:
   - apiGroups:
-      - argoproj.io
+    - argoproj.io
     resources:
-      - applications
+    - applications
-      - applicationsets
+    - appprojects
-      - applicationsets/finalizers
+    - applicationsets
+    - applicationsets/finalizers
     verbs:
-      - create
+    - create
-      - delete
+    - delete
-      - get
+    - get
-      - list
+    - list
-      - patch
+    - patch
-      - update
+    - update
-      - watch
+    - watch
   - apiGroups:
-      - argoproj.io
+    - argoproj.io
     resources:
-      - applicationsets/status
+    - applicationsets/status
     verbs:
-      - get
+    - get
-      - patch
+    - patch
-      - update
+    - update
   - apiGroups:
-      - ''
+    - ""
     resources:
-      - events
+    - events
     verbs:
-      - create
+    - create
-      - delete
+    - delete
-      - get
+    - get
-      - list
+    - list
-      - patch
+    - patch
-      - update
+    - update
-      - watch
+    - watch
   - apiGroups:
-      - ''
+    - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-    - ''
     resources:
+    - secrets
     - configmaps
     verbs:
     - get
     - list
     - watch
-    - create
-    - update
-    - patch
-    - delete
   - apiGroups:
-    - ''
+    - apps
+    - extensions
     resources:
-    - configmaps/status
+    - deployments
     verbs:
     - get
-    - update
+    - list
-    - patch
+    - watch
-  - apiGroups:
-    - ''
-    resources:
-    - events
-    verbs:
-    - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

charts/argo-applicationset/values.yaml

@@ -70,3 +70,8 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+mountSSHKnownHostsVolume: true
+mountTLSCertsVolume: true
+mountGPGKeysVolume: false
+mountGPGKeyringVolume: true