DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into fix-cluster-role-missing-access-in-argo-rollouts-dashboard

Browse source 
Signed-off-by: Tal Yitzhak <yitzhtal@gmail.com>
This commit is contained in:
Tal Yitzhak 2023-05-27 13:22:58 +03:00 committed by GitHub
commit 4bb93dd424
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
80 changed files with 2528 additions and 166 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.github/configs/cr.yaml vendored
View file

@ -1,2 +1,8 @@
## Reference: https://github.com/helm/chart-releaser
index-path: "./index.yaml"
# PGP signing
sign: true
key: Argo Helm maintainers
# keyring: # Set via env variable CR_KEYRING
# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE

22
.github/workflows/lint-and-test.yml vendored
View file

@ -6,27 +6,39 @@ permissions:
contents: read
jobs:
linter-artifacthub:
runs-on: ubuntu-latest
container:
image: public.ecr.aws/artifacthub/ah:v1.14.0
options: --user 1001
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run ah lint
working-directory: ./charts
run: ah lint
chart-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v3
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@v4
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0
with:
python-version: 3.9
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@v2.4.0
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
with:
# Note: Also update in scripts/lint.sh
version: v3.7.1
@ -58,7 +70,7 @@ jobs:
fi
- name: Create kind cluster
uses: helm/kind-action@v1.5.0
uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0
if: steps.list-changed.outputs.changed == 'true'
with:
config: .github/configs/kind-config.yaml

11
.github/workflows/pr-sizing.yml vendored
View file

@ -1,8 +1,12 @@
## Reference: https://github.com/pascalgn/size-label-action
name: 'PR Labeling'
on:
pull_request_target:
types: [opened, synchronize, reopened]
types:
- opened
- synchronize
- reopened
permissions:
contents: read
@ -12,7 +16,7 @@ jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v4
- uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3
with:
configuration-path: ".github/configs/labeler.yaml"
repo-token: "${{ secrets.GITHUB_TOKEN }}"
@ -21,7 +25,6 @@ jobs:
size-label:
runs-on: ubuntu-latest
steps:
- name: size-label
uses: "pascalgn/size-label-action@v0.4.3"
- uses: pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

3
.github/workflows/pr-title.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5
- uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
@ -31,6 +31,7 @@ jobs:
argo-workflows
argocd-image-updater
argocd-apps
deps
github
# Configure that a scope must always be provided.
requireScope: true

22
.github/workflows/publish.yml vendored
View file

@ -15,12 +15,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@v3
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.10.1 # Also update in lint-and-test.yaml
@ -38,8 +38,24 @@ jobs:
run: |
git checkout origin/gh-pages index.yaml
# The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key
# in ASCII-armored format. To export a (new) key, run this command:
# `gpg --armor --export-secret-key <my key>`
- name: Prepare PGP key
run: |
IFS=""
echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg
echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt
# Tell chart-releaser-action where to find the key and its passphrase
echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
env:
PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}"
PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.5.0
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
with:
config: "./.github/configs/cr.yaml"
env:

73
.github/workflows/scorecard.yml vendored Normal file
View file

@ -0,0 +1,73 @@
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '21 6 * * 6'
push:
branches: [ "main" ]
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
if: github.repository_owner == 'argoproj'
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
with:
sarif_file: results.sarif

2
.github/workflows/stale.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
pull-requests: write # for actions/stale to close stale PRs
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v8
- uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Number of days of inactivity before an issue becomes stale

14
CODEOWNERS
View file

@ -1,16 +1,14 @@
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
# Other and new charts
/charts/ @oliverbaehler
# All
* @mkilchhofer @jmeridth
# Argo Workflows
/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @jmeridth @yu-croco
/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24
# Argo CD
/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil
/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24
# Argo Events
/charts/argo-events/ @jbehling @VaibhavPage @pdrastil
/charts/argo-events/ @pdrastil @jmeridth @tico24
# Argo Rollouts
/charts/argo-rollouts/
/charts/argo-rollouts/ @jmeridth

9
CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,9 @@
# Code of Conduct
We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). Please reference the link for details.
## TL;DR (too long didn't read)
Be kind
Your participation is at the discression of the maintainers of this project.

12
EMERITUS.md Normal file
View file

@ -0,0 +1,12 @@
# Emeritus Approvers
These are the people who have been approvers in the past, and have since retired from the role.
We thank them for their service to the project.
* @oliverbaehler
* @stefansedich
* @paguos
* @yann-soubeyrand
* @davidkarlsen
* @jbehling

9
OWNERS
View file

@ -1,9 +0,0 @@
owners:
- alexec
- alexmt
- jessesuen
approvers:
- alexec
- alexmt
- jessesuen

3
README.md
View file

@ -5,6 +5,7 @@
[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo)
[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm)
Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command:
@ -35,7 +36,7 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
### Security Policy
If you have a security concern relating to either this project repo or an individual helm chart, please [open an issue](https://github.com/argoproj/argo-helm/issues/new/choose) or [start a discussion](https://github.com/argoproj/argo-helm/discussions/new).
Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues.
### Changelog

21
SECURITY.md Normal file
View file

@ -0,0 +1,21 @@
# Security Policy
## Supported Versions and Upstream Reporting
Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy docueent to find out how to report the security issue.
* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)
* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md)
* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md)
* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md)
## Reporting a Vulnerability for Argo Helm Charts
We have enabled the ability to privately report security issues through the Security tab above.
[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that
A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation.
Thank you for helping to ensure this code stays secure.

6
charts/argo-cd/Chart.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.22.5
digest: sha256:d2e927511e515fb862f23dd413ee3a356c855d808f6f9ad1d345ee62b8c7ea16
generated: "2023-03-30T08:25:32.738257836+02:00"
version: 4.23.0
digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c
generated: "2023-05-15T19:25:26.049618+09:00"

13
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.6.7
appVersion: v2.7.3
kubeVersion: ">=1.22.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.29.1
version: 5.34.5
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -18,10 +18,13 @@ maintainers:
url: https://argoproj.github.io/
dependencies:
- name: redis-ha
version: 4.22.5
version: 4.23.0
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled
annotations:
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Namespace field for some namespaced resources needs to be evaluated via helm root scope
- kind: changed
description: Upgrade Argo CD to v2.7.3

41
charts/argo-cd/README.md
View file

@ -105,6 +105,11 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.31.0
The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility.
This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later.
In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start.
### 5.24.0
This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
@ -374,6 +379,7 @@ NAME: my-release
| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart |
| apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart |
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs |
| crds.keep | bool | `true` | Keep CRDs on chart uninstall |
@ -389,14 +395,13 @@ NAME: my-release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. |
| global.additionalLabels | object | `{}` | Common labels for the all resources |
| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity |
| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` |
| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` |
| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments |
| global.entrypoint.entrypoint | string | `"entrypoint.sh"` | The entrypoint to use for the containers. |
| global.entrypoint.useImplicit | bool | `false` | Implicitly use the docker image's entrypoint. This requires the image to have ENTRYPOINT set properly |
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
| global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments |
@ -510,9 +515,11 @@ NAME: my-release
| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector |
| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller |
| controller.metrics.service.annotations | object | `{}` | Metrics service annotations |
| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| controller.metrics.service.labels | object | `{}` | Metrics service labels |
| controller.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
| controller.metrics.service.servicePort | int | `8082` | Metrics service port |
| controller.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
@ -587,6 +594,7 @@ NAME: my-release
| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server |
| repoServer.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods |
| repoServer.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-repo-server container |
| repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
@ -594,9 +602,11 @@ NAME: my-release
| repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| repoServer.metrics.enabled | bool | `false` | Deploy metrics service |
| repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations |
| repoServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| repoServer.metrics.service.labels | object | `{}` | Metrics service labels |
| repoServer.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
| repoServer.metrics.service.servicePort | int | `8084` | Metrics service port |
| repoServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
| repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
@ -728,9 +738,11 @@ NAME: my-release
| server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| server.metrics.enabled | bool | `false` | Deploy metrics service |
| server.metrics.service.annotations | object | `{}` | Metrics service annotations |
| server.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| server.metrics.service.labels | object | `{}` | Metrics service labels |
| server.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
| server.metrics.service.servicePort | int | `8083` | Metrics service port |
| server.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
| server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
@ -835,7 +847,7 @@ server:
| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
| dex.image.tag | string | `"v2.35.3"` | Dex image tag |
| dex.image.tag | string | `"v2.36.0"` | Dex image tag |
| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| dex.initContainers | list | `[]` | Init containers to add to the dex pod |
| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
@ -921,7 +933,7 @@ server:
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis.image.tag | string | `"7.0.11-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.metrics.enabled | bool | `false` | Deploy metrics service |
@ -979,7 +991,7 @@ The main options are listed here:
| redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
@ -1013,6 +1025,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|-----|------|---------|-------------|
| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags |
| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
@ -1041,9 +1066,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| applicationSet.metrics.enabled | bool | `false` | Deploy metrics service |
| applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations |
| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| applicationSet.metrics.service.labels | object | `{}` | Metrics service labels |
| applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port |
| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
| applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
@ -1076,6 +1103,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.service.labels | object | `{}` | ApplicationSet service labels |
| applicationSet.service.port | int | `7000` | ApplicationSet service port |
| applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name |
| applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type |
| applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account |
@ -1124,8 +1152,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server |
| notifications.metrics.port | int | `9001` | Metrics port |
| notifications.metrics.service.annotations | object | `{}` | Metrics service annotations |
| notifications.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| notifications.metrics.service.labels | object | `{}` | Metrics service labels |
| notifications.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
| notifications.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
| notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
@ -1184,3 +1214,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
[tini]: https://github.com/argoproj/argo-cd/pull/12707

6
charts/argo-cd/README.md.gotmpl
View file

@ -104,6 +104,11 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.31.0
The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility.
This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later.
In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start.
### 5.24.0
This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
@ -546,3 +551,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
[tini]: https://github.com/argoproj/argo-cd/pull/12707

12
charts/argo-cd/templates/argocd-application-controller/metrics.yaml
View file

@ -9,13 +9,21 @@ metadata:
{{- with .Values.controller.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.service.annotations }}
{{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
annotations:
{{- range $key, $value := . }}
{{- if .Values.global.addPrometheusAnnotations }}
prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }}
prometheus.io/scrape: "true"
{{- end }}
{{- range $key, $value := .Values.controller.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.controller.metrics.service.type }}
{{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
{{- end }}
ports:
- name: {{ .Values.controller.metrics.service.portName }}
protocol: TCP

8
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -51,8 +51,8 @@ spec:
{{- end }}
serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
containers:
- command:
- argocd-application-controller
- args:
- /usr/local/bin/argocd-application-controller
- --metrics-port={{ .Values.controller.containerPorts.metrics }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
@ -255,8 +255,10 @@ spec:
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- with .Values.controller.containerSecurityContext }}
securityContext:
{{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
workingDir: /home/argocd
volumeMounts:
{{- with .Values.controller.volumeMounts }}

33
charts/argo-cd/templates/argocd-applicationset/certificate.yaml Normal file
View file

@ -0,0 +1,33 @@
{{- if .Values.applicationSet.certificate.enabled -}}
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
kind: Certificate
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
secretName: {{ .Values.applicationSet.certificate.secretName }}
commonName: {{ .Values.applicationSet.certificate.domain | quote }}
dnsNames:
- {{ .Values.applicationSet.certificate.domain | quote }}
{{- range .Values.applicationSet.certificate.additionalHosts }}
- {{ . | quote }}
{{- end }}
{{- with .Values.applicationSet.certificate.duration }}
duration: {{ . | quote }}
{{- end }}
{{- with .Values.applicationSet.certificate.renewBefore }}
renewBefore: {{ . | quote }}
{{- end }}
issuerRef:
{{- with .Values.applicationSet.certificate.issuer.group }}
group: {{ . | quote }}
{{- end }}
kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }}
name: {{ .Values.applicationSet.certificate.issuer.name | quote }}
{{- with .Values.applicationSet.certificate.privateKey }}
privateKey:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

10
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View file

@ -56,12 +56,8 @@ spec:
- name: {{ .Values.applicationSet.name }}
image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }}
{{- if not .Values.global.entrypoint.useImplicit }}
command:
- {{ .Values.global.entrypoint.entrypoint | quote }}
{{- end }}
args:
- argocd-applicationset-controller
- /usr/local/bin/argocd-applicationset-controller
- --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
- --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
- --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
@ -186,8 +182,10 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.applicationSet.resources | nindent 12 }}
{{- with .Values.applicationSet.containerSecurityContext }}
securityContext:
{{- toYaml .Values.applicationSet.containerSecurityContext | nindent 12 }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- with .Values.applicationSet.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}

12
charts/argo-cd/templates/argocd-applicationset/metrics.yaml
View file

@ -9,13 +9,21 @@ metadata:
{{- with .Values.applicationSet.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.metrics.service.annotations }}
{{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
annotations:
{{- range $key, $value := . }}
{{- if .Values.global.addPrometheusAnnotations }}
prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }}
prometheus.io/scrape: "true"
{{- end }}
{{- range $key, $value := .Values.applicationSet.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.applicationSet.metrics.service.type }}
{{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }}
{{- end }}
ports:
- name: {{ .Values.applicationSet.metrics.service.portName }}
protocol: TCP

1
charts/argo-cd/templates/argocd-applicationset/service.yaml
View file

@ -16,6 +16,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.applicationSet.service.type }}
ports:
- name: {{ .Values.applicationSet.service.portName }}
port: {{ .Values.applicationSet.service.port }}

8
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -56,8 +56,8 @@ spec:
- name: {{ .Values.notifications.name }}
image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }}
command:
- argocd-notifications
args:
- /usr/local/bin/argocd-notifications
- --metrics-port={{ .Values.notifications.containerPorts.metrics }}
- --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
@ -80,8 +80,10 @@ spec:
protocol: TCP
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
{{- with .Values.notifications.containerSecurityContext }}
securityContext:
{{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
{{- toYaml . | nindent 12 }}
{{- end }}
workingDir: /app
volumeMounts:
- name: tls-certs

12
charts/argo-cd/templates/argocd-notifications/metrics.yaml
View file

@ -9,13 +9,21 @@ metadata:
{{- with .Values.notifications.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.metrics.service.annotations }}
{{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
annotations:
{{- range $key, $value := . }}
{{- if .Values.global.addPrometheusAnnotations }}
prometheus.io/port: {{ .Values.notifications.metrics.port | quote }}
prometheus.io/scrape: "true"
{{- end }}
{{- range $key, $value := .Values.notifications.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.notifications.metrics.service.type }}
{{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.notifications.metrics.service.clusterIP }}
{{- end }}
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
ports:

16
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -61,12 +61,8 @@ spec:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
{{- if not .Values.global.entrypoint.useImplicit }}
command:
- {{ .Values.global.entrypoint.entrypoint | quote }}
{{- end }}
args:
- argocd-repo-server
- /usr/local/bin/argocd-repo-server
- --port={{ .Values.repoServer.containerPorts.server }}
- --metrics-port={{ .Values.repoServer.containerPorts.metrics }}
{{- with .Values.repoServer.logFormat }}
@ -277,14 +273,20 @@ spec:
failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.repoServer.resources | nindent 10 }}
{{- with .Values.repoServer.containerSecurityContext }}
securityContext:
{{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.repoServer.lifecycle }}
lifecycle:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.repoServer.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
initContainers:
- command:
- cp
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server

12
charts/argo-cd/templates/argocd-repo-server/metrics.yaml
View file

@ -9,13 +9,21 @@ metadata:
{{- with .Values.repoServer.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.metrics.service.annotations }}
{{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
annotations:
{{- range $key, $value := . }}
{{- if .Values.global.addPrometheusAnnotations }}
prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }}
prometheus.io/scrape: "true"
{{- end }}
{{- range $key, $value := .Values.repoServer.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.repoServer.metrics.service.type }}
{{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }}
{{- end }}
ports:
- name: {{ .Values.repoServer.metrics.service.portName }}
protocol: TCP

12
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -58,8 +58,8 @@ spec:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
command:
- argocd-server
args:
- /usr/local/bin/argocd-server
- --port={{ .Values.server.containerPorts.server }}
- --metrics-port={{ .Values.server.containerPorts.metrics }}
{{- with .Values.server.logFormat }}
@ -334,8 +334,10 @@ spec:
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.server.resources | nindent 10 }}
{{- with .Values.server.containerSecurityContext }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.server.lifecycle }}
lifecycle:
{{- toYaml . | nindent 10 }}
@ -346,8 +348,10 @@ spec:
imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
{{- with .Values.server.extensions.containerSecurityContext }}
securityContext:
{{- toYaml .Values.server.extensions.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: extensions
mountPath: /tmp/extensions/

12
charts/argo-cd/templates/argocd-server/metrics.yaml
View file

@ -9,13 +9,21 @@ metadata:
{{- with .Values.server.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.metrics.service.annotations }}
{{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
annotations:
{{- range $key, $value := . }}
{{- if .Values.global.addPrometheusAnnotations }}
prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }}
prometheus.io/scrape: "true"
{{- end }}
{{- range $key, $value := .Values.server.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.server.metrics.service.type }}
{{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.server.metrics.service.clusterIP }}
{{- end }}
ports:
- name: {{ .Values.server.metrics.service.portName }}
protocol: TCP

2
charts/argo-cd/templates/argocd-server/role.yaml
View file

@ -23,7 +23,9 @@ rules:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
- appprojects
{{- if .Values.server.extensions.enabled }}
- argocdextensions

336
charts/argo-cd/templates/crds/crd-application.yaml
View file

@ -12,6 +12,9 @@ metadata:
labels:
app.kubernetes.io/name: applications.argoproj.io
app.kubernetes.io/part-of: argocd
{{- with .Values.crds.additionalLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
name: applications.argoproj.io
spec:
group: argoproj.io
@ -310,6 +313,10 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether
to apply env variables substitution for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -341,6 +348,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -572,6 +602,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether
to apply env variables substitution for annotation
values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -604,6 +639,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -950,6 +1008,10 @@ spec:
description: CommonAnnotations is a list of additional annotations
to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether to
apply env variables substitution for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -980,6 +1042,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize adds
to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas override
specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize to
use for rendering manifests
@ -1203,6 +1288,10 @@ spec:
description: CommonAnnotations is a list of additional annotations
to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether
to apply env variables substitution for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -1234,6 +1323,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas override
specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -1604,6 +1716,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether
to apply env variables substitution for annotation
values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -1636,6 +1753,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -1869,6 +2009,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether
to apply env variables substitution for annotation
values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -1901,6 +2046,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -2279,6 +2447,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies
whether to apply env variables substitution
for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -2311,6 +2484,29 @@ spec:
description: NameSuffix is a suffix appended to
resources for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that
Kustomize adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of
Kustomize to use for rendering manifests
@ -2562,6 +2758,11 @@ spec:
additional annotations to add to rendered
manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies
whether to apply env variables substitution
for annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -2594,6 +2795,29 @@ spec:
description: NameSuffix is a suffix appended
to resources for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that
Kustomize adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize
Replicas override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version
of Kustomize to use for rendering manifests
@ -2945,6 +3169,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether
to apply env variables substitution for annotation
values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -2977,6 +3206,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -3221,6 +3473,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies
whether to apply env variables substitution for
annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -3253,6 +3510,29 @@ spec:
description: NameSuffix is a suffix appended to
resources for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -3602,6 +3882,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies whether
to apply env variables substitution for annotation
values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -3634,6 +3919,29 @@ spec:
description: NameSuffix is a suffix appended to resources
for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests
@ -3878,6 +4186,11 @@ spec:
description: CommonAnnotations is a list of additional
annotations to add to rendered manifests
type: object
commonAnnotationsEnvsubst:
description: CommonAnnotationsEnvsubst specifies
whether to apply env variables substitution for
annotation values
type: boolean
commonLabels:
additionalProperties:
type: string
@ -3910,6 +4223,29 @@ spec:
description: NameSuffix is a suffix appended to
resources for Kustomize apps
type: string
namespace:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
items:
properties:
count:
anyOf:
- type: integer
- type: string
description: Number of replicas
x-kubernetes-int-or-string: true
name:
description: Name of Deployment or StatefulSet
type: string
required:
- count
- name
type: object
type: array
version:
description: Version controls which version of Kustomize
to use for rendering manifests

814
charts/argo-cd/templates/crds/crd-applicationset.yaml
View file

File diff suppressed because it is too large Load diff

3
charts/argo-cd/templates/crds/crd-extension.yaml
View file

@ -13,6 +13,9 @@ metadata:
labels:
app.kubernetes.io/name: argocdextensions.argoproj.io
app.kubernetes.io/part-of: argocd
{{- with .Values.crds.additionalLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
name: argocdextensions.argoproj.io
spec:
group: argoproj.io

3
charts/argo-cd/templates/crds/crd-project.yaml
View file

@ -12,6 +12,9 @@ metadata:
labels:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
{{- with .Values.crds.additionalLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
name: appprojects.argoproj.io
spec:
group: argoproj.io

10
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -117,8 +117,10 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- with .Values.dex.containerSecurityContext }}
securityContext:
{{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- with .Values.dex.volumeMounts }}
{{- toYaml . | nindent 8 }}
@ -137,7 +139,7 @@ spec:
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
command:
- cp
- /bin/cp
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
@ -148,8 +150,10 @@ spec:
name: dexconfig
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- with .Values.dex.containerSecurityContext }}
securityContext:
{{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.dex.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}

6
charts/argo-cd/templates/extra-manifests.yaml
View file

@ -1,4 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{- if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

8
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -75,8 +75,10 @@ spec:
protocol: TCP
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
{{- with .Values.redis.containerSecurityContext }}
securityContext:
{{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
@ -99,8 +101,10 @@ spec:
protocol: TCP
resources:
{{- toYaml .Values.redis.exporter.resources | nindent 10 }}
{{- with .Values.redis.exporter.containerSecurityContext }}
securityContext:
{{- toYaml .Values.redis.exporter.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.redis.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}

12
charts/argo-cd/templates/redis/metrics.yaml
View file

@ -10,16 +10,20 @@ metadata:
{{- with .Values.redis.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.redis.metrics.service.annotations }}
{{- if or .Values.redis.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
annotations:
{{- range $key, $value := . }}
{{- if .Values.global.addPrometheusAnnotations }}
prometheus.io/port: {{ .Values.redis.metrics.service.servicePort | quote }}
prometheus.io/scrape: "true"
{{- end }}
{{- range $key, $value := .Values.redis.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.redis.metrics.service.type }}
{{- with .Values.redis.metrics.service.clusterIP }}
clusterIP: {{ . }}
{{- if and .Values.redis.metrics.service.clusterIP (eq .Values.redis.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.redis.metrics.service.clusterIP }}
{{- end }}
ports:
- name: {{ .Values.redis.metrics.service.portName }}

85
charts/argo-cd/values.yaml
View file

@ -38,6 +38,8 @@ crds:
keep: true
# -- Annotations to be added to all CRDs
annotations: {}
# -- Addtional labels to be added to all CRDs
additionalLabels: {}
## Globally shared configuration
global:
@ -79,6 +81,9 @@ global:
# -- Labels for the all deployed pods
podLabels: {}
# -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors.
addPrometheusAnnotations: false
# -- Toggle and define pod-level security context.
# @default -- `{}` (See [values.yaml])
securityContext: {}
@ -132,14 +137,6 @@ global:
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# POD entrypoint configuration
entrypoint:
# -- Implicitly use the docker image's entrypoint. This requires the image to have
# ENTRYPOINT set properly
useImplicit: false
# -- The entrypoint to use for the containers.
entrypoint: "entrypoint.sh"
# -- Deployment strategy for the all deployed Deployments
deploymentStrategy: {}
# type: RollingUpdate
@ -318,6 +315,8 @@ configs:
# -- Known hosts to be added to the known host list by default.
# @default -- See [values.yaml]
knownHosts: |
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
@ -770,6 +769,10 @@ controller:
# -- Additional labels
labels: []
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
@ -915,7 +918,7 @@ dex:
# -- Dex image repository
repository: ghcr.io/dexidp/dex
# -- Dex image tag
tag: v2.35.3
tag: v2.36.0
# -- Dex imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1141,7 +1144,7 @@ redis:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.7-alpine
tag: 7.0.11-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1384,7 +1387,7 @@ redis-ha:
enabled: true
image:
# -- Redis tag
tag: 7.0.7-alpine
tag: 7.0.11-alpine
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints:
@ -1781,6 +1784,10 @@ server:
# -- Deploy metrics service
enabled: false
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
@ -2054,6 +2061,9 @@ repoServer:
# - secretRef:
# name: secret-name
# -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container
lifecycle: {}
# -- Additional containers to be added to the repo server pod
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
## Note: Supports use of custom Helm templates
@ -2249,6 +2259,10 @@ repoServer:
# -- Deploy metrics service
enabled: false
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
@ -2402,6 +2416,10 @@ applicationSet:
# -- Deploy metrics service
enabled: false
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
@ -2440,6 +2458,8 @@ applicationSet:
annotations: {}
# -- ApplicationSet service labels
labels: {}
# -- ApplicationSet service type
type: ClusterIP
# -- ApplicationSet service port
port: 7000
# -- ApplicationSet service port name
@ -2608,6 +2628,45 @@ applicationSet:
# hosts:
# - argocd-applicationset.example.com
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
certificate:
# -- Deploy a Certificate resource (requires cert-manager)
enabled: false
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-application-controller-tls
# -- Certificate primary domain (commonName)
domain: argocd.example.com
# -- Certificate Subject Alternate Names (SANs)
additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate.
# @default -- `""` (defaults to 2160h = 90d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
duration: ""
# -- How long before the expiry a certificate should be renewed.
# @default -- `""` (defaults to 360h = 15d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
renewBefore: ""
# Certificate issuer
## Ref: https://cert-manager.io/docs/concepts/issuer
issuer:
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group: ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: ""
# -- Certificate issuer name. Eg. `letsencrypt`
name: ""
# Private key of the certificate
privateKey:
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
rotationPolicy: Never
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
encoding: PKCS1
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
algorithm: RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size: 2048
## Notifications controller
notifications:
# -- Enable notifications controller
@ -2721,6 +2780,10 @@ notifications:
# -- Metrics port
port: 9001
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels

11
charts/argo-events/Chart.yaml
View file

@ -2,9 +2,9 @@ apiVersion: v2
appVersion: v1.7.6
description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events
version: 2.2.0
version: 2.3.3
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-events/assets/logo.png
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords:
- argoproj
- argo-events
@ -14,6 +14,9 @@ maintainers:
- name: argoproj
url: https://argoproj.github.io/
annotations:
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: add namespace field for namespace scoped resources
- kind: added
description: Introduce chart signing

6
charts/argo-events/templates/extra-manifests.yaml
View file

@ -1,4 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{- if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

7
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.4.1
appVersion: v1.5.0
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.25.1
version: 2.30.1
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:
@ -14,6 +14,9 @@ maintainers:
- name: argoproj
url: https://argoproj.github.io/
annotations:
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Missing get access for configmaps in argo rollouts dashboard service account role

10
charts/argo-rollouts/README.md
View file

@ -49,6 +49,7 @@ For full list of changes please check ArtifactHub [changelog].
| createClusterAggregateRoles | bool | `true` | flag to enable creation of cluster aggregate roles (requires cluster RBAC) |
| extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. |
| fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template |
| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments |
| imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. |
| installCRDs | bool | `true` | Install and upgrade CRDs |
| keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
@ -75,7 +76,10 @@ For full list of changes please check ArtifactHub [changelog].
| containerSecurityContext | object | `{}` | Security Context to set on container level |
| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
| controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
| controller.containerPorts.healthz | int | `8080` | Healthz container port |
| controller.containerPorts.metrics | int | `8090` | Metrics container port |
| controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) |
| controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment |
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. |
| controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. |
| controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. |
@ -85,10 +89,15 @@ For full list of changes please check ArtifactHub [changelog].
| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod |
| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller |
| controller.metrics.enabled | bool | `false` | Deploy metrics service |
| controller.metrics.service.port | int | `8090` | Metrics service port |
| controller.metrics.service.portName | string | `"metrics"` | Metrics service port name |
| controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor |
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor |
| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion |
| controller.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping |
| controller.nodeSelector | object | `{}` | [Node selector] |
| controller.pdb.annotations | object | `{}` | Annotations to be added to controller [Pod Disruption Budget] |
| controller.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the controller |
@ -120,6 +129,7 @@ For full list of changes please check ArtifactHub [changelog].
| dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` |
| dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level |
| dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) |
| dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment |
| dashboard.enabled | bool | `false` | Deploy dashboard server |
| dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. |
| dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. |

12
charts/argo-rollouts/templates/controller/configmap.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argo-rollouts-config
namespace: {{ .Release.Namespace | quote }}
labels:
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
data:
{{- with .Values.controller.metricProviderPlugins }}
{{- toYaml . | nindent 2 }}
{{- end }}

12
charts/argo-rollouts/templates/controller/deployment.yaml
View file

@ -1,6 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-rollouts.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
@ -37,6 +43,8 @@ spec:
containers:
- image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}"
args:
- --healthzPort={{ .Values.controller.containerPorts.healthz }}
- --metricsport={{ .Values.controller.containerPorts.metrics }}
{{- if not .Values.clusterInstall }}
- --namespaced
{{- end }}
@ -53,9 +61,9 @@ spec:
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
name: argo-rollouts
ports:
- containerPort: 8090
- containerPort: {{ .Values.controller.containerPorts.metrics }}
name: metrics
- containerPort: 8080
- containerPort: {{ .Values.controller.containerPorts.healthz }}
name: healthz
livenessProbe:
{{- toYaml .Values.controller.livenessProbe | nindent 10 }}

6
charts/argo-rollouts/templates/controller/metrics-service.yaml
View file

@ -13,10 +13,10 @@ metadata:
{{- end }}
spec:
ports:
- name: metrics
- name: {{ .Values.controller.metrics.service.portName }}
protocol: TCP
port: 8090
targetPort: 8090
port: {{ .Values.controller.metrics.service.port }}
targetPort: metrics
selector:
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.selectorLabels" . | nindent 4 }}

10
charts/argo-rollouts/templates/controller/servicemonitor.yaml
View file

@ -16,7 +16,15 @@ metadata:
{{- end }}
spec:
endpoints:
- port: metrics
- port: {{ .Values.controller.metrics.service.portName }}
{{- with .Values.controller.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}

70
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -188,6 +188,8 @@ spec:
type: object
datadog:
properties:
apiVersion:
type: string
interval:
type: string
query:
@ -240,6 +242,51 @@ spec:
parallelism:
format: int32
type: integer
podFailurePolicy:
properties:
rules:
items:
properties:
action:
type: string
onExitCodes:
properties:
containerName:
type: string
operator:
type: string
values:
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
- values
type: object
onPodConditions:
items:
properties:
status:
type: string
type:
type: string
required:
- status
- type
type: object
type: array
x-kubernetes-list-type: atomic
required:
- action
- onPodConditions
type: object
type: array
x-kubernetes-list-type: atomic
required:
- rules
type: object
selector:
properties:
matchExpressions:
@ -1832,6 +1879,8 @@ spec:
type: boolean
hostPID:
type: boolean
hostUsers:
type: boolean
hostname:
type: string
imagePullSecrets:
@ -2579,12 +2628,21 @@ spec:
type: string
type: object
type: object
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:
@ -2710,6 +2768,9 @@ spec:
required:
- query
type: object
plugin:
type: object
x-kubernetes-preserve-unknown-fields: true
prometheus:
properties:
address:
@ -2717,6 +2778,15 @@ spec:
query:
type: string
type: object
skywalking:
properties:
address:
type: string
interval:
type: string
query:
type: string
type: object
wavefront:
properties:
address:

70
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -184,6 +184,8 @@ spec:
type: object
datadog:
properties:
apiVersion:
type: string
interval:
type: string
query:
@ -236,6 +238,51 @@ spec:
parallelism:
format: int32
type: integer
podFailurePolicy:
properties:
rules:
items:
properties:
action:
type: string
onExitCodes:
properties:
containerName:
type: string
operator:
type: string
values:
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
- values
type: object
onPodConditions:
items:
properties:
status:
type: string
type:
type: string
required:
- status
- type
type: object
type: array
x-kubernetes-list-type: atomic
required:
- action
- onPodConditions
type: object
type: array
x-kubernetes-list-type: atomic
required:
- rules
type: object
selector:
properties:
matchExpressions:
@ -1828,6 +1875,8 @@ spec:
type: boolean
hostPID:
type: boolean
hostUsers:
type: boolean
hostname:
type: string
imagePullSecrets:
@ -2575,12 +2624,21 @@ spec:
type: string
type: object
type: object
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:
@ -2706,6 +2764,9 @@ spec:
required:
- query
type: object
plugin:
type: object
x-kubernetes-preserve-unknown-fields: true
prometheus:
properties:
address:
@ -2713,6 +2774,15 @@ spec:
query:
type: string
type: object
skywalking:
properties:
address:
type: string
interval:
type: string
query:
type: string
type: object
wavefront:
properties:
address:

70
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -184,6 +184,8 @@ spec:
type: object
datadog:
properties:
apiVersion:
type: string
interval:
type: string
query:
@ -236,6 +238,51 @@ spec:
parallelism:
format: int32
type: integer
podFailurePolicy:
properties:
rules:
items:
properties:
action:
type: string
onExitCodes:
properties:
containerName:
type: string
operator:
type: string
values:
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
- values
type: object
onPodConditions:
items:
properties:
status:
type: string
type:
type: string
required:
- status
- type
type: object
type: array
x-kubernetes-list-type: atomic
required:
- action
- onPodConditions
type: object
type: array
x-kubernetes-list-type: atomic
required:
- rules
type: object
selector:
properties:
matchExpressions:
@ -1828,6 +1875,8 @@ spec:
type: boolean
hostPID:
type: boolean
hostUsers:
type: boolean
hostname:
type: string
imagePullSecrets:
@ -2575,12 +2624,21 @@ spec:
type: string
type: object
type: object
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:
@ -2706,6 +2764,9 @@ spec:
required:
- query
type: object
plugin:
type: object
x-kubernetes-preserve-unknown-fields: true
prometheus:
properties:
address:
@ -2713,6 +2774,15 @@ spec:
query:
type: string
type: object
skywalking:
properties:
address:
type: string
interval:
type: string
query:
type: string
type: object
wavefront:
properties:
address:

14
charts/argo-rollouts/templates/crds/experiment-crd.yaml
View file

@ -159,6 +159,9 @@ spec:
type: object
type: object
service:
properties:
name:
type: string
type: object
template:
properties:
@ -1727,6 +1730,8 @@ spec:
type: boolean
hostPID:
type: boolean
hostUsers:
type: boolean
hostname:
type: string
imagePullSecrets:
@ -2474,12 +2479,21 @@ spec:
type: string
type: object
type: object
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:

78
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -163,6 +163,17 @@ spec:
x-kubernetes-int-or-string: true
postPromotionAnalysis:
properties:
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
args:
items:
properties:
@ -220,6 +231,17 @@ spec:
type: object
prePromotionAnalysis:
properties:
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
args:
items:
properties:
@ -307,6 +329,17 @@ spec:
type: integer
analysis:
properties:
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
args:
items:
properties:
@ -440,6 +473,17 @@ spec:
properties:
analysis:
properties:
analysisRunMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
args:
items:
properties:
@ -580,6 +624,11 @@ spec:
type: string
type: object
type: object
service:
properties:
name:
type: string
type: object
specRef:
type: string
weight:
@ -869,9 +918,14 @@ spec:
type: string
stableIngress:
type: string
required:
- stableIngress
stableIngresses:
items:
type: string
type: array
type: object
plugins:
type: object
x-kubernetes-preserve-unknown-fields: true
smi:
properties:
rootService:
@ -2456,6 +2510,8 @@ spec:
type: boolean
hostPID:
type: boolean
hostUsers:
type: boolean
hostname:
type: string
imagePullSecrets:
@ -3203,12 +3259,21 @@ spec:
type: string
type: object
type: object
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:
@ -3257,30 +3322,39 @@ spec:
properties:
arn:
type: string
fullName:
type: string
name:
type: string
required:
- arn
- fullName
- name
type: object
loadBalancer:
properties:
arn:
type: string
fullName:
type: string
name:
type: string
required:
- arn
- fullName
- name
type: object
stableTargetGroup:
properties:
arn:
type: string
fullName:
type: string
name:
type: string
required:
- arn
- fullName
- name
type: object
type: object

8
charts/argo-rollouts/templates/dashboard/clusterrole.yaml
View file

@ -77,4 +77,12 @@ rules:
- configmaps
verbs:
- get
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
{{- end }}

6
charts/argo-rollouts/templates/dashboard/deployment.yaml
View file

@ -2,6 +2,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dashboard.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-rollouts.fullname" . }}-dashboard
namespace: {{ .Release.Namespace | quote }}
labels:

6
charts/argo-rollouts/templates/extra-manifests.yaml
View file

@ -1,4 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{- if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

31
charts/argo-rollouts/values.yaml
View file

@ -38,9 +38,15 @@ extraObjects: []
# api-key: <datadog-api-key>
# app-key: <datadog-app-key>
global:
# -- Annotations for all deployed Deployments
deploymentAnnotations: {}
controller:
# -- Value of label `app.kubernetes.io/component`
component: rollouts-controller
# -- Annotations to be added to the controller deployment
deploymentAnnotations: {}
# -- Annotations to be added to application controller pods
podAnnotations: {}
# -- [Node selector]
@ -106,9 +112,21 @@ controller:
# -- flag to enable creation of cluster controller role (requires cluster RBAC)
createClusterRole: true
# Controller container ports
containerPorts:
# -- Metrics container port
metrics: 8090
# -- Healthz container port
healthz: 8080
metrics:
# -- Deploy metrics service
enabled: false
service:
# -- Metrics service port name
portName: metrics
# -- Metrics service port
port: 8090
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
@ -116,6 +134,10 @@ controller:
additionalLabels: {}
# -- Annotations to be added to the ServiceMonitor
additionalAnnotations: {}
# -- RelabelConfigs to apply to samples before scraping
relabelings: []
# -- MetricRelabelConfigs to apply to samples before ingestion
metricRelabelings: []
# -- Configure liveness [probe] for the controller
# @default -- See [values.yaml]
@ -165,6 +187,13 @@ controller:
# - mountPath: /etc/ssl/certs
# name: my-certs
# -- Configures 3rd party metric providers for controller
## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/
metricProviderPlugins: {}
# metricProviderPlugins: |-
# - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration
# location: "file://./my-custom-plugin" # supports http(s):// urls and file://
serviceAccount:
# -- Specifies whether a service account should be created
create: true
@ -230,6 +259,8 @@ dashboard:
readonly: false
# -- Value of label `app.kubernetes.io/component`
component: rollouts-dashboard
# -- Annotations to be added to the dashboard deployment
deploymentAnnotations: {}
# -- Annotations to be added to application dashboard pods
podAnnotations: {}
# -- [Node selector]

13
charts/argo-workflows/Chart.yaml
View file

@ -1,10 +1,10 @@
apiVersion: v2
appVersion: v3.4.7
appVersion: v3.4.8
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.24.1
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
version: 0.28.2
icon: https://argoproj.github.io/argo-workflows/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
- https://github.com/argoproj/argo-workflows
@ -12,6 +12,9 @@ maintainers:
- name: argoproj
url: https://argoproj.github.io/
annotations:
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Add option for workflow controller to read all secrets.
- kind: changed
description: Upgrade to Argo Workflows v3.4.8

22
charts/argo-workflows/README.md
View file

@ -101,6 +101,8 @@ Fields to note:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart |
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs |
| crds.keep | bool | `true` | Keep CRDs on chart uninstall |
@ -153,13 +155,16 @@ Fields to note:
| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server |
| controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion |
| controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
| controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". |
| controller.metricsConfig.port | int | `9090` | Port is the port where metrics are emitted |
| controller.metricsConfig.portName | string | `"metrics"` | Container metrics port name |
| controller.metricsConfig.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping |
| controller.metricsConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS |
| controller.metricsConfig.servicePort | int | `8080` | Service metrics port |
| controller.metricsConfig.servicePortName | string | `"metrics"` | Service metrics port name |
| controller.metricsConfig.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric |
| controller.name | string | `"workflow-controller"` | Workflow controller name string |
| controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace |
| controller.navColor | string | `""` | Set ui navigation bar background color |
@ -236,7 +241,19 @@ Fields to note:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine |
| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] |
| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine |
| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] |
| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate |
| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. |
| server.affinity | object | `{}` | Assign custom [affinity] rules |
| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server |
| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] |
| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo Server [HPA] |
| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo Server [HPA] |
| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo Server [HPA] |
| server.baseHref | string | `"/"` | Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. |
| server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. |
| server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. |
@ -299,8 +316,7 @@ Fields to note:
| artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage |
| artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store |
| artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store |
| customArtifactRepository | object | `{}` | The section of custom artifact repository. Will be added to the config in case useDefaultArtifactRepo is set to false |
| useDefaultArtifactRepo | bool | `false` | Influences the creation of the ConfigMap for the workflow-controller itself. |
| customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) |
| useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) |
## Breaking changes from the deprecated `argo` chart
@ -324,6 +340,8 @@ Fields to note:
1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig`
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[links]: https://argoproj.github.io/argo-workflows/links/
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/

2
charts/argo-workflows/README.md.gotmpl
View file

@ -188,6 +188,8 @@ Fields to note:
1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig`
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[links]: https://argoproj.github.io/argo-workflows/links/
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/

26
charts/argo-workflows/templates/_helpers.tpl
View file

@ -153,3 +153,29 @@ Return full image name including or excluding registry based on existence
{{ .image.repository }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for autoscaling
*/}}
{{- define "argo-workflows.apiVersion.autoscaling" -}}
{{- if .Values.apiVersionOverrides.autoscaling -}}
{{- print .Values.apiVersionOverrides.autoscaling -}}
{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}}
{{- print "autoscaling/v2beta1" -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for GKE resources
*/}}
{{- define "argo-workflows.apiVersions.cloudgoogle" -}}
{{- if .Values.apiVersionOverrides.cloudgoogle -}}
{{- print .Values.apiVersionOverrides.cloudgoogle -}}
{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
{{- print "cloud.google.com/v1" -}}
{{- else -}}
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}

23
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -55,35 +55,34 @@ data:
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.useDefaultArtifactRepo }}
artifactRepository:
{{- if .Values.artifactRepository.archiveLogs }}
archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
{{- end }}
{{- with .Values.artifactRepository.gcs }}
gcs: {{- toYaml . | nindent 8 }}
gcs: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.artifactRepository.azure }}
azure: {{- toYaml . | nindent 8 }}
azure: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- if and (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }}
s3:
{{- if .Values.useStaticCredentials }}
accessKeySecret:
key: {{ .Values.artifactRepository.s3.accessKeySecret.key }}
name: {{ .Values.artifactRepository.s3.accessKeySecret.name }}
key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }}
name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }}
secretKeySecret:
key: {{ .Values.artifactRepository.s3.secretKeySecret.key }}
name: {{ .Values.artifactRepository.s3.secretKeySecret.name }}
key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
{{- end }}
bucket: {{ .Values.artifactRepository.s3.bucket }}
endpoint: {{ .Values.artifactRepository.s3.endpoint }}
bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}
insecure: {{ .Values.artifactRepository.s3.insecure }}
{{- if .Values.artifactRepository.s3.keyFormat }}
keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
{{- end }}
{{- if .Values.artifactRepository.s3.region }}
region: {{ .Values.artifactRepository.s3.region }}
region: {{ tpl .Values.artifactRepository.s3.region $ }}
{{- end }}
{{- if .Values.artifactRepository.s3.roleARN }}
roleARN: {{ .Values.artifactRepository.s3.roleARN }}
@ -96,10 +95,8 @@ data:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- else }}
{{- if .Values.customArtifactRepository }}
artifactRepository: {{- toYaml .Values.customArtifactRepository | nindent 6 }}
{{- end }}
{{- toYaml .Values.customArtifactRepository | nindent 6 }}
{{- end }}
{{- if .Values.controller.metricsConfig.enabled }}
metricsConfig:

2
charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
View file

@ -35,7 +35,7 @@ spec:
{{- end }}
{{- with .Values.controller.extraInitContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
containers:
- name: controller

22
charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
View file

@ -12,14 +12,34 @@ metadata:
spec:
endpoints:
{{- if .Values.controller.metricsConfig.enabled }}
- port: metrics
- port: {{ .Values.controller.metricsConfig.servicePortName }}
path: {{ .Values.controller.metricsConfig.path }}
interval: 30s
{{- with .Values.controller.metricsConfig.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.metricsConfig.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
- port: telemetry
path: {{ .Values.controller.telemetryConfig.path }}
interval: 30s
{{- with .Values.controller.metricsConfig.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.metricsConfig.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.metricsConfig.targetLabels }}
targetLabels:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:

2
charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml
View file

@ -1,4 +1,5 @@
{{- if .Values.crds.install }}
{{- if or (.Values.server.clusterWorkflowTemplates.enabled) (.Values.controller.clusterWorkflowTemplates.enabled) }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -43,3 +44,4 @@ spec:
served: true
storage: true
{{- end }}
{{- end }}

6
charts/argo-workflows/templates/extra-manifests.yaml
View file

@ -1,4 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{- if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

11
charts/argo-workflows/templates/server/gke/backendconfig.yaml Normal file
View file

@ -0,0 +1,11 @@
{{- if .Values.server.GKEbackendConfig.enabled }}
apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }}
kind: BackendConfig
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
{{- end }}

11
charts/argo-workflows/templates/server/gke/frontendconfig.yaml Normal file
View file

@ -0,0 +1,11 @@
{{- if .Values.server.GKEfrontendConfig.enabled }}
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }}
{{- end }}

12
charts/argo-workflows/templates/server/gke/managedcertificate.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.server.GKEmanagedCertificate.enabled }}
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
spec:
domains:
{{- with .Values.server.GKEmanagedCertificate.domains }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

45
charts/argo-workflows/templates/server/server-deployment-hpa.yaml Normal file
View file

@ -0,0 +1,45 @@
{{- if and .Values.server.enabled .Values.server.autoscaling.enabled }}
apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "argo-workflows.server.fullname" . }}
minReplicas: {{ .Values.server.autoscaling.minReplicas }}
maxReplicas: {{ .Values.server.autoscaling.maxReplicas }}
metrics:
{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

4
charts/argo-workflows/templates/server/server-deployment.yaml
View file

@ -12,7 +12,9 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.server.autoscaling.enabled }}
replicas: {{ .Values.server.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
@ -36,7 +38,7 @@ spec:
{{- end }}
{{- with .Values.server.extraInitContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
containers:
- name: argo-server

86
charts/argo-workflows/values.yaml
View file

@ -29,6 +29,13 @@ fullnameOverride:
# -- Override the Kubernetes version, which is used to evaluate certain manifests
kubeVersionOverride: ""
# Override APIVersions
apiVersionOverrides:
# -- String to override apiVersion of autoscaling rendered by this helm chart
autoscaling: "" # autoscaling/v2
# -- String to override apiVersion of GKE resources rendered by this helm chart
cloudgoogle: "" # cloud.google.com/v1
# -- Restrict Argo to operate only in a single namespace (the namespace of the
# Helm release) by apply Roles and RoleBindings instead of the Cluster
# equivalents, and start workflow-controller with the --namespaced flag. Use it
@ -111,6 +118,15 @@ controller:
servicePort: 8080
# -- Service metrics port name
servicePortName: metrics
# -- ServiceMonitor relabel configs to apply to samples before scraping
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
relabelings: []
# -- ServiceMonitor metric relabel configs to apply to samples before ingestion
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
metricRelabelings: []
# -- ServiceMonitor will add labels from the service to the Prometheus metric
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec
targetLabels: []
# -- the controller container's securityContext
securityContext:
readOnlyRootFilesystem: true
@ -431,6 +447,32 @@ server:
resources: {}
# -- The number of server pods to run
replicas: 1
## Argo Server Horizontal Pod Autoscaler
autoscaling:
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server
enabled: false
# -- Minimum number of replicas for the Argo Server [HPA]
minReplicas: 1
# -- Maximum number of replicas for the Argo Server [HPA]
maxReplicas: 5
# -- Average CPU utilization percentage for the Argo Server [HPA]
targetCPUUtilizationPercentage: 50
# -- Average memory utilization percentage for the Argo Server [HPA]
targetMemoryUtilizationPercentage: 50
# -- Configures the scaling behavior of the target in both Up and Down directions.
# This is only available on HPA apiVersion `autoscaling/v2beta2` and newer
behavior: {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 180
# scaleUp:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 2
pdb:
# -- Configure [Pod Disruption Budget] for the server pods
enabled: false
@ -536,6 +578,40 @@ server:
# hosts:
# - argoworkflows.example.com
## Create a Google Backendconfig for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
GKEbackendConfig:
# -- Enable BackendConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [BackendConfigSpec]
spec: {}
# spec:
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argoworkflows-secret
## Create a Google Managed Certificate for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
GKEmanagedCertificate:
# -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
enabled: false
# -- Domains for the Google Managed Certificate
domains:
- argoworkflows.example.com
## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
GKEfrontendConfig:
# -- Enable FrontConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [FrontendConfigSpec]
spec: {}
# spec:
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
clusterWorkflowTemplates:
# -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
enabled: true
@ -604,8 +680,6 @@ extraObjects: []
# secretName: argo-server-sso-secrets-store
# type: Opaque
# -- Influences the creation of the ConfigMap for the workflow-controller itself.
useDefaultArtifactRepo: false
# -- Use static credentials for S3 (eg. when not using AWS IRSA)
useStaticCredentials: true
artifactRepository:
@ -617,10 +691,10 @@ artifactRepository:
# Note the `key` attribute is not the actual secret, it's the PATH to
# the contents in the associated secret, as defined by the `name` attribute.
accessKeySecret:
# name: <releaseName>-minio
name: "{{ .Release.Name }}-minio"
key: accesskey
secretKeySecret:
# name: <releaseName>-minio
name: "{{ .Release.Name }}-minio"
key: secretkey
# insecure will disable TLS. Primarily used for minio installs not configured with TLS
insecure: false
@ -667,10 +741,8 @@ artifactRepository:
# key: account-access-key
# -- The section of custom artifact repository.
# Will be added to the config in case useDefaultArtifactRepo is set to false
# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)
customArtifactRepository: {}
# customArtifactRepository:
# archiveLogs: true
# artifactory:
# repoUrl: https://artifactory.example.com/raw
# usernameSecret:

7
charts/argocd-apps/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-apps
description: A Helm chart for managing additional Argo CD Applications and Projects
type: application
version: 0.0.9
version: 1.2.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -13,6 +13,9 @@ maintainers:
- name: argoproj
url: https://argoproj.github.io/
annotations:
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Multiple sources for Application and ApplicationSet
description: Rollout strategy for ApplicationSet

1
charts/argocd-apps/README.md
View file

@ -31,6 +31,7 @@ $ helm install my-release argo/argocd-apps
| applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release |
| applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release |
| extensions | list | `[]` (See [values.yaml]) | Deploy Argo UI Extensions within this helm release |
| itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release |
| projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release |
----------------------------------------------

41
charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml Normal file
View file

@ -0,0 +1,41 @@
# Test applicationsets with Progressive Syncs
applicationsets:
- name: applicationset-progressive-syncs
generators:
- list:
elements:
- cluster: engineering-dev
url: https://1.2.3.4
env: env-dev
- cluster: engineering-prod
url: https://9.8.7.6/
env: env-prod
strategy:
type: RollingSync
rollingSync:
steps:
- matchExpressions:
- key: envLabel
operator: In
values:
- env-dev
- matchExpressions:
- key: envLabel
operator: In
values:
- env-prod
template:
metadata:
name: '{{.cluster}}-guestbook'
labels:
envLabel: '{{.env}}'
spec:
project: my-project
source:
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
path: guestbook/{{.cluster}}
destination:
server: '{{.url}}'
namespace: guestbook

29
charts/argocd-apps/ci/applicationsets-values.yaml
View file

@ -42,3 +42,32 @@ applicationsets:
syncPolicy:
# Set Application finalizer
preserveResourcesOnDeletion: false
- name: applicationset-list-generator
generators:
- list:
elements:
- cluster: engineering-dev
url: https://kubernetes.default.svc
template:
metadata: {}
spec:
project: '{{cluster}}'
source:
targetRevision: HEAD
repoURL: https://github.com/argoproj/argo-cd.git
# New path value is generated here:
path: 'applicationset/examples/template-override/{{cluster}}-override'
destination: {}
template:
metadata:
name: '{{cluster}}-guestbook'
spec:
project: '{{cluster}}'
source:
repoURL: https://github.com/argoproj/argo-cd.git
targetRevision: HEAD
# This 'default' value is not used: it is is replaced by the generator's template path, above
path: applicationset/examples/template-override/default
destination:
server: '{{url}}'
namespace: guestbook

61
charts/argocd-apps/ci/item-templates.yaml Normal file
View file

@ -0,0 +1,61 @@
itemTemplates:
- items:
- name: my-appset
generators: &generators
- list:
elements:
- cluster: engineering-dev
url: https://1.2.3.4
- cluster: engineering-prod
url: https://2.4.6.8
- cluster: finance-preprod
url: https://9.8.7.6
template:
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: "{{ .name }}"
spec:
generators: *generators
template:
metadata:
name: "{{`{{cluster}}`}}-guestbook"
spec:
project: my-project
source:
repoURL: https://github.com/infra-team/cluster-deployments.git
targetRevision: HEAD
path: guestbook/{{`{{cluster}}`}}
destination:
server: "{{`{{cluster}}`}}"
namespace: guestbook
- items:
- name: my-appset
generators:
- list:
elements:
- cluster: engineering-dev
url: https://1.2.3.4
- cluster: engineering-prod
url: https://2.4.6.8
- cluster: finance-preprod
url: https://9.8.7.6
template: |-
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: {{ .name }}
spec:
generators: {{ toYaml .generators | nindent 4 }}
template:
metadata:
name: '{{`{{cluster}}`}}-guestbook'
spec:
project: my-project
source:
repoURL: https://github.com/infra-team/cluster-deployments.git
targetRevision: HEAD
path: guestbook/{{`{{cluster}}`}}
destination:
server: '{{`{{cluster}}`}}'
namespace: guestbook

6
charts/argocd-apps/templates/applicationsets.yaml
View file

@ -26,6 +26,10 @@ spec:
generators:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .syncPolicy }}
syncPolicy:
{{- toYaml . | nindent 4 }}
@ -51,7 +55,7 @@ spec:
{{- end }}
{{- with .spec }}
spec:
project: {{ tpl .project $ }}
project: {{ .project | squote }}
{{- with .source }}
source:
{{- toYaml . | nindent 8 }}

15
charts/argocd-apps/templates/item-templates.yaml Normal file
View file

@ -0,0 +1,15 @@
{{- range .Values.itemTemplates }}
{{- if kindIs "string" .template }}
{{- $template := .template -}}
{{- range .items }}
---
{{ tpl $template (set . "Template" $.Template) }}
{{- end }}
{{- else }}
{{- $template := .template | toYaml -}}
{{- range .items }}
---
{{ tpl $template (set . "Template" $.Template) }}
{{- end }}
{{- end }}
{{- end }}

85
charts/argocd-apps/values.yaml
View file

@ -103,10 +103,28 @@ applicationsets: []
# directories:
# - path: guestbook
# - path: kustomize-*
# # Progressive Syncs is an experimental feature and it must be explicitly enabled
# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs
# strategy:
# type: RollingSync
# rollingSync:
# steps:
# - matchExpressions:
# - key: project
# operator: In
# values:
# - guestbook
# - matchExpressions:
# - key: project
# operator: In
# values:
# - kustomize-foo
# - kustomize-bar
# template:
# metadata:
# name: '{{path.basename}}'
# labels: {}
# labels:
# project: '{{path.basename}}'
# annotations: {}
# spec:
# project: default
@ -133,6 +151,71 @@ applicationsets: []
# # Set Application finalizer
# preserveResourcesOnDeletion: false
# -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release
# @default -- `[]` (See [values.yaml])
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/
itemTemplates: []
# - items:
# - name: my-appset
# generators: &generators
# - list:
# elements:
# - cluster: engineering-dev
# url: https://1.2.3.4
# - cluster: engineering-prod
# url: https://2.4.6.8
# - cluster: finance-preprod
# url: https://9.8.7.6
# template:
# apiVersion: argoproj.io/v1alpha1
# kind: ApplicationSet
# metadata:
# name: "{{ .name }}"
# spec:
# generators: *generators
# template:
# metadata:
# name: "{{`{{cluster}}`}}-guestbook"
# spec:
# project: my-project
# source:
# repoURL: https://github.com/infra-team/cluster-deployments.git
# targetRevision: HEAD
# path: guestbook/{{`{{cluster}}`}}
# destination:
# server: "{{`{{cluster}}`}}"
# namespace: guestbook
# - items:
# - name: my-appset
# generators:
# - list:
# elements:
# - cluster: engineering-dev
# url: https://1.2.3.4
# - cluster: engineering-prod
# url: https://2.4.6.8
# - cluster: finance-preprod
# url: https://9.8.7.6
# template: |-
# apiVersion: argoproj.io/v1alpha1
# kind: ApplicationSet
# metadata:
# name: {{ .name }}
# spec:
# generators: {{ toYaml .generators | nindent 4 }}
# template:
# metadata:
# name: '{{`{{cluster}}`}}-guestbook'
# spec:
# project: my-project
# source:
# repoURL: https://github.com/infra-team/cluster-deployments.git
# targetRevision: HEAD
# path: guestbook/{{`{{cluster}}`}}
# destination:
# server: '{{`{{cluster}}`}}'
# namespace: guestbook
# -- Deploy Argo UI Extensions within this helm release
# @default -- `[]` (See [values.yaml])
## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary.

9
charts/argocd-image-updater/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.9.0
version: 0.9.1
appVersion: v0.12.2
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -14,6 +14,9 @@ maintainers:
- name: argoproj
url: https://argoproj.github.io/
annotations:
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: add namespace field for namespace scoped resources
- kind: added
description: Introduce chart signing