DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into argo-events/logging_options

Browse source
This commit is contained in:
Marco Kilchhofer 2021-07-27 09:05:58 +02:00 committed by GitHub
commit 4d83241a50
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
66 changed files with 618 additions and 282 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/pull_request_template.md vendored
View file

@ -4,9 +4,9 @@ If the DCO action in the integration test fails, one or more of your commits are
Checklist:
* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning.
* [ ] I have bumped the chart version according to [versioning](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#versioning)
* [ ] I have updated the chart changelog with all the changes that come with this pull request according to [changelog](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#changelog).
* [ ] Any new values are backwards compatible and/or have sensible default.
* [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md).
* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo).
* [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)).

3
.github/semantic.yml vendored Normal file
View file

@ -0,0 +1,3 @@
## Reference: https://github.com/zeke/semantic-pull-requests
# Always validate the PR title, and ignore the commits
titleOnly: true

4
.github/workflows/lint-and-test.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@v2.0.1
uses: helm/chart-testing-action@v2.1.0
- name: List changed charts
id: list-changed
@ -37,7 +37,7 @@ jobs:
run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
- name: Create kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.2.0
if: steps.list-changed.outputs.changed == 'true'
- name: Run chart-testing (install)

8
CODEOWNERS
View file

@ -7,13 +7,13 @@
/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
# Argo CD
/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1
/charts/argo-cd/ @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1
# Argo Events
/charts/argo-events @jbehling @VaibhavPage @oliverbaehler
/charts/argo-events/ @jbehling @VaibhavPage @oliverbaehler
# Argo Rollouts
/charts/argo-rollouts @oliverbaehler
/charts/argo-rollouts/ @oliverbaehler
# Argo CD Notifications
/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler @mbevc1
/charts/argocd-notifications/ @alexmt @andyfeller @oliverbaehler @mbevc1

52
CONTRIBUTING.md
View file

@ -2,12 +2,60 @@
Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently.
# Pull Requests
All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project.
## Versioning
Each chart's version follows the [semver standard](https://semver.org/). New charts should start at version `1.0.0`, if it's considered stable. If it's not considered stable, it must be released as [prerelease](#prerelease).
Any breaking changes to a chart (backwards incompatible) require:
* Bump of the current Major version of the chart
* State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` ([See Upgrade](#upgrades))
### Immutability
Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error.
### Artifact Hub Annotations
Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub.
* [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/)
#### Changelog
We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release.
Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). For every new release the entire `artifacthub.io/changes` needs to be rewritten. Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template:
```
name: argo-cd
version: 3.4.1
...
annotations:
artifacthub.io/changes: |
- "[Added]: Something New was added"
- "[Changed]: Changed Something within this chart"
- "[Changed]: Changed Something else within this chart"
- "[Deprecated]: Something deprecated"
- "[Removed]: Something was removed"
- "[Fixed]: Something was fixed"
- "[Security]": Some Security Patch was included"
```
# Testing
## Testing Argo Workflows Changes
Minimally:
```
helm install charts/argo -n argo
helm install charts/argo-workflows -n argo
argo version
```
@ -96,4 +144,4 @@ The linting can be invoked manually with the following command:
## Publishing Changes
Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`).
Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`).

5
README.md
View file

@ -1,5 +1,6 @@
# Argo Helm Charts
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command:
@ -7,3 +8,7 @@ Argo Helm is a collection of **community maintained** charts for http://argoproj
```
helm repo add argo https://argoproj.github.io/argo-helm
```
## Contributing
We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details.

9
charts/argo-cd/Chart.yaml
View file

@ -1,10 +1,10 @@
apiVersion: v2
appVersion: 2.0.3
appVersion: 2.0.5
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 3.6.5
version: 3.10.1
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
icon: https://argoproj.github.io/argo-cd/assets/logo.png
keywords:
- argoproj
- argocd
@ -19,3 +19,6 @@ dependencies:
version: 4.12.14
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled
annotations:
artifacthub.io/changes: |
- "[Added]: Support AWS ALB Ingress with gRPC"

65
charts/argo-cd/README.md
View file

@ -34,6 +34,34 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop
## Upgrading
### 3.8.1
This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization:
```yaml
# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name)
repoServer:
serviceAccount:
create: true
# Case 2)
controller:
serviceAccount:
name: "" # or <nil>
# Case 3)
dex:
serviceAccount:
name: "" # or <nil>
# Case 4)
server:
serviceAccount:
name: "" # or <nil>
```
Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE)
### 3.2.*
With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
@ -83,6 +111,7 @@ server:
## Prerequisites
- Kubernetes 1.7+
- Helm v3.0.0+
## Installing the Chart
@ -97,27 +126,26 @@ NAME: my-release
...
```
### Helm v3 Compatibility
Requires chart version 1.5.2 or newer.
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
## Chart Values
| Parameter | Description | Default |
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.0.5"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
| global.networkPolicy.create | Create NetworkPolicy objects for all components | `false` |
| global.networkPolicy.defaultDenyIngress | Default deny all ingress traffic | `false` |
| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` |
| installCRDs | Install CRDs if you are using Helm2. | `true` |
| apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` |
| apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` |
| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
| configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` |
| configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) |
| configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.annotations | Annotations for argocd-secret | `{}` |
@ -277,6 +305,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` |
| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` |
| server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` |
| server.ingressGrpc.isAWSALB | Setup up GRPC ingress to work with an AWS ALB | `false` |
| server.route.enabled | Enable a OpenShift route for the server | `false` |
| server.route.hostname | Hostname of OpenShift route | `""` |
| server.lifecycle | PostStart and PreStop hooks configuration | `{}` |
@ -401,3 +430,23 @@ through `xxx.extraArgs`
| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` |
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/
### Using AWS ALB Ingress Controller With GRPC
If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
Example:
```yaml
server:
ingress:
enabled: true
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
ingressGrpc:
enabled: true
isAWSALB: true
```

2
charts/argo-cd/crds/crd-application.yaml
View file

@ -5,8 +5,6 @@ metadata:
app.kubernetes.io/name: applications.argoproj.io
app.kubernetes.io/part-of: argocd
name: applications.argoproj.io
annotations:
helm.sh/hook: crd-install
spec:
group: argoproj.io
names:

2
charts/argo-cd/crds/crd-project.yaml
View file

@ -5,8 +5,6 @@ metadata:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
name: appprojects.argoproj.io
annotations:
helm.sh/hook: crd-install
spec:
group: argoproj.io
names:

23
charts/argo-cd/templates/_helpers.tpl
View file

@ -71,7 +71,7 @@ Create the name of the controller service account to use
*/}}
{{- define "argo-cd.controllerServiceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }}
{{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.serviceAccount.name }}
{{- end -}}
@ -82,18 +82,29 @@ Create the name of the dex service account to use
*/}}
{{- define "argo-cd.dexServiceAccountName" -}}
{{- if .Values.dex.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }}
{{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.dex.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the redis service account to use
*/}}
{{- define "argo-cd.redisServiceAccountName" -}}
{{- if .Values.redis.serviceAccount.create -}}
{{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.redis.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the ArgoCD server service account to use
*/}}
{{- define "argo-cd.serverServiceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }}
{{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
@ -104,7 +115,7 @@ Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
{{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.repoServer.serviceAccount.name }}
{{- end -}}
@ -144,7 +155,9 @@ app.kubernetes.io/component: {{ .component }}
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-cd.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}}
{{- if .Values.apiVersionOverrides.ingress -}}
{{- print .Values.apiVersionOverrides.ingress -}}
{{- else if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}}
{{- print "networking.k8s.io/v1beta1" -}}

19
charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
name: {{ template "argo-cd.controller.fullname" . }}
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: controller
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

16
charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- if .Values.configs.gpgKeysAnnotations }}
annotations:
{{- range $key, $value := .Values.configs.gpgKeysAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
name: argocd-gpg-keys-cm
{{- with .Values.configs.gpgKeys }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}

9
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -72,8 +72,10 @@ spec:
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8 }}
{{- end }}
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
{{- if .Values.configs.knownHosts }}
@ -134,8 +136,11 @@ spec:
{{- end }}
volumes:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 6}}
{{- toYaml .Values.repoServer.volumes | nindent 6 }}
{{- end }}
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- emptyDir: {}
name: gpg-keyring
{{- if .Values.configs.knownHosts }}

31
charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml Normal file
View file

@ -0,0 +1,31 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
ports:
- port: repo-server
protocol: TCP
{{- if .Values.repoServer.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

2
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -17,7 +17,7 @@ metadata:
spec:
endpoints:
- port: metrics
{{- with .Values.controller.metrics.serviceMonitor.interval }}
{{- with .Values.repoServer.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics

24
charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}}
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/backend-protocol-version: HTTP2 #This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features
labels:
{{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}-grpc
spec:
ports:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None
type: ClusterIP
{{- end -}}

6
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -1,5 +1,7 @@
{{- if .Values.server.certificate.enabled -}}
{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
{{- if .Values.apiVersionOverrides.certmanager -}}
apiVersion: {{ .Values.apiVersionOverrides.certmanager }}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
apiVersion: cert-manager.io/v1
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
apiVersion: cert-manager.io/v1alpha3
@ -23,5 +25,5 @@ spec:
issuerRef:
kind: {{ .Values.server.certificate.issuer.kind | quote }}
name: {{ .Values.server.certificate.issuer.name | quote }}
secretName: argocd-tls-certificate
secretName: {{ .Values.server.certificate.secretName | quote }}
{{- end }}

4
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -90,6 +90,8 @@ spec:
subPath: "custom.styles.css"
name: custom-styles
{{- end }}
- mountPath: /tmp
name: tmp-dir
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
@ -149,6 +151,8 @@ spec:
{{- end }}
- emptyDir: {}
name: static-files
- emptyDir: {}
name: tmp-dir
{{- if .Values.configs.styles }}
- configMap:
name: argocd-custom-styles

7
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -1,8 +1,9 @@
{{- if .Values.server.ingressGrpc.enabled -}}
{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}}
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- $pathType := .Values.server.ingressGrpc.pathType -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
@ -36,7 +37,7 @@ spec:
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
@ -63,7 +64,7 @@ spec:
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}

27
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -3,6 +3,7 @@
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- $pathType := .Values.server.ingress.pathType -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
@ -11,6 +12,10 @@ metadata:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }}
alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: |
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
@ -34,10 +39,30 @@ spec:
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ template "argo-cd.server.fullname" $ }}-grpc
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ template "argo-cd.server.fullname" $ }}-grpc
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
@ -63,7 +88,7 @@ spec:
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}

16
charts/argo-cd/templates/argocd-server/networkpolicy.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}
spec:
ingress:
- {}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

6
charts/argo-cd/templates/crds.yaml
View file

@ -1,6 +0,0 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

31
charts/argo-cd/templates/dex/networkpolicy.yaml Normal file
View file

@ -0,0 +1,31 @@
{{- if and .Values.global.networkPolicy.create .Values.dex.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
name: {{ template "argo-cd.dex.fullname" . }}
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
ports:
- port: http
protocol: TCP
- port: grpc
protocol: TCP
{{- if .Values.dex.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
protocol: TCP
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

12
charts/argo-cd/templates/networkpolicy-default-deny.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if and .Values.global.networkPolicy.create .Values.global.networkPolicy.defaultDenyIngress }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
name: {{ template "argo-cd.fullname" . }}-default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
{{- end }}

5
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -30,7 +30,8 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: false
automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }}
{{- if .Values.redis.securityContext }}
securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }}
{{- end }}
@ -58,8 +59,8 @@ spec:
{{- end }}
ports:
- containerPort: {{ .Values.redis.containerPort }}
name: redis
{{- if .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml .Values.redis.volumeMounts | nindent 10 }}
{{- end }}

29
charts/argo-cd/templates/redis/networkpolicy.yaml Normal file
View file

@ -0,0 +1,29 @@
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if and .Values.global.networkPolicy.create .Values.redis.enabled (not $redisHa.enabled) }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
name: {{ template "argo-cd.redis.fullname" . }}
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
ports:
- port: redis
protocol: TCP
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

15
charts/argo-cd/templates/redis/serviceaccount.yaml Normal file
View file

@ -0,0 +1,15 @@
{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.redisServiceAccountName" . }}
{{- if .Values.redis.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.redis.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
{{- end }}

61
charts/argo-cd/values.yaml
View file

@ -5,13 +5,10 @@ nameOverride: argocd
fullnameOverride: ""
kubeVersionOverride: ""
# Optional CRD installation for those without Helm hooks
installCRDs: true
global:
image:
repository: quay.io/argoproj/argocd
tag: v2.0.3
tag: v2.0.5
imagePullPolicy: IfNotPresent
securityContext: {}
# runAsUser: 999
@ -23,6 +20,17 @@ global:
# hostnames:
# - git.myhostname
networkPolicy:
create: false
defaultDenyIngress: false
# Override APIVersions
# If you want to template helm charts but cannot access k8s API server
# you can set api versions here
apiVersionOverrides:
certmanager: "" # cert-manager.io/v1
ingress: "" # networking.k8s.io/v1beta1
## Controller
controller:
name: application-controller
@ -214,6 +222,10 @@ dex:
serviceMonitor:
enabled: false
interval: 30s
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
image:
repository: ghcr.io/dexidp/dex
@ -357,6 +369,14 @@ redis:
fsGroup: 1000
runAsNonRoot: true
serviceAccount:
create: false
name: ""
## Annotations applied to created service account
annotations: {}
## Automount API credentials for the Service Account
automountServiceAccountToken: false
resources: {}
# limits:
# cpu: 200m
@ -494,8 +514,11 @@ server:
certificate:
enabled: false
domain: argocd.example.com
issuer: {}
issuer:
kind: # ClusterIssuer
name: # letsencrypt
additionalHosts: []
secretName: argocd-server-tls
## Server service configuration
service:
@ -553,6 +576,7 @@ server:
# - argocd.example.com
paths:
- /
pathType: Prefix
extraPaths:
[]
# - path: /*
@ -563,7 +587,7 @@ server:
# - path: /*
# pathType: Prefix
# backend:
# service
# service:
# name: ssl-redirect
# port:
# name: use-annotation
@ -577,6 +601,7 @@ server:
# https://argoproj.github.io/argo-cd/operator-manual/ingress/
ingressGrpc:
enabled: false
isAWSALB: false
annotations: {}
labels: {}
ingressClassName: ""
@ -590,6 +615,7 @@ server:
# - argocd.example.com
paths:
- /
pathType: Prefix
extraPaths:
[]
# - path: /*
@ -600,7 +626,7 @@ server:
# - path: /*
# pathType: Prefix
# backend:
# service
# service:
# name: ssl-redirect
# port:
# name: use-annotation
@ -973,6 +999,27 @@ configs:
# insecure: false
# caData: "<base64 encoded certificate>"
gpgKeysAnnotations: {}
gpgKeys: {}
# 4AEE18F83AFDEB23: |
# -----BEGIN PGP PUBLIC KEY BLOCK-----
#
# mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta
# x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT
# SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ
# 7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa
# buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v
# yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs
# b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW
# BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf
# DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6
# 9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws
# +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5
# 4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O
# j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48=
# =Bvzs
# -----END PGP PUBLIC KEY BLOCK-----
knownHostsAnnotations: {}
knownHosts:
data:

1
charts/argo-events/.helmignore
View file

@ -19,3 +19,4 @@
.project
.idea/
*.tmproj
ci/

5
charts/argo-events/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v2
description: A Helm chart to install Argo-Events in k8s Cluster
name: argo-events
version: 1.6.2
version: 1.7.0
keywords:
- argo-events
- sensor-controller
@ -15,3 +15,6 @@ maintainers:
appVersion: 1.3.1
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
annotations:
artifacthub.io/changes: |
- "[Added]: Ability to specify additional/custom environment variables"

2
charts/argo-events/README.md
View file

@ -15,6 +15,6 @@ This is a **community maintained** chart. It installs the [argo-events](https://
## Notes on CRD Installation
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart.
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart.
You can install the CRDs manually from `crds` folder.

7
charts/argo-events/templates/argo-events-cluster-roles.yaml
View file

@ -1,5 +1,4 @@
{{- if not .Values.singleNamespace }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@ -26,9 +25,9 @@ kind: ClusterRole
metadata:
name: argo-events-role
rules:
{{- if .Values.additionalServiceAccountRules }}
{{ .Values.additionalServiceAccountRules | toYaml | nindent 2}}
{{- end }}
{{- with .Values.additionalServiceAccountRules }}
{{- toYaml . | nindent 2 }}
{{- end }}
- apiGroups:
- argoproj.io
verbs:

5
charts/argo-events/templates/argo-events-roles.yaml
View file

@ -1,5 +1,4 @@
{{- if .Values.singleNamespace }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
@ -28,8 +27,8 @@ metadata:
name: argo-events-role
namespace: {{ .Release.Namespace }}
rules:
{{- if .Values.additionalServiceAccountRules }}
{{ .Values.additionalServiceAccountRules | toYaml | nindent 2}}
{{- with .Values.additionalServiceAccountRules }}
{{- toYaml . | nindent 2 }}
{{- end }}
- apiGroups:
- argoproj.io

44
charts/argo-events/templates/eventbus-crd.yaml
View file

@ -1,44 +0,0 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: eventbus.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
names:
kind: EventBus
listKind: EventBusList
plural: eventbus
shortNames:
- eb
singular: eventbus
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
subresources:
status: {}
{{- end }}

44
charts/argo-events/templates/eventsource-crd.yaml
View file

@ -1,44 +0,0 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: eventsources.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
scope: Namespaced
names:
kind: EventSource
plural: eventsources
singular: eventsource
listKind: EventSourceList
shortNames:
- es
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
subresources:
status: {}
{{- end }}

45
charts/argo-events/templates/sensor-crd.yaml
View file

@ -1,45 +0,0 @@
{{- if .Values.installCRD }}
# Define a "sensor" custom resource definition
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sensors.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
names:
kind: Sensor
listKind: SensorList
plural: sensors
singular: sensor
shortNames:
- sn
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
subresources:
status: {}
{{- end }}

3
charts/argo-events/values.yaml
View file

@ -8,9 +8,6 @@ imagePullPolicy: Always
imagePullSecrets: []
# - name: argo-pull-secret
# If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation.
installCRD: true
# ServiceAccount to use for running controller.
serviceAccount: argo-events-sa

7
charts/argo-rollouts/Chart.yaml
View file

@ -1,11 +1,14 @@
apiVersion: v2
appVersion: "v1.0.1"
appVersion: "v1.0.2"
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 1.0.1
version: 1.0.3
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:
- name: alexmt
- name: dthomson25
- name: jessesuen
annotations:
artifacthub.io/changes: |
- "[Added]: Initialize Changelog"

2
charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml
View file

@ -77,10 +77,12 @@ rules:
- watch
- patch
# secret read access to run analysis templates which reference secrets
# configmap access to read notification-engine configuration
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list

2
charts/argo-rollouts/templates/argo-rollouts-role.yaml
View file

@ -67,10 +67,12 @@ rules:
- watch
- patch
# secret read access to run analysis templates which reference secrets
# configmap access to read notification-engine configuration
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list

1
charts/argo-workflows/.helmignore
View file

@ -19,3 +19,4 @@
.project
.idea/
*.tmproj
ci/

7
charts/argo-workflows/Chart.yaml
View file

@ -2,8 +2,8 @@ apiVersion: v2
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.2.2
appVersion: "v3.0.2"
version: 0.2.12
appVersion: "v3.0.7"
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -13,3 +13,6 @@ maintainers:
- name: alexmt
- name: jessesuen
- name: benjaminws
annotations:
artifacthub.io/changes: |
- "[Changed]: Argo workflows values file no longer has examples referencing ArgoCD"

2
charts/argo-workflows/README.md
View file

@ -10,7 +10,7 @@ This chart uses an install hook to configure the CRD definition. Installation of
A few options are:
- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute
- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec
- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
## Usage Notes

2
charts/argo-workflows/crds/argoproj.io_workflows.yaml
View file

@ -36,9 +36,11 @@ spec:
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
status:
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
required:
- metadata
- spec

11
charts/argo-workflows/templates/_helpers.tpl
View file

@ -94,11 +94,18 @@ Create the name of the controller service account to use
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-workflows.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}}
{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}}
{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "argo-workflows.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end -}}

10
charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View file

@ -121,8 +121,18 @@ rules:
resources:
- leases
resourceNames:
{{- if .Values.controller.instanceID.enabled }}
{{- if .Values.controller.instanceID.useReleaseName }}
- workflow-controller-{{ .Release.Name }}
- workflow-controller-lease-{{ .Release.Name }}
{{- else }}
- workflow-controller-{{ .Values.controller.instanceID.explicitID }}
- workflow-controller-lease-{{ .Values.controller.instanceID.explicitID }}
{{- end }}
{{- else }}
- workflow-controller
- workflow-controller-lease
{{- end }}
verbs:
- get
- watch

6
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -7,11 +7,11 @@ metadata:
data:
config: |
{{- if .Values.controller.instanceID.enabled }}
{{- if .Values.controller.instanceID.useReleaseName }}
{{- if .Values.controller.instanceID.useReleaseName }}
instanceID: {{ .Release.Name }}
{{- else }}
{{- else }}
instanceID: {{ .Values.controller.instanceID.explicitID }}
{{- end }}
{{- end }}
{{- end }}
containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
{{- if .Values.controller.parallelism }}

8
charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
View file

@ -77,12 +77,8 @@ spec:
ports:
- name: metrics
containerPort: {{ .Values.controller.metricsConfig.port }}
livenessProbe:
httpGet:
port: metrics
path: {{ .Values.controller.metricsConfig.path }}
initialDelaySeconds: 30
periodSeconds: 30
- containerPort: 6060
livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}

2
charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
View file

@ -1,3 +1,4 @@
{{- if .Values.controller.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
@ -6,3 +7,4 @@ metadata:
annotations:
{{- toYaml .| nindent 4 }}
{{- end }}
{{- end }}

19
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -1,19 +1,20 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
namespace: {{ $namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-workflows.fullname" . }}-workflow
name: {{ template "argo-workflows.fullname" $ }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- end }}
{{- end }}

40
charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -1,25 +1,29 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow
{{- with .Values.workflow.namespace }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
{{- end }}
{{- end }}

13
charts/argo-workflows/templates/controller/workflow-sa.yaml
View file

@ -1,13 +1,16 @@
{{- if .Values.workflow.serviceAccount.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }}
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
{{- end }}
{{- with $.Values.workflow.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

10
charts/argo-workflows/templates/server/server-ingress.yaml
View file

@ -19,7 +19,7 @@ metadata:
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
@ -35,11 +35,11 @@ spec:
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
@ -62,11 +62,11 @@ spec:
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:

40
charts/argo-workflows/values.yaml
View file

@ -5,25 +5,34 @@ images:
pullSecrets: []
# - name: argo-pull-secret
init:
# By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
serviceAccount: ""
createAggregateRoles: true
## String to partially override "argo-workflows.fullname" template
##
nameOverride:
## String to fully override "argo-workflows.fullname" template
##
fullnameOverride:
## Override the Kubernetes version, which is used to evaluate certain manifests
##
kubeVersionOverride: ""
# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents,
# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
singleNamespace: false
workflow:
namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
namespace: # Deprecated, for backwards compatibility: specify a single namespace to run workflows in
serviceAccount:
create: false # Specifies whether a service account should be created
annotations: {}
name: "argo-workflow" # Service account which is used to run workflows
rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
# Adds Role and RoleBinding for the above specified service account to be able to run workflows
# A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
create: true
controller:
image:
@ -97,6 +106,8 @@ controller:
# Annotations applied to created service account
annotations: {}
name: workflow-controller
# Specify all namespaces to run worksflows need to be able to run in. This controls where the service
# account and RBAC resources will be created. If unspecified, will run in the default namespace.
workflowNamespaces:
- default
containerRuntimeExecutor: docker
@ -120,6 +131,15 @@ controller:
# service type `LoadBalancer`
loadBalancerSourceRanges: []
resources: {}
livenessProbe:
httpGet:
port: 6060
path: /healthz
# Require three failures to tolerate transient errors.
failureThreshold: 3
initialDelaySeconds: 90
periodSeconds: 60
timeoutSeconds: 30
## Extra environment variables to provide to the controller container
## extraEnv:
@ -258,7 +278,7 @@ server:
##
hosts:
[]
# - argocd.example.com
# - argoworkflows.example.com
paths:
- /
extraPaths:
@ -277,9 +297,9 @@ server:
# name: use-annotation
tls:
[]
# - secretName: argocd-example-tls
# - secretName: argoworkflows-example-tls
# hosts:
# - argocd.example.com
# - argoworkflows.example.com
https: false
clusterWorkflowTemplates:

1
charts/argocd-applicationset/.helmignore
View file

@ -21,3 +21,4 @@
.idea/
*.tmproj
.vscode/
ci/

9
charts/argocd-applicationset/Chart.yaml
View file

@ -2,13 +2,18 @@ apiVersion: v2
name: argocd-applicationset
description: A Helm chart for installing ArgoCD ApplicationSet
type: application
version: 0.1.5
version: 1.0.0
appVersion: "v0.1.0"
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
icon: https://argocd-applicationset.readthedocs.io/en/stable/assets/logo.png
keywords:
- argoproj
- appset
- gitops
maintainers:
- name: maruina
annotations:
artifacthub.io/changes: |
- "[Removed]: CRD installation via templates folder. CRDs are now only handled via the '/crds' folder in the same way like the ArgoCD chart."
- "[Removed]: Exclude '/ci' folder from being packaged into the final chart archive."
- "[Changed]: Fix icon url"

23
charts/argocd-applicationset/README.md
View file

@ -10,6 +10,11 @@ This is a **community maintained** chart. This chart installs the [applicationse
This chart currently installs the non-HA version of Argo CD ApplicationSet.
## Prerequisites
- Helm v3.0.0+
- The ApplicationSet controller **must** be installed into the same namespace as the Argo CD it is targetting.
## Installing the Chart
To install the chart with the release name `my-release`:
@ -23,10 +28,6 @@ NAME: my-release
...
```
### Helm v3 Compatibility
Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
### Testing
Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing).
@ -38,6 +39,19 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/st
ct install --namespace argocd
```
## Notes on CRD Installation
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart.
You then can install the CRDs manually from `crds` folder or via the manifests from the upstream project repo:
```console
kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref=<appVersion>
# Eg. version v0.1.0
kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref=v0.1.0
```
## Values
| Key | Type | Default | Description |
@ -56,7 +70,6 @@ ct install --namespace argocd
| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. |
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
| installCRDs | bool | `true` | Install Custom Resource Definition |
| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume |
| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume |
| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume |

2
charts/argocd-applicationset/ci/default-values.yaml
View file

@ -4,8 +4,6 @@
replicaCount: 1
installCRDs: false # this needs to be false with ct
image:
# The image repository
repository: quay.io/argocdapplicationset/argocd-applicationset

2
charts/argocd-applicationset/ci/leader-election-values.yaml
View file

@ -2,5 +2,3 @@ args:
enableLeaderElection: true
replicaCount: 3
installCRDs: false

6
charts/argocd-applicationset/templates/crds.yaml
View file

@ -1,6 +0,0 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

3
charts/argocd-applicationset/templates/deployment.yaml
View file

@ -98,3 +98,6 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}

4
charts/argocd-applicationset/values.yaml
View file

@ -4,8 +4,6 @@
replicaCount: 1
installCRDs: true
image:
# The image repository
repository: quay.io/argocdapplicationset/argocd-applicationset
@ -71,6 +69,8 @@ tolerations: []
affinity: {}
priorityClassName: ""
mountSSHKnownHostsVolume: true
mountTLSCertsVolume: true
mountGPGKeysVolume: false

5
charts/argocd-notifications/Chart.yaml
View file

@ -3,7 +3,7 @@ appVersion: 1.1.1
description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD.
name: argocd-notifications
type: application
version: 1.3.2
version: 1.4.1
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
@ -13,3 +13,6 @@ keywords:
maintainers:
- name: alexmt
- name: andyfeller
annotations:
artifacthub.io/changes: |
- "[Added]: Initialize Changelog"

7
charts/argocd-notifications/templates/service-metrics.yaml
View file

@ -5,6 +5,13 @@ metadata:
name: {{ include "argocd-notifications.name" . }}-metrics
labels:
{{- include "argocd-notifications.metrics.labels" . | nindent 4 }}
{{- with .Values.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.metrics.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
{{- include "argocd-notifications.selectorLabels" . | nindent 4 }}

3
charts/argocd-notifications/values.yaml
View file

@ -52,6 +52,9 @@ extraArgs: []
metrics:
enabled: false
port: 9001
service:
annotations: {}
labels: {}
serviceMonitor:
enabled: false
additionalLabels: {}