From 44aa7ed71028d1dda5f7fe82f3515250bd9c70f7 Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Wed, 2 Jun 2021 19:54:48 +0200 Subject: [PATCH 01/32] docs(argo-cd): Dex ServiceMonitor labels, namespace and selector (#726) * Add: serviceMonitor labels and selector Signed-off-by: Nicolas Lamirault * Update: bump chart version Signed-off-by: Nicolas Lamirault * Apply suggestions from code review Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 74db87f5..465ad6e0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.3 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.5 +version: 3.6.6 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 63e6d75d..fdd50b36 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -214,6 +214,10 @@ dex: serviceMonitor: enabled: false interval: 30s + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} image: repository: ghcr.io/dexidp/dex From 03140b36fcef6e0268b72fc73345edd9c642e85f Mon Sep 17 00:00:00 2001 From: Sergey Shaykhullin <46970457+sergeyshaykhullin@users.noreply.github.com> Date: Thu, 3 Jun 2021 13:07:47 +0300 Subject: [PATCH 02/32] feat(argocd-notifications): Add metrics service labels and annotations (#783) * feat(argocd-notifications): Add metrics service labels and annotations Signed-off-by: Sergey Shaykhullin * Update charts/argocd-notifications/templates/service-metrics.yaml Co-authored-by: Marco Kilchhofer Signed-off-by: Sergey Shaykhullin * Update charts/argocd-notifications/templates/service-metrics.yaml Co-authored-by: Marco Kilchhofer Signed-off-by: Sergey Shaykhullin * Update _helpers.tpl Signed-off-by: Sergey Shaykhullin * Update _helpers.tpl Signed-off-by: Sergey Shaykhullin * Delete templated.yaml Signed-off-by: Sergey Shaykhullin Co-authored-by: Marco Kilchhofer --- charts/argocd-notifications/Chart.yaml | 2 +- charts/argocd-notifications/templates/service-metrics.yaml | 7 +++++++ charts/argocd-notifications/values.yaml | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 9be1b26b..cf33a5d9 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.3.2 +version: 1.4.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/service-metrics.yaml b/charts/argocd-notifications/templates/service-metrics.yaml index 5645a4d3..aea5d90e 100644 --- a/charts/argocd-notifications/templates/service-metrics.yaml +++ b/charts/argocd-notifications/templates/service-metrics.yaml @@ -5,6 +5,13 @@ metadata: name: {{ include "argocd-notifications.name" . }}-metrics labels: {{- include "argocd-notifications.metrics.labels" . | nindent 4 }} + {{- with .Values.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: {{- include "argocd-notifications.selectorLabels" . | nindent 4 }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index f258401f..ff5ca14d 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -52,6 +52,9 @@ extraArgs: [] metrics: enabled: false port: 9001 + service: + annotations: {} + labels: {} serviceMonitor: enabled: false additionalLabels: {} From 603f2aa8ef2488fdf0ed40181b8d96826e03bda9 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 3 Jun 2021 20:08:12 +0900 Subject: [PATCH 03/32] docs(argo-workflows): Add missing value on values.yaml (#782) * chore(argo-workflows): Add missing value Signed-off-by: yu-croco * reflect review: make it shorter and clearer. Signed-off-by: yu-croco * Apply suggestions from code review Signed-off-by: Marco Kilchhofer * Apply suggestions from code review Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 2 +- charts/argo-workflows/values.yaml | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6a33bfe4..cc7f7c86 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.2 +version: 0.2.3 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index e2ce2e71..7de0dfea 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -12,6 +12,14 @@ init: createAggregateRoles: true +## String to partially override "argo-workflows.fullname" template +## +nameOverride: + +## String to fully override "argo-workflows.fullname" template +## +fullnameOverride: + # Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, # and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. singleNamespace: false From afe72167fb4f74021a5b47b05626d38404989fe4 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Thu, 3 Jun 2021 19:10:55 +0200 Subject: [PATCH 04/32] fix(argo-workflows): Observe 'controller.serviceAccount.create' (#787) * fix(argo-workflows): Observe 'controller.serviceAccount.create' Signed-off-by: Marco Kilchhofer * chore: Ignore ci/ directory in final package Signed-off-by: Marco Kilchhofer --- charts/argo-workflows/.helmignore | 1 + charts/argo-workflows/Chart.yaml | 2 +- .../templates/controller/workflow-controller-sa.yaml | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/argo-workflows/.helmignore b/charts/argo-workflows/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo-workflows/.helmignore +++ b/charts/argo-workflows/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index cc7f7c86..078b42b2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.3 +version: 0.2.4 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index e917bb41..f5e10857 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controller.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: @@ -6,3 +7,4 @@ metadata: annotations: {{- toYaml .| nindent 4 }} {{- end }} +{{- end }} From be8f33c8722c512d438d61166f6ee73213415240 Mon Sep 17 00:00:00 2001 From: Josh Hudson <382062+itmustbejj@users.noreply.github.com> Date: Thu, 3 Jun 2021 10:50:20 -0700 Subject: [PATCH 05/32] feat(argocd-applicationset): Add priorityClass for argocd-applicationset (#788) Signed-off-by: Josh Hudson <382062+itmustbejj@users.noreply.github.com> --- charts/argocd-applicationset/Chart.yaml | 2 +- charts/argocd-applicationset/templates/deployment.yaml | 3 +++ charts/argocd-applicationset/values.yaml | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index 936734b0..2596addb 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.5 +version: 0.1.6 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argocd-applicationset/templates/deployment.yaml b/charts/argocd-applicationset/templates/deployment.yaml index d2cd345c..4840bd65 100644 --- a/charts/argocd-applicationset/templates/deployment.yaml +++ b/charts/argocd-applicationset/templates/deployment.yaml @@ -98,3 +98,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/charts/argocd-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml index f7be897d..1be0c0ff 100644 --- a/charts/argocd-applicationset/values.yaml +++ b/charts/argocd-applicationset/values.yaml @@ -71,6 +71,8 @@ tolerations: [] affinity: {} +priorityClassName: "" + mountSSHKnownHostsVolume: true mountTLSCertsVolume: true mountGPGKeysVolume: false From 01c78a82b5cc3d65feaa9be2e4cbd0c6652bde57 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 7 Jun 2021 10:35:39 +0200 Subject: [PATCH 06/32] chore(argo-events): Cleanup old CRD hooks (#778) * Drop old CRDs with hooks containing helm hooks Signed-off-by: Marco Kilchhofer * Bump chart version Signed-off-by: Marco Kilchhofer * Drop empty newlines inside manifests Signed-off-by: Marco Kilchhofer * chore: trigger CI Signed-off-by: Marco Kilchhofer * chore: Ignore 'ci/' directory in final package Signed-off-by: Marco Kilchhofer * Apply changes from code review Signed-off-by: Marco Kilchhofer --- charts/argo-events/.helmignore | 1 + charts/argo-events/Chart.yaml | 2 +- charts/argo-events/README.md | 2 +- .../templates/argo-events-cluster-roles.yaml | 7 ++- .../templates/argo-events-roles.yaml | 5 +-- .../argo-events/templates/eventbus-crd.yaml | 44 ------------------ .../templates/eventsource-crd.yaml | 44 ------------------ charts/argo-events/templates/sensor-crd.yaml | 45 ------------------- charts/argo-events/values.yaml | 3 -- 9 files changed, 8 insertions(+), 145 deletions(-) delete mode 100644 charts/argo-events/templates/eventbus-crd.yaml delete mode 100644 charts/argo-events/templates/eventsource-crd.yaml delete mode 100644 charts/argo-events/templates/sensor-crd.yaml diff --git a/charts/argo-events/.helmignore b/charts/argo-events/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo-events/.helmignore +++ b/charts/argo-events/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 6a7b1b7e..2df3b1c7 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.6.1 +version: 1.6.2 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 3c375c3a..2bece9b9 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -15,6 +15,6 @@ This is a **community maintained** chart. It installs the [argo-events](https:// ## Notes on CRD Installation -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart. +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. You can install the CRDs manually from `crds` folder. \ No newline at end of file diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml index bfd2d021..c3904980 100644 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ b/charts/argo-events/templates/argo-events-cluster-roles.yaml @@ -1,5 +1,4 @@ {{- if not .Values.singleNamespace }} - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -26,9 +25,9 @@ kind: ClusterRole metadata: name: argo-events-role rules: -{{- if .Values.additionalServiceAccountRules }} -{{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} -{{- end }} + {{- with .Values.additionalServiceAccountRules }} + {{- toYaml . | nindent 2 }} + {{- end }} - apiGroups: - argoproj.io verbs: diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml index 56721159..1371f6a6 100644 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ b/charts/argo-events/templates/argo-events-roles.yaml @@ -1,5 +1,4 @@ {{- if .Values.singleNamespace }} - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -28,8 +27,8 @@ metadata: name: argo-events-role namespace: {{ .Release.Namespace }} rules: - {{- if .Values.additionalServiceAccountRules }} - {{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} + {{- with .Values.additionalServiceAccountRules }} + {{- toYaml . | nindent 2 }} {{- end }} - apiGroups: - argoproj.io diff --git a/charts/argo-events/templates/eventbus-crd.yaml b/charts/argo-events/templates/eventbus-crd.yaml deleted file mode 100644 index 4a67294e..00000000 --- a/charts/argo-events/templates/eventbus-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/eventsource-crd.yaml b/charts/argo-events/templates/eventsource-crd.yaml deleted file mode 100644 index 5c6a0b6b..00000000 --- a/charts/argo-events/templates/eventsource-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - scope: Namespaced - names: - kind: EventSource - plural: eventsources - singular: eventsource - listKind: EventSourceList - shortNames: - - es - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/sensor-crd.yaml b/charts/argo-events/templates/sensor-crd.yaml deleted file mode 100644 index d121019e..00000000 --- a/charts/argo-events/templates/sensor-crd.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.installCRD }} -# Define a "sensor" custom resource definition -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - singular: sensor - shortNames: - - sn - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 55dd6643..11827406 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -8,9 +8,6 @@ imagePullPolicy: Always imagePullSecrets: [] # - name: argo-pull-secret -# If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation. -installCRD: true - # ServiceAccount to use for running controller. serviceAccount: argo-events-sa From 99ae115455fe1595a8260bf7ebdc697041f40486 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 7 Jun 2021 10:51:52 +0200 Subject: [PATCH 07/32] chore(argo-cd): Cleanup old CRD hooks (#777) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: Cleanup old CRD hooks Signed-off-by: Marco Kilchhofer * Bump chart version Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 8 +------- charts/argo-cd/crds/crd-application.yaml | 2 -- charts/argo-cd/crds/crd-project.yaml | 2 -- charts/argo-cd/templates/crds.yaml | 6 ------ charts/argo-cd/values.yaml | 3 --- 6 files changed, 2 insertions(+), 21 deletions(-) delete mode 100644 charts/argo-cd/templates/crds.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 465ad6e0..68a2ed62 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.3 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.6 +version: 3.6.7 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 1c5f8c17..f17addb7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -83,6 +83,7 @@ server: ## Prerequisites - Kubernetes 1.7+ +- Helm v3.0.0+ ## Installing the Chart @@ -97,12 +98,6 @@ NAME: my-release ... ``` -### Helm v3 Compatibility - -Requires chart version 1.5.2 or newer. - -Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. - ## Chart Values | Parameter | Description | Default | @@ -116,7 +111,6 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | | fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | -| installCRDs | Install CRDs if you are using Helm2. | `true` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index c62189e8..74364ae4 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -5,8 +5,6 @@ metadata: app.kubernetes.io/name: applications.argoproj.io app.kubernetes.io/part-of: argocd name: applications.argoproj.io - annotations: - helm.sh/hook: crd-install spec: group: argoproj.io names: diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/crds/crd-project.yaml index 40182848..7bb09652 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/crds/crd-project.yaml @@ -5,8 +5,6 @@ metadata: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd name: appprojects.argoproj.io - annotations: - helm.sh/hook: crd-install spec: group: argoproj.io names: diff --git a/charts/argo-cd/templates/crds.yaml b/charts/argo-cd/templates/crds.yaml deleted file mode 100644 index 45ab72d4..00000000 --- a/charts/argo-cd/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fdd50b36..df964dee 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -5,9 +5,6 @@ nameOverride: argocd fullnameOverride: "" kubeVersionOverride: "" -# Optional CRD installation for those without Helm hooks -installCRDs: true - global: image: repository: quay.io/argoproj/argocd From 87af20fd06f87b8a05b14ad33738244067102d21 Mon Sep 17 00:00:00 2001 From: Rich Date: Mon, 7 Jun 2021 10:39:41 +0100 Subject: [PATCH 08/32] fix(argo-cd): Server cert-manager certificate secretName to match documentation (#793) * fix(argo-cd): Set ArgoCD server certificate manager certificate secret name to match the documentation by default. Signed-off-by: Rich * fix(argo-cd): Add server certificate issuer subvalues to values.yaml and a relevant comment. Signed-off-by: Rich * Bump chart version again Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-server/certificate.yaml | 2 +- charts/argo-cd/values.yaml | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 68a2ed62..9bb09636 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.3 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.7 +version: 3.6.8 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index edaea3b5..753dc8bc 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -23,5 +23,5 @@ spec: issuerRef: kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-tls-certificate + secretName: {{ .Values.server.certificate.secretName | quote }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index df964dee..466fc7c3 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -495,8 +495,11 @@ server: certificate: enabled: false domain: argocd.example.com - issuer: {} + issuer: + kind: # ClusterIssuer + name: # letsencrypt additionalHosts: [] + secretName: argocd-server-tls ## Server service configuration service: From eecc88fbd7147cd540440ca9d8e0c43db6a919bc Mon Sep 17 00:00:00 2001 From: Sevan Date: Tue, 8 Jun 2021 15:14:55 +0200 Subject: [PATCH 09/32] fix(argo-workflows): use template for ingress .Capabilities (#795) * fix(argo-workflows): use argo-workflows.ingress.apiVersion for ingress (#794) Signed-off-by: Sevan Murriguian-Watrin * feat(argo-workflows): Add option to override kubeVersion Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 2 +- charts/argo-workflows/templates/_helpers.tpl | 11 +++++++++-- .../templates/server/server-ingress.yaml | 10 +++++----- charts/argo-workflows/values.yaml | 4 ++++ 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 078b42b2..fb23a3a8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.4 +version: 0.2.5 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index a72c148f..18eae994 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -94,11 +94,18 @@ Create the name of the controller service account to use Return the appropriate apiVersion for ingress */}} {{- define "argo-workflows.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}} +{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-workflows.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index f0488031..6072c9d7 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -19,7 +19,7 @@ metadata: {{- toYaml .Values.server.ingress.labels | nindent 4 }} {{- end }} spec: - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} @@ -35,11 +35,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: @@ -62,11 +62,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 7de0dfea..c6af6902 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -20,6 +20,10 @@ nameOverride: ## fullnameOverride: +## Override the Kubernetes version, which is used to evaluate certain manifests +## +kubeVersionOverride: "" + # Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, # and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. singleNamespace: false From ca0a53d6ebd86bfe46ba5018410b2be08dce2bb3 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Thu, 10 Jun 2021 10:30:57 +0200 Subject: [PATCH 10/32] chore: Relax 'Semantic Pull Requests' check (#796) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler --- .github/semantic.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .github/semantic.yml diff --git a/.github/semantic.yml b/.github/semantic.yml new file mode 100644 index 00000000..d93cf9cc --- /dev/null +++ b/.github/semantic.yml @@ -0,0 +1,3 @@ +## Reference: https://github.com/zeke/semantic-pull-requests +# Always validate the PR title, and ignore the commits +titleOnly: true From 7e381436f98fdad7b21b607193f8bb8d27c74776 Mon Sep 17 00:00:00 2001 From: Alex Andrews Date: Fri, 25 Jun 2021 07:06:59 +0100 Subject: [PATCH 11/32] fix(argo-cd): fix missing colon in example service definitions (#810) * fix(argo-cd): fix missing colon in example service definitions Signed-off-by: Alex Andrews * build(argo-cd): Bump chart patch version Signed-off-by: Alex Andrews --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9bb09636..ac5ca980 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.3 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.8 +version: 3.6.9 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 466fc7c3..ad6d1b23 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -567,7 +567,7 @@ server: # - path: /* # pathType: Prefix # backend: - # service + # service: # name: ssl-redirect # port: # name: use-annotation @@ -604,7 +604,7 @@ server: # - path: /* # pathType: Prefix # backend: - # service + # service: # name: ssl-redirect # port: # name: use-annotation From 0180e943ff1a9b676893eeac40d306a71c8e2967 Mon Sep 17 00:00:00 2001 From: Alex Sears Date: Fri, 25 Jun 2021 02:15:43 -0400 Subject: [PATCH 12/32] chore(argo-workflows): update workflows version to most 3.0.7 (#811) * chore(argo-workflows): update workflows version to most 3.0.7 Signed-off-by: Alex Sears * chore(argo-worflows): update controller liveness probe Signed-off-by: Alex Sears * chore(argo-workflows): templatize controller liveness probe Signed-off-by: Alex Sears Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 4 ++-- .../controller/workflow-controller-deployment.yaml | 8 ++------ charts/argo-workflows/values.yaml | 9 +++++++++ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index fb23a3a8..f3dd5219 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.5 -appVersion: "v3.0.2" +version: 0.2.6 +appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 9f80ea7f..e085b899 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -77,12 +77,8 @@ spec: ports: - name: metrics containerPort: {{ .Values.controller.metricsConfig.port }} - livenessProbe: - httpGet: - port: metrics - path: {{ .Values.controller.metricsConfig.path }} - initialDelaySeconds: 30 - periodSeconds: 30 + - containerPort: 6060 + livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index c6af6902..864c9931 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -132,6 +132,15 @@ controller: # service type `LoadBalancer` loadBalancerSourceRanges: [] resources: {} + livenessProbe: + httpGet: + port: 6060 + path: /healthz + # Require three failures to tolerate transient errors. + failureThreshold: 3 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 ## Extra environment variables to provide to the controller container ## extraEnv: From f17cc62250bd5e049e86aeb3c1308e3b635da355 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20=C3=81ngel=20Cabrera=20Mi=C3=B1agorri?= Date: Sat, 26 Jun 2021 17:04:59 +0200 Subject: [PATCH 13/32] fix(argo-cd): Typo in repo server service monitor (#815) --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac5ca980..63d5fbd1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.3 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.9 +version: 3.6.10 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 05b38acc..027cdb5f 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -17,7 +17,7 @@ metadata: spec: endpoints: - port: metrics - {{- with .Values.controller.metrics.serviceMonitor.interval }} + {{- with .Values.repoServer.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} path: /metrics From 34e606f012ee81034037ce321dbba989c9c06b16 Mon Sep 17 00:00:00 2001 From: Marko Bevc Date: Mon, 28 Jun 2021 11:32:54 +0100 Subject: [PATCH 14/32] chore: Fix CODEOWNERS syntax (#817) Signed-off-by: Marko Bevc --- CODEOWNERS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index 016e7842..012ac7f7 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -7,13 +7,13 @@ /charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler # Argo CD -/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1 +/charts/argo-cd/ @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1 # Argo Events -/charts/argo-events @jbehling @VaibhavPage @oliverbaehler +/charts/argo-events/ @jbehling @VaibhavPage @oliverbaehler # Argo Rollouts -/charts/argo-rollouts @oliverbaehler +/charts/argo-rollouts/ @oliverbaehler # Argo CD Notifications -/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler @mbevc1 +/charts/argocd-notifications/ @alexmt @andyfeller @oliverbaehler @mbevc1 From 7f16fc4213a45bf2df1cb8366ba397a97fe920c5 Mon Sep 17 00:00:00 2001 From: Marko Bevc Date: Tue, 29 Jun 2021 09:48:48 +0100 Subject: [PATCH 15/32] feat(argo-cd): Bump default version to v2.0.4 (#816) * feat(argo-cd): Bump default version to v2.0.4 Signed-off-by: Marko Bevc * Update README Signed-off-by: Marko Bevc * Bump Chart version Signed-off-by: Marko Bevc --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 63d5fbd1..9062f659 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.0.3 +appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.10 +version: 3.6.11 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f17addb7..b8159f89 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -104,7 +104,7 @@ NAME: my-release |-----|------|---------| | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` | +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.0.4"` | | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ad6d1b23..ac96ad11 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -8,7 +8,7 @@ kubeVersionOverride: "" global: image: repository: quay.io/argoproj/argocd - tag: v2.0.3 + tag: v2.0.4 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 From 8a39a9d1ba1c067068e8062804c8a4c0a9ee509f Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 5 Jul 2021 11:35:51 +0200 Subject: [PATCH 16/32] chore(chart-testing-action): Update components (#823) Signed-off-by: Marco Kilchhofer --- .github/workflows/lint-and-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 1056a239..2de22a8b 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -21,7 +21,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.0.1 + uses: helm/chart-testing-action@v2.1.0 - name: List changed charts id: list-changed @@ -37,7 +37,7 @@ jobs: run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml - name: Create kind cluster - uses: helm/kind-action@v1.1.0 + uses: helm/kind-action@v1.2.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From d860a04452bb09e1ebfea4388b79e22bb4f0b672 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 5 Jul 2021 11:41:55 +0200 Subject: [PATCH 17/32] feat(argo-cd): Add ability to manage gpgKeys (#797) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 2 ++ .../argocd-configs/argocd-gpg-keys-cm.yaml | 16 ++++++++++++++ .../argocd-repo-server/deployment.yaml | 9 ++++++-- .../templates/argocd-server/deployment.yaml | 4 ++++ charts/argo-cd/values.yaml | 21 +++++++++++++++++++ 6 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9062f659..61179742 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.11 +version: 3.7.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b8159f89..c0322bad 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -112,6 +112,8 @@ NAME: my-release | nameOverride | Provide a name in place of `argocd` | `"argocd"` | | fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | +| configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` | +| configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | | configs.secret.annotations | Annotations for argocd-secret | `{}` | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml new file mode 100644 index 00000000..e96ef9aa --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + {{- if .Values.configs.gpgKeysAnnotations }} + annotations: + {{- range $key, $value := .Values.configs.gpgKeysAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} + name: argocd-gpg-keys-cm +{{- with .Values.configs.gpgKeys }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index bd924d4b..30082b2d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -72,8 +72,10 @@ spec: {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} -{{- toYaml .Values.repoServer.volumeMounts | nindent 8}} + {{- toYaml .Values.repoServer.volumeMounts | nindent 8 }} {{- end }} + - mountPath: /app/config/gpg/source + name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring {{- if .Values.configs.knownHosts }} @@ -134,8 +136,11 @@ spec: {{- end }} volumes: {{- if .Values.repoServer.volumes }} -{{- toYaml .Values.repoServer.volumes | nindent 6}} + {{- toYaml .Values.repoServer.volumes | nindent 6 }} {{- end }} + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm - emptyDir: {} name: gpg-keyring {{- if .Values.configs.knownHosts }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 44b89c0e..68c98845 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -90,6 +90,8 @@ spec: subPath: "custom.styles.css" name: custom-styles {{- end }} + - mountPath: /tmp + name: tmp-dir ports: - name: {{ .Values.server.name }} containerPort: {{ .Values.server.containerPort }} @@ -149,6 +151,8 @@ spec: {{- end }} - emptyDir: {} name: static-files + - emptyDir: {} + name: tmp-dir {{- if .Values.configs.styles }} - configMap: name: argocd-custom-styles diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ac96ad11..9f81bbe4 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -977,6 +977,27 @@ configs: # insecure: false # caData: "" + gpgKeysAnnotations: {} + gpgKeys: {} + # 4AEE18F83AFDEB23: | + # -----BEGIN PGP PUBLIC KEY BLOCK----- + # + # mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta + # x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT + # SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ + # 7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa + # buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v + # yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs + # b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW + # BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf + # DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6 + # 9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws + # +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5 + # 4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O + # j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48= + # =Bvzs + # -----END PGP PUBLIC KEY BLOCK----- + knownHostsAnnotations: {} knownHosts: data: From b78109c4f3d5990e1805cf61a32a2571264c9697 Mon Sep 17 00:00:00 2001 From: Mouhsen Ibrahim <78358035+mouhsen-ibrahim@users.noreply.github.com> Date: Mon, 5 Jul 2021 11:52:59 +0200 Subject: [PATCH 18/32] feat(argo-cd): Add pathType value to ingress (#822) Modern GKE versions only accept ImplementationSpecific as pathType for the ingress resource, so here we added a new value for the pathType which can be used to set pathType on demand, the default value is still Prefix for backward compatability Signed-off-by: Mouhsen Ibrahim --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 5 +++-- charts/argo-cd/templates/argocd-server/ingress.yaml | 5 +++-- charts/argo-cd/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 61179742..77b0fc3d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.7.0 +version: 3.7.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 1f5fc4ea..1fb89979 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -3,6 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} {{- $paths := .Values.server.ingressGrpc.paths -}} {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} +{{- $pathType := .Values.server.ingressGrpc.pathType -}} apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: @@ -36,7 +37,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} @@ -63,7 +64,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 1bd2c53c..aa7d49dc 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -3,6 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} {{- $paths := .Values.server.ingress.paths -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} +{{- $pathType := .Values.server.ingress.pathType -}} apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: @@ -36,7 +37,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} @@ -63,7 +64,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 9f81bbe4..087a091d 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -557,6 +557,7 @@ server: # - argocd.example.com paths: - / + pathType: Prefix extraPaths: [] # - path: /* @@ -594,6 +595,7 @@ server: # - argocd.example.com paths: - / + pathType: Prefix extraPaths: [] # - path: /* From a807d24c3b5c313c5e6adaad5c629fbdc6538fc7 Mon Sep 17 00:00:00 2001 From: Aditya Menon Date: Wed, 7 Jul 2021 17:17:35 +0200 Subject: [PATCH 19/32] fix(argo-rollouts): Add ConfigMap read access to support notification-engine (#812) * Add configmap read access Signed-off-by: Aditya Menon * Retrigger CI pipeline Signed-off-by: Aditya Menon * Match upstream manifest definition Follow the same pattern on argo-rollouts repo Signed-off-by: Aditya Menon --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml | 2 ++ charts/argo-rollouts/templates/argo-rollouts-role.yaml | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index d053ac6e..f058d566 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "v1.0.1" +appVersion: "v1.0.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 1.0.1 +version: 1.0.2 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml index 5872d59d..fdd0f2b0 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml @@ -77,10 +77,12 @@ rules: - watch - patch # secret read access to run analysis templates which reference secrets +# configmap access to read notification-engine configuration - apiGroups: - "" resources: - secrets + - configmaps verbs: - get - list diff --git a/charts/argo-rollouts/templates/argo-rollouts-role.yaml b/charts/argo-rollouts/templates/argo-rollouts-role.yaml index a981d95d..23794c34 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-role.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-role.yaml @@ -67,10 +67,12 @@ rules: - watch - patch # secret read access to run analysis templates which reference secrets +# configmap access to read notification-engine configuration - apiGroups: - "" resources: - secrets + - configmaps verbs: - get - list From a70d156217f701350920abbf639b953c5c5d66c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 9 Jul 2021 13:08:43 +0200 Subject: [PATCH 20/32] feat!: Improve Pull Request Template & Contributing Guidelines (#750) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: improve documentation and require changelog Signed-off-by: Oliver Bähler * Bump Versions Signed-off-by: Oliver Bähler * Bump argo-rollouts Signed-off-by: Marco Kilchhofer * Apply suggestions from code review Signed-off-by: Marco Kilchhofer * Reword Artifacthub -> Artifact Hub Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- .github/pull_request_template.md | 4 +- CONTRIBUTING.md | 50 ++++++++++++++++++++++++- README.md | 5 +++ charts/argo-cd/Chart.yaml | 2 +- charts/argo-events/Chart.yaml | 5 ++- charts/argo-rollouts/Chart.yaml | 5 ++- charts/argo-workflows/Chart.yaml | 5 ++- charts/argocd-applicationset/Chart.yaml | 5 ++- charts/argocd-notifications/Chart.yaml | 5 ++- 9 files changed, 77 insertions(+), 9 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 67fe55f4..f614c199 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -4,9 +4,9 @@ If the DCO action in the integration test fails, one or more of your commits are Checklist: -* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning. +* [ ] I have bumped the chart version according to [versioning](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#versioning) +* [ ] I have updated the chart changelog with all the changes that come with this pull request according to [changelog](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#changelog). * [ ] Any new values are backwards compatible and/or have sensible default. -* [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md). * [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo). * [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a4ad43dd..070b0981 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,6 +2,54 @@ Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently. + +# Pull Requests + +All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project. + +## Versioning + +Each chart's version follows the [semver standard](https://semver.org/). New charts should start at version `1.0.0`, if it's considered stable. If it's not considered stable, it must be released as [prerelease](#prerelease). + +Any breaking changes to a chart (backwards incompatible) require: + + * Bump of the current Major version of the chart + * State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` ([See Upgrade](#upgrades)) + +### Immutability + +Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error. + + +### Artifact Hub Annotations + +Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub. + + * [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/) + +#### Changelog + +We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release. + +Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). For every new release the entire `artifacthub.io/changes` needs to be rewritten. Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template: + +``` +name: argo-cd +version: 3.4.1 +... +annotations: + artifacthub.io/changes: | + - "[Added]: Something New was added" + - "[Changed]: Changed Something within this chart" + - "[Changed]: Changed Something else within this chart" + - "[Deprecated]: Something deprecated" + - "[Removed]: Something was removed" + - "[Fixed]: Something was fixed" + - "[Security]": Some Security Patch was included" +``` + +# Testing + ## Testing Argo Workflows Changes Minimally: @@ -96,4 +144,4 @@ The linting can be invoked manually with the following command: ## Publishing Changes -Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`). \ No newline at end of file +Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`). diff --git a/README.md b/README.md index 2db0e70a..6e1aaf2c 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # Argo Helm Charts +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command: @@ -7,3 +8,7 @@ Argo Helm is a collection of **community maintained** charts for http://argoproj ``` helm repo add argo https://argoproj.github.io/argo-helm ``` + +## Contributing + +We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details. \ No newline at end of file diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 77b0fc3d..9ea33e54 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.7.1 +version: 3.7.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 2df3b1c7..835705bf 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.6.2 +version: 1.6.4 keywords: - argo-events - sensor-controller @@ -15,3 +15,6 @@ maintainers: appVersion: 1.3.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm +annotations: + artifacthub.io/changes: | + - "[Added]: Initialize Changelog" diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index f058d566..6f904714 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,10 +2,13 @@ apiVersion: v2 appVersion: "v1.0.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 1.0.2 +version: 1.0.3 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: - name: alexmt - name: dthomson25 - name: jessesuen +annotations: + artifacthub.io/changes: | + - "[Added]: Initialize Changelog" diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f3dd5219..d966c9f8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.6 +version: 0.2.7 appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm @@ -13,3 +13,6 @@ maintainers: - name: alexmt - name: jessesuen - name: benjaminws +annotations: + artifacthub.io/changes: | + - "[Added]: Initialize Changelog" diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index 2596addb..2facbad1 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.6 +version: 0.1.7 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png @@ -12,3 +12,6 @@ keywords: - gitops maintainers: - name: maruina +annotations: + artifacthub.io/changes: | + - "[Added]: Initialize Changelog" diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index cf33a5d9..81fc8e5c 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.4.0 +version: 1.4.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: @@ -13,3 +13,6 @@ keywords: maintainers: - name: alexmt - name: andyfeller +annotations: + artifacthub.io/changes: | + - "[Added]: Initialize Changelog" From 783cb3e0290b1f8b5934f1dfb212dd1fbe16df02 Mon Sep 17 00:00:00 2001 From: Atze de Vries Date: Fri, 9 Jul 2021 14:34:09 +0200 Subject: [PATCH 21/32] feat(argo-cd): Add ability to override API versions (#760) * feat: Add ability to override api versions for argocd Signed-off-by: Atze de Vries * fix linting Signed-off-by: Atze de Vries * reimplement a bit and update chart version Signed-off-by: Atze de Vries * update to new minor Signed-off-by: Atze de Vries * fix spaces in comments Signed-off-by: Atze de Vries * Updated flow control and add documentation on apiVersionOverrides Signed-off-by: Atze de Vries * Add changelog annotation Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 5 ++++- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/_helpers.tpl | 4 +++- charts/argo-cd/templates/argocd-server/certificate.yaml | 4 +++- charts/argo-cd/values.yaml | 7 +++++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9ea33e54..6be2a125 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.7.2 +version: 3.8.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: @@ -19,3 +19,6 @@ dependencies: version: 4.12.14 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled +annotations: + artifacthub.io/changes: | + - "[Added]: Ability to override API versions" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c0322bad..219e76ab 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -111,6 +111,8 @@ NAME: my-release | kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | | fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | +| apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` | +| apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` | | configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 65081951..177d1db8 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -144,7 +144,9 @@ app.kubernetes.io/component: {{ .component }} Return the appropriate apiVersion for ingress */}} {{- define "argo-cd.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} +{{- if .Values.apiVersionOverrides.ingress -}} +{{- print .Values.apiVersionOverrides.ingress -}} +{{- else if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} {{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 753dc8bc..64241bfe 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -1,5 +1,7 @@ {{- if .Values.server.certificate.enabled -}} -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} +{{- if .Values.apiVersionOverrides.certmanager -}} +apiVersion: {{ .Values.apiVersionOverrides.certmanager }} +{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} apiVersion: cert-manager.io/v1 {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }} apiVersion: cert-manager.io/v1alpha3 diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 087a091d..6edc3e29 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -20,6 +20,13 @@ global: # hostnames: # - git.myhostname +# Override APIVersions +# If you want to template helm charts but cannot access k8s API server +# you can set api versions here +apiVersionOverrides: + certmanager: "" # cert-manager.io/v1 + ingress: "" # networking.k8s.io/v1beta1 + ## Controller controller: name: application-controller From 1416d5e082b97878ab9c8cbe99e299669ee747d9 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 12 Jul 2021 12:54:17 +0200 Subject: [PATCH 22/32] fix(argocd-applicationset): Cleanup old CRD installation method (#827) Signed-off-by: Marco Kilchhofer --- charts/argocd-applicationset/.helmignore | 1 + charts/argocd-applicationset/Chart.yaml | 8 ++++--- charts/argocd-applicationset/README.md | 23 +++++++++++++++---- .../ci/default-values.yaml | 2 -- .../ci/leader-election-values.yaml | 2 -- .../argocd-applicationset/templates/crds.yaml | 6 ----- charts/argocd-applicationset/values.yaml | 2 -- 7 files changed, 24 insertions(+), 20 deletions(-) delete mode 100644 charts/argocd-applicationset/templates/crds.yaml diff --git a/charts/argocd-applicationset/.helmignore b/charts/argocd-applicationset/.helmignore index 0e8a0eb3..5bdaa3eb 100644 --- a/charts/argocd-applicationset/.helmignore +++ b/charts/argocd-applicationset/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +ci/ diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index 2facbad1..b91b1441 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,10 +2,10 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.7 +version: 1.0.0 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png +icon: https://argocd-applicationset.readthedocs.io/en/stable/assets/logo.png keywords: - argoproj - appset @@ -14,4 +14,6 @@ maintainers: - name: maruina annotations: artifacthub.io/changes: | - - "[Added]: Initialize Changelog" + - "[Removed]: CRD installation via templates folder. CRDs are now only handled via the '/crds' folder in the same way like the ArgoCD chart." + - "[Removed]: Exclude '/ci' folder from being packaged into the final chart archive." + - "[Changed]: Fix icon url" diff --git a/charts/argocd-applicationset/README.md b/charts/argocd-applicationset/README.md index b200d9cf..0b59414b 100644 --- a/charts/argocd-applicationset/README.md +++ b/charts/argocd-applicationset/README.md @@ -10,6 +10,11 @@ This is a **community maintained** chart. This chart installs the [applicationse This chart currently installs the non-HA version of Argo CD ApplicationSet. +## Prerequisites + +- Helm v3.0.0+ +- The ApplicationSet controller **must** be installed into the same namespace as the Argo CD it is targetting. + ## Installing the Chart To install the chart with the release name `my-release`: @@ -23,10 +28,6 @@ NAME: my-release ... ``` -### Helm v3 Compatibility - -Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. - ### Testing Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing). @@ -38,6 +39,19 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/st ct install --namespace argocd ``` +## Notes on CRD Installation + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. + +You then can install the CRDs manually from `crds` folder or via the manifests from the upstream project repo: + +```console +kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref= + +# Eg. version v0.1.0 +kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref=v0.1.0 +``` + ## Values | Key | Type | Default | Description | @@ -56,7 +70,6 @@ ct install --namespace argocd | image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. | -| installCRDs | bool | `true` | Install Custom Resource Definition | | mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume | | mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume | | mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume | diff --git a/charts/argocd-applicationset/ci/default-values.yaml b/charts/argocd-applicationset/ci/default-values.yaml index eb1b7aae..233dd8e2 100644 --- a/charts/argocd-applicationset/ci/default-values.yaml +++ b/charts/argocd-applicationset/ci/default-values.yaml @@ -4,8 +4,6 @@ replicaCount: 1 -installCRDs: false # this needs to be false with ct - image: # The image repository repository: quay.io/argocdapplicationset/argocd-applicationset diff --git a/charts/argocd-applicationset/ci/leader-election-values.yaml b/charts/argocd-applicationset/ci/leader-election-values.yaml index e7201ac1..39ec3078 100644 --- a/charts/argocd-applicationset/ci/leader-election-values.yaml +++ b/charts/argocd-applicationset/ci/leader-election-values.yaml @@ -2,5 +2,3 @@ args: enableLeaderElection: true replicaCount: 3 - -installCRDs: false diff --git a/charts/argocd-applicationset/templates/crds.yaml b/charts/argocd-applicationset/templates/crds.yaml deleted file mode 100644 index 45ab72d4..00000000 --- a/charts/argocd-applicationset/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/argocd-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml index 1be0c0ff..ac4b3bd9 100644 --- a/charts/argocd-applicationset/values.yaml +++ b/charts/argocd-applicationset/values.yaml @@ -4,8 +4,6 @@ replicaCount: 1 -installCRDs: true - image: # The image repository repository: quay.io/argocdapplicationset/argocd-applicationset From 62699ffc827757b5ed5842c593e9e4bd19120226 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 12 Jul 2021 13:06:50 +0200 Subject: [PATCH 23/32] fix(argo-cd): Add ServiceAccount for redis (#828) * Add ability to create ServiceAccount for redis Signed-off-by: Marco Kilchhofer * Use correct default for ServiceAccounts in _helpers.tpl Signed-off-by: Marco Kilchhofer * Bump version and update changelog Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 19 +++++++++++++++---- .../argo-cd/templates/redis/deployment.yaml | 3 ++- .../templates/redis/serviceaccount.yaml | 15 +++++++++++++++ charts/argo-cd/values.yaml | 8 ++++++++ 5 files changed, 42 insertions(+), 7 deletions(-) create mode 100644 charts/argo-cd/templates/redis/serviceaccount.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6be2a125..3a503aca 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.8.0 +version: 3.8.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Ability to override API versions" + - "[Fixed]: Cannot create a service account for redis" diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 177d1db8..c5d2adab 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -71,7 +71,7 @@ Create the name of the controller service account to use */}} {{- define "argo-cd.controllerServiceAccountName" -}} {{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }} + {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} {{- else -}} {{ default "default" .Values.controller.serviceAccount.name }} {{- end -}} @@ -82,18 +82,29 @@ Create the name of the dex service account to use */}} {{- define "argo-cd.dexServiceAccountName" -}} {{- if .Values.dex.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }} + {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} {{- else -}} {{ default "default" .Values.dex.serviceAccount.name }} {{- end -}} {{- end -}} +{{/* +Create the name of the redis service account to use +*/}} +{{- define "argo-cd.redisServiceAccountName" -}} +{{- if .Values.redis.serviceAccount.create -}} + {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redis.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create the name of the ArgoCD server service account to use */}} {{- define "argo-cd.serverServiceAccountName" -}} {{- if .Values.server.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }} + {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} {{- else -}} {{ default "default" .Values.server.serviceAccount.name }} {{- end -}} @@ -104,7 +115,7 @@ Create the name of the repo-server service account to use */}} {{- define "argo-cd.repoServerServiceAccountName" -}} {{- if .Values.repoServer.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} + {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} {{- else -}} {{ default "default" .Values.repoServer.serviceAccount.name }} {{- end -}} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index a6f0c46a..05500337 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -30,7 +30,8 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - automountServiceAccountToken: false + automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} + serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }} {{- if .Values.redis.securityContext }} securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml new file mode 100644 index 00000000..ae67d3b2 --- /dev/null +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "argo-cd.redisServiceAccountName" . }} +{{- if .Values.redis.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.redis.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6edc3e29..3ecfd228 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -365,6 +365,14 @@ redis: fsGroup: 1000 runAsNonRoot: true + serviceAccount: + create: false + name: "" + ## Annotations applied to created service account + annotations: {} + ## Automount API credentials for the Service Account + automountServiceAccountToken: false + resources: {} # limits: # cpu: 200m From 9c69a87f6719446cde3e1f6cec10c8bd6f4c61a3 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Tue, 13 Jul 2021 08:25:41 +0200 Subject: [PATCH 24/32] docs(argo-cd): Upgrading notes for ServiceAccount change in 3.8.1 (#830) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3a503aca..ea3fbc45 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.8.1 +version: 3.8.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: Cannot create a service account for redis" + - "[Changed]: Add important upgrading notes to README concerning potential ServiceAccount renamings introduced in chart version 3.8.1+." diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 219e76ab..1c12a617 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -34,6 +34,34 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop ## Upgrading +### 3.8.1 + +This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization: + +```yaml +# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name) +repoServer: + serviceAccount: + create: true + +# Case 2) +controller: + serviceAccount: + name: "" # or + +# Case 3) +dex: + serviceAccount: + name: "" # or + +# Case 4) +server: + serviceAccount: + name: "" # or +``` + +Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE) + ### 3.2.* With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). From 922799081d6037d71971baf3fecf3519c35326e9 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Tue, 13 Jul 2021 08:35:25 +0200 Subject: [PATCH 25/32] feat(argo-cd): Add ability to create network policies (#800) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 7 +++-- charts/argo-cd/README.md | 2 ++ .../networkpolicy.yaml | 19 ++++++++++++ .../argocd-repo-server/networkpolicy.yaml | 31 +++++++++++++++++++ .../argocd-server/networkpolicy.yaml | 16 ++++++++++ .../argo-cd/templates/dex/networkpolicy.yaml | 31 +++++++++++++++++++ .../templates/networkpolicy-default-deny.yaml | 12 +++++++ .../argo-cd/templates/redis/deployment.yaml | 2 +- .../templates/redis/networkpolicy.yaml | 29 +++++++++++++++++ charts/argo-cd/values.yaml | 4 +++ 10 files changed, 149 insertions(+), 4 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/argocd-server/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/dex/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/networkpolicy-default-deny.yaml create mode 100644 charts/argo-cd/templates/redis/networkpolicy.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ea3fbc45..60ff890e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.8.2 +version: 3.9.0 home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png +icon: https://argoproj.github.io/argo-cd/assets/logo.png keywords: - argoproj - argocd @@ -21,4 +21,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Add important upgrading notes to README concerning potential ServiceAccount renamings introduced in chart version 3.8.1+." + - "[Added]: Ability to create network policies" + - "[Changed]: Fix icon url" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 1c12a617..bb929e93 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -136,6 +136,8 @@ NAME: my-release | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | +| global.networkPolicy.create | Create NetworkPolicy objects for all components | `false` | +| global.networkPolicy.defaultDenyIngress | Default deny all ingress traffic | `false` | | kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | | fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml new file mode 100644 index 00000000..9116fbcf --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + name: {{ template "argo-cd.controller.fullname" . }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: controller + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml new file mode 100644 index 00000000..0d9274ed --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -0,0 +1,31 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + name: {{ template "argo-cd.repoServer.fullname" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + ports: + - port: repo-server + protocol: TCP + {{- if .Values.repoServer.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml new file mode 100644 index 00000000..8300d696 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -0,0 +1,16 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }} +spec: + ingress: + - {} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml new file mode 100644 index 00000000..e79a2e3e --- /dev/null +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.global.networkPolicy.create .Values.dex.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + name: {{ template "argo-cd.dex.fullname" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + ports: + - port: http + protocol: TCP + - port: grpc + protocol: TCP + {{- if .Values.dex.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + protocol: TCP + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml new file mode 100644 index 00000000..3d47a397 --- /dev/null +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.global.networkPolicy.create .Values.global.networkPolicy.defaultDenyIngress }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} + name: {{ template "argo-cd.fullname" . }}-default-deny +spec: + podSelector: {} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 05500337..5b5879a3 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -59,8 +59,8 @@ spec: {{- end }} ports: - containerPort: {{ .Values.redis.containerPort }} + name: redis {{- if .Values.redis.volumeMounts }} - volumeMounts: {{- toYaml .Values.redis.volumeMounts | nindent 10 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml new file mode 100644 index 00000000..881e257c --- /dev/null +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -0,0 +1,29 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.global.networkPolicy.create .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + name: {{ template "argo-cd.redis.fullname" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + ports: + - port: redis + protocol: TCP + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 3ecfd228..452aba69 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -20,6 +20,10 @@ global: # hostnames: # - git.myhostname + networkPolicy: + create: false + defaultDenyIngress: false + # Override APIVersions # If you want to template helm charts but cannot access k8s API server # you can set api versions here From 1e3a4afd0583a4c35dba2b8783f9fded82667dfc Mon Sep 17 00:00:00 2001 From: Thomas O'Neill Date: Tue, 20 Jul 2021 07:40:54 -0400 Subject: [PATCH 26/32] feat(argo-cd): Support AWS ALB Ingress with gRPC (#806) * Support AWS ALB Ingress with GRPC Signed-off-by: Thomas O'Neill Signed-off-by: Thomas O'Neill * Bump chart version Signed-off-by: Marco Kilchhofer * Apply suggestions from code review Signed-off-by: Marco Kilchhofer * Use single if statement Signed-off-by: Thomas O'Neill * Append -grpc to the service labels for ALB GRPC service Signed-off-by: Thomas O'Neill Co-authored-by: Thomas O'Neill Co-authored-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 5 ++-- charts/argo-cd/README.md | 21 ++++++++++++++++ .../argocd-server/alb-grpc-service.yaml | 24 +++++++++++++++++++ .../templates/argocd-server/ingress-grpc.yaml | 2 +- .../templates/argocd-server/ingress.yaml | 24 +++++++++++++++++++ charts/argo-cd/values.yaml | 1 + 6 files changed, 73 insertions(+), 4 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 60ff890e..71320643 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.9.0 +version: 3.10.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-cd/assets/logo.png keywords: @@ -21,5 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Ability to create network policies" - - "[Changed]: Fix icon url" + - "[Added]: Support AWS ALB Ingress with gRPC" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bb929e93..05623c59 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -305,6 +305,7 @@ NAME: my-release | server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` | | server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` | | server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` | +| server.ingressGrpc.isAWSALB | Setup up GRPC ingress to work with an AWS ALB | `false` | | server.route.enabled | Enable a OpenShift route for the server | `false` | | server.route.hostname | Hostname of OpenShift route | `""` | | server.lifecycle | PostStart and PreStop hooks configuration | `{}` | @@ -429,3 +430,23 @@ through `xxx.extraArgs` | redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` | [gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ + + +### Using AWS ALB Ingress Controller With GRPC +If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. + +Example: +```yaml +server: + ingress: + enabled: true + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + ingressGrpc: + enabled: true + isAWSALB: true + +``` \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml b/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml new file mode 100644 index 00000000..018bca3e --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + alb.ingress.kubernetes.io/backend-protocol-version: HTTP2 #This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features + labels: + {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }}-grpc +spec: + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: ClusterIP +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 1fb89979..6a90445e 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,4 +1,4 @@ -{{- if .Values.server.ingressGrpc.enabled -}} +{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} {{- $serviceName := include "argo-cd.server.fullname" . -}} {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} {{- $paths := .Values.server.ingressGrpc.paths -}} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index aa7d49dc..576b94df 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -12,6 +12,10 @@ metadata: {{- range $key, $value := .Values.server.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} + alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} labels: @@ -35,6 +39,26 @@ spec: {{- toYaml $extraPaths | nindent 10 }} {{- end }} {{- range $p := $paths }} + {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} + - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} + backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ template "argo-cd.server.fullname" $ }}-grpc + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ template "argo-cd.server.fullname" $ }}-grpc + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} pathType: {{ $pathType }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 452aba69..b4d5a954 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -601,6 +601,7 @@ server: # https://argoproj.github.io/argo-cd/operator-manual/ingress/ ingressGrpc: enabled: false + isAWSALB: false annotations: {} labels: {} ingressClassName: "" From 186fe34b872813cf290209fb093ba7b211c64173 Mon Sep 17 00:00:00 2001 From: Jakub Bielawski <60479855+kobejn-jb@users.noreply.github.com> Date: Tue, 20 Jul 2021 20:10:29 +0200 Subject: [PATCH 27/32] Fix controller Role/ClusterRole to work with InstanceID (#833) Bumped Chart version Add indednt in controller ConfigMap flow control Signed-off-by: Jakub Bielawski --- charts/argo-workflows/Chart.yaml | 4 ++-- .../controller/workflow-controller-cluster-roles.yaml | 10 ++++++++++ .../controller/workflow-controller-config-map.yaml | 6 +++--- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index d966c9f8..736b131d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.7 +version: 0.2.8 appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm @@ -15,4 +15,4 @@ maintainers: - name: benjaminws annotations: artifacthub.io/changes: | - - "[Added]: Initialize Changelog" + - "[Fixed]: Controller Role/ClusterRole to work with InstanceID" diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 34340d14..72e97f45 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -121,8 +121,18 @@ rules: resources: - leases resourceNames: + {{- if .Values.controller.instanceID.enabled }} + {{- if .Values.controller.instanceID.useReleaseName }} + - workflow-controller-{{ .Release.Name }} + - workflow-controller-lease-{{ .Release.Name }} + {{- else }} + - workflow-controller-{{ .Values.controller.instanceID.explicitID }} + - workflow-controller-lease-{{ .Values.controller.instanceID.explicitID }} + {{- end }} + {{- else }} - workflow-controller - workflow-controller-lease + {{- end }} verbs: - get - watch diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index afddb194..dd2af42e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -7,11 +7,11 @@ metadata: data: config: | {{- if .Values.controller.instanceID.enabled }} - {{- if .Values.controller.instanceID.useReleaseName }} + {{- if .Values.controller.instanceID.useReleaseName }} instanceID: {{ .Release.Name }} - {{- else }} + {{- else }} instanceID: {{ .Values.controller.instanceID.explicitID }} - {{- end }} + {{- end }} {{- end }} containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} {{- if .Values.controller.parallelism }} From 37277315ce669a12e9a5a66ce03ab2a6e08eb184 Mon Sep 17 00:00:00 2001 From: Rein van 't Veer Date: Tue, 20 Jul 2021 20:18:26 +0200 Subject: [PATCH 28/32] feat(argo-workflows): Multiple workflow namespaces (#824) * allow workflow to be run in multiple namespaces, bump chart version Signed-off-by: reinvantveer * update helm install instructions Signed-off-by: reinvantveer * fix indents Signed-off-by: reinvantveer * add newlines Signed-off-by: reinvantveer * bump chart version Signed-off-by: reinvantveer * default to "argo" namespace for workflow service account Signed-off-by: reinvantveer * simplify setting service account, fix syntactical error in defaulting to "argo" namespace Signed-off-by: reinvantveer * Bump only the chart version, revert bumping the controller version: 3.0.8 does not exist yet as a workflow-controller image version Signed-off-by: reinvantveer * don't set a namespace if there isn't one provided Signed-off-by: reinvantveer * bump version Signed-off-by: reinvantveer * re-use controller.workflowNamespaces instead of introducing workflow.namespaces Signed-off-by: reinvantveer * re-use controller.workflowNamespaces instead of introducing workflow.namespaces Signed-off-by: reinvantveer * re-use controller.workflowNamespaces instead of introducing workflow.namespaces Signed-off-by: reinvantveer * re-use controller.workflowNamespaces instead of introducing workflow.namespaces, add additional inline comments on rbac.create effect Signed-off-by: reinvantveer * compress namespaces from controller.workflowNamespaces and workflow.namespace into single loop iteration Signed-off-by: reinvantveer * compress namespaces from controller.workflowNamespaces and workflow.namespace into single loop iteration Signed-off-by: reinvantveer * compress namespaces from controller.workflowNamespaces and workflow.namespace into single loop iteration Signed-off-by: reinvantveer * dro now-redundant branch for controller.workflowNamespaces Signed-off-by: reinvantveer * use template helper "argo-workflows.fullname" instead of release name in order to be able to override the service account name Signed-off-by: reinvantveer * add missing "template" keyword Signed-off-by: reinvantveer * drop redundant $namespace assignment that was already moved inside the "range" function Signed-off-by: reinvantveer * replace "define" templates with simple values now that controller.workflowNamespaces and workflow.namespace are unified into a single "range" iteration Signed-off-by: reinvantveer * drop redundant $namespace assignment that was already moved inside the "range" function Signed-off-by: reinvantveer * inline "define" templates with simple values now that controller.workflowNamespaces and workflow.namespace are unified into a single "range" iteration Signed-off-by: reinvantveer * inline "define" templates with simple values now that controller.workflowNamespaces and workflow.namespace are unified into a single "range" iteration Signed-off-by: reinvantveer * add missing "$" to denote target for templating the workflows fullname helper Signed-off-by: reinvantveer * restore `with` blocks for service account name and service account annotations Signed-off-by: reinvantveer * drop validations: considering cases of `workflowNamespaces`, `namespace` and `singleNamespace` Signed-off-by: reinvantveer * include case for single namespaces with default ("") namespace, otherwise (ternary) combine the workflow namespace and workflowNamespaces from the controller settings into a list to iterate over Signed-off-by: reinvantveer * wrap namespace configuration in `with` block to prevent setting it to "" Signed-off-by: reinvantveer * fix append vs. concat bug: append workflowNamespace to (possibly 0-lenght) list of controller.workflowNamespaces Signed-off-by: reinvantveer * fix namespace range with additional check for either single namespace being false, or append to the workflow namespaces: the first non-null (coalesce) from the workflow namespace or the namespace Argo is being deployed to. Signed-off-by: reinvantveer * add changelog entries Signed-off-by: reinvantveer * unwrap (inline) with-block for service account name Signed-off-by: reinvantveer Co-authored-by: Vlad Losev --- CONTRIBUTING.md | 2 +- charts/argo-workflows/Chart.yaml | 6 ++- .../templates/controller/workflow-rb.yaml | 19 ++++----- .../templates/controller/workflow-role.yaml | 40 ++++++++++--------- .../templates/controller/workflow-sa.yaml | 13 +++--- charts/argo-workflows/values.yaml | 8 +++- 6 files changed, 51 insertions(+), 37 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 070b0981..3d6e1782 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -55,7 +55,7 @@ annotations: Minimally: ``` -helm install charts/argo -n argo +helm install charts/argo-workflows -n argo argo version ``` diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 736b131d..70b9bf10 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.8 +version: 0.2.9 appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm @@ -15,4 +15,6 @@ maintainers: - name: benjaminws annotations: artifacthub.io/changes: | - - "[Fixed]: Controller Role/ClusterRole to work with InstanceID" + - "[Changed]: Service accounts, roles and role bindings can now be auto-created for each workflow controller namespace" + - "[Fixed]: The contributer testing guidelines were updated to reflect the chart name change from 'argo' to + 'argo-workflows'" diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 9b27c045..004d40d0 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -1,19 +1,20 @@ {{- if .Values.workflow.rbac.create -}} + {{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-workflows.fullname" . }}-workflow - {{- with .Values.workflow.namespace }} - namespace: {{ . }} - {{- end }} + name: {{ template "argo-workflows.fullname" $ }}-workflow + namespace: {{ $namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-workflows.fullname" . }}-workflow + name: {{ template "argo-workflows.fullname" $ }}-workflow subjects: -- kind: ServiceAccount - name: {{ .Values.workflow.serviceAccount.name }} - {{- with .Values.workflow.namespace }} - namespace: {{ . }} + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index bf8b3cff..4ca10e8e 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -1,25 +1,29 @@ {{- if .Values.workflow.rbac.create -}} + {{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "argo-workflows.fullname" . }}-workflow - {{- with .Values.workflow.namespace }} + name: {{ template "argo-workflows.fullname" $ }}-workflow + {{- with $namespace }} namespace: {{ . }} - {{- end }} + {{- end }} rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch + {{- end }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index dc84f2b1..2ea64771 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -1,13 +1,16 @@ {{- if .Values.workflow.serviceAccount.create -}} + {{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} +--- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.workflow.serviceAccount.name }} - {{- with .Values.workflow.namespace }} + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} namespace: {{ . }} - {{- end }} - {{- with .Values.workflow.serviceAccount.annotations }} + {{- end }} + {{- with $.Values.workflow.serviceAccount.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 864c9931..ebd7fc92 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -29,13 +29,15 @@ kubeVersionOverride: "" singleNamespace: false workflow: - namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. + namespace: # Deprecated, for backwards compatibility: specify a single namespace to run workflows in serviceAccount: create: false # Specifies whether a service account should be created annotations: {} name: "argo-workflow" # Service account which is used to run workflows rbac: - create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows + # Adds Role and RoleBinding for the above specified service account to be able to run workflows + # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) + create: true controller: image: @@ -109,6 +111,8 @@ controller: # Annotations applied to created service account annotations: {} name: workflow-controller + # Specify all namespaces to run worksflows need to be able to run in. This controls where the service + # account and RBAC resources will be created. If unspecified, will run in the default namespace. workflowNamespaces: - default containerRuntimeExecutor: docker From e393ef1ba2017973fc52208abcc5243e52b2443d Mon Sep 17 00:00:00 2001 From: Zadkiel Date: Tue, 20 Jul 2021 20:24:41 +0200 Subject: [PATCH 29/32] fix(argo-workflows): remove old default init service account (#834) * fix(argo-workflows): remove old default init service account Signed-off-by: GitHub * fix(argo-workflows): remove init.serviceAccount from README Signed-off-by: GitHub * chore(argo-workflows): update changelog Signed-off-by: GitHub * chore(argo-workflows): bump chart to 0.2.8 Signed-off-by: GitHub Co-authored-by: Vlad Losev --- charts/argo-workflows/Chart.yaml | 6 ++---- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 5 ----- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 70b9bf10..a342b248 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.9 +version: 0.2.10 appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm @@ -15,6 +15,4 @@ maintainers: - name: benjaminws annotations: artifacthub.io/changes: | - - "[Changed]: Service accounts, roles and role bindings can now be auto-created for each workflow controller namespace" - - "[Fixed]: The contributer testing guidelines were updated to reflect the chart name change from 'argo' to - 'argo-workflows'" + - "[Fixed]: Removed init.serviceAccount unused fields" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 7e1c9dd7..e25a3840 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -10,7 +10,7 @@ This chart uses an install hook to configure the CRD definition. Installation of A few options are: -- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute +- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec - Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions ## Usage Notes diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index ebd7fc92..68f6f459 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -5,11 +5,6 @@ images: pullSecrets: [] # - name: argo-pull-secret -init: - # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is - # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. - serviceAccount: "" - createAggregateRoles: true ## String to partially override "argo-workflows.fullname" template From 4e739561c0e2e9807e297905313710f95790522a Mon Sep 17 00:00:00 2001 From: kostas-theo <43744618+kostas-theo@users.noreply.github.com> Date: Tue, 20 Jul 2021 23:51:02 +0200 Subject: [PATCH 30/32] fix: pod status pending issue (#837) Signed-off-by: kostas-theo Co-authored-by: Vlad Losev --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/crds/argoproj.io_workflows.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index a342b248..60d4305d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.10 +version: 0.2.11 appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm @@ -15,4 +15,4 @@ maintainers: - name: benjaminws annotations: artifacthub.io/changes: | - - "[Fixed]: Removed init.serviceAccount unused fields" + - "[Fixed]: Pods stuck in pending phase due to workflow update timeouts." diff --git a/charts/argo-workflows/crds/argoproj.io_workflows.yaml b/charts/argo-workflows/crds/argoproj.io_workflows.yaml index f3751e18..59d2fc3b 100644 --- a/charts/argo-workflows/crds/argoproj.io_workflows.yaml +++ b/charts/argo-workflows/crds/argoproj.io_workflows.yaml @@ -36,9 +36,11 @@ spec: spec: type: object x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic status: type: object x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic required: - metadata - spec From 3ca4a4eca08b7a35aa1e9ce9ad92dcb8cdf76fa3 Mon Sep 17 00:00:00 2001 From: Niels ten Boom Date: Wed, 21 Jul 2021 18:02:03 +0200 Subject: [PATCH 31/32] docs: Rename argocd references to argoworkflows in workflow chart (#842) * rename argocd to argoworkflows Signed-off-by: Niels ten Boom * bump patch version Signed-off-by: Niels ten Boom * bump patch version Signed-off-by: Niels ten Boom Co-authored-by: Vlad Losev --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 60d4305d..768d2266 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.11 +version: 0.2.12 appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm @@ -15,4 +15,4 @@ maintainers: - name: benjaminws annotations: artifacthub.io/changes: | - - "[Fixed]: Pods stuck in pending phase due to workflow update timeouts." + - "[Changed]: Argo workflows values file no longer has examples referencing ArgoCD" diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 68f6f459..50085773 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -278,7 +278,7 @@ server: ## hosts: [] - # - argocd.example.com + # - argoworkflows.example.com paths: - / extraPaths: @@ -297,9 +297,9 @@ server: # name: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argoworkflows-example-tls # hosts: - # - argocd.example.com + # - argoworkflows.example.com https: false clusterWorkflowTemplates: From 2358b152f9af125fcb608ead2d76fb81d18342fd Mon Sep 17 00:00:00 2001 From: smcavallo Date: Mon, 26 Jul 2021 21:32:56 -0400 Subject: [PATCH 32/32] feat(argo-cd): Bump default version to v2.0.5 (#844) Signed-off-by: smcavallo --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 71320643..60bc092a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.0.4 +appVersion: 2.0.5 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.10.0 +version: 3.10.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-cd/assets/logo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 05623c59..4cd712b5 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -132,7 +132,7 @@ NAME: my-release |-----|------|---------| | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.0.4"` | +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.0.5"` | | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b4d5a954..c6795bbc 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -8,7 +8,7 @@ kubeVersionOverride: "" global: image: repository: quay.io/argoproj/argocd - tag: v2.0.4 + tag: v2.0.5 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999