From 8f3bfae1fbb0e467ed644f984b93b177aefa342c Mon Sep 17 00:00:00 2001 From: Yann Soubeyrand Date: Thu, 14 May 2020 04:16:36 +0200 Subject: [PATCH 1/4] fix: update CRDs (#346) --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/crds/crd-application.yaml | 19 +++++++++++++++++++ charts/argo-cd/crds/crd-project.yaml | 19 +++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a8921ba4..b204ba59 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.5.4" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.3.1 +version: 2.3.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index 683d41d4..0d4f9651 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -233,6 +233,9 @@ spec: description: NameSuffix is a suffix appended to resources for kustomize apps type: string + version: + description: Version contains optional Kustomize version + type: string type: object path: description: Path is a directory path within the Git repository @@ -517,6 +520,9 @@ spec: description: NameSuffix is a suffix appended to resources for kustomize apps type: string + version: + description: Version contains optional Kustomize version + type: string type: object path: description: Path is a directory path within the Git repository @@ -776,6 +782,9 @@ spec: description: NameSuffix is a suffix appended to resources for kustomize apps type: string + version: + description: Version contains optional Kustomize version + type: string type: object path: description: Path is a directory path within the Git repository @@ -1049,6 +1058,10 @@ spec: description: NameSuffix is a suffix appended to resources for kustomize apps type: string + version: + description: Version contains optional Kustomize + version + type: string type: object path: description: Path is a directory path within the Git @@ -1335,6 +1348,9 @@ spec: description: NameSuffix is a suffix appended to resources for kustomize apps type: string + version: + description: Version contains optional Kustomize version + type: string type: object path: description: Path is a directory path within the Git repository @@ -1608,6 +1624,9 @@ spec: description: NameSuffix is a suffix appended to resources for kustomize apps type: string + version: + description: Version contains optional Kustomize version + type: string type: object path: description: Path is a directory path within the Git repository diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/crds/crd-project.yaml index e9244236..386dcb83 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/crds/crd-project.yaml @@ -95,6 +95,23 @@ spec: - kind type: object type: array + namespaceResourceWhitelist: + description: NamespaceResourceWhitelist contains list of whitelisted + namespace level resources + items: + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array orphanedResources: description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project @@ -132,6 +149,8 @@ spec: iat: format: int64 type: integer + id: + type: string required: - iat type: object From 2ad0ce8f3ecceabdd1feef2d3b7b47cedea0ca1b Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Thu, 14 May 2020 11:29:11 -0700 Subject: [PATCH 2/4] Adds support for ClusterWorkflowTemplates (a 2.8 feature). (#345) --- charts/argo/Chart.yaml | 4 ++-- .../crds/cluster-workflow-template-crd.yaml | 17 +++++++++++++++++ .../cluster-workflow-template-crd.yaml | 19 +++++++++++++++++++ .../argo/templates/server-cluster-role.yaml | 1 + .../templates/workflow-aggregate-roles.yaml | 6 ++++++ .../workflow-controller-clusterrole.yaml | 2 ++ 6 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 charts/argo/crds/cluster-workflow-template-crd.yaml create mode 100644 charts/argo/templates/cluster-workflow-template-crd.yaml diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index da1af048..c8f68daa 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "v2.7.6" +appVersion: v2.8.0 description: A Helm chart for Argo Workflows name: argo -version: 0.8.6 +version: 0.9.0 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/crds/cluster-workflow-template-crd.yaml b/charts/argo/crds/cluster-workflow-template-crd.yaml new file mode 100644 index 00000000..df26a0ae --- /dev/null +++ b/charts/argo/crds/cluster-workflow-template-crd.yaml @@ -0,0 +1,17 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io + annotations: + helm.sh/hook: crd-install + helm.sh/hook-delete-policy: before-hook-creation +spec: + group: argoproj.io + version: v1alpha1 + scope: Cluster + names: + kind: ClusterWorkflowTemplate + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft diff --git a/charts/argo/templates/cluster-workflow-template-crd.yaml b/charts/argo/templates/cluster-workflow-template-crd.yaml new file mode 100644 index 00000000..c9c1cb52 --- /dev/null +++ b/charts/argo/templates/cluster-workflow-template-crd.yaml @@ -0,0 +1,19 @@ +{{- if .Values.installCRD }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io + annotations: + helm.sh/hook: crd-install + helm.sh/hook-delete-policy: before-hook-creation +spec: + group: argoproj.io + version: v1alpha1 + scope: Cluster + names: + kind: ClusterWorkflowTemplate + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft +{{- end }} diff --git a/charts/argo/templates/server-cluster-role.yaml b/charts/argo/templates/server-cluster-role.yaml index efb9d564..082e4915 100644 --- a/charts/argo/templates/server-cluster-role.yaml +++ b/charts/argo/templates/server-cluster-role.yaml @@ -58,6 +58,7 @@ rules: - workflows - workflowtemplates - cronworkflows + - clusterworkflowtemplates verbs: - create - get diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo/templates/workflow-aggregate-roles.yaml index d817ead7..b89e7b13 100644 --- a/charts/argo/templates/workflow-aggregate-roles.yaml +++ b/charts/argo/templates/workflow-aggregate-roles.yaml @@ -18,6 +18,8 @@ rules: - workflowtemplates/finalizers - cronworkflows - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers verbs: - get - list @@ -42,6 +44,8 @@ rules: - workflowtemplates/finalizers - cronworkflows - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers verbs: - create - delete @@ -71,6 +75,8 @@ rules: - workflowtemplates/finalizers - cronworkflows - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers verbs: - create - delete diff --git a/charts/argo/templates/workflow-controller-clusterrole.yaml b/charts/argo/templates/workflow-controller-clusterrole.yaml index 20515321..43d1a8a7 100644 --- a/charts/argo/templates/workflow-controller-clusterrole.yaml +++ b/charts/argo/templates/workflow-controller-clusterrole.yaml @@ -55,6 +55,8 @@ rules: resources: - workflowtemplates - workflowtemplates/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers verbs: - get - list From 859d769c12721ed320f2ce28f43447935f4d05b3 Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Thu, 14 May 2020 17:04:21 -0700 Subject: [PATCH 3/4] feat: Enable specifying environment for Argo workflow executor. (#349) --- charts/argo/Chart.yaml | 2 +- .../argo/templates/workflow-controller-config-map.yaml | 10 +++++++--- charts/argo/values.yaml | 2 ++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index c8f68daa..cd3e1cb0 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v2.8.0 description: A Helm chart for Argo Workflows name: argo -version: 0.9.0 +version: 0.9.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index 068b381c..14d49935 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -16,10 +16,14 @@ data: {{- end }} {{- end }} containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} - {{- with .Values.executor.resources }} + {{- if or .Values.executor.resources .Values.executor.env }} executor: - resources: - {{- toYaml . | nindent 8 }} + {{- with .Values.executor.resources }} + resources: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.executor.env }} + env: {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} artifactRepository: {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 156f9926..7ab0aae5 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -111,6 +111,8 @@ executor: # Overrides .images.tag if defined. tag: "" resources: {} + # Adds environment variables for the executor. + env: {} server: enabled: true From 370ec9f6c499fec06bb96098e79c972cc5afd773 Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Fri, 15 May 2020 14:32:23 -0700 Subject: [PATCH 4/4] fix: ClusterWorkflowTemplate access (#352) --- charts/argo/Chart.yaml | 2 +- ...er-role.yaml => server-cluster-roles.yaml} | 29 ++++++++++++++----- charts/argo/templates/server-crb.yaml | 24 ++++++++++----- ...=> workflow-controller-cluster-roles.yaml} | 25 ++++++++++------ .../templates/workflow-controller-crb.yaml | 22 +++++++++----- charts/argo/values.yaml | 3 ++ 6 files changed, 72 insertions(+), 33 deletions(-) rename charts/argo/templates/{server-cluster-role.yaml => server-cluster-roles.yaml} (74%) rename charts/argo/templates/{workflow-controller-clusterrole.yaml => workflow-controller-cluster-roles.yaml} (85%) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index cd3e1cb0..19d7745e 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v2.8.0 description: A Helm chart for Argo Workflows name: argo -version: 0.9.1 +version: 0.9.2 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/server-cluster-role.yaml b/charts/argo/templates/server-cluster-roles.yaml similarity index 74% rename from charts/argo/templates/server-cluster-role.yaml rename to charts/argo/templates/server-cluster-roles.yaml index 082e4915..8da10df2 100644 --- a/charts/argo/templates/server-cluster-role.yaml +++ b/charts/argo/templates/server-cluster-roles.yaml @@ -1,14 +1,8 @@ {{- if .Values.server.enabled }} apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: Role -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }}-role -{{ else }} kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-role -{{- end }} + name: {{ .Release.Name }}-{{ .Values.server.name }} rules: - apiGroups: - "" @@ -58,7 +52,6 @@ rules: - workflows - workflowtemplates - cronworkflows - - clusterworkflowtemplates verbs: - create - get @@ -67,4 +60,24 @@ rules: - update - patch - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template +rules: +- apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + verbs: + - get + - list + - watch + {{- if .Values.server.clusterWorkflowTemplates.enableEditing }} + - create + - update + - patch + - delete + {{- end }} {{- end }} diff --git a/charts/argo/templates/server-crb.yaml b/charts/argo/templates/server-crb.yaml index ed7d7982..a919e573 100644 --- a/charts/argo/templates/server-crb.yaml +++ b/charts/argo/templates/server-crb.yaml @@ -3,21 +3,29 @@ apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: RoleBinding metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}}-rb + name: {{ .Release.Name }}-{{ .Values.server.name}} {{ else }} kind: ClusterRoleBinding metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}}-crb + name: {{ .Release.Name }}-{{ .Values.server.name}} {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - name: {{ .Release.Name }}-{{ .Values.server.name}}-role - {{ else }} kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role - {{- end }} + name: {{ .Release.Name }}-{{ .Values.server.name}} +subjects: +- kind: ServiceAccount + name: {{ .Values.server.serviceAccount }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template subjects: - kind: ServiceAccount name: {{ .Values.server.serviceAccount }} diff --git a/charts/argo/templates/workflow-controller-clusterrole.yaml b/charts/argo/templates/workflow-controller-cluster-roles.yaml similarity index 85% rename from charts/argo/templates/workflow-controller-clusterrole.yaml rename to charts/argo/templates/workflow-controller-cluster-roles.yaml index 43d1a8a7..1bee0b17 100644 --- a/charts/argo/templates/workflow-controller-clusterrole.yaml +++ b/charts/argo/templates/workflow-controller-cluster-roles.yaml @@ -1,13 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: Role -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-role -{{ else }} kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role -{{- end }} + name: {{ .Release.Name }}-{{ .Values.controller.name }} rules: - apiGroups: - "" @@ -103,5 +97,18 @@ rules: verbs: - get {{- end}} - - +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template +rules: +- apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo/templates/workflow-controller-crb.yaml index 3eba3cf2..459a3c67 100644 --- a/charts/argo/templates/workflow-controller-crb.yaml +++ b/charts/argo/templates/workflow-controller-crb.yaml @@ -5,16 +5,11 @@ kind: RoleBinding kind: ClusterRoleBinding {{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-binding + name: {{ .Release.Name }}-{{ .Values.controller.name }} roleRef: apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - name: {{ .Release.Name }}-{{ .Values.controller.name }}-role - {{ else }} kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role - {{- end }} + name: {{ .Release.Name }}-{{ .Values.controller.name }} subjects: - kind: ServiceAccount name: {{ .Values.controller.serviceAccount }} @@ -30,3 +25,16 @@ subjects: {{- end }} {{- end }} {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template +subjects: + - kind: ServiceAccount + name: {{ .Values.controller.serviceAccount }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 7ab0aae5..7f0eead3 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -190,6 +190,9 @@ server: # - secretName: argo-ui-tls # hosts: # - argo.domain.com + clusterWorkflowTemplates: + # Give the server permissions to edit ClusterWorkflowTemplates. + enableEditing: true # Influences the creation of the ConfigMap for the workflow-controller itself. useDefaultArtifactRepo: false