diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js new file mode 100644 index 00000000..9118ffe9 --- /dev/null +++ b/.github/configs/renovate-config.js @@ -0,0 +1,7 @@ +module.exports = { + platform: 'github', + gitAuthor: 'renovate[bot] ', + autodiscover: false, + allowPostUpgradeCommandTemplating: true, + allowedPostUpgradeCommands: [".*"], + }; diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml deleted file mode 100644 index 43b6b5ba..00000000 --- a/.github/workflows/chart-version-bump.yml +++ /dev/null @@ -1,57 +0,0 @@ -## Used on Renovate PRs to bump the chart version and add a changelog entry -## Reference: https://github.com/stefanzweifel/git-auto-commit-action -## Reference: https://github.com/marketplace/actions/changed-files -name: 'Chart Version Bump and Changelog' - -on: - pull_request: - types: - - labeled - -permissions: - contents: write - -jobs: - helm-bumper: - if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: ${{ secrets.PAT }} - fetch-depth: 0 - - - name: Get changed files - id: changed-files - uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2 - with: - files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml - - - name: "Bump Version and Changelog" - run: | - chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)" - echo "Changed chart name is: $chartName" - echo "----------------------------------------" - - parentDir="charts/${chartName}" - - # Bump the chart version by one patch version - version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}') - major=$(echo $version | cut -d. -f1) - minor=$(echo $version | cut -d. -f2) - patch=$(echo $version | cut -d. -f3) - patch=$(expr $patch + 1) - sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml - - # Add a changelog entry - appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}') - sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml - echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml - echo " - kind: changed" >> ${parentDir}/Chart.yaml - echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml - cat ${parentDir}/Chart.yaml - - - name: "Commit and push changes" - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 - with: - commit_options: '--signoff' diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 79782374..41ec8336 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,17 +22,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: 3.9 @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 01af9781..04d2b6b4 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0 + - uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 256b1c38..9828761b 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7c0e768b..619e19d7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,18 +12,19 @@ permissions: jobs: publish: + if: github.repository == 'argoproj/argo-helm' permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release packages: write # to push OCI chart package to GitHub Registry runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.10.1 # Also update in lint-and-test.yaml @@ -65,7 +66,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 00000000..4aa9875a --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,37 @@ +name: Renovate +on: + # The "*" (#42, asterisk) character has special semantics in YAML, so this + # string has to be quoted. + schedule: + - cron: '0 * * * *' + # Manual trigger is also possible + workflow_dispatch: {} + +permissions: + contents: read + +jobs: + renovate: + if: github.repository == 'argoproj/argo-helm' + runs-on: ubuntu-latest + steps: + - name: Get token + uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0 + id: get_token + with: + app-id: ${{ vars.RENOVATE_APP_ID }} + private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 + with: + configurationFile: .github/configs/renovate-config.js + # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate + renovate-version: 37.332.0 + token: '${{ steps.get_token.outputs.token }}' + env: + LOG_LEVEL: 'debug' + RENOVATE_REPOSITORIES: '${{ github.repository }}' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3ccb86fe..96b1ed0b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index edd5df2b..bc11a715 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.23.0 -digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c -generated: "2023-05-15T19:25:26.049618+09:00" + version: 4.26.1 +digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41 +generated: "2024-02-18T19:42:53.135599+02:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9fc52f0e..db4f9f25 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.0 +appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.14 +version: 6.8.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.23.0 + version: 4.26.1 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index fb08daf7..ea686d92 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -74,14 +74,15 @@ below corespond to their respective sections. The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. ```yaml +global: + domain: argocd.example.com + certificate: enabled: true - domain: argocd.example.com server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -92,6 +93,9 @@ server: ### SSL Termination at Ingress Controller ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -99,7 +103,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -119,6 +122,9 @@ server: Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -126,7 +132,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -135,7 +140,6 @@ server: ingressGrpc: enabled: true - hostname: grpc.argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -146,10 +150,12 @@ server: ### Multiple ingress domains ```yaml +global: + domain: argocd.example.com + server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: "" @@ -169,6 +175,9 @@ The provided example assumes you are using TLS off-loading via AWS ACM service. > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -176,7 +185,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com controller: aws ingressClassName: alb annotations: @@ -184,7 +192,7 @@ server: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/ssl-redirect" '443' + alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip backendProtocolVersion: GRPC @@ -196,6 +204,9 @@ The implementation will populate `ingressClassName`, `networking.gke.io/managed- automatically if you provide configuration for GKE resources. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -208,7 +219,6 @@ server: ingress: enabled: true - hostname: argocd.example.com controller: gke gke: backendConfig: @@ -268,6 +278,19 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + +### 6.1.0 + +Added support for global domain used by all components. + ### 6.0.0 This version **removes support for**: @@ -610,6 +633,7 @@ NAME: my-release | global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.domain | string | `"argocd.example.com"` | Default domain used by all components | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | @@ -639,11 +663,11 @@ NAME: my-release | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | +| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | | configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | | configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | | configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] | -| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO | | configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap | | configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap | | configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm | @@ -654,6 +678,7 @@ NAME: my-release | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | +| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | @@ -702,16 +727,21 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| controller.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | | controller.dnsConfig | object | `{}` | [DNS configuration] | | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | +| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | +| controller.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for application controller | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution | | controller.hostNetwork | bool | `false` | Host Network for application controller pods | | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | @@ -779,6 +809,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| repoServer.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | @@ -801,6 +832,7 @@ NAME: my-release | repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | | repoServer.dnsConfig | object | `{}` | [DNS configuration] | | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | +| repoServer.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for repo server | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | | repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | @@ -875,6 +907,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | @@ -884,7 +917,7 @@ NAME: my-release | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | | server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | -| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | | server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | @@ -902,6 +935,8 @@ NAME: my-release | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | | server.certificateSecret.key | string | `""` | Private Key of the certificate | | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | +| server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource | +| server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource | | server.containerPorts.metrics | int | `8083` | Metrics container port | | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | @@ -909,6 +944,7 @@ NAME: my-release | server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | | server.dnsConfig | object | `{}` | [DNS configuration] | | server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | +| server.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for the Argo CD server | | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | @@ -916,7 +952,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | @@ -926,7 +962,7 @@ NAME: my-release | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.ingress.annotations | object | `{}` | Additional ingress annotations | -| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service | | server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | | server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | @@ -938,7 +974,7 @@ NAME: my-release | server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | | server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | | server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | -| server.ingress.hostname | string | `"argocd.example.com"` | Argo CD server hostname | +| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.labels | object | `{}` | Additional ingress labels | | server.ingress.path | string | `"/"` | The path to Argo CD server | @@ -1033,6 +1069,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| dex.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | | dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | | dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | @@ -1047,6 +1084,7 @@ NAME: my-release | dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | | dex.dnsConfig | object | `{}` | [DNS configuration] | | dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | +| dex.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for Dex server | | dex.enabled | bool | `true` | Enable dex | | dex.env | list | `[]` | Environment variables to pass to the Dex server | | dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | @@ -1063,6 +1101,9 @@ NAME: my-release | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | +| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | +| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | @@ -1095,6 +1136,9 @@ NAME: my-release | dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods | | dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | +| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | +| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | @@ -1122,6 +1166,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| redis.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | redis.containerPorts.metrics | int | `9121` | Metrics container port | | redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | @@ -1136,7 +1181,7 @@ NAME: my-release | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -1154,7 +1199,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | +| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1225,17 +1270,18 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -1270,9 +1316,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | +| applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | -| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | | applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | @@ -1292,6 +1340,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | +| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | | applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | @@ -1309,7 +1358,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | | applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | | applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | -| applicationSet.ingress.hostname | string | `"argocd.example.com"` | Argo CD ApplicationSet hostname | +| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname | | applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | | applicationSet.ingress.labels | object | `{}` | Additional ingress labels | | applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | @@ -1377,7 +1426,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | @@ -1432,6 +1482,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | | notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | +| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name | | notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 27f13c7e..62c1759d 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -73,14 +73,15 @@ below corespond to their respective sections. The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. ```yaml +global: + domain: argocd.example.com + certificate: enabled: true - domain: argocd.example.com server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -91,6 +92,9 @@ server: ### SSL Termination at Ingress Controller ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -98,7 +102,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -118,6 +121,9 @@ server: Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -125,7 +131,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -134,7 +139,6 @@ server: ingressGrpc: enabled: true - hostname: grpc.argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -145,10 +149,12 @@ server: ### Multiple ingress domains ```yaml +global: + domain: argocd.example.com + server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: "" @@ -168,6 +174,9 @@ The provided example assumes you are using TLS off-loading via AWS ACM service. > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -175,7 +184,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com controller: aws ingressClassName: alb annotations: @@ -183,7 +191,7 @@ server: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/ssl-redirect" '443' + alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip backendProtocolVersion: GRPC @@ -195,6 +203,9 @@ The implementation will populate `ingressClassName`, `networking.gke.io/managed- automatically if you provide configuration for GKE resources. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -207,7 +218,6 @@ server: ingress: enabled: true - hostname: argocd.example.com controller: gke gke: backendConfig: @@ -268,6 +278,19 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + +### 6.1.0 + +Added support for global domain used by all components. + ### 6.0.0 This version **removes support for**: diff --git a/charts/argo-cd/ci/dynamic-sharding-values.yaml b/charts/argo-cd/ci/dynamic-sharding-values.yaml new file mode 100644 index 00000000..e0b72e73 --- /dev/null +++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml @@ -0,0 +1,6 @@ +# Test application controller dynamic cluster distribution +crds: + keep: false + +controller: + dynamicClusterDistribution: true diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 4898172f..589dd002 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -159,10 +159,14 @@ Create the name of the notifications service account to use {{- end -}} {{/* -Argo Configuration Preset Values (Incluenced by Values configuration) +Argo Configuration Preset Values (Influenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} +{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}} +{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} +{{- end -}} {{- if .Values.configs.styles -}} {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml new file mode 100644 index 00000000..dc26a8db --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -0,0 +1,370 @@ +{{- if .Values.controller.dynamicClusterDistribution }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} + containers: + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + env: + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.heartbeatTime | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 83bd2347..43d711e4 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.controller.dynamicClusterDistribution | default false }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -55,6 +56,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} containers: - args: - /usr/local/bin/argocd-application-controller @@ -77,6 +79,8 @@ spec: {{- end }} - name: ARGOCD_CONTROLLER_REPLICAS value: {{ .Values.controller.replicas | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -275,6 +279,12 @@ spec: name: argocd-cmd-params-cm key: controller.diff.server.side optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -342,7 +352,12 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls @@ -362,3 +377,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index 76e63eb3..3f623614 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -14,9 +14,9 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: secretName: {{ .Values.applicationSet.certificate.secretName }} - commonName: {{ .Values.applicationSet.certificate.domain | quote }} + commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.applicationSet.certificate.domain | quote }} + - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} {{- range .Values.applicationSet.certificate.additionalHosts }} - {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml new file mode 100644 index 00000000..6ac4c1e7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -0,0 +1,89 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml new file mode 100644 index 00000000..152b31f4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 96fc3804..0b6a51fb 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -56,6 +56,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} @@ -302,9 +303,19 @@ spec: configMap: name: argocd-gpg-keys-cm - name: gpg-keyring + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index bc411704..fbaa862b 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -20,12 +20,11 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.applicationSet.ingress.hostname }} - - host: {{ .Values.applicationSet.ingress.hostname }} + - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.applicationSet.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.applicationSet.ingress.path }} pathType: {{ .Values.applicationSet.ingress.pathType }} @@ -34,7 +33,6 @@ spec: name: {{ include "argo-cd.applicationSet.fullname" . }} port: number: {{ .Values.applicationSet.service.port }} - {{- end }} {{- range .Values.applicationSet.ingress.extraHosts }} - host: {{ .name | quote }} http: @@ -48,13 +46,13 @@ spec: number: {{ $.Values.applicationSet.service.port }} {{- end }} {{- with .Values.applicationSet.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} tls: {{- if .Values.applicationSet.ingress.tls }} - hosts: - - {{ .Values.applicationSet.ingress.hostname }} + - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} secretName: argocd-applicationset-controller-tls {{- end }} {{- with .Values.applicationSet.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index c8cdefc4..2a18a2fc 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: context: | - argocdUrl: {{ .Values.notifications.argocdUrl | quote }} + argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }} {{- with .Values.notifications.context }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index 75027ed5..9c261c6a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-notifications-secret + name: {{ .Values.notifications.secret.name }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index 793bb5d3..eba5973f 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -28,6 +28,9 @@ rules: verbs: - list - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} {{- if .Values.notifications.cm.create }} - apiGroups: - "" @@ -38,14 +41,12 @@ rules: verbs: - get {{- end }} - {{- if .Values.notifications.secret.create }} - apiGroups: - "" resourceNames: - - argocd-notifications-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: - get - {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index f9b766f4..eaf35623 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -55,6 +55,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }} containers: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} @@ -66,6 +67,7 @@ spec: - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - --namespace={{ .Release.Namespace }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --secret-name={{ .Values.notifications.secret.name }} {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 128c24f5..22eaa473 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -37,7 +37,7 @@ rules: - apiGroups: - "" resourceNames: - - argocd-notifications-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index e89aa0e1..b770a077 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -66,6 +66,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} @@ -85,6 +86,8 @@ spec: - name: USER_NAME value: argocd {{- end }} + - name: ARGOCD_REPO_SERVER_NAME + value: {{ template "argo-cd.repoServer.fullname" . }} - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -277,6 +280,12 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir @@ -404,26 +413,46 @@ spec: {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} {{- end }} - name: plugins {{- if .Values.repoServer.existingVolumes.plugins -}} {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: var-files {{- if .Values.repoServer.existingVolumes.varFiles -}} {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: tmp {{- if .Values.repoServer.existingVolumes.tmp -}} {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: ssh-known-hosts configMap: @@ -438,7 +467,12 @@ spec: {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: argocd-repo-server-tls secret: diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index 940ed427..ffe0b79b 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -22,19 +22,12 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - - path: {{ .Values.server.ingress.path }} - pathType: {{ $.Values.server.ingress.pathType }} - backend: - service: - name: {{ include "argo-cd.server.fullname" . }} - port: - number: {{ $servicePort }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingressGrpc.pathType }} backend: @@ -42,6 +35,13 @@ spec: name: {{ include "argo-cd.server.fullname" $ }}-grpc port: number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - host: {{ .name | quote }} http: @@ -55,13 +55,13 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 74066ef8..84a0e62c 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -14,9 +14,9 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: secretName: {{ .Values.server.certificate.secretName }} - commonName: {{ .Values.server.certificate.domain | quote }} + commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.server.certificate.domain | quote }} + - {{ .Values.server.certificate.domain | default .Values.global.domain }} {{- range .Values.server.certificate.additionalHosts }} - {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index f4877980..c1439b0c 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: + {{- if .Values.server.clusterRoleRules.enabled }} + {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }} + {{- else }} - apiGroups: - '*' resources: @@ -48,6 +51,17 @@ rules: - list - update - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch + {{- end }} - apiGroups: - batch resources: @@ -62,4 +76,5 @@ rules: verbs: {{/* supports triggering workflows from UI */}} - create + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 0dccf212..c73036d7 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -60,6 +60,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} @@ -75,6 +76,8 @@ spec: {{- with (concat .Values.global.env .Values.server.env) }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_SERVER_NAME + value: {{ template "argo-cd.server.fullname" . }} - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -452,12 +455,27 @@ spec: {{- end }} {{- if .Values.server.extensions.enabled }} - name: extensions + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: plugins-home + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: ssh-known-hosts configMap: name: argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index 31d98e10..160308bd 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -27,11 +27,11 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ .Values.server.ingress.pathType }} @@ -53,13 +53,13 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 569063be..63c089b8 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: domains: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index f9c27346..2d15b9d7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,5 +1,5 @@ -{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} -{{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} +{{- if .Values.server.ingressGrpc.enabled -}} +{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -21,11 +21,11 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ $hostname }} + - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }} http: paths: {{- with .Values.server.ingressGrpc.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingressGrpc.path }} pathType: {{ .Values.server.ingressGrpc.pathType }} @@ -47,13 +47,13 @@ spec: number: {{ $.Values.server.service.servicePortHttps }} {{- end }} {{- with .Values.server.ingressGrpc.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: {{- if .Values.server.ingressGrpc.tls }} - hosts: - - {{ $hostname }} + - {{ .Values.server.ingressGrpc.hostname | default $hostname }} secretName: argocd-server-grpc-tls {{- end }} {{- with .Values.server.ingressGrpc.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 627f56b9..cfd0696d 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -22,11 +22,11 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingress.pathType }} @@ -48,16 +48,16 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ .name }} {{- end }} {{- end }} secretName: argocd-server-tls diff --git a/charts/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml index 59313798..01cb6aed 100644 --- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} {{- end }} spec: - host: {{ .Values.server.route.hostname | quote }} + host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }} to: kind: Service name: {{ template "argo-cd.server.fullname" . }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 9869efbb..686626ba 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -353,6 +353,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -688,6 +692,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1137,6 +1145,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1462,6 +1474,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1736,6 +1752,19 @@ spec: description: ID is an auto incrementing identifier of the RevisionHistory format: int64 type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object revision: description: Revision holds the revision the sync was performed against @@ -1940,6 +1969,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2278,6 +2311,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2761,6 +2799,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3117,6 +3160,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3587,6 +3635,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3936,6 +3989,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4428,6 +4486,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4777,6 +4840,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 02623f6c..6414d832 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.crds.install .Values.applicationSet.enabled }} +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -267,6 +267,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -481,6 +483,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -854,6 +858,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1068,6 +1074,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1445,6 +1453,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1659,6 +1669,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2016,6 +2028,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2230,6 +2244,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2381,8 +2397,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: properties: @@ -2611,6 +2625,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2825,6 +2841,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3198,6 +3216,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3412,6 +3432,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3789,6 +3811,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4003,6 +4027,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4360,6 +4386,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4574,6 +4602,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4725,8 +4755,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: x-kubernetes-preserve-unknown-fields: true @@ -4941,6 +4969,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5155,6 +5185,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5702,6 +5734,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5916,6 +5950,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6458,6 +6494,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6672,6 +6710,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7043,6 +7083,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7257,6 +7299,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7638,6 +7682,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7852,6 +7898,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8225,6 +8273,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8439,6 +8489,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8816,6 +8868,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9030,6 +9084,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9387,6 +9443,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9601,6 +9659,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9752,8 +9812,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: x-kubernetes-preserve-unknown-fields: true @@ -9968,6 +10026,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10182,6 +10242,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10729,6 +10791,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10943,6 +11007,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11485,6 +11551,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11699,6 +11767,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12074,6 +12144,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12288,6 +12360,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12652,6 +12726,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12866,6 +12942,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13413,6 +13491,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13627,6 +13707,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14169,6 +14251,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14383,6 +14467,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14829,6 +14915,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -15043,6 +15131,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index c8e2c929..b6c94f90 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -59,6 +59,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} @@ -99,8 +100,9 @@ spec: {{- if .Values.dex.livenessProbe.enabled }} livenessProbe: httpGet: - path: /healthz/live - port: metrics + path: {{ .Values.dex.livenessProbe.httpPath }} + port: {{ .Values.dex.livenessProbe.httpPort }} + scheme: {{ .Values.dex.livenessProbe.httpScheme }} initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} @@ -110,8 +112,9 @@ spec: {{- if .Values.dex.readinessProbe.enabled }} readinessProbe: httpGet: - path: /healthz/ready - port: metrics + path: {{ .Values.dex.readinessProbe.httpPath }} + port: {{ .Values.dex.readinessProbe.httpPort }} + scheme: {{ .Values.dex.readinessProbe.httpScheme }} initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} @@ -185,9 +188,19 @@ spec: {{- end }} volumes: - name: static-files + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: dexconfig + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-dex-server-tls secret: secretName: argocd-dex-server-tls diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 94c445c8..56ceae93 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -52,6 +52,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.redis.automountServiceAccountToken }} containers: - name: {{ .Values.redis.name }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} @@ -193,7 +194,7 @@ spec: - name: health configMap: name: {{ include "argo-cd.redis.fullname" . }}-health-configmap - defaultMode: 0755 + defaultMode: 493 {{- with .Values.redis.volumes }} {{- toYaml . | nindent 8}} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d59a05cc..b91fe3b6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -37,6 +37,10 @@ crds: ## Globally shared configuration global: + # -- Default domain used by all components + ## Used for ingresses, certificates, SSO, notifications, etc. + domain: argocd.example.com + # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -155,9 +159,6 @@ configs: # -- Annotations to be added to argocd-cm configmap annotations: {} - # -- Argo CD's externally facing base URL (optional). Required when configuring SSO - url: "" - # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance @@ -179,6 +180,10 @@ configs: # -- Timeout to refresh application data as well as target manifests cache timeout.hard.reconciliation: 0s + # -- Enable Status Badge + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/ + statusbadge.enabled: false + # Dex configuration # dex.config: | # connectors: @@ -267,6 +272,12 @@ configs: ## Set comma-separated list. (e.g. app-team-one, app-team-two) application.namespaces: "" + # -- JQ Path expression timeout + ## By default, the evaluation of a JQPathExpression is limited to one second. + ## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression + ## that requires more time to evaluate, you can extend the timeout period. + controller.ignore.normalizer.jq.timeout: "1s" + # Argo CD RBAC policy configuration ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac: @@ -576,8 +587,22 @@ controller: # -- The number of application controller pods to run. # Additional replicas will cause sharding of managed clusters across number of replicas. + ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully + ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha) replicas: 1 + # -- Enable dynamic cluster distribution (alpha) + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution + ## This is done using a deployment instead of a statefulSet + ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the + ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, + ## like round-robin, then the shards will be well-balanced. + dynamicClusterDistribution: false + + # -- Application controller heartbeat time + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution + heartbeatTime: 10 + # -- Maximum number of controller revisions that will be maintained in StatefulSet history revisionHistoryLimit: 5 @@ -658,9 +683,19 @@ controller: # - name: custom-tools # emptyDir: {} + ## Application controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for application controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Annotations for the application controller StatefulSet statefulsetAnnotations: {} + # -- Annotations for the application controller Deployment + deploymentAnnotations: {} + # -- Annotations to be added to application controller pods podAnnotations: {} @@ -743,6 +778,9 @@ controller: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create a service account for the application controller create: true @@ -971,6 +1009,13 @@ dex: # -- Additional volumes to the dex pod volumes: [] + ## Dex server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for Dex server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. @@ -1038,6 +1083,12 @@ dex: livenessProbe: # -- Enable Kubernetes liveness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the liveness probe + httpPath: /healthz/live + # -- Http port to use for the liveness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -1052,6 +1103,12 @@ dex: readinessProbe: # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the readiness probe + httpPath: /healthz/ready + # -- Http port to use for the readiness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -1066,6 +1123,9 @@ dex: # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create dex service account create: true @@ -1154,7 +1214,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.15-alpine + tag: 7.2.4-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1170,7 +1230,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.57.0 + tag: 1.58.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1366,6 +1426,9 @@ redis: # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create a service account for the redis pod create: false @@ -1435,7 +1498,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.15-alpine + tag: 7.2.4-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1443,7 +1506,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.57.0 + tag: 1.58.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false @@ -1461,6 +1524,9 @@ redis-ha: haproxy: # -- Enabled HAProxy LoadBalancing/Proxy enabled: true + # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true @@ -1626,7 +1692,7 @@ server: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.1" + tag: "v0.0.5" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1714,6 +1780,13 @@ server: # - name: custom-tools # emptyDir: {} + ## Argo CD server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for the Argo CD server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Annotations to be added to server Deployment deploymentAnnotations: {} @@ -1828,7 +1901,8 @@ server: # -- The name of the Secret that will be automatically created and managed by this Certificate resource secretName: argocd-server-tls # -- Certificate primary domain (commonName) - domain: argocd.example.com + # @default -- `""` (defaults to global.domain) + domain: "" # -- Certificate Subject Alternate Names (SANs) additionalHosts: [] # -- The requested 'duration' (i.e. lifetime) of the certificate. @@ -1954,6 +2028,9 @@ server: # -- Prometheus ServiceMonitor annotations annotations: {} + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create server service account create: true @@ -1985,8 +2062,8 @@ server: ingressClassName: "" # -- Argo CD server hostname - ## NOTE: Hostname must be provided if Ingress is enabled - hostname: argocd.example.com + # @default -- `""` (defaults to global.domain) + hostname: "" # -- The path to Argo CD server path: / @@ -2007,6 +2084,7 @@ server: # -- Additional ingress paths # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraPaths: [] # - path: /* # pathType: Prefix @@ -2018,15 +2096,17 @@ server: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / + # - http: + # paths: + # - path: / + # pathType: Prefix # backend: # service: - # name: example-svc + # name: '{{ include "argo-cd.server.fullname" . }}' # port: - # name: http + # name: '{{ .Values.server.service.servicePortHttpsName }}' # -- Additional TLS configuration # @default -- `[]` (See [values.yaml]) @@ -2040,8 +2120,9 @@ server: ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode aws: # -- Backend protocol version for the AWS ALB gRPC service - ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features - backendProtocolVersion: HTTP2 + ## This tells AWS to send traffic from the ALB using gRPC. + ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings + backendProtocolVersion: GRPC # -- Service type for the AWS ALB gRPC service ## Can be of type NodePort or ClusterIP depending on which mode you are running. ## Instance mode needs type NodePort, IP mode needs type ClusterIP @@ -2112,6 +2193,7 @@ server: # -- Additional ingress paths for dedicated [gRPC-ingress] # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraPaths: [] # - path: /* # pathType: Prefix @@ -2123,15 +2205,17 @@ server: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / + # - http: + # paths: + # - path: / + # pathType: Prefix # backend: # service: - # name: example-svc + # name: '{{ include "argo-cd.server.fullname" . }}' # port: - # name: http + # name: '{{ .Values.server.service.servicePortHttpName }}' # -- Additional TLS configuration for dedicated [gRPC-ingress] # @default -- `[]` (See [values.yaml]) @@ -2156,6 +2240,14 @@ server: # -- Termination policy of Openshift Route termination_policy: None + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the server's ClusterRole resource + enabled: false + # -- List of custom rules for the server's ClusterRole resource + rules: [] + ## Repo Server repoServer: # -- Repo server name @@ -2320,6 +2412,13 @@ repoServer: # persistentVolumeClaim: # claimName: pvc-argocd-repo-server-plugins + ## RepoServer emptyDir volumes + emptyDir: + # -- EmptyDir size limit for repo server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Toggle the usage of a ephemeral Helm working directory useEphemeralHelmWorkingDir: true @@ -2509,6 +2608,9 @@ repoServer: # -- List of custom rules for the Repo server's Cluster Role resource rules: [] + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + ## Repo server service account ## If create is set to true, make sure to uncomment the name and update the rbac section below serviceAccount: @@ -2607,6 +2709,13 @@ applicationSet: # -- List of extra volumes to add extraVolumes: [] + ## ApplicationSet controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for applicationSet controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + ## Metrics service configuration metrics: # -- Deploy metrics service @@ -2663,6 +2772,9 @@ applicationSet: # -- ApplicationSet service port name portName: http-webhook + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create ApplicationSet controller service account create: true @@ -2792,7 +2904,8 @@ applicationSet: # -- The name of the Secret that will be automatically created and managed by this Certificate resource secretName: argocd-applicationset-controller-tls # -- Certificate primary domain (commonName) - domain: argocd.example.com + # @default -- `""` (defaults to global.domain) + domain: "" # -- Certificate Subject Alternate Names (SANs) additionalHosts: [] # -- The requested 'duration' (i.e. lifetime) of the certificate. @@ -2839,8 +2952,8 @@ applicationSet: ingressClassName: "" # -- Argo CD ApplicationSet hostname - ## NOTE: Hostname must be provided if Ingress is enabled - hostname: argocd.example.com + # @default -- `""` (defaults to global.domain) + hostname: "" # -- List of ingress paths path: /api/webhook @@ -2871,15 +2984,17 @@ applicationSet: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / - # backend: - # service: - # name: example-svc - # port: - # name: http + # - http: + # paths: + # - path: /api/webhook + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.applicationSet.fullname" . }}' + # port: + # name: '{{ .Values.applicationSet.service.portName }}' # -- Additional ingress TLS configuration # @default -- `[]` (See [values.yaml]) @@ -2887,7 +3002,8 @@ applicationSet: # - secretName: argocd-applicationset-tls # hosts: # - argocd-applicationset.example.com - + # -- Enable ApplicationSet in any namespace feature + allowAnyNamespace: false ## Notifications controller notifications: # -- Enable notifications controller @@ -2897,7 +3013,8 @@ notifications: name: notifications-controller # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates - argocdUrl: + # @default -- `""` (defaults to https://`global.domain`) + argocdUrl: "" ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -2974,8 +3091,12 @@ notifications: secret: # -- Whether helm chart creates notifications controller secret + ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name. create: true + # -- notifications controller Secret name + name: "argocd-notifications-secret" + # -- key:value pairs of annotations to be added to the secret annotations: {} @@ -3115,6 +3236,9 @@ notifications: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create notifications controller service account create: true diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 99f3b601..aed0dfdc 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.3 +version: 2.4.4 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-events to v1.9.1 + - kind: added + description: Support ability to set .Values.namespaceOverride diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 0abf2c31..c9cd5083 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -87,6 +87,7 @@ done | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | | nameOverride | string | `"argo-events"` | Provide a name in place of `argo-events` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | openshift | bool | `false` | Deploy on OpenShift | ### Controller diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index d18f2ca9..93069ca3 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -136,3 +136,11 @@ Define Pdb apiVersion {{- printf "policy/v1beta1" -}} {{- end }} {{- end }} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-events.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index b3293385..119c10f5 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} data: diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index a3614c73..75d0cdb2 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml index 0451ecd7..269e2de4 100644 --- a/charts/argo-events/templates/argo-events-controller/pdb.yaml +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml index aa9c7c2b..69a0adcb 100644 --- a/charts/argo-events/templates/argo-events-controller/rbac.yaml +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -4,7 +4,7 @@ kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} metadata: name: {{ include "argo-events.controller.fullname" . }} {{- if .Values.controller.rbac.namespaced }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} @@ -122,5 +122,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml index fe36320b..55fe9361 100644 --- a/charts/argo-events/templates/argo-events-controller/service.yaml +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-events.controller.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.controller.metrics.service.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml index 3b8a9c81..bd697989 100644 --- a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml index 55cda1d4..371794ee 100644 --- a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-events.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-events.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} @@ -29,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace | quote }} + - {{ include "argo-events.namespace" . | quote }} selector: matchLabels: {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml index 89226483..c701c8d7 100644 --- a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml index 0445484e..0b995ba2 100644 --- a/charts/argo-events/templates/argo-events-webhook/deployment.yaml +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: events-webhook - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml index a3daa745..26ee675d 100644 --- a/charts/argo-events/templates/argo-events-webhook/pdb.yaml +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.webhook.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} {{- with .Values.webhook.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index 15563d0e..e1f2b2ee 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: events-webhook - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml index e3e2ac5b..0efad0c2 100644 --- a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.webhook.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index faba6939..b959e6cd 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -6,6 +6,9 @@ nameOverride: argo-events # -- String to fully override "argo-events.fullname" template fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" # -- Deploy on OpenShift openshift: false diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2db0614d..6a4645f9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.3 +version: 2.35.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-rollouts to v1.6.6 + - kind: added + description: Added pod labels for the controller and the dashboard components diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 3627de83..d5d11c26 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -50,6 +50,7 @@ For full list of changes please check ArtifactHub [changelog]. | extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | | global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | +| global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | @@ -60,12 +61,14 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | | providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole | | providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider | | providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | | providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | | providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | | providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | +| providerRBAC.providers.gatewayAPI | bool | `true` | Adds RBAC rules for the Gateway API provider | | providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` | | providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | | providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | @@ -82,6 +85,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | | controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | +| controller.deploymentLabels | object | `{}` | Labels to be added to the controller deployment | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | | controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | @@ -112,6 +116,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | controller.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to the application controller pods | | controller.priorityClassName | string | `""` | [priorityClassName] for the controller | | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | @@ -138,6 +143,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | | dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | | dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | +| dashboard.deploymentLabels | object | `{}` | Labels to be added to the dashboard deployment | | dashboard.enabled | bool | `false` | Deploy dashboard server | | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | | dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | @@ -163,6 +169,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | dashboard.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | | dashboard.podAnnotations | object | `{}` | Annotations to be added to application dashboard pods | +| dashboard.podLabels | object | `{}` | Labels to be added to the application dashboard pods | | dashboard.podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | dashboard.priorityClassName | string | `""` | [priorityClassName] for the dashboard server | | dashboard.readonly | bool | `false` | Set cluster role to readonly | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 35fd8215..a80708b6 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -94,11 +94,22 @@ rules: - "" resources: - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - configmaps verbs: - get - list - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -258,23 +269,42 @@ rules: {{- if .Values.providerRBAC.providers.contour }} # Access needed when using the Contour provider - apiGroups: - - projectcontour.io + - projectcontour.io resources: - - httpproxies + - httpproxies verbs: - - get - - list - - watch - - update + - get + - list + - watch + - update {{- end }} {{- if .Values.providerRBAC.providers.glooPlatform }} # Access needed when using the Gloo Platform provider - apiGroups: - - networking.gloo.solo.io + - networking.gloo.solo.io resources: - - routetables + - routetables verbs: - - '*' + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 9b8f456e..0d4c5281 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -10,6 +10,9 @@ metadata: name: {{ include "argo-rollouts.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: @@ -31,7 +34,7 @@ spec: labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.controller.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.controller.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index dc656cde..584587b9 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -95,11 +95,22 @@ rules: - "" resources: - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - configmaps verbs: - get - list - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -259,11 +270,27 @@ rules: {{- if .Values.providerRBAC.providers.glooPlatform }} # Access needed when using the Gloo Platform provider - apiGroups: - - networking.gloo.solo.io + - networking.gloo.solo.io resources: - - routetables + - routetables verbs: - - '*' + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index de7f525b..e2918f40 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -11,6 +11,9 @@ metadata: name: {{ include "argo-rollouts.fullname" . }}-dashboard namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dashboard.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: @@ -32,7 +35,7 @@ spec: labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.dashboard.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.dashboard.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 19ab340e..f9ae582c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -41,14 +41,20 @@ extraObjects: [] global: # -- Annotations for all deployed Deployments deploymentAnnotations: {} + # -- Labels for all deployed Deployments + deploymentLabels: {} controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller # -- Annotations to be added to the controller deployment deploymentAnnotations: {} + # -- Labels to be added to the controller deployment + deploymentLabels: {} # -- Annotations to be added to application controller pods podAnnotations: {} + # -- Labels to be added to the application controller pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints @@ -273,6 +279,10 @@ providerRBAC: contour: true # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` glooPlatform: true + # -- Adds RBAC rules for the Gateway API provider + gatewayAPI: true + # -- Additional RBAC rules for others providers + additionalRules: [] dashboard: # -- Deploy dashboard server @@ -283,8 +293,12 @@ dashboard: component: rollouts-dashboard # -- Annotations to be added to the dashboard deployment deploymentAnnotations: {} + # -- Labels to be added to the dashboard deployment + deploymentLabels: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} + # -- Labels to be added to the application dashboard pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 048385d4..942eeadf 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.4 +appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.10 +version: 0.41.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Update argo-workflows documentation links to readthedocs + - kind: added + description: Added option to add service accounts to RoleBindings diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 75ecb19a..662b63fd 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -111,6 +111,7 @@ Fields to note: |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides.monitoring | string | `""` | String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart | | commonLabels | object | `{}` | Labels to set on all resources | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | @@ -124,6 +125,7 @@ Fields to note: | images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. | ### Workflow @@ -132,6 +134,7 @@ Fields to note: |-----|------|---------|-------------| | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | +| workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | | workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account | @@ -144,6 +147,7 @@ Fields to note: |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | +| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | | controller.configMap.name | string | `""` | ConfigMap name | @@ -168,6 +172,7 @@ Fields to note: | controller.logging.globallevel | string | `"0"` | Set the glog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | +| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | @@ -336,7 +341,7 @@ Fields to note: | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | | server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | | server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | -| server.sso.redirectUrl | string | `""` | | +| server.sso.redirectUrl | string | `""` | The OIDC redirect URL. Should be in the form /oauth2/callback. | | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 0d170ec9..f46af22f 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -189,3 +189,22 @@ Return the appropriate apiVersion for GKE resources {{- print "cloud.google.com/v1beta1" -}} {{- end -}} {{- end -}} + +{{/* +Return the appropriate apiVersion for monitoring CRDs +*/}} +{{- define "argo-workflows.apiVersions.monitoring" -}} +{{- if .Values.apiVersionOverrides.monitoring -}} +{{- print .Values.apiVersionOverrides.monitoring -}} +{{- else -}} +{{- print "monitoring.coreos.com/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-workflows.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml index ce7cd55b..81c1d0a7 100644 --- a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $cm_name }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" $ | quote }} labels: {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} {{- with $cm_val.annotations }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index c2d2a771..1b01b117 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -8,7 +8,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.controller.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 2d5ebdd0..1997d9d3 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "argo-workflows.controller.config-map.name" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} data: @@ -83,6 +83,11 @@ data: bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.caSecret }} + caSecret: + name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }} + key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }} + {{- end }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 9fa7a7f6..93e0557b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -8,7 +8,7 @@ kind: ClusterRoleBinding metadata: name: {{ template "argo-workflows.controller.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} @@ -23,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- @@ -40,6 +40,11 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} +{{- range .Values.controller.clusterWorkflowTemplates.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index ee38445f..bee7c199 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 2cc8a903..b3db5f4e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} @@ -89,6 +89,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name + {{- if eq (int .Values.controller.replicas) 1 }} + - name: LEADER_ELECTION_DISABLE + value: "true" + {{- end }} {{- with .Values.controller.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index c6a8bf66..fd1db89f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 1959eb2e..0cd8a75b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} @@ -32,6 +32,9 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} + clusterIP: None + {{- end }} {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 6643d634..1695f96d 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -1,9 +1,10 @@ -{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 +{{- $apiVersion := include "argo-workflows.apiVersions.monitoring" . }} +{{- if and (.Capabilities.APIVersions.Has $apiVersion) (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: {{ $apiVersion }} kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceMonitor.additionalLabels }} @@ -43,7 +44,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace | quote }} + - {{ include "argo-workflows.namespace" . | quote }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 6f9ba23d..ec5ac172 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -17,8 +17,11 @@ roleRef: subjects: - kind: ServiceAccount name: {{ $.Values.workflow.serviceAccount.name }} - {{- with $namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ $namespace }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 80309119..14265372 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index 273487c4..c6fff691 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.serviceAccount.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: v1 kind: ServiceAccount diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml index 4597db3d..0d439b62 100644 --- a/charts/argo-workflows/templates/server/gke/backendconfig.yaml +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} kind: BackendConfig metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml index 6b81c923..32cfc3a1 100644 --- a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml index b77c3131..4d1f840e 100644 --- a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} spec: domains: {{- with .Values.server.GKEmanagedCertificate.domains }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 56d4dcaa..dbb5ff9f 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -8,7 +8,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.server.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index e8d6511d..4ffb9107 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -8,7 +8,7 @@ kind: ClusterRoleBinding metadata: name: {{ template "argo-workflows.server.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} @@ -23,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.server.clusterWorkflowTemplates.enabled }} --- @@ -40,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end -}} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml index 9194bbd9..142bc31b 100644 --- a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} kind: HorizontalPodAutoscaler metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index 7ea6d465..47f8394d 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index b3aa3728..a4b8df7b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index 36209f5b..db69b012 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.ingress.labels }} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index 382d565e..d2c9c535 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index f7096a8d..7f81bd39 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 5ec3bac2..0c5e624d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -26,6 +26,10 @@ nameOverride: # -- String to fully override "argo-workflows.fullname" template fullnameOverride: +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" + # -- Labels to set on all resources commonLabels: {} @@ -38,6 +42,8 @@ apiVersionOverrides: autoscaling: "" # autoscaling/v2 # -- String to override apiVersion of GKE resources rendered by this helm chart cloudgoogle: "" # cloud.google.com/v1 + # -- String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart + monitoring: "" # monitoring.coreos.com/v1 # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster @@ -63,6 +69,10 @@ workflow: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) create: true + # -- Extra service accounts to be added to the RoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace controller: image: @@ -129,6 +139,8 @@ controller: servicePort: 8080 # -- Service metrics port name servicePortName: metrics + # -- Flag to enable headless service + headlessService: false # -- ServiceMonitor relabel configs to apply to samples before scraping ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] @@ -353,6 +365,10 @@ controller: clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. enabled: true + # -- Extra service accounts to be added to the ClusterRoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace # -- Extra containers to be added to the controller deployment extraContainers: [] @@ -692,7 +708,7 @@ server: name: argo-server-sso # -- Key of a secret to retrieve the app OIDC client secret key: client-secret - # - The OIDC redirect URL. Should be in the form /oauth2/callback. + # -- The OIDC redirect URL. Should be in the form /oauth2/callback. redirectUrl: "" rbac: # -- Adds ServiceAccount Policy to server (Cluster)Role. @@ -775,6 +791,9 @@ artifactRepository: # key: secretkey # # insecure will disable TLS. Primarily used for minio installs not configured with TLS # insecure: false + # caSecret: + # name: ca-root + # key: cert.pem # bucket: # endpoint: # region: diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 811c39e8..397e9db6 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.6.1 +version: 2.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: move ignoreApplicationDifferences block up a level to fix render + - kind: added + description: make the chart use maps instead of lists diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index 2cc1541f..447df733 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -28,11 +28,11 @@ $ helm install my-release argo/argocd-apps | Key | Type | Default | Description | |-----|------|---------|-------------| -| applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | -| applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | -| extensions | list | `[]` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | +| applications | object | `{}` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | +| applicationsets | object | `{}` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | +| extensions | object | `{}` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | | itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | -| projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | +| projects | object | `{}` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml index 4d21403b..f1023424 100644 --- a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml +++ b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml @@ -1,28 +1,28 @@ # Test with multi-source applications applications: -- name: argocd-application-multiple-sources - additionalLabels: {} - additionalAnnotations: {} - finalizers: - - resources-finalizer.argocd.argoproj.io - project: default - sources: - - chart: elasticsearch - repoURL: https://helm.elastic.co - targetRevision: 8.5.1 - - repoURL: https://github.com/argoproj/argocd-example-apps.git - path: guestbook - targetRevision: HEAD - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas + argocd-application-multiple-sources: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml index 28a627ff..4f742748 100644 --- a/charts/argocd-apps/ci/applications-values.yaml +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -1,33 +1,33 @@ # Test with applications applications: -- name: argocd-application - additionalLabels: {} - additionalAnnotations: {} - finalizers: - - resources-finalizer.argocd.argoproj.io - project: default - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - syncOptions: - - ApplyOutOfSyncOnly=true - revisionHistoryLimit: null - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - info: - - name: url - value: https://argoproj.github.io/ + argocd-application: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - ApplyOutOfSyncOnly=true + revisionHistoryLimit: null + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ diff --git a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml index f1dd7cda..d8fe500c 100644 --- a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml @@ -1,24 +1,24 @@ # Test with multi-source applicationsets applicationsets: -- name: applicationset-multiple-sources - generators: - - list: - elements: - - cluster: default-cluster - url: https://kubernetes.default.svc - template: - metadata: - name: '{{cluster}}-guestbook' - spec: - project: default - sources: - - chart: elasticsearch - repoURL: https://helm.elastic.co - targetRevision: 8.5.1 - - repoURL: https://github.com/argoproj/argocd-example-apps.git - path: guestbook - targetRevision: HEAD - destination: - server: '{{url}}' - namespace: default + applicationset-multiple-sources: + generators: + - list: + elements: + - cluster: default-cluster + url: https://kubernetes.default.svc + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: '{{url}}' + namespace: default diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml index 2fa58978..a225e7c5 100644 --- a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -1,41 +1,41 @@ # Test applicationsets with Progressive Syncs applicationsets: -- name: applicationset-progressive-syncs - generators: - - list: - elements: - - cluster: engineering-dev - url: https://1.2.3.4 - env: env-dev - - cluster: engineering-prod - url: https://9.8.7.6/ - env: env-prod - strategy: - type: RollingSync - rollingSync: - steps: - - matchExpressions: - - key: envLabel - operator: In - values: - - env-dev - - matchExpressions: - - key: envLabel - operator: In - values: - - env-prod - template: - metadata: - name: '{{.cluster}}-guestbook' - labels: - envLabel: '{{.env}}' - spec: - project: my-project - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook/{{.cluster}} - destination: - server: '{{.url}}' - namespace: guestbook + applicationset-progressive-syncs: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index e4f9101b..ed84c5fb 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -1,77 +1,90 @@ # Test with applicationsets applicationsets: -- name: applicationset - additionalLabels: {} - additionalAnnotations: {} - # See PR #10026 (ArgoCD v2.5 or later) - # goTemplate: false - generators: - - git: - repoURL: https://github.com/argoproj/argocd-example-apps.git - revision: HEAD - directories: - - path: guestbook - - path: kustomize-* - # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync - ignoreApplicationDifferences: - - jsonPointers: - - /spec/syncPolicy - template: - metadata: - name: '{{path.basename}}' - labels: {} - annotations: {} - spec: - project: default - source: + applicationset: + additionalLabels: {} + additionalAnnotations: {} + # See PR #10026 (ArgoCD v2.5 or later) + # goTemplate: false + generators: + - git: repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: '{{path}}' - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - info: - - name: url - value: https://argoproj.github.io/ - syncPolicy: - # Set Application finalizer - preserveResourcesOnDeletion: false -- name: applicationset-list-generator - generators: - - list: - elements: - - cluster: engineering-dev - url: https://kubernetes.default.svc - template: - metadata: {} - spec: - project: '{{cluster}}' - source: - targetRevision: HEAD - repoURL: https://github.com/argoproj/argo-cd.git - # New path value is generated here: - path: 'applicationset/examples/template-override/{{cluster}}-override' - destination: {} - template: - metadata: - name: '{{cluster}}-guestbook' - spec: - project: '{{cluster}}' - source: - repoURL: https://github.com/argoproj/argo-cd.git - targetRevision: HEAD - # This 'default' value is not used: it is is replaced by the generator's template path, above - path: applicationset/examples/template-override/default - destination: - server: '{{url}}' - namespace: guestbook + revision: HEAD + directories: + - path: guestbook + - path: kustomize-* + # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync + ignoreApplicationDifferences: + - jsonPointers: + - /spec/syncPolicy + template: + metadata: + name: '{{path.basename}}' + labels: {} + annotations: {} + spec: + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: '{{path}}' + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ + syncPolicy: + # Set Application finalizer + preserveResourcesOnDeletion: false + templatePatch: | + spec: + source: + helm: + valueFiles: + {{- range $valueFile := .valueFiles }} + - {{ $valueFile }} + {{- end }} + {{- if .autoSync }} + syncPolicy: + automated: + prune: {{ .prune }} + {{- end }} + applicationset-list-generator: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + template: + metadata: {} + spec: + project: '{{cluster}}' + source: + targetRevision: HEAD + repoURL: https://github.com/argoproj/argo-cd.git + # New path value is generated here: + path: 'applicationset/examples/template-override/{{cluster}}-override' + destination: {} + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: '{{cluster}}' + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + # This 'default' value is not used: it is is replaced by the generator's template path, above + path: applicationset/examples/template-override/default + destination: + server: '{{url}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index df0ea5eb..b26b6684 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -1,50 +1,50 @@ -{{- range .Values.applications }} +{{- range $appName, $appData:= .Values.applications }} --- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - {{- with .additionalAnnotations }} + {{- with $appData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $appData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $appName }} + {{- with $appData.namespace }} namespace: {{ . }} {{- end }} - {{- with .finalizers }} + {{- with $appData.finalizers }} finalizers: {{- toYaml . | nindent 4 }} {{- end }} spec: - project: {{ tpl .project $ }} - {{- with .source }} + project: {{ tpl $appData.project $ }} + {{- with $appData.source }} source: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .sources }} + {{- with $appData.sources }} sources: {{- toYaml . | nindent 4 }} {{- end }} destination: - {{- toYaml .destination | nindent 4 }} - {{- with .syncPolicy }} + {{- toYaml $appData.destination | nindent 4 }} + {{- with $appData.syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .revisionHistoryLimit }} + {{- with $appData.revisionHistoryLimit }} revisionHistoryLimit: {{ . }} {{- end }} - {{- with .ignoreDifferences }} + {{- with $appData.ignoreDifferences }} ignoreDifferences: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .info }} + {{- with $appData.info }} info: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 10560075..e8ae2134 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -1,44 +1,43 @@ - -{{- range .Values.applicationsets }} +{{- range $appSetName, $appSetData:= .Values.applicationsets }} --- apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - {{- with .additionalAnnotations }} + {{- with $appSetData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $appSetData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $appSetName }} + {{- with $appSetData.namespace }} namespace: {{ . }} {{- end }} spec: - {{- if hasKey . "goTemplate" }} - goTemplate: {{ .goTemplate }} + {{- if hasKey $appSetData "goTemplate" }} + goTemplate: {{ $appSetData.goTemplate }} {{- end }} - {{- with .generators }} + {{- with $appSetData.generators }} generators: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .ignoreApplicationDifferences }} + {{- with $appSetData.ignoreApplicationDifferences }} ignoreApplicationDifferences: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .strategy }} + {{- with $appSetData.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncPolicy }} + {{- with $appSetData.syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .template }} + {{- with $appSetData.template }} template: {{- with .metadata }} metadata: @@ -84,4 +83,8 @@ spec: {{- end }} {{- end -}} {{- end }} + {{- with $appSetData.templatePatch }} + templatePatch: | + {{- . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argocd-apps/templates/extensions.yaml b/charts/argocd-apps/templates/extensions.yaml index 1893c2a7..8a19e3a5 100644 --- a/charts/argocd-apps/templates/extensions.yaml +++ b/charts/argocd-apps/templates/extensions.yaml @@ -1,25 +1,25 @@ -{{- range .Values.extensions }} +{{- range $extensionName, $extensionData:= .Values.extensions }} --- apiVersion: argoproj.io/v1alpha1 kind: ArgoCDExtension metadata: - name: {{ .name }} - {{- with .namespace }} + name: {{ $extensionName }} + {{- with $extensionData.namespace }} namespace: {{ . }} {{- end }} finalizers: - extensions-finalizer.argocd.argoproj.io - {{- with .additionalLabels }} + {{- with $extensionData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .additionalAnnotations }} + {{- with $extensionData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- with .sources }} +{{- with $extensionData.sources }} spec: sources: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index f4c273e8..34a865ea 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -1,72 +1,72 @@ -{{- range .Values.projects }} +{{- range $projectName, $projectData := .Values.projects }} --- apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: - {{- with .additionalAnnotations }} + {{- with $projectData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $projectData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $projectName }} + {{- with $projectData.namespace }} namespace: {{ . }} {{- end }} - {{- with .finalizers }} + {{- with $projectData.finalizers }} finalizers: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- with .permitOnlyProjectScopedClusters }} + {{- with $projectData.permitOnlyProjectScopedClusters }} permitOnlyProjectScopedClusters: {{ . }} {{- end }} - description: {{ .description }} - {{- with .sourceRepos }} + description: {{ $projectData.description }} + {{- with $projectData.sourceRepos }} sourceRepos: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .destinations }} + {{- with $projectData.destinations }} destinations: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .clusterResourceWhitelist }} + {{- with $projectData.clusterResourceWhitelist }} clusterResourceWhitelist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .clusterResourceBlacklist }} + {{- with $projectData.clusterResourceBlacklist }} clusterResourceBlacklist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .namespaceResourceBlacklist }} + {{- with $projectData.namespaceResourceBlacklist }} namespaceResourceBlacklist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .namespaceResourceWhitelist }} + {{- with $projectData.namespaceResourceWhitelist }} namespaceResourceWhitelist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .orphanedResources }} + {{- with $projectData.orphanedResources }} orphanedResources: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .roles }} + {{- with $projectData.roles }} roles: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncWindows }} + {{- with $projectData.syncWindows }} syncWindows: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .signatureKeys }} + {{- with $projectData.signatureKeys }} signatureKeys: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .sourceNamespaces }} + {{- with $projectData.sourceNamespaces }} sourceNamespaces: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 87874dad..1fad3941 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -1,162 +1,176 @@ # -- Deploy Argo CD Applications within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ -applications: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# project: guestbook -# source: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# targetRevision: HEAD -# path: guestbook -# directory: -# recurse: true -# # ArgoCD v2.6 or later -# sources: +applications: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# project: guestbook +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: guestbook +# directory: +# recurse: true +# # ArgoCD v2.6 or later +# sources: # - chart: elasticsearch # repoURL: https://helm.elastic.co # targetRevision: 8.5.1 # - repoURL: https://github.com/argoproj/argocd-example-apps.git # path: guestbook # targetRevision: HEAD -# destination: -# server: https://kubernetes.default.svc -# namespace: guestbook -# syncPolicy: -# automated: -# prune: false -# selfHeal: false -# syncOptions: -# - CreateNamespace=true -# revisionHistoryLimit: null -# ignoreDifferences: -# - group: apps -# kind: Deployment -# jsonPointers: -# - /spec/replicas -# info: -# - name: url -# value: https://argoproj.github.io/ +# destination: +# server: https://kubernetes.default.svc +# namespace: guestbook +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# syncOptions: +# - CreateNamespace=true +# revisionHistoryLimit: null +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ # -- Deploy Argo CD Projects within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ -projects: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# permitOnlyProjectScopedClusters: false -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# description: Example Project -# sourceRepos: -# - '*' -# destinations: -# - namespace: guestbook -# server: https://kubernetes.default.svc -# clusterResourceWhitelist: [] -# clusterResourceBlacklist: [] -# namespaceResourceBlacklist: -# - group: '' -# kind: ResourceQuota -# - group: '' -# kind: LimitRange -# - group: '' -# kind: NetworkPolicy -# orphanedResources: {} -# roles: [] -# namespaceResourceWhitelist: -# - group: 'apps' -# kind: Deployment -# - group: 'apps' -# kind: StatefulSet -# orphanedResources: {} -# roles: [] -# syncWindows: -# - kind: allow -# schedule: '10 1 * * *' -# duration: 1h -# applications: -# - '*-prod' -# manualSync: true -# signatureKeys: -# - keyID: ABCDEF1234567890 -# sourceNamespaces: -# - argocd +projects: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# description: Example Project +# sourceRepos: +# - '*' +# destinations: +# - namespace: guestbook +# server: https://kubernetes.default.svc +# clusterResourceWhitelist: [] +# clusterResourceBlacklist: [] +# namespaceResourceBlacklist: +# - group: '' +# kind: ResourceQuota +# - group: '' +# kind: LimitRange +# - group: '' +# kind: NetworkPolicy +# orphanedResources: {} +# roles: [] +# namespaceResourceWhitelist: +# - group: 'apps' +# kind: Deployment +# - group: 'apps' +# kind: StatefulSet +# orphanedResources: {} +# roles: [] +# syncWindows: +# - kind: allow +# schedule: '10 1 * * *' +# duration: 1h +# applications: +# - '*-prod' +# manualSync: true +# signatureKeys: +# - keyID: ABCDEF1234567890 +# sourceNamespaces: +# - argocd # -- Deploy Argo CD ApplicationSets within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ -applicationsets: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# # See PR #10026 (ArgoCD v2.5 or later) -# # goTemplate: false -# generators: -# - git: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# revision: HEAD -# directories: -# - path: guestbook -# - path: kustomize-* -# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync -# ignoreApplicationDifferences: -# - jsonPointers: -# - /spec/syncPolicy -# # Progressive Syncs is an experimental feature and it must be explicitly enabled -# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs -# strategy: -# type: RollingSync -# rollingSync: -# steps: -# - matchExpressions: -# - key: project -# operator: In -# values: -# - guestbook -# - matchExpressions: -# - key: project -# operator: In -# values: -# - kustomize-foo -# - kustomize-bar -# template: -# metadata: -# name: '{{path.basename}}' -# labels: -# project: '{{path.basename}}' -# annotations: {} -# spec: -# project: default -# source: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# targetRevision: HEAD -# path: '{{path}}' -# destination: -# server: https://kubernetes.default.svc -# namespace: default -# syncPolicy: -# automated: -# prune: false -# selfHeal: false -# ignoreDifferences: -# - group: apps -# kind: Deployment -# jsonPointers: -# - /spec/replicas -# info: -# - name: url -# value: https://argoproj.github.io/ -# syncPolicy: -# # Set Application finalizer -# preserveResourcesOnDeletion: false +applicationsets: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# # See PR #10026 (ArgoCD v2.5 or later) +# # goTemplate: false +# generators: +# - git: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# revision: HEAD +# directories: +# - path: guestbook +# - path: kustomize-* +# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync +# ignoreApplicationDifferences: +# - jsonPointers: +# - /spec/syncPolicy +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar +# template: +# metadata: +# name: '{{path.basename}}' +# labels: +# project: '{{path.basename}}' +# annotations: {} +# spec: +# project: default +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: '{{path}}' +# destination: +# server: https://kubernetes.default.svc +# namespace: default +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ +# syncPolicy: +# # Set Application finalizer +# preserveResourcesOnDeletion: false +# # Templating is only available on string type +# templatePatch: | +# spec: +# source: +# helm: +# valueFiles: +# {{- range $valueFile := .valueFiles }} +# - {{ $valueFile }} +# {{- end }} +# {{- if .autoSync }} +# syncPolicy: +# automated: +# prune: {{ .prune }} +# {{- end }} # -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release # @default -- `[]` (See [values.yaml]) @@ -224,16 +238,16 @@ itemTemplates: [] # namespace: guestbook # -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. ## Ref: https://github.com/argoproj-labs/argocd-extensions -extensions: [] - # - name: example - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # sources: - # - git: - # url: https://github.com/argoproj-labs/argocd-example-extension.git - # - web: - # url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar +extensions: {} +# example: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# sources: +# - git: +# url: https://github.com/argoproj-labs/argocd-example-extension.git +# - web: +# url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 613f76aa..7f299aef 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.3 +version: 0.9.7 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support extra K8s manifests + description: Allow defining extraEnvFrom for the deployment diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index c62e480f..a8d28699 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -86,6 +86,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | +| extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | | extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | | image.pullPolicy | string | `"Always"` | Default image pull policy | @@ -105,6 +106,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | +| namespaceOverride | string | `""` | Global namespace (argocd-image-updater.namespace in _helpers.tpl) override | | nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | | podAnnotations | object | `{}` | Pod Annotations for the deployment | | podLabels | object | `{}` | Pod Labels for the deployment | @@ -115,6 +117,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | securityContext | object | `{}` | Security context settings for the deployment | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.labels | object | `{}` | Labels to add to the service account | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Kubernetes toleration settings for the deployment | | updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones | diff --git a/charts/argocd-image-updater/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl index 934d894c..abfba11e 100644 --- a/charts/argocd-image-updater/templates/_helpers.tpl +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -24,6 +24,13 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Override .Release.Namespace +*/}} +{{- define "argocd-image-updater.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index 3659fbaf..fbb345e3 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-authscripts - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 45554c0e..9fd83d92 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -4,8 +4,8 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- with .Values.config.sshConfig }} data: - {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} - {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 75f69b13..84eb6875 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -5,33 +5,35 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-config - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} - applications_api: {{ . }} + applications_api: {{ . | quote }} + {{- if eq . "argocd" }} + argocd.grpc_web: {{ $.Values.config.argocd.grpcWeb | quote }} + {{- with $.Values.config.argocd.serverAddress }} + argocd.server_addr: {{ . | quote }} {{- end }} - argocd.grpc_web: {{ .Values.config.argocd.grpcWeb | quote }} - {{- with .Values.config.argocd.serverAddress }} - argocd.server_addr: {{ . }} + argocd.insecure: {{ $.Values.config.argocd.insecure | quote }} + argocd.plaintext: {{ $.Values.config.argocd.plaintext | quote }} + {{- end -}} {{- end }} - argocd.insecure: {{ .Values.config.argocd.insecure | quote }} - argocd.plaintext: {{ .Values.config.argocd.plaintext | quote }} {{- with .Values.config.logLevel }} - log.level: {{ . }} + log.level: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitUser }} - git.user: {{ . }} + git.user: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitMail }} - git.email: {{ . }} + git.email: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitTemplate }} git.commit-message-template: | {{- nindent 4 . }} {{- end }} kube.events: {{ .Values.config.disableKubeEvents | quote }} + {{- with .Values.config.registries }} registries.conf: | - {{- with .Values.config.registries }} - registries: - {{- toYaml . | nindent 6 }} - {{- end }} + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 9cc71fe3..cfd87a47 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} spec: @@ -104,6 +104,10 @@ spec: {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml index 186abb41..8ca83b53 100644 --- a/charts/argocd-image-updater/templates/metrics-service.yaml +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -14,7 +14,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "argocd-image-updater.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} spec: ports: - name: metrics diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index c6316f42..50d75876 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -4,9 +4,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: - apiGroups: - '' @@ -37,8 +37,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -46,5 +47,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argocd-image-updater.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} {{- end }} diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index c4cb7781..08955095 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-image-updater-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} type: Opaque diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index c755731d..a676f6fb 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -3,9 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argocd-image-updater.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-image-updater/templates/servicemonitor.yaml b/charts/argocd-image-updater/templates/servicemonitor.yaml index 969f1190..de9bcd52 100644 --- a/charts/argocd-image-updater/templates/servicemonitor.yaml +++ b/charts/argocd-image-updater/templates/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argocd-image-updater.fullname" . }}-metrics - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argocd-image-updater.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.metrics.serviceMonitor.selector }} @@ -29,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argocd-image-updater.namespace" . | quote }} selector: matchLabels: {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index f06edf3b..0f2a4e33 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -17,6 +17,8 @@ imagePullSecrets: [] nameOverride: "" # -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override fullnameOverride: "" +# -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override +namespaceOverride: "" # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry @@ -42,6 +44,13 @@ extraEnv: [] # - name: AWS_REGION # value: "us-west-1" +# -- Extra envFrom to pass to argocd-image-updater +extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + # -- Extra K8s manifests to deploy for argocd-image-updater ## Note: Supports use of custom Helm templates extraObjects: [] @@ -99,6 +108,7 @@ config: applicationsAPIKind: "" # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + # Note: this is only relevant if config.applicationsAPIKind == 'argocd' argocd: # -- Use the gRPC-web protocol to connect to the Argo CD API grpcWeb: true @@ -178,6 +188,8 @@ serviceAccount: create: true # -- Annotations to add to the service account annotations: {} + # -- Labels to add to the service account + labels: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" diff --git a/renovate.json b/renovate.json index 12c7f3ea..4e068215 100644 --- a/renovate.json +++ b/renovate.json @@ -4,7 +4,7 @@ "fileMatch": ["\\.yaml$", "\\.yml$"] }, "extends": [ - "config:base", + "config:recommended", "docker:enableMajor" ], "labels": ["renovate"], @@ -13,10 +13,12 @@ "**/charts/argo-cd/Chart.yaml", "**/charts/argo-events/Chart.yaml", "**/charts/argo-rollouts/Chart.yaml", - "**/charts/argocd-image-updater/Chart.yaml" + "**/charts/argocd-image-updater/Chart.yaml", + "**/.github/workflows/renovate.yaml" ], - "regexManagers": [ + "customManagers": [ { + "customType": "regex", "fileMatch": ["charts/argo-workflows/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -26,6 +28,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-cd/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -35,6 +38,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-events/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -44,6 +48,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-rollouts/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -53,6 +58,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -60,32 +66,42 @@ "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", "depNameTemplate": "argoproj-labs/argocd-image-updater", "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)\\s+.+version: (?.*)" + ] } ], "packageRules": [ { - "matchPackagePatterns": ["argoproj/argo-workflows"], - "commitMessagePrefix": "chore(argo-workflows):" - }, - { - "matchPackagePatterns": ["argoproj/argo-cd"], - "commitMessagePrefix": "chore(argo-cd):" - }, - { - "matchPackagePatterns": ["argoproj/argo-events"], - "commitMessagePrefix": "chore(argo-events):" - }, - { - "matchPackagePatterns": ["argoproj/argo-rollouts"], - "commitMessagePrefix": "chore(argo-rollouts):" + "matchPackagePatterns": [ + "argoproj/argo-workflows", + "argoproj/argo-cd", + "argoproj/argo-events", + "argoproj/argo-rollouts" + ], + "commitMessagePrefix": "chore({{{replace 'argoproj/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } }, { "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"], - "commitMessagePrefix": "chore(argocd-image-updater):" + "commitMessagePrefix": "chore({{{replace 'argoproj-labs/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } }, { "matchPackagePatterns": ["redis-ha"], "enabled": false + }, + { + "matchPackageNames": ["ghcr.io/renovatebot/renovate"], + "extends": ["schedule:monthly"] } ] } diff --git a/scripts/renovate-bump-version.sh b/scripts/renovate-bump-version.sh new file mode 100755 index 00000000..1ec6e125 --- /dev/null +++ b/scripts/renovate-bump-version.sh @@ -0,0 +1,31 @@ +#!/bin/bash +depName="${1}" +if [ -z "${depName}" ]; then + echo "Missing argument 'depName'" >&2 + echo "Example usage: $0 argoproj/argo-cd" >&2 + exit 1 +fi + +chartName=$(echo "$depName" | sed -e "s+^argoproj/++" -e "s+^argoproj-labs/++") +echo "Changed chart name is: $chartName" +echo "----------------------------------------" + +parentDir="charts/${chartName}" + +# Bump the chart version by one patch version +version=$(grep '^version:' "${parentDir}/Chart.yaml" | awk '{print $2}') +major=$(echo "${version}" | cut -d. -f1) +minor=$(echo "${version}" | cut -d. -f2) +patch=$(echo "${version}" | cut -d. -f3) +patch=$((patch + 1)) +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${parentDir}/Chart.yaml" + +# Add a changelog entry +appVersion=$(grep '^appVersion:' "${parentDir}/Chart.yaml" | awk '{print $2}') +sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${parentDir}/Chart.yaml" +{ + echo " artifacthub.io/changes: |" + echo " - kind: changed" + echo " description: Bump ${chartName} to ${appVersion}" +} >> "${parentDir}/Chart.yaml" +cat "${parentDir}/Chart.yaml"