DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into feat/optional_cm_for_argocd_notifications

Browse source
This commit is contained in:
Oliver Bähler 2021-04-26 23:36:47 +02:00 committed by GitHub
commit 597f05ca8b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
47 changed files with 866 additions and 396 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CODEOWNERS
View file

@ -4,7 +4,7 @@
/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
# Argo CD
/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler
/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler
# Argo Events
/charts/argo-events @jbehling @VaibhavPage @oliverbaehler

6
charts/argo-cd/Chart.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.10.1
digest: sha256:e1e0526ad009ecc065df937b48c4e0e5877e5194242c7888b1dc4467775f2663
generated: "2021-04-01T08:36:01.324672-07:00"
version: 4.10.4
digest: sha256:e36321520ffd6f91962b0bcfeae947a86983d6b6d273eb616f08425e2b8ab9c2
generated: "2021-04-14T13:41:16.151666-07:00"

4
charts/argo-cd/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: 2.0.0
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 3.0.0
version: 3.2.2
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
@ -16,6 +16,6 @@ maintainers:
- name: seanson
dependencies:
- name: redis-ha
version: 4.10.1
version: 4.10.4
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled

28
charts/argo-cd/README.md
View file

@ -12,6 +12,26 @@ The default installation is intended to be similar to the provided ArgoCD [relea
This chart currently installs the non-HA version of ArgoCD.
### Synchronizing Changes from Original Repository
In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
When installing ArgoCD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`.
To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`:
https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket
Or you clone the repository and do a local `git-diff`:
```bash
git clone https://github.com/argoproj/argo-cd.git
cd argo-cd
git diff v1.8.7 v2.0.0 -- manifests/install.yaml
```
Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds).
## Upgrading
### 3.0.0 and above
@ -80,6 +100,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| installCRDs | Install CRDs if you are using Helm2. | `true` |
| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
| configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.annotations | Annotations for argocd-secret | `{}` |
@ -226,12 +247,14 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.ingress.enabled | Enable an ingress resource for the server | `false` |
| server.ingress.hosts | List of ingress hosts | `[]` |
| server.ingress.labels | Additional ingress labels. | `{}` |
| server.ingress.ingressClassName | Defines which ingress controller will implement the resource | `""` |
| server.ingress.tls | Ingress TLS configuration. | `[]` |
| server.ingress.https | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | `false` |
| server.ingressGrpc.annotations | Additional ingress annotations for dedicated [gRPC-ingress] | `{}` |
| server.ingressGrpc.enabled | Enable an ingress resource for the server for dedicated [gRPC-ingress] | `false` |
| server.ingressGrpc.hosts | List of ingress hosts for dedicated [gRPC-ingress] | `[]` |
| server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` |
| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` |
| server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` |
| server.route.enabled | Enable a OpenShift route for the server | `false` |
| server.route.hostname | Hostname of OpenShift route | `""` |
@ -331,7 +354,8 @@ through `xxx.extraArgs`
| redis.enabled | Enable redis | `true` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
| redis.image.repository | Redis repository | `"redis"` |
| redis.image.tag | Redis tag | `"5.0.8"` |
| redis.image.tag | Redis tag | `"6.2.1-alpine"` |
| redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` |
| redis.name | Redis name | `"redis"` |
| redis.env | Environment variables for the Redis server. | `[]` |
| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
@ -351,6 +375,6 @@ through `xxx.extraArgs`
| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` |
| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` |
| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |
| redis-ha.image.tag | Redis tag | `"5.0.8-alpine"` |
| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` |
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/

506
charts/argo-cd/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

29
charts/argo-cd/crds/crd-project.yaml
View file

@ -20,8 +20,6 @@ spec:
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
@ -71,16 +69,16 @@ spec:
destinations:
description: Destinations contains list of destinations available for deployment
items:
description: ApplicationDestination contains deployment destination information
description: ApplicationDestination holds information about the application's destination
properties:
name:
description: Name of the destination cluster which can be used instead of server (url) field
description: Name is an alternate way of specifying the target cluster by its symbolic name
type: string
namespace:
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server overrides the environment server value in the ksonnet app.yaml
description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API
type: string
type: object
type: array
@ -116,7 +114,9 @@ spec:
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
properties:
ignore:
description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
items:
description: OrphanedResourceKey is a reference to a resource to be ignored from
properties:
group:
type: string
@ -173,7 +173,7 @@ spec:
type: object
type: array
signatureKeys:
description: List of PGP key IDs that commits to be synced to must be signed with
description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
items:
description: SignatureKey is the specification of a key required to verify commit signatures with
properties:
@ -225,34 +225,35 @@ spec:
type: array
type: object
status:
description: Status of the AppProject
description: AppProjectStatus contains status information for AppProject CRs
properties:
jwtTokensByRole:
description: JWT Tokens issued for each of the roles in the project
additionalProperties:
description: JWTTokens represents a list of JWT tokens
properties:
items:
description: List of JWT Tokens issued for the role
items:
description: Holds the issuedAt and expiresAt values of the token
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
description: The expiresAt value of a token
format: int64
type: integer
iat:
description: The issuedAt value of a token
format: int64
type: integer
id:
description: ID of the token
type: string
required:
- iat
type: object
type: array
type: object
description: JWTTokensByRole contains a list of JWT tokens issued for a given role
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

13
charts/argo-cd/templates/_helpers.tpl
View file

@ -139,3 +139,16 @@ app.kubernetes.io/instance: {{ .context.Release.Name }}
app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-cd.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}

17
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -92,8 +92,10 @@ spec:
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- if .Values.controller.volumeMounts }}
volumeMounts:
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
{{- if .Values.controller.volumeMounts }}
{{- toYaml .Values.controller.volumeMounts | nindent 10}}
{{- end }}
resources:
@ -115,8 +117,19 @@ spec:
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
{{- if .Values.controller.volumes }}
volumes:
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- if .Values.controller.volumes }}
{{- toYaml .Values.controller.volumes | nindent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}

26
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml Normal file
View file

@ -0,0 +1,26 @@
{{- range .Values.configs.clusterCredentials }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
argocd.argoproj.io/secret-type: cluster
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
type: Opaque
stringData:
name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
{{- with .namespaces }}
namespaces: {{ . }}
{{- end }}
config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
{{- end }}

13
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -81,6 +81,8 @@ spec:
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp-dir
ports:
@ -143,6 +145,17 @@ spec:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: tmp-dir
{{- if .Values.repoServer.initContainers }}

13
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -80,6 +80,8 @@ spec:
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
@ -149,6 +151,17 @@ spec:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- if .Values.server.priorityClassName }}
priorityClassName: {{ .Values.server.priorityClassName }}
{{- end }}

47
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -3,11 +3,7 @@
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingressGrpc.annotations }}
@ -19,10 +15,15 @@ metadata:
name: {{ template "argo-cd.server.fullname" . }}-grpc
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingressGrpc.labels }}
{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }}
{{- end }}
{{- if .Values.server.ingressGrpc.labels }}
{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
@ -34,9 +35,23 @@ spec:
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
@ -47,13 +62,27 @@ spec:
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingressGrpc.tls }}
tls:
{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }}
{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }}
{{- end -}}
{{- end -}}

47
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -3,11 +3,7 @@
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
@ -19,10 +15,15 @@ metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
@ -34,9 +35,23 @@ spec:
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
@ -47,13 +62,27 @@ spec:
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- end -}}
{{- end -}}

2
charts/argo-cd/templates/dex/serviceaccount.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.dex.serviceAccount.create }}
{{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }}

3
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -41,6 +41,9 @@ spec:
- ""
- --appendonly
- "no"
{{- with .Values.redis.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- end }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
{{- if .Values.redis.containerSecurityContext }}

51
charts/argo-cd/values.yaml
View file

@ -9,7 +9,7 @@ installCRDs: true
global:
image:
repository: argoproj/argocd
repository: quay.io/argoproj/argocd
tag: v2.0.0
imagePullPolicy: IfNotPresent
securityContext: {}
@ -27,8 +27,8 @@ controller:
name: application-controller
image:
repository: # argoproj/argocd
tag: # v1.7.11
repository: # defaults to global.image.repository
tag: # defaults to global.image.tag
imagePullPolicy: # IfNotPresent
# If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable
@ -276,9 +276,15 @@ redis:
image:
repository: redis
tag: 5.0.10-alpine
tag: 6.2.1-alpine
imagePullPolicy: IfNotPresent
## Additional command line arguments to pass to redis-server
##
extraArgs: []
# - --bind
# - "0.0.0.0"
containerPort: 6379
servicePort: 6379
@ -347,7 +353,7 @@ redis-ha:
metrics:
enabled: true
image:
tag: 5.0.8-alpine
tag: 6.2.1-alpine
## Server
server:
@ -363,8 +369,8 @@ server:
targetMemoryUtilizationPercentage: 50
image:
repository: # argoproj/argocd
tag: # v1.7.11
repository: # defaults to global.image.repository
tag: # defaults to global.image.tag
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
@ -493,6 +499,7 @@ server:
enabled: false
annotations: {}
labels: {}
ingressClassName: ""
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
@ -521,6 +528,7 @@ server:
enabled: false
annotations: {}
labels: {}
ingressClassName: ""
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
@ -731,8 +739,8 @@ repoServer:
targetMemoryUtilizationPercentage: 50
image:
repository: # argoproj/argocd
tag: # v1.7.11
repository: # defaults to global.image.repository
tag: # defaults to global.image.tag
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
@ -872,6 +880,31 @@ repoServer:
## Argo Configs
configs:
## External Cluster Credentials
## reference:
## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters
## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials
clusterCredentials: []
# - name: mycluster
# server: https://mycluster.com
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# - name: mycluster2
# server: https://mycluster2.com
# labels: {}
# annotations: {}
# namespaces: namespace1,namespace2
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
knownHostsAnnotations: {}
knownHosts:
data:

13
charts/argo-ci/Chart.yaml
View file

@ -1,11 +1,12 @@
apiVersion: v1
apiVersion: v2
description: A Helm chart for Argo-CI
name: argo-ci
version: 0.1.7
version: 1.0.0
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
appVersion: v1.0.0-alpha2
home: https://github.com/argoproj/argo-helm
maintainers:
- name: alexec
- name: alexmt
- name: jessesuen
deprecated: true
dependencies:
- name: argo
version: "^0.16.0"
repository: https://argoproj.github.io/argo-helm

2
charts/argo-ci/README.md
View file

@ -1,3 +1,5 @@
# Argo CI Chart
**Deprecated** - Use [Argo-Events](./argo-events) instead.
This is a **community maintained** chart.

6
charts/argo-ci/requirements.lock
View file

@ -1,6 +0,0 @@
dependencies:
- name: argo
repository: https://argoproj.github.io/argo-helm
version: 0.2.1
digest: sha256:af0f837200061b1720c0e05168dfc4a9537582f3004de62eeb5ef01b4c78db64
generated: 2018-10-23T14:50:47.570677461-07:00

4
charts/argo-ci/requirements.yaml
View file

@ -1,4 +0,0 @@
dependencies:
- name: argo
version: 0.2.1
repository: https://argoproj.github.io/argo-helm

2
charts/argo-events/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v2
description: A Helm chart to install Argo-Events in k8s Cluster
name: argo-events
version: 1.2.4
version: 1.3.3
keywords:
- argo-events
- sensor-controller

3
charts/argo-events/templates/argo-events-cluster-roles.yaml
View file

@ -47,10 +47,13 @@ rules:
- workflowtemplates/finalizers
- sensors
- sensors/finalizers
- sensors/status
- eventsources
- eventsources/finalizers
- eventsources/status
- eventbus
- eventbus/finalizers
- eventbus/status
- apiGroups:
- ""
resources:

3
charts/argo-events/templates/argo-events-roles.yaml
View file

@ -49,10 +49,13 @@ rules:
- workflowtemplates/finalizers
- sensors
- sensors/finalizers
- sensors/status
- eventsources
- eventsources/finalizers
- eventsources/status
- eventbus
- eventbus/finalizers
- eventbus/status
- apiGroups:
- ""
resources:

9
charts/argo-events/templates/eventbus-controller-deployment.yaml
View file

@ -18,6 +18,12 @@ spec:
labels:
app: {{ .Release.Name }}-{{ .Values.eventbusController.name }}
release: {{ .Release.Name }}
{{- with .Values.eventbusController.podLabels }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.eventbusController.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount }}
containers:
@ -49,6 +55,9 @@ spec:
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
{{- with .Values.eventbusController.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}

9
charts/argo-events/templates/eventsource-controller-deployment.yaml
View file

@ -18,6 +18,12 @@ spec:
labels:
app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }}
release: {{ .Release.Name }}
{{- with .Values.eventsourceController.podLabels }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.eventsourceController.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount }}
containers:
@ -47,6 +53,9 @@ spec:
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
{{- with .Values.eventsourceController.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}

9
charts/argo-events/templates/sensor-controller-deployment.yaml
View file

@ -18,6 +18,12 @@ spec:
labels:
app: {{ .Release.Name }}-{{ .Values.sensorController.name }}
release: {{ .Release.Name }}
{{- with .Values.sensorController.podLabels }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.sensorController.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount }}
containers:
@ -47,6 +53,9 @@ spec:
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
{{- with .Values.sensorController.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}

15
charts/argo-events/values.yaml
View file

@ -48,8 +48,11 @@ sensorController:
tag: v1.2.3
replicaCount: 1
sensorImage: sensor
podAnnotations: {}
nodeSelector: {}
tolerations: {}
podLabels: {}
priorityClassName: ""
tolerations: []
affinity: {}
eventsourceController:
@ -58,8 +61,11 @@ eventsourceController:
tag: v1.2.3
replicaCount: 1
eventsourceImage: eventsource
podAnnotations: {}
nodeSelector: {}
tolerations: {}
podLabels: {}
priorityClassName: ""
tolerations: []
affinity: {}
eventbusController:
@ -67,8 +73,11 @@ eventbusController:
image: eventbus-controller
tag: v1.2.3
replicaCount: 1
podAnnotations: {}
nodeSelector: {}
tolerations: {}
podLabels: {}
priorityClassName: ""
tolerations: []
affinity: {}
natsStreamingImage: nats-streaming:0.17.0
natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2

2
charts/argo/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v2.12.5
description: A Helm chart for Argo Workflows
name: argo
version: 0.16.8
version: 0.16.9
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

4
charts/argo/values.yaml
View file

@ -136,7 +136,7 @@ controller:
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# PriorityClass: system-cluster-critical
priorityClassName: ""
# https://argoproj.github.io/argo/links/
# https://argoproj.github.io/argo-workflows/links/
links: []
# executor controls how the init and wait container should be customized
@ -206,7 +206,7 @@ server:
# Run the argo server in "secure" mode. Configure this value instead of
# "--secure" in extraArgs. See the following documentation for more details
# on secure mode:
# https://argoproj.github.io/argo/tls/#encrypted
# https://argoproj.github.io/argo-workflows/tls/#encrypted
secure: false
# Extra arguments to provide to the Argo server binary.

0
charts/argo-applicationset/.helmignore → charts/argocd-applicationset/.helmignore
View file

4
charts/argo-applicationset/Chart.yaml → charts/argocd-applicationset/Chart.yaml
View file

@ -2,8 +2,8 @@ apiVersion: v2
name: argocd-applicationset
description: A Helm chart for installing ArgoCD ApplicationSet
type: application
version: 0.1.0
appVersion: "v0.1.0-prerelease"
version: 0.1.3
appVersion: "v0.1.0"
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:

19
charts/argo-applicationset/README.md → charts/argocd-applicationset/README.md
View file

@ -18,7 +18,7 @@ To install the chart with the release name `my-release`:
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install --name my-release argo/argo-applicationset
$ helm install --name my-release argo/argocd-applicationset
NAME: my-release
...
```
@ -27,6 +27,17 @@ NAME: my-release
Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
### Testing
Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing).
```console
kind create cluster
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
ct install --namespace argocd
```
## Values
| Key | Type | Default | Description |
@ -46,7 +57,11 @@ Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
| installCRDs | bool | `true` | Install Custom Resource Definition |
| nameOverride | string | `""` | Provide a name in place of `argo-applicationset` |
| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume |
| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume |
| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume |
| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` |
| nameOverride | string | `""` | Provide a name in place of `argocd-applicationset` |
| nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
| podAnnotations | object | `{}` | Annotations for the controller pods |
| podSecurityContext | object | `{}` | Pod Security Context |

77
charts/argocd-applicationset/ci/default-values.yaml Normal file
View file

@ -0,0 +1,77 @@
# Default values for argo-applicationset.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
installCRDs: false # this needs to be false with ct
image:
# The image repository
repository: quay.io/argocdapplicationset/argocd-applicationset
# Image pull policy
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
args:
metricsAddr: :8080
probeBindAddr: :8081
enableLeaderElection: false
namespace: argocd
argocdRepoServer: argocd-repo-server:8081
policy: sync
debug: false
dryRun: false
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
rbac:
pspEnabled: true
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
mountSSHKnownHostsVolume: true
mountTLSCertsVolume: true
mountGPGKeysVolume: false
mountGPGKeyringVolume: true

6
charts/argocd-applicationset/ci/leader-election-values.yaml Normal file
View file

@ -0,0 +1,6 @@
args:
enableLeaderElection: true
replicaCount: 3
installCRDs: false

0
charts/argo-applicationset/crds/crd-applicationset.yaml → charts/argocd-applicationset/crds/crd-applicationset.yaml
View file

0
charts/argo-applicationset/templates/_helpers.tpl → charts/argocd-applicationset/templates/_helpers.tpl
View file

0
charts/argo-applicationset/templates/crds.yaml → charts/argocd-applicationset/templates/crds.yaml
View file

37
charts/argo-applicationset/templates/deployment.yaml → charts/argocd-applicationset/templates/deployment.yaml
View file

@ -49,6 +49,43 @@ spec:
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- if .Values.mountSSHKnownHostsVolume }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
{{- if .Values.mountTLSCertsVolume }}
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
{{- if .Values.mountGPGKeysVolume }}
- mountPath: /app/config/gpg/source
name: gpg-keys
{{- end }}
{{- if .Values.mountGPGKeyringVolume }}
- mountPath: /app/config/gpg/keys
name: gpg-keyring
{{- end }}
volumes:
{{- if .Values.mountSSHKnownHostsVolume }}
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
{{- if .Values.mountTLSCertsVolume }}
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
{{- if .Values.mountGPGKeysVolume }}
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
{{- end }}
{{- if .Values.mountGPGKeyringVolume }}
- emptyDir: {}
name: gpg-keyring
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

0
charts/argo-applicationset/templates/psp.yaml → charts/argocd-applicationset/templates/psp.yaml
View file

42
charts/argo-applicationset/templates/rbac.yaml → charts/argocd-applicationset/templates/rbac.yaml
View file

@ -9,6 +9,7 @@ rules:
- argoproj.io
resources:
- applications
- appprojects
- applicationsets
- applicationsets/finalizers
verbs:
@ -28,7 +29,7 @@ rules:
- patch
- update
- apiGroups:
- ''
- ""
resources:
- events
verbs:
@ -40,7 +41,7 @@ rules:
- update
- watch
- apiGroups:
- ''
- ""
resources:
- secrets
verbs:
@ -48,31 +49,38 @@ rules:
- list
- watch
- apiGroups:
- ''
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- list
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding

0
charts/argo-applicationset/templates/serviceaccount.yaml → charts/argocd-applicationset/templates/serviceaccount.yaml
View file

5
charts/argo-applicationset/values.yaml → charts/argocd-applicationset/values.yaml
View file

@ -70,3 +70,8 @@ nodeSelector: {}
tolerations: []
affinity: {}
mountSSHKnownHostsVolume: true
mountTLSCertsVolume: true
mountGPGKeysVolume: false
mountGPGKeyringVolume: true

2
charts/argocd-notifications/Chart.yaml
View file

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.0.2
appVersion: 1.1.1
description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD.
name: argocd-notifications
type: application

18
charts/argocd-notifications/templates/bots/slack/role.yaml
View file

@ -4,6 +4,15 @@ kind: Role
metadata:
name: {{ include "argocd-notifications.name" . }}-bot
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
@ -15,13 +24,4 @@ rules:
- watch
- update
- patch
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
{{ end }}

8
charts/argocd-notifications/templates/deployment.yaml
View file

@ -26,8 +26,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argocd-notifications.serviceAccountName" . }}
securityContext:
runAsNonRoot: true
{{- if .Values.securityContext }}
securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ include "argocd-notifications.name" . }}-controller
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@ -51,6 +52,9 @@ spec:
name: metrics
protocol: TCP
{{- end }}
{{- if .Values.containerSecurityContext }}
securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }}
{{- end }}
{{- with .Values.extraEnv }}
env: {{ toYaml . | nindent 12 }}
{{- end }}

19
charts/argocd-notifications/templates/role.yaml
View file

@ -19,9 +19,24 @@ rules:
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- {{ include "argocd-notifications.name" . }}-cm
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- {{ include "argocd-notifications.name" . }}-secret
resources:
- secrets
verbs:
- get

11
charts/argocd-notifications/values.yaml
View file

@ -7,7 +7,7 @@ fullnameOverride: ""
image:
repository: argoprojlabs/argocd-notifications
tag: v1.0.2
tag: v1.1.1
pullPolicy: IfNotPresent
imagePullSecrets: []
@ -65,6 +65,13 @@ notifiers:
podAnnotations: {}
## Pod Security Context
securityContext:
runAsNonRoot: true
## Container Security Context
containerSecurityContext: {}
resources: {}
# limits:
# cpu: 100m
@ -341,7 +348,7 @@ bots:
image:
repository: argoprojlabs/argocd-notifications
tag: v1.0.1
tag: v1.1.1
pullPolicy: IfNotPresent
imagePullSecrets: []