diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3ca1d3c2..ba764f3c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,7 +19,7 @@ Clean-up: ``` helm delete argo-cd --purge -kubectl delete crd -l app.kubernetes.io/part-of=argo-cd +kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` Minimally: @@ -32,7 +32,7 @@ kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 In a new terminal: ``` -argocd version +argocd version --server localhost:8080 --insecure # reset password to 'Password1!' kubectl -n argocd patch secret argocd-secret \ -p '{"stringData": { diff --git a/charts/argo-cd/.helmignore b/charts/argo-cd/.helmignore new file mode 100644 index 00000000..2df6bf53 --- /dev/null +++ b/charts/argo-cd/.helmignore @@ -0,0 +1,2 @@ +*.tgz +output diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 61951b5b..5c3973dd 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "1.3.0-rc4" +appVersion: "1.3.0" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.0.8 +version: 1.2.5 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index caee1092..4cb50706 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -2,8 +2,6 @@ Argo CD Chart ====== A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. -Current chart version is `1.0.4` - Source code can be found [here](https://argoproj.github.io/argo-cd/) ## Additional Information @@ -51,7 +49,7 @@ $ helm install --name my-release argo/argo-cd | controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | | controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | | controller.containerPort | Controller listening port. | `8082` | -| controller.extraArgs | Additional arguments for the controller. | `[]` | +| controller.extraArgs | Additional arguments for the controller. A list of key:value pairs | `[]` | | controller.image.repository | Repository to use for the controller | `global.image.repository` | | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | | controller.image.tag | Tag to use for the controller | `global.image.tag` | @@ -93,7 +91,7 @@ $ helm install --name my-release argo/argo-cd |-----|------|---------|-------------| | repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | | repoServer.containerPort | Repo server port | `8081` | -| repoServer.extraArgs | Additional arguments for the repo server | `[]` | +| repoServer.extraArgs | Additional arguments for the repo server. A list of key:value pairs. | `[]` | | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -138,7 +136,7 @@ $ helm install --name my-release argo/argo-cd | server.certificate.issuer | Certificate manager issuer | `{}` | | server.config | URL for Argo CD | `{}` | | server.containerPort | Server container port. | `8080` | -| server.extraArgs | Additional arguments for the server | `[]` | +| server.extraArgs | Additional arguments for the server. A list of key:value pairs. | `[]` | | server.image.repository | Repository to use for the server | `global.image.repository` | | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | | server.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -216,7 +214,7 @@ $ helm install --name my-release argo/argo-cd |-----|------|---------|-------------| | redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | | redis.containerPort | Redis container port | `6379` | -| redis.enabled | Enable redis | `false` | +| redis.enabled | Enable redis | `true` | | redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | | redis.image.repository | Redis repository | `"redis"` | | redis.image.tag | Redis tag | `"5.0.3"` | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 451727d6..4bec139b 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,6 +1,6 @@ In order to access the server UI you have the following options: -1. kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 +1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 and then open the browser on http://localhost:8080 and accept the certificate @@ -12,4 +12,4 @@ In order to access the server UI you have the following options: After reaching the UI the first time you can login with username: admin and the password will be the name of the server pod. You can get the pod name by running: -kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 \ No newline at end of file +kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2c892a75..af7f7c9f 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -92,6 +92,17 @@ Create the name of the ArgoCD server service account to use {{- end -}} {{- end -}} +{{/* +Create the name of the repo-server service account to use +*/}} +{{- define "argo-cd.repoServerServiceAccountName" -}} +{{- if .Values.repoServer.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.repoServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 9dbc3cbe..dcacb081 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -25,7 +25,7 @@ data: {{- end }} {{- if .Values.configs.secret.argocdServerTlsConfig }} tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} - tls.cert: {{ .Values.configs.secret.argocdServerTlsConfig.cert | b64enc }} + tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }} {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9c54d0dd..ea9ccfab 100644 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -105,6 +105,7 @@ spec: affinity: {{- toYaml .Values.repoServer.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} volumes: {{- if .Values.repoServer.volumes }} {{- toYaml .Values.repoServer.volumes | nindent 8}} diff --git a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml new file mode 100644 index 00000000..aed7700f --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml @@ -0,0 +1,18 @@ +{{- if .Values.configs.repositoryCredentials }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repository-credentials + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +type: Opaque +data: +{{- range $key, $value := .Values.configs.repositoryCredentials }} + {{ $key }}: {{ $value | b64enc }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml new file mode 100644 index 00000000..9c902ccc --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -0,0 +1,17 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +rules: +{{- if .Values.repoServer.rbac }} +{{toYaml .Values.repoServer.rbac }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml new file mode 100644 index 00000000..692b11ee --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.repoServer.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.repoServerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml new file mode 100644 index 00000000..a0bae942 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.repoServerServiceAccountName" . }} +{{- if .Values.repoServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 68ffbe5d..c3a84ea4 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.server.ingress.enabled -}} {{- $serviceName := include "argo-cd.server.fullname" . -}} -{{- $servicePort := .Values.server.name -}} +{{- $servicePort := .Values.server.service.servicePortHttp -}} {{- $paths := .Values.server.ingress.paths -}} apiVersion: extensions/v1beta1 kind: Ingress diff --git a/charts/argo-cd/templates/crds/application-crd.yaml b/charts/argo-cd/templates/crds/application-crd.yaml index 2f176e4f..faf763a8 100644 --- a/charts/argo-cd/templates/crds/application-crd.yaml +++ b/charts/argo-cd/templates/crds/application-crd.yaml @@ -1,3 +1,4 @@ +{{- if .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -416,7 +417,7 @@ spec: type: object type: array revision: - description: Revision is the git revision in which to sync the application + description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. type: string source: @@ -424,6 +425,9 @@ spec: This is typically set in a Rollback operation and nil during a Sync operation properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -492,6 +496,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined as + a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -536,8 +544,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -561,7 +568,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -571,7 +578,6 @@ spec: type: string required: - repoURL - - path type: object syncStrategy: description: SyncStrategy describes how to perform the sync @@ -634,7 +640,6 @@ spec: namespace: type: string required: - - group - kind - jsonPointers type: object @@ -661,6 +666,9 @@ spec: description: Source is a reference to the location ksonnet application definition properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -729,6 +737,9 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -773,8 +784,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository containing - a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management plugin @@ -798,8 +808,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application - manifests + description: RepoURL is the repository URL of the application manifests type: string targetRevision: description: TargetRevision defines the commit, tag, or branch in @@ -807,7 +816,6 @@ spec: type: string required: - repoURL - - path type: object syncPolicy: description: SyncPolicy controls when a sync will be performed @@ -867,6 +875,9 @@ spec: type: string source: properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -936,6 +947,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -980,8 +995,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1005,7 +1019,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -1015,7 +1029,6 @@ spec: type: string required: - repoURL - - path type: object required: - revision @@ -1024,6 +1037,8 @@ spec: type: object type: array observedAt: + description: ObservedAt indicates when the application state was updated + without querying latest git state format: date-time type: string operationState: @@ -1071,15 +1086,18 @@ spec: type: object type: array revision: - description: Revision is the git revision in which to sync - the application to. If omitted, will use the revision - specified in app spec. + description: Revision is the revision in which to sync the + application to. If omitted, will use the revision specified + in app spec. type: string source: description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options @@ -1155,6 +1173,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -1200,8 +1222,8 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git + repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1225,8 +1247,8 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the - application manifests + description: RepoURL is the repository URL of the application + manifests type: string targetRevision: description: TargetRevision defines the commit, tag, @@ -1235,7 +1257,6 @@ spec: type: string required: - repoURL - - path type: object syncStrategy: description: SyncStrategy describes how to perform the sync @@ -1322,12 +1343,15 @@ spec: type: object type: array revision: - description: Revision holds the git commit SHA of the sync + description: Revision holds the revision of the sync type: string source: description: Source records the application source information of the sync, used for comparing auto-sync properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -1399,6 +1423,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -1444,8 +1472,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1469,7 +1496,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -1479,7 +1506,6 @@ spec: type: string required: - repoURL - - path type: object required: - revision @@ -1490,6 +1516,8 @@ spec: - startedAt type: object reconciledAt: + description: ReconciledAt indicates when the application state was reconciled + using the latest git version format: date-time type: string resources: @@ -1553,6 +1581,9 @@ spec: type: object source: properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -1624,6 +1655,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -1669,8 +1704,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1694,7 +1728,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -1704,7 +1738,6 @@ spec: type: string required: - repoURL - - path type: object required: - source @@ -1726,3 +1759,4 @@ spec: - name: v1alpha1 served: true storage: true +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/crds/appproject-crd.yaml b/charts/argo-cd/templates/crds/appproject-crd.yaml index 61a0077b..2d14a52a 100644 --- a/charts/argo-cd/templates/crds/appproject-crd.yaml +++ b/charts/argo-cd/templates/crds/appproject-crd.yaml @@ -1,3 +1,4 @@ +{{- if .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -434,6 +435,15 @@ spec: - kind type: object type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project + properties: + warn: + description: Warn indicates if warning condition should be created + for apps which have orphaned resources + type: boolean + type: object roles: description: Roles are user defined RBAC roles associated with this project @@ -477,11 +487,51 @@ spec: type: object type: array sourceRepos: - description: SourceRepos contains list of git repository URLs which - can be used for deployment + description: SourceRepos contains list of repository URLs which can + be used for deployment items: type: string type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in + this project + items: + properties: + applications: + description: Applications contains a list of applications that + the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window + will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window will + be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would otherwise + be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the + window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified + in cron format + type: string + type: object + type: array type: object required: - metadata @@ -491,3 +541,4 @@ spec: - name: v1alpha1 served: true storage: true +{{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index e0d243a1..6cddafcb 100644 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -28,7 +28,7 @@ spec: initContainers: - name: copyutil image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.pullPolicy }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} command: - cp - /usr/local/bin/argocd-util @@ -73,4 +73,4 @@ spec: volumes: {{- toYaml .Values.dex.volumes | nindent 8}} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index df295ac6..ed28ed7d 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2,21 +2,25 @@ ## Ref: https://github.com/argoproj/argo-cd ## nameOverride: argocd +fullnameOverride: "" + +# Optional CRD installation for those without Helm hooks +installCRDs: true global: image: repository: argoproj/argocd - tag: v1.2.4 + tag: v1.3.0 imagePullPolicy: IfNotPresent ## Controller controller: name: application-controller - image: {} - # repository: argoproj/argocd - # tag: v1.2.1 - # imagePullPolicy: IfNotPresent + image: + repository: # argoproj/argocd + tag: # v1.3.0 + imagePullPolicy: # IfNotPresent ## Argo controller commandline flags args: @@ -27,6 +31,7 @@ controller: logLevel: info ## Additional command line arguments to pass to argocd-controller + ## key: value extraArgs: [] ## Annotations to be added to controller pods @@ -117,7 +122,10 @@ dex: repository: quay.io/dexidp/dex tag: v2.14.0 imagePullPolicy: IfNotPresent - initImage: {} + initImage: + repository: + tag: + imagePullPolicy: serviceAccount: create: true @@ -158,7 +166,7 @@ dex: ## Redis redis: - enabled: false + enabled: true name: redis image: @@ -186,18 +194,22 @@ redis: # cpu: 100m # memory: 64Mi + volumeMounts: [] + volumes: [] + ## Server server: name: server - image: {} - # repository: argoproj/argocd - # tag: v1.2.1 - # imagePullPolicy: IfNotPresent + image: + repository: # argoproj/argocd + tag: # v1.3.0 + imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-server + ## key: value # extraArgs: [] - # - insecure + # insecure: true extraArgs: [] ## Argo server log level @@ -295,11 +307,13 @@ server: ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace ## - hosts: [] + hosts: + [] # - argocd.example.com paths: - - / - tls: [] + - / + tls: + [] # - secretName: argocd-example-tls # hosts: # - argocd.example.com @@ -319,10 +333,34 @@ server: url: https://argocd.example.com # Argo CD instance label key application.instanceLabelKey: argocd.argoproj.io/instance + # repositories: | + # - url: git@github.com:group/repo.git + # sshPrivateKeySecret: + # name: secret-name + # key: sshPrivateKey + # - type: helm + # url: https://kubernetes-charts.storage.googleapis.com + # name: stable + # - type: helm + # url: https://argoproj.github.io/argo-helm + # name: argo + # oidc.config: | + # name: AzureAD + # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 + # clientID: CLIENT_ID + # clientSecret: $oidc.azuread.clientSecret + # requestedIDTokenClaims: + # groups: + # essential: true + # requestedScopes: + # - openid + # - profile + # - email ## ArgoCD rbac config ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md - rbacConfig: {} + rbacConfig: + {} # policy.csv is an file containing user-defined RBAC policies and role definitions (optional). # Policy rules are in the form: # p, subject, resource, action, object, effect @@ -338,7 +376,6 @@ server: # authorizing API requests (optional). If omitted or empty, users may be still be able to login, # but will see no apps, projects, etc... # policy.default: role:readonly - # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. # scopes: '[cognito:groups, email]' @@ -396,13 +433,13 @@ server: repoServer: name: repo-server - image: {} - # repository: argoproj/argocd - # tag: v1.2.1 - # imagePullPolicy: IfNotPresent + image: + repository: # argoproj/argocd + tag: # v1.3.0 + imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-repo-server - ## + ## key: value extraArgs: [] ## Argo repoServer log level @@ -478,6 +515,25 @@ repoServer: # namespace: monitoring # additionalLabels: {} + ## Repo server service account + ## If create is set to true, make sure to uncomment the name and update the rbac section below + serviceAccount: + create: false + # name: argocd-repo-server + ## Annotations applied to created service account + annotations: {} + + ## Repo server rbac rules + # rbac: + # - apiGroups: + # - argoproj.io + # resources: + # - applications + # verbs: + # - get + # - list + # - watch + ## Argo Configs configs: knownHosts: @@ -490,7 +546,8 @@ configs: gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - tlsCerts: {} + tlsCerts: + {} # data: # argocd.example.com: | # -----BEGIN CERTIFICATE----- @@ -527,6 +584,25 @@ configs: # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK # XWyb96wrUlv+E8I= # -----END CERTIFICATE----- + # Creates a secret with optional repository credentials + repositoryCredentials: + {} + # sample-ssh-key: | + # -----BEGIN RSA PRIVATE KEY----- + # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N + # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 + # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB + # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x + # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe + # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 + # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 + # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM + # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK + # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ + # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc + # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le + # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= + # -----END RSA PRIVATE KEY----- secret: createSecret: true githubSecret: "" @@ -534,5 +610,7 @@ configs: bitbucketSecret: "" # argocdServerTlsConfig: # key: -# cert: +# crt: + # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` # argocdServerAdminPassword: diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index a4c4fcff..f20c8007 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 0.5.2 +version: 0.6.0 keywords: - argo-events - sensor-controller @@ -11,6 +11,6 @@ sources: maintainers: - name: VaibhavPage - name: magaldima -appVersion: 0.10 +appVersion: 0.11 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 174a8114..74cf9e83 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -14,3 +14,10 @@ This is a **community maintained** chart. It installs the [argo-events](https:// ## Notes on CRD Installation Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart. + +You can install the CRDs manually like so: + +``` +kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/sensor-crd.yaml +kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/gateway-crd.yaml +``` diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml new file mode 100644 index 00000000..cd5d3916 --- /dev/null +++ b/charts/argo-events/ci/test-values.yaml @@ -0,0 +1,6 @@ +serviceAccount: argo-events-sa-test +additionalSaNamespaces: + - nsone + - nstwo +instanceID: test-argo-events +singleNamespace: false diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml index c7a47254..878b8520 100644 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ b/charts/argo-events/templates/argo-events-cluster-roles.yaml @@ -11,9 +11,10 @@ subjects: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} {{- if .Values.additionalSaNamespaces }} + {{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} - kind: ServiceAccount - name: {{ .Values.serviceAccount }} + name: {{ $sa }} namespace: {{ $namespace }} {{- end }} {{- end }} @@ -51,6 +52,8 @@ rules: resources: - workflows - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers - gateways - gateways/finalizers - sensors diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml index 04a39f51..f13b8a1d 100644 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ b/charts/argo-events/templates/argo-events-sa.yaml @@ -1,4 +1,4 @@ -# All argo-events services are bound to the "argo-events" service account. +# All argo-events services are bound to the "argo-events" service account. # In RBAC enabled setups, this SA is bound to specific roles. apiVersion: v1 kind: ServiceAccount @@ -6,12 +6,13 @@ metadata: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} {{- if .Values.additionalSaNamespaces }} +{{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.serviceAccount }} + name: {{ $sa }} namespace: {{ $namespace }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index a0841052..1ee2fa5a 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -26,11 +26,11 @@ singleNamespace: true sensorController: name: sensor-controller image: sensor-controller - tag: v0.10 + tag: v0.11 replicaCount: 1 gatewayController: name: gateway-controller image: gateway-controller - tag: v0.10 + tag: v0.11 replicaCount: 1