From 95b20a0ef07ea51777c57f2183d39554a2d6dae9 Mon Sep 17 00:00:00 2001 From: Christine Banek Date: Tue, 12 Nov 2019 03:17:40 -0700 Subject: [PATCH 01/15] Better Helm NOTES.txt templating (#161) * Better Helm chart NOTES.txt templating Add some extra templating to NOTES.txt, which are displayed to the user after a successful helm install command. These are really helpful notes, but if you didn't specify a release name of argocd or put it in a separate namespace, these commands weren't exactly working with a copy paste. Now they should take into account the release name and release namespace helm was given. * Small CONTRIBUTING.md command line change Instead of just doing `argocd version`, be a little more explicit by passing in the server name and insecure flag. This will make sure that you're doing the version of the instance you're port-forwarding above, as opposed to some other argocd. --- CONTRIBUTING.md | 2 +- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/NOTES.txt | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3ca1d3c2..c7913b3a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -32,7 +32,7 @@ kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 In a new terminal: ``` -argocd version +argocd version --server localhost:8080 --insecure # reset password to 'Password1!' kubectl -n argocd patch secret argocd-secret \ -p '{"stringData": { diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b8031b13..e7e48429 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.2.4" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.0.6 +version: 1.0.7 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 451727d6..4bec139b 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,6 +1,6 @@ In order to access the server UI you have the following options: -1. kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 +1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 and then open the browser on http://localhost:8080 and accept the certificate @@ -12,4 +12,4 @@ In order to access the server UI you have the following options: After reaching the UI the first time you can login with username: admin and the password will be the name of the server pod. You can get the pod name by running: -kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 \ No newline at end of file +kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 From c1abc3691f71f222357322b1d2887c403ebc697f Mon Sep 17 00:00:00 2001 From: "konstantin.kiess" Date: Wed, 13 Nov 2019 17:53:25 +0100 Subject: [PATCH 02/15] updated chart to allow setting argocd server: adminpassword, tls.key, tls.cert --- .../templates/argocd-configs/argocd-secret.yaml | 13 +++++++++++-- charts/argo-cd/values.yaml | 6 ++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 6d4c3901..9dbc3cbe 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.server.name }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketSecret) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig) }} # Setting a blank data again will wipe admin password/key/cert data: {{- if .Values.configs.secret.githubSecret }} @@ -23,5 +23,14 @@ data: {{- if .Values.configs.secret.bitbucketSecret }} bitbucket.webhook.uuid: {{ .Values.configs.secret.bitbucketSecret | b64enc }} {{- end }} + {{- if .Values.configs.secret.argocdServerTlsConfig }} + tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} + tls.cert: {{ .Values.configs.secret.argocdServerTlsConfig.cert | b64enc }} + {{- end }} + + {{- if .Values.configs.secret.argocdServerAdminPassword }} + admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} + admin.passwordMtime: {{ date "2006-01-02T15:04:05Z" now | b64enc }} + {{- end }} +{{- end }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5fbf7fe3..8467bce3 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -532,3 +532,9 @@ configs: githubSecret: "" gitlabSecret: "" bitbucketSecret: "" +# argocdServerTlsConfig: +# key: +# cert: + #Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + #`htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` +# argocdServerAdminPassword: From 3a2bb4e238e3d2826429f76e39e3c8fd4fd2a58e Mon Sep 17 00:00:00 2001 From: "konstantin.kiess" Date: Wed, 13 Nov 2019 17:54:34 +0100 Subject: [PATCH 03/15] bumped chart version for checks to pass --- charts/argo-cd/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b8031b13..9ac73da2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "1.2.4" +appVersion: "1.3.0" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.0.6 +version: 1.0.8 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: From e7d9dc6582022be4d1d9054f359b3ce666d33eab Mon Sep 17 00:00:00 2001 From: "konstantin.kiess" Date: Wed, 13 Nov 2019 17:57:06 +0100 Subject: [PATCH 04/15] removed tailing space, added space in start of comment --- charts/argo-cd/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8467bce3..cc94a06d 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -535,6 +535,6 @@ configs: # argocdServerTlsConfig: # key: # cert: - #Argo expects the password in the secret to be bcrypt hashed. You can create this hash with - #`htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` -# argocdServerAdminPassword: + # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` +# argocdServerAdminPassword: From f88266ba2576eeb70acc09cd021858deca447110 Mon Sep 17 00:00:00 2001 From: Jaret Date: Wed, 13 Nov 2019 19:01:01 -0800 Subject: [PATCH 05/15] Minor fixes 11 11 (#164) * Fixes documentation for arguments (#159) * enable redis by default (#148) * patch version bump --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 8 ++++---- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- charts/argo-cd/values.yaml | 8 +++++--- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e7e48429..c2013af2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.2.4" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.0.7 +version: 1.0.8 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index caee1092..28f5f678 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -51,7 +51,7 @@ $ helm install --name my-release argo/argo-cd | controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | | controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | | controller.containerPort | Controller listening port. | `8082` | -| controller.extraArgs | Additional arguments for the controller. | `[]` | +| controller.extraArgs | Additional arguments for the controller. A list of key:value pairs | `[]` | | controller.image.repository | Repository to use for the controller | `global.image.repository` | | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | | controller.image.tag | Tag to use for the controller | `global.image.tag` | @@ -93,7 +93,7 @@ $ helm install --name my-release argo/argo-cd |-----|------|---------|-------------| | repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | | repoServer.containerPort | Repo server port | `8081` | -| repoServer.extraArgs | Additional arguments for the repo server | `[]` | +| repoServer.extraArgs | Additional arguments for the repo server. A list of key:value pairs. | `[]` | | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -138,7 +138,7 @@ $ helm install --name my-release argo/argo-cd | server.certificate.issuer | Certificate manager issuer | `{}` | | server.config | URL for Argo CD | `{}` | | server.containerPort | Server container port. | `8080` | -| server.extraArgs | Additional arguments for the server | `[]` | +| server.extraArgs | Additional arguments for the server. A list of key:value pairs. | `[]` | | server.image.repository | Repository to use for the server | `global.image.repository` | | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | | server.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -216,7 +216,7 @@ $ helm install --name my-release argo/argo-cd |-----|------|---------|-------------| | redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | | redis.containerPort | Redis container port | `6379` | -| redis.enabled | Enable redis | `false` | +| redis.enabled | Enable redis | `true` | | redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | | redis.image.repository | Redis repository | `"redis"` | | redis.image.tag | Redis tag | `"5.0.3"` | diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 68ffbe5d..c3a84ea4 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.server.ingress.enabled -}} {{- $serviceName := include "argo-cd.server.fullname" . -}} -{{- $servicePort := .Values.server.name -}} +{{- $servicePort := .Values.server.service.servicePortHttp -}} {{- $paths := .Values.server.ingress.paths -}} apiVersion: extensions/v1beta1 kind: Ingress diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5fbf7fe3..53a66acb 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -27,6 +27,7 @@ controller: logLevel: info ## Additional command line arguments to pass to argocd-controller + ## - key: value extraArgs: [] ## Annotations to be added to controller pods @@ -158,7 +159,7 @@ dex: ## Redis redis: - enabled: false + enabled: true name: redis image: @@ -196,8 +197,9 @@ server: # imagePullPolicy: IfNotPresent ## Additional command line arguments to pass to argocd-server + ## - key: value # extraArgs: [] - # - insecure + # - insecure: true extraArgs: [] ## Argo server log level @@ -402,7 +404,7 @@ repoServer: # imagePullPolicy: IfNotPresent ## Additional command line arguments to pass to argocd-repo-server - ## + ## - key: value extraArgs: [] ## Argo repoServer log level From 7e789bb04aa2b6553a8d313de0de8115d92728f9 Mon Sep 17 00:00:00 2001 From: Andrew Suderman Date: Thu, 14 Nov 2019 15:20:55 -0700 Subject: [PATCH 06/15] [argo-events] v0.11 update (#162) * Updating for events 0.11 * Adding note to the README about how to install CRDs from github * Fixing handling of serviceAccount variable inside of loops --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/README.md | 7 +++++++ charts/argo-events/ci/test-values.yaml | 6 ++++++ .../argo-events/templates/argo-events-cluster-roles.yaml | 5 ++++- charts/argo-events/templates/argo-events-sa.yaml | 7 ++++--- charts/argo-events/values.yaml | 4 ++-- 6 files changed, 25 insertions(+), 8 deletions(-) create mode 100644 charts/argo-events/ci/test-values.yaml diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index a4c4fcff..f20c8007 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 0.5.2 +version: 0.6.0 keywords: - argo-events - sensor-controller @@ -11,6 +11,6 @@ sources: maintainers: - name: VaibhavPage - name: magaldima -appVersion: 0.10 +appVersion: 0.11 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 174a8114..74cf9e83 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -14,3 +14,10 @@ This is a **community maintained** chart. It installs the [argo-events](https:// ## Notes on CRD Installation Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart. + +You can install the CRDs manually like so: + +``` +kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/sensor-crd.yaml +kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/gateway-crd.yaml +``` diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml new file mode 100644 index 00000000..cd5d3916 --- /dev/null +++ b/charts/argo-events/ci/test-values.yaml @@ -0,0 +1,6 @@ +serviceAccount: argo-events-sa-test +additionalSaNamespaces: + - nsone + - nstwo +instanceID: test-argo-events +singleNamespace: false diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml index c7a47254..878b8520 100644 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ b/charts/argo-events/templates/argo-events-cluster-roles.yaml @@ -11,9 +11,10 @@ subjects: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} {{- if .Values.additionalSaNamespaces }} + {{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} - kind: ServiceAccount - name: {{ .Values.serviceAccount }} + name: {{ $sa }} namespace: {{ $namespace }} {{- end }} {{- end }} @@ -51,6 +52,8 @@ rules: resources: - workflows - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers - gateways - gateways/finalizers - sensors diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml index 04a39f51..f13b8a1d 100644 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ b/charts/argo-events/templates/argo-events-sa.yaml @@ -1,4 +1,4 @@ -# All argo-events services are bound to the "argo-events" service account. +# All argo-events services are bound to the "argo-events" service account. # In RBAC enabled setups, this SA is bound to specific roles. apiVersion: v1 kind: ServiceAccount @@ -6,12 +6,13 @@ metadata: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} {{- if .Values.additionalSaNamespaces }} +{{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.serviceAccount }} + name: {{ $sa }} namespace: {{ $namespace }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index a0841052..1ee2fa5a 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -26,11 +26,11 @@ singleNamespace: true sensorController: name: sensor-controller image: sensor-controller - tag: v0.10 + tag: v0.11 replicaCount: 1 gatewayController: name: gateway-controller image: gateway-controller - tag: v0.10 + tag: v0.11 replicaCount: 1 From ac237c2c80fa0f5b973ac3f0dd13d6170ad0c689 Mon Sep 17 00:00:00 2001 From: Christine Banek Date: Sun, 17 Nov 2019 16:31:37 -0700 Subject: [PATCH 07/15] Fix delete crd command (#166) The part-of is incorrect compared to the argo-cd helm chart, which installs this crd as a part of argocd (without the dash). --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c7913b3a..ba764f3c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,7 +19,7 @@ Clean-up: ``` helm delete argo-cd --purge -kubectl delete crd -l app.kubernetes.io/part-of=argo-cd +kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` Minimally: From 977db7f67cbb6eed07a6601d16ac4f7533df0338 Mon Sep 17 00:00:00 2001 From: "konstantin.kiess" Date: Mon, 18 Nov 2019 10:23:55 +0100 Subject: [PATCH 08/15] bumped chart version to pass tests --- charts/argo-cd/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9ac73da2..e2368c59 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.3.0" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.0.8 +version: 1.0.9 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: From 7ab8fd74347369fbc5f3b161d655d9465ed14b9b Mon Sep 17 00:00:00 2001 From: "konstantin.kiess" Date: Mon, 18 Nov 2019 11:42:40 +0100 Subject: [PATCH 09/15] fixed wrong param name --- charts/argo-cd/templates/argocd-configs/argocd-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 9dbc3cbe..5e7b4d36 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -25,7 +25,7 @@ data: {{- end }} {{- if .Values.configs.secret.argocdServerTlsConfig }} tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} - tls.cert: {{ .Values.configs.secret.argocdServerTlsConfig.cert | b64enc }} + tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.cert | b64enc }} {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} From 55c01d3ec24f515de5240ba30dbb7ad40722a7fa Mon Sep 17 00:00:00 2001 From: "konstantin.kiess" Date: Mon, 18 Nov 2019 11:47:33 +0100 Subject: [PATCH 10/15] updated property name to be the same as in the actual secret --- charts/argo-cd/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 409ad904..da8cb96b 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -536,7 +536,7 @@ configs: bitbucketSecret: "" # argocdServerTlsConfig: # key: -# cert: +# crt: # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` # argocdServerAdminPassword: From 5c9025a1174df320fa40258f55b2102180ca779d Mon Sep 17 00:00:00 2001 From: Antoine Date: Wed, 20 Nov 2019 00:27:12 +0100 Subject: [PATCH 11/15] Repo server rbac (#160) * Added Role and service account to repo-server * Fixed comment in repo-server SA name helper * Bumped chart version * Added repoServer service account annotations --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/_helpers.tpl | 11 ++++++++++ .../argocd-repo-server/deployment.yaml | 1 + .../templates/argocd-repo-server/role.yaml | 17 +++++++++++++++ .../argocd-repo-server/rolebinding.yaml | 21 +++++++++++++++++++ .../argocd-repo-server/serviceaccount.yaml | 19 +++++++++++++++++ charts/argo-cd/values.yaml | 19 +++++++++++++++++ 7 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 charts/argo-cd/templates/argocd-repo-server/role.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c2013af2..3804c69c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.2.4" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.0.8 +version: 1.0.9 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2c892a75..af7f7c9f 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -92,6 +92,17 @@ Create the name of the ArgoCD server service account to use {{- end -}} {{- end -}} +{{/* +Create the name of the repo-server service account to use +*/}} +{{- define "argo-cd.repoServerServiceAccountName" -}} +{{- if .Values.repoServer.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.repoServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9c54d0dd..ea9ccfab 100644 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -105,6 +105,7 @@ spec: affinity: {{- toYaml .Values.repoServer.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} volumes: {{- if .Values.repoServer.volumes }} {{- toYaml .Values.repoServer.volumes | nindent 8}} diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml new file mode 100644 index 00000000..9c902ccc --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -0,0 +1,17 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +rules: +{{- if .Values.repoServer.rbac }} +{{toYaml .Values.repoServer.rbac }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml new file mode 100644 index 00000000..692b11ee --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.repoServer.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.repoServerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml new file mode 100644 index 00000000..a0bae942 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.repoServerServiceAccountName" . }} +{{- if .Values.repoServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 53a66acb..0cbfbb15 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -480,6 +480,25 @@ repoServer: # namespace: monitoring # additionalLabels: {} + ## Repo server service account + ## If create is set to true, make sure to uncomment the name and update the rbac section below + serviceAccount: + create: false + # name: argocd-repo-server + ## Annotations applied to created service account + annotations: {} + + ## Repo server rbac rules + # rbac: + # - apiGroups: + # - argoproj.io + # resources: + # - applications + # verbs: + # - get + # - list + # - watch + ## Argo Configs configs: knownHosts: From 3a6501defa21eafeabf6ae588624dde8d2305dc1 Mon Sep 17 00:00:00 2001 From: Sean Johnson Date: Thu, 21 Nov 2019 15:40:15 +1100 Subject: [PATCH 12/15] [charts/argo-cd] Update to 1.3, some chart cleanup (#165) * [charts/argo-cd] Update to 1.3, some chart cleanup * Bumps the version of ArgoCD to 1.3 and the chart version to 1.2 due to a CRD change. Restored conditional CRDs to correct #27. Additionally, some value defaults were added so Helm strict linting could pass. * This adds some examples to the values.yaml on how to use the new Helm repo chart types. Add helmignore to help with development. --- charts/argo-cd/.helmignore | 2 + charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 2 - .../templates/crds/application-crd.yaml | 98 +++++++++++++------ .../templates/crds/appproject-crd.yaml | 55 ++++++++++- charts/argo-cd/templates/dex/deployment.yaml | 4 +- charts/argo-cd/values.yaml | 76 ++++++++++---- 7 files changed, 181 insertions(+), 60 deletions(-) create mode 100644 charts/argo-cd/.helmignore diff --git a/charts/argo-cd/.helmignore b/charts/argo-cd/.helmignore new file mode 100644 index 00000000..2df6bf53 --- /dev/null +++ b/charts/argo-cd/.helmignore @@ -0,0 +1,2 @@ +*.tgz +output diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3804c69c..a9b28699 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "1.2.4" +appVersion: "1.3.0" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.0.9 +version: 1.2.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 28f5f678..4cb50706 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -2,8 +2,6 @@ Argo CD Chart ====== A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. -Current chart version is `1.0.4` - Source code can be found [here](https://argoproj.github.io/argo-cd/) ## Additional Information diff --git a/charts/argo-cd/templates/crds/application-crd.yaml b/charts/argo-cd/templates/crds/application-crd.yaml index 2f176e4f..faf763a8 100644 --- a/charts/argo-cd/templates/crds/application-crd.yaml +++ b/charts/argo-cd/templates/crds/application-crd.yaml @@ -1,3 +1,4 @@ +{{- if .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -416,7 +417,7 @@ spec: type: object type: array revision: - description: Revision is the git revision in which to sync the application + description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. type: string source: @@ -424,6 +425,9 @@ spec: This is typically set in a Rollback operation and nil during a Sync operation properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -492,6 +496,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined as + a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -536,8 +544,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -561,7 +568,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -571,7 +578,6 @@ spec: type: string required: - repoURL - - path type: object syncStrategy: description: SyncStrategy describes how to perform the sync @@ -634,7 +640,6 @@ spec: namespace: type: string required: - - group - kind - jsonPointers type: object @@ -661,6 +666,9 @@ spec: description: Source is a reference to the location ksonnet application definition properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -729,6 +737,9 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -773,8 +784,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository containing - a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management plugin @@ -798,8 +808,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application - manifests + description: RepoURL is the repository URL of the application manifests type: string targetRevision: description: TargetRevision defines the commit, tag, or branch in @@ -807,7 +816,6 @@ spec: type: string required: - repoURL - - path type: object syncPolicy: description: SyncPolicy controls when a sync will be performed @@ -867,6 +875,9 @@ spec: type: string source: properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -936,6 +947,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -980,8 +995,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1005,7 +1019,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -1015,7 +1029,6 @@ spec: type: string required: - repoURL - - path type: object required: - revision @@ -1024,6 +1037,8 @@ spec: type: object type: array observedAt: + description: ObservedAt indicates when the application state was updated + without querying latest git state format: date-time type: string operationState: @@ -1071,15 +1086,18 @@ spec: type: object type: array revision: - description: Revision is the git revision in which to sync - the application to. If omitted, will use the revision - specified in app spec. + description: Revision is the revision in which to sync the + application to. If omitted, will use the revision specified + in app spec. type: string source: description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options @@ -1155,6 +1173,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -1200,8 +1222,8 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git + repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1225,8 +1247,8 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the - application manifests + description: RepoURL is the repository URL of the application + manifests type: string targetRevision: description: TargetRevision defines the commit, tag, @@ -1235,7 +1257,6 @@ spec: type: string required: - repoURL - - path type: object syncStrategy: description: SyncStrategy describes how to perform the sync @@ -1322,12 +1343,15 @@ spec: type: object type: array revision: - description: Revision holds the git commit SHA of the sync + description: Revision holds the revision of the sync type: string source: description: Source records the application source information of the sync, used for comparing auto-sync properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -1399,6 +1423,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -1444,8 +1472,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1469,7 +1496,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -1479,7 +1506,6 @@ spec: type: string required: - repoURL - - path type: object required: - revision @@ -1490,6 +1516,8 @@ spec: - startedAt type: object reconciledAt: + description: ReconciledAt indicates when the application state was reconciled + using the latest git version format: date-time type: string resources: @@ -1553,6 +1581,9 @@ spec: type: object source: properties: + chart: + description: Chart is a Helm chart name + type: string directory: description: Directory holds path/directory specific options properties: @@ -1624,6 +1655,10 @@ spec: items: type: string type: array + values: + description: Values is Helm values, typically defined + as a block + type: string type: object ksonnet: description: Ksonnet holds ksonnet specific options @@ -1669,8 +1704,7 @@ spec: type: string type: object path: - description: Path is a directory path within the repository - containing a + description: Path is a directory path within the Git repository type: string plugin: description: ConfigManagementPlugin holds config management @@ -1694,7 +1728,7 @@ spec: type: string type: object repoURL: - description: RepoURL is the git repository URL of the application + description: RepoURL is the repository URL of the application manifests type: string targetRevision: @@ -1704,7 +1738,6 @@ spec: type: string required: - repoURL - - path type: object required: - source @@ -1726,3 +1759,4 @@ spec: - name: v1alpha1 served: true storage: true +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/crds/appproject-crd.yaml b/charts/argo-cd/templates/crds/appproject-crd.yaml index 61a0077b..2d14a52a 100644 --- a/charts/argo-cd/templates/crds/appproject-crd.yaml +++ b/charts/argo-cd/templates/crds/appproject-crd.yaml @@ -1,3 +1,4 @@ +{{- if .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -434,6 +435,15 @@ spec: - kind type: object type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project + properties: + warn: + description: Warn indicates if warning condition should be created + for apps which have orphaned resources + type: boolean + type: object roles: description: Roles are user defined RBAC roles associated with this project @@ -477,11 +487,51 @@ spec: type: object type: array sourceRepos: - description: SourceRepos contains list of git repository URLs which - can be used for deployment + description: SourceRepos contains list of repository URLs which can + be used for deployment items: type: string type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in + this project + items: + properties: + applications: + description: Applications contains a list of applications that + the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window + will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window will + be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would otherwise + be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the + window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified + in cron format + type: string + type: object + type: array type: object required: - metadata @@ -491,3 +541,4 @@ spec: - name: v1alpha1 served: true storage: true +{{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index e0d243a1..6cddafcb 100644 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -28,7 +28,7 @@ spec: initContainers: - name: copyutil image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.pullPolicy }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} command: - cp - /usr/local/bin/argocd-util @@ -73,4 +73,4 @@ spec: volumes: {{- toYaml .Values.dex.volumes | nindent 8}} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 0cbfbb15..19ace947 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2,21 +2,25 @@ ## Ref: https://github.com/argoproj/argo-cd ## nameOverride: argocd +fullnameOverride: "" + +# Optional CRD installation for those without Helm hooks +installCRDs: true global: image: repository: argoproj/argocd - tag: v1.2.4 + tag: v1.3.0 imagePullPolicy: IfNotPresent ## Controller controller: name: application-controller - image: {} - # repository: argoproj/argocd - # tag: v1.2.1 - # imagePullPolicy: IfNotPresent + image: + repository: # argoproj/argocd + tag: # v1.3.0 + imagePullPolicy: # IfNotPresent ## Argo controller commandline flags args: @@ -118,7 +122,10 @@ dex: repository: quay.io/dexidp/dex tag: v2.14.0 imagePullPolicy: IfNotPresent - initImage: {} + initImage: + repository: + tag: + imagePullPolicy: serviceAccount: create: true @@ -187,14 +194,17 @@ redis: # cpu: 100m # memory: 64Mi + volumeMounts: [] + volumes: [] + ## Server server: name: server - image: {} - # repository: argoproj/argocd - # tag: v1.2.1 - # imagePullPolicy: IfNotPresent + image: + repository: # argoproj/argocd + tag: # v1.3.0 + imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-server ## - key: value @@ -297,11 +307,13 @@ server: ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace ## - hosts: [] + hosts: + [] # - argocd.example.com paths: - - / - tls: [] + - / + tls: + [] # - secretName: argocd-example-tls # hosts: # - argocd.example.com @@ -321,10 +333,34 @@ server: url: https://argocd.example.com # Argo CD instance label key application.instanceLabelKey: argocd.argoproj.io/instance + # repositories: | + # - url: git@github.com:group/repo.git + # sshPrivateKeySecret: + # name: secret-name + # key: sshPrivateKey + # - type: helm + # url: https://kubernetes-charts.storage.googleapis.com + # name: stable + # - type: helm + # url: https://argoproj.github.io/argo-helm + # name: argo + # oidc.config: | + # name: AzureAD + # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 + # clientID: CLIENT_ID + # clientSecret: $oidc.azuread.clientSecret + # requestedIDTokenClaims: + # groups: + # essential: true + # requestedScopes: + # - openid + # - profile + # - email ## ArgoCD rbac config ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md - rbacConfig: {} + rbacConfig: + {} # policy.csv is an file containing user-defined RBAC policies and role definitions (optional). # Policy rules are in the form: # p, subject, resource, action, object, effect @@ -340,7 +376,6 @@ server: # authorizing API requests (optional). If omitted or empty, users may be still be able to login, # but will see no apps, projects, etc... # policy.default: role:readonly - # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. # scopes: '[cognito:groups, email]' @@ -398,10 +433,10 @@ server: repoServer: name: repo-server - image: {} - # repository: argoproj/argocd - # tag: v1.2.1 - # imagePullPolicy: IfNotPresent + image: + repository: # argoproj/argocd + tag: # v1.3.0 + imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-repo-server ## - key: value @@ -511,7 +546,8 @@ configs: gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - tlsCerts: {} + tlsCerts: + {} # data: # argocd.example.com: | # -----BEGIN CERTIFICATE----- From a459a785ed1811b8ab80bf3466bd19df7bc69fbc Mon Sep 17 00:00:00 2001 From: Abhishek Jaisingh Date: Tue, 26 Nov 2019 04:25:05 +0530 Subject: [PATCH 13/15] ArgoCD: Configure Repository Credentials in Values (#167) * ArgoCD: Configure Repository Credentials in Values * Argo CD Helm Chart: Add a Secret Resource in Repo Server for configuring Repository Credentials Change-Id: I64c343d3558a939d0faef795e62d4e258810bc67 * Minor formatting fix, add documentation. --- charts/argo-cd/Chart.yaml | 2 +- .../repository-credentials-secret.yaml | 18 ++++++++++++++++++ charts/argo-cd/values.yaml | 19 +++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a9b28699..f3e351ec 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.3.0" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.2.0 +version: 1.2.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml new file mode 100644 index 00000000..aed7700f --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml @@ -0,0 +1,18 @@ +{{- if .Values.configs.repositoryCredentials }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repository-credentials + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +type: Opaque +data: +{{- range $key, $value := .Values.configs.repositoryCredentials }} + {{ $key }}: {{ $value | b64enc }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 19ace947..f697c192 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -584,6 +584,25 @@ configs: # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK # XWyb96wrUlv+E8I= # -----END CERTIFICATE----- + # Creates a secret with optional repository credentials + repositoryCredentials: + {} + # sample-ssh-key: | + # -----BEGIN RSA PRIVATE KEY----- + # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N + # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 + # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB + # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x + # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe + # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 + # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 + # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM + # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK + # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ + # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc + # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le + # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= + # -----END RSA PRIVATE KEY----- secret: createSecret: true githubSecret: "" From 3837dba0395d361a4c261dac2d1230cb563c75e1 Mon Sep 17 00:00:00 2001 From: Ryota Date: Mon, 25 Nov 2019 23:01:18 +0000 Subject: [PATCH 14/15] Correct the values.yaml comment for extra arg (#174) Extra arg handling changed in v1 release, and expects map rather than list --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/values.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f3e351ec..5ce46ded 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.3.0" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.2.1 +version: 1.2.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f697c192..dfd95c9b 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -31,7 +31,7 @@ controller: logLevel: info ## Additional command line arguments to pass to argocd-controller - ## - key: value + ## key: value extraArgs: [] ## Annotations to be added to controller pods @@ -207,9 +207,9 @@ server: imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-server - ## - key: value + ## key: value # extraArgs: [] - # - insecure: true + # insecure: true extraArgs: [] ## Argo server log level @@ -439,7 +439,7 @@ repoServer: imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-repo-server - ## - key: value + ## key: value extraArgs: [] ## Argo repoServer log level From 138d9ed27c78bad27814013fe8cd88677089c124 Mon Sep 17 00:00:00 2001 From: "konstantin.kiess" Date: Fri, 29 Nov 2019 09:01:03 +0100 Subject: [PATCH 15/15] found typo --- charts/argo-cd/templates/argocd-configs/argocd-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 5e7b4d36..dcacb081 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -25,7 +25,7 @@ data: {{- end }} {{- if .Values.configs.secret.argocdServerTlsConfig }} tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} - tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.cert | b64enc }} + tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }} {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }}