DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into bump-argo-workflows-app-version

Browse source
This commit is contained in:
Marco Kilchhofer 2021-08-17 09:26:22 +02:00 committed by GitHub
commit 6a9d834aa7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 847 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/argo-cd/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: 2.0.5
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 3.11.5
version: 3.12.1
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-cd/assets/logo.png
keywords:
@ -21,4 +21,4 @@ dependencies:
condition: redis-ha.enabled
annotations:
artifacthub.io/changes: |
- "[Fixed]: Can't login when using configs.secret.argocdServerAdminPassword"
- "[Fixed]: redis-ha.nameOverride / redis-ha.fullnameOverride breaks the ArgoCD helm chart"

1
charts/argo-cd/README.md
View file

@ -148,6 +148,7 @@ NAME: my-release
| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` |
| apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` |
| apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` |
| createAggregateRoles | Create clusterroles that extend aggregated roles to use argo-cd crds | `false` |
| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
| configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` |
| configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) |

5
charts/argo-cd/templates/_helpers.tpl
View file

@ -42,10 +42,11 @@ Create dex name and version as used by the chart label.
Create redis name and version as used by the chart label.
*/}}
{{- define "argo-cd.redis.fullname" -}}
{{ $redisHa := (index .Values "redis-ha") }}
{{- $redisHa := (index .Values "redis-ha") -}}
{{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}}
{{- if $redisHa.enabled -}}
{{- if $redisHa.haproxy.enabled -}}
{{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- else -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}}

67
charts/argo-cd/templates/argocd-aggregate-roles.yaml Normal file
View file

@ -0,0 +1,67 @@
{{- if .Values.createAggregateRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.fullname" . }}-aggregate-to-view
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
{{- end }}

4
charts/argo-cd/values.yaml
View file

@ -31,6 +31,10 @@ apiVersionOverrides:
certmanager: "" # cert-manager.io/v1
ingress: "" # networking.k8s.io/v1beta1
## Create clusterroles that extend existing clusterroles to interact with argo-cd crds
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
createAggregateRoles: false
## Controller
controller:
name: application-controller

1
charts/argo-rollouts/.helmignore
View file

@ -19,3 +19,4 @@
.project
.idea/
*.tmproj
ci/

5
charts/argo-rollouts/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: "v1.0.2"
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 1.0.4
version: 2.0.0
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
home: https://github.com/argoproj/argo-helm
maintainers:
@ -11,5 +11,4 @@ maintainers:
- name: jessesuen
annotations:
artifacthub.io/changes: |
- "[Fixed]: Add missing liveness and readiness probes"
- "[Changed]: Fix icon url"
- "[Added]: Dashboard manifests"

24
charts/argo-rollouts/README.md
View file

@ -25,6 +25,9 @@ $ helm repo add argo https://argoproj.github.io/argo-helm
$ helm install my-release argo/argo-rollouts
```
If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-rollouts dashboard by
`kubectl port-forward service/argo-rollouts-dashboard 31000:3100` and pointing the browser to `localhost:31000`
## Chart Values
| Key | Type | Default | Description |
@ -53,9 +56,30 @@ $ helm install my-release argo/argo-rollouts
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level |
| containerSecurityContext | object | `{}` | Security Context to set on container level |
| dashboard.enabled | bool | `false` | Deploy dashboard server |
| dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` |
| dashboard.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| dashboard.image.registry | string | `quay.io` | Registry to use |
| dashboard.image.repository | string | `"argoproj/kubectl-argo-rollouts"` | Repository to use |
| dashboard.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
| dashboard.resources | object | `{}` | Resource limits and requests for the dashboard pods. |
| dashboard.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
| dashboard.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) |
| dashboard.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
| dashboard.podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level |
| dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level |
| dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created |
| dashboard.serviceAccount.annotations | object | `{}` | Annotations to add to the dashboard service account |
| dashboard.serviceAccount.name | string | `""` | The name of the dashboard service account to use. If not set and create is true, a name is generated using the fullname template |
## Upgrading
### To 2.0.0
* The argo-rollouts dashboard is added to the template and can be enabled by setting `dashboard.enabled=true`.
* There is a breaking change where the selector label `app.kubernetes.io/component: {{ .Values.controller.component }}` is added to rollout's deployment and service in order to distinguish between the controller and the dashboard component.
To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment and Service resource** before you upgrade. This is necessary because Deployment's label selector is immutable.
### To 1.0.0
* This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020.

2
charts/argo-rollouts/ci/test-values.yaml Normal file
View file

@ -0,0 +1,2 @@
dashboard:
enabled: true

2
charts/argo-rollouts/templates/argo-rollouts-deployment.yaml
View file

@ -8,6 +8,7 @@ metadata:
spec:
selector:
matchLabels:
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
strategy:
type: Recreate
@ -19,6 +20,7 @@ spec:
{{- end }}
labels:
{{- include "argo-rollouts.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}

5
charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml
View file

@ -4,7 +4,7 @@ kind: Service
metadata:
name: {{ include "argo-rollouts.fullname" . }}-metrics
labels:
app.kubernetes.io/component: server
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
{{- with .Values.serviceAnnotations }}
annotations:
@ -17,5 +17,6 @@ spec:
port: 8090
targetPort: 8090
selector:
{{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.selectorLabels" . | nindent 4 }}
{{- end }}

58
charts/argo-rollouts/templates/dashboard/clusterrole.yaml Normal file
View file

@ -0,0 +1,58 @@
{{- if and .Values.dashboard.enabled .Values.clusterInstall }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-rollouts.fullname" . }}-dashboard
labels:
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
{{- end }}

17
charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml Normal file
View file

@ -0,0 +1,17 @@
{{- if and .Values.dashboard.enabled .Values.clusterInstall }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "argo-rollouts.fullname" . }}-dashboard
labels:
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "argo-rollouts.fullname" . }}-dashboard
subjects:
- kind: ServiceAccount
name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard
namespace: {{ .Release.Namespace }}
{{- end }}

59
charts/argo-rollouts/templates/dashboard/deployment.yaml Normal file
View file

@ -0,0 +1,59 @@
{{- if .Values.dashboard.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "argo-rollouts.fullname" . }}-dashboard
labels:
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.dashboard.component }}
strategy:
type: Recreate
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "argo-rollouts.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard
containers:
- image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}"
imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }}
name: argo-rollouts-dashboard
ports:
- containerPort: 3100
name: dashboard
securityContext:
{{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }}
resources:
{{- toYaml .Values.dashboard.resources | nindent 10 }}
{{- if .Values.dashboard.nodeSelector }}
nodeSelector:
{{- toYaml .Values.dashboard.nodeSelector | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.dashboard.podSecurityContext | nindent 8 }}
{{- if .Values.dashboard.tolerations }}
tolerations:
{{- toYaml .Values.dashboard.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.affinity }}
affinity:
{{- toYaml .Values.dashboard.affinity | nindent 8 }}
{{- end }}
{{- end }}

13
charts/argo-rollouts/templates/dashboard/sa.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if and .Values.dashboard.enabled .Values.dashboard.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard
labels:
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
{{- with .Values.dashboard.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

22
charts/argo-rollouts/templates/dashboard/service.yaml Normal file
View file

@ -0,0 +1,22 @@
{{- if .Values.dashboard.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-rollouts.fullname" . }}-dashboard
labels:
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
{{- with .Values.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ports:
- name: dashboard
protocol: TCP
port: 3100
targetPort: 3100
selector:
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- include "argo-rollouts.selectorLabels" . | nindent 4 }}
{{- end }}

25
charts/argo-rollouts/values.yaml
View file

@ -94,3 +94,28 @@ podLabels: {}
# Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# - name: argo-pull-secret
dashboard:
enabled: false
component: rollouts-dashboard
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: []
affinity: {}
image:
registry: quay.io
repository: argoproj/kubectl-argo-rollouts
tag: ""
pullPolicy: IfNotPresent
resources: {}
podSecurityContext:
runAsNonRoot: true
containerSecurityContext: {}
serviceAccount:
create: true
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""

7
charts/argocd-applicationset/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-applicationset
description: A Helm chart for installing ArgoCD ApplicationSet
type: application
version: 1.0.0
version: 1.1.0
appVersion: "v0.1.0"
home: https://github.com/argoproj/argo-helm
icon: https://argocd-applicationset.readthedocs.io/en/stable/assets/logo.png
@ -14,6 +14,5 @@ maintainers:
- name: maruina
annotations:
artifacthub.io/changes: |
- "[Removed]: CRD installation via templates folder. CRDs are now only handled via the '/crds' folder in the same way like the ArgoCD chart."
- "[Removed]: Exclude '/ci' folder from being packaged into the final chart archive."
- "[Changed]: Fix icon url"
- "[Added]: /tmp is an emptyDir now (enables users to use readOnlyRootFilesystem)"
- "[Added]: Ability to add extraVolumes and extraVolumeMounts"

2
charts/argocd-applicationset/README.md
View file

@ -65,6 +65,8 @@ kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/c
| args.policy | string | `sync` | How application is synced between the generator and the cluster |
| args.debug | bool | `false` | Print debug logs |
| args.dryRun | bool | `false` | Enable dry run mode |
| extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) |
| extraVolumes | list | `[]` | List of extra volumes to add |
| fullnameOverride | string | `""` | Override the default fully qualified app name |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. |

10
charts/argocd-applicationset/templates/deployment.yaml
View file

@ -50,6 +50,8 @@ spec:
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: /tmp
name: tmp-dir
{{- if .Values.mountSSHKnownHostsVolume }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
@ -66,7 +68,12 @@ spec:
- mountPath: /app/config/gpg/keys
name: gpg-keyring
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumes:
- emptyDir: {}
name: tmp-dir
{{- if .Values.mountSSHKnownHostsVolume }}
- configMap:
name: argocd-ssh-known-hosts-cm
@ -86,6 +93,9 @@ spec:
- emptyDir: {}
name: gpg-keyring
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

9
charts/argocd-applicationset/values.yaml
View file

@ -75,3 +75,12 @@ mountSSHKnownHostsVolume: true
mountTLSCertsVolume: true
mountGPGKeysVolume: false
mountGPGKeyringVolume: true
# -- List of extra mounts to add (normally used with extraVolumes)
extraVolumeMounts: []
# - mountPath: /tmp/foobar
# name: foobar
# -- List of extra volumes to add
extraVolumes: []
# - name: foobar
# emptyDir: {}

23
charts/argocd-image-updater/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

18
charts/argocd-image-updater/Chart.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.1.0
appVersion: v0.10.1
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
keywords:
- argoproj
- argocd
- gitops
maintainers:
- name: argoproj
url: https://argoproj.github.io/
annotations:
artifacthub.io/changes: |
- "[Added]: First chart release"

86
charts/argocd-image-updater/README.md Normal file
View file

@ -0,0 +1,86 @@
# argocd-image-updater
A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
To regenerate this document, from the root of this chart directory run:
```shell
docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest
```
## Installation
```console
helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd-image-updater argo/argocd-image-updater
```
You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
## TODO
- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something.
## Prerequisites
* Helm v3.0.0+
## Configuration options
In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags).
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance:
```yaml
config:
argocd:
grpcWeb: false
serverAddress: "http://argocd.argo"
insecure: true
plaintext: true
```
Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
### Registries
ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
- Docker Hub
- Google Container Registry
- RedHat Quay
- GitHub Container Registry
- GitHub Docker Packages
If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration.
The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Kubernetes affinity settings for the deployment |
| config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API |
| config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. |
| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. |
| config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address |
| config.logLevel | string | `"info"` | ArgoCD Image Update log level |
| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in config.argocd |
| fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override |
| image.pullPolicy | string | `"Always"` | Default image pull policy |
| image.repository | string | `"argoprojlabs/argocd-image-updater"` | Default image repository |
| image.tag | string | `"v0.10.1"` | Default image tag |
| imagePullSecrets | list | `[]` | ImagePullSecrets for the image updater deployment |
| nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override |
| nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment |
| podAnnotations | object | `{}` | Pod Annotations for the deployment |
| podSecurityContext | object | `{}` | Pod security context settings for the deployment |
| rbac.enabled | bool | `true` | Enable RBAC creation |
| replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. |
| resources | object | `{}` | Pod memory and cpu resource settings for the deployment |
| securityContext | object | `{}` | Security context settings for the deployment |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | Kubernetes toleration settings for the deployment |

58
charts/argocd-image-updater/README.md.gotmpl Normal file
View file

@ -0,0 +1,58 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
To regenerate this document, from the root of this chart directory run:
```shell
docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest
```
## Installation
```console
helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd-image-updater argo/argocd-image-updater
```
You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
## TODO
- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something.
## Prerequisites
* Helm v3.0.0+
## Configuration options
In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags).
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance:
```yaml
config:
argocd:
grpcWeb: false
serverAddress: "http://argocd.argo"
insecure: true
plaintext: true
```
Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
### Registries
ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
- Docker Hub
- Google Container Registry
- RedHat Quay
- GitHub Container Registry
- GitHub Docker Packages
If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration.
The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.
{{ template "chart.valuesSection" . }}

63
charts/argocd-image-updater/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,63 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "argocd-image-updater.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argocd-image-updater.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argocd-image-updater.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "argocd-image-updater.labels" -}}
helm.sh/chart: {{ include "argocd-image-updater.chart" . }}
{{ include "argocd-image-updater.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argocd-image-updater.selectorLabels" -}}
app.kubernetes.io/name: {{ include "argocd-image-updater.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "argocd-image-updater.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "argocd-image-updater.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

13
charts/argocd-image-updater/templates/configmap.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
name: argocd-image-updater-config
data:
registries.conf: |
{{- with .Values.config.registries }}
registries:
{{- toYaml . | nindent 6 }}
{{- end }}

95
charts/argocd-image-updater/templates/deployment.yaml Normal file
View file

@ -0,0 +1,95 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "argocd-image-updater.fullname" . }}
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "argocd-image-updater.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
labels:
{{- include "argocd-image-updater.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argocd-image-updater.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
command:
- /usr/local/bin/argocd-image-updater
- run
{{- with .Values.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: ARGOCD_GRPC_WEB
value: {{ .Values.config.argocd.grpcWeb | quote }}
- name: ARGOCD_SERVER
value: {{ .Values.config.argocd.serverAddress }}
- name: ARGOCD_INSECURE
value: {{ .Values.config.argocd.insecure | quote }}
- name: ARGOCD_PLAINTEXT
value: {{ .Values.config.argocd.plaintext | quote }}
- name: ARGOCD_TOKEN
valueFrom:
secretKeyRef:
key: argocd.token
name: argocd-image-updater-secret
optional: true
- name: IMAGE_UPDATER_LOGLEVEL
value: {{ .Values.config.logLevel }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: /app/config
name: registries-conf
volumes:
- configMap:
items:
- key: registries.conf
path: registries.conf
name: argocd-image-updater-config
name: registries-conf
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

48
charts/argocd-image-updater/templates/rbac.yaml Normal file
View file

@ -0,0 +1,48 @@
{{- if .Values.rbac.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
{{ include "argocd-image-updater.labels" . | nindent 4 }}
name: {{ include "argocd-image-updater.fullname" . }}
rules:
- apiGroups:
- ''
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applications
verbs:
- get
- list
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{ include "argocd-image-updater.labels" . | nindent 4 }}
name: {{ include "argocd-image-updater.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "argocd-image-updater.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argocd-image-updater.serviceAccountName" . }}
{{- end }}

12
charts/argocd-image-updater/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "argocd-image-updater.serviceAccountName" . }}
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

102
charts/argocd-image-updater/values.yaml Normal file
View file

@ -0,0 +1,102 @@
# -- Replica count for the deployment. It is not advised to run more than one replica.
replicaCount: 1
image:
# -- Default image repository
repository: argoprojlabs/argocd-image-updater
# -- Default image pull policy
pullPolicy: Always
# -- Default image tag
tag: v0.10.1
# -- ImagePullSecrets for the image updater deployment
imagePullSecrets: []
# -- Global name (argocd-image-updater.name in _helpers.tpl) override
nameOverride: ""
# -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override
fullnameOverride: ""
# -- Extra arguments for argocd-image-updater not defined in config.argocd
extraArgs: []
# - --disable-kubernetes
# - --dry-run
# - --health-port 8080
# - --interval 2m
# - --kubeconfig ~/.kube/config
# - --match-application-name staging-*
# - --max-concurrency 5
# - --once
# - --registries-conf-path /app/config/registries.conf
config:
# Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags
argocd:
# -- Use the gRPC-web protocol to connect to the Argo CD API
grpcWeb: true
# -- Connect to the Argo CD API server at server address
serverAddress: ""
# -- If specified, the certificate of the Argo CD API server is not verified.
insecure: false
# -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.
plaintext: false
# -- ArgoCD Image Update log level
logLevel: "info"
# -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)
registries: []
# - name: Docker Hub
# api_url: https://registry-1.docker.io
# ping: yes
# credentials: secret:foo/bar#creds
# defaultns: library
# - name: Google Container Registry
# api_url: https://gcr.io
# prefix: gcr.io
# ping: no
# credentials: pullsecret:foo/bar
# - name: RedHat Quay
# api_url: https://quay.io
# ping: no
# prefix: quay.io
# credentials: env:REGISTRY_SECRET
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- Pod Annotations for the deployment
podAnnotations: {}
# -- Pod security context settings for the deployment
podSecurityContext: {}
# fsGroup: 2000
# -- Security context settings for the deployment
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
rbac:
# -- Enable RBAC creation
enabled: true
# -- Pod memory and cpu resource settings for the deployment
resources: {}
# -- Kubernetes nodeSelector settings for the deployment
nodeSelector: {}
# -- Kubernetes toleration settings for the deployment
tolerations: []
# -- Kubernetes affinity settings for the deployment
affinity: {}