DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into loristo

Browse source
This commit is contained in:
Marco Kilchhofer 2023-02-14 22:25:21 +01:00
commit 6b38a8fa8d
55 changed files with 6965 additions and 466 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

151
CONTRIBUTING.md
View file

@ -2,110 +2,160 @@
Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently.
# Pull Requests
## Pull Requests
All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project.
### Pull Request Title Linting
We lint the title of your pull request to ensure it follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification. This is done using GitHub actions and the [action-semantic-pull-request](.github/workflows/pr-title.yml) workflow. We require the scope of the change to be included in the title. The scope should be the name of the chart you are changing. For example, if you are changing the `argo-cd` chart, the title of your pull request should be `fix(argo-cd): Fix typo in values.yaml`.
## Documentation
The documentation for each chart is generated with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation.
We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges):
```shell
./scripts/helm-docs.sh
```
> **Note**
> When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file.
### Updating a chart README.md
When updating the `README.md.gotmpl` inside a chart directory you must to run the `helm-docs` script to generate the updated `README.md` file. To reiterate, you should not edit the `README.md` file manually. It will be generated by the following command:
```shell
./scripts/helm-docs.sh
```
> **Note**
> If you see changes to unrelated chart `README.md` files you may have accidentally updated a `README.md.gotmpl` file in another chart's folder unintentionally or someone else failed to run this script. Please revert those changes if you do not intend them to be a part of your pull request.
## Versioning
Each chart's version follows the [semver standard](https://semver.org/). New charts should start at version `1.0.0`, if it's considered stable. If it's not considered stable, it must be released as [prerelease](#prerelease).
Each chart's version follows the [semver standard](https://semver.org/).
New charts should start at version `1.0.0`, if it's considered stable. If it isn't considered stable, it must be released as `prerelease`.
Any breaking changes to a chart (backwards incompatible) require:
* Bump of the current Major version of the chart
* State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` ([See Upgrade](#upgrades))
* Bump of the current Major version of the chart
* State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl`
### New Application Versions
When selecting new application versions ensure you make the following changes:
* `values.yaml`: Bump all instances of the container image version
* `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version`
Please ensure chart version changes adhere to semantic versioning standards:
* Major: Large chart rewrites, major non-backwards compatible or destructive changes
* Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes
* Patch: App version patch updates, backwards compatible optional chart features
### Immutability
Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error.
### Chart Versioning
Currently we require a chart version bump for every change to a chart, including updating information for older verions. This may change in the future.
### Artifact Hub Annotations
Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub.
* [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/)
* [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/)
#### Changelog
We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release.
Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). For every new release the entire `artifacthub.io/changes` needs to be rewritten. Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template:
Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file).
A new `artifacthub.io/changes` needs to be written covering only the changes since the previous release.
Each change requires a new bullet point following the pattern. See more information [Artifact Hub annotations in Helm Chart.yaml file](https://artifacthub.io/docs/topics/annotations/helm/).
```yaml
- kind: {type}
description: {description}
```
You can use the following template:
```yaml
name: argo-cd
version: 3.4.1
version: 5.19.12
...
annotations:
artifacthub.io/changes: |
- "[Added]: Something New was added"
- "[Changed]: Changed Something within this chart"
- "[Changed]: Changed Something else within this chart"
- "[Deprecated]: Something deprecated"
- "[Removed]: Something was removed"
- "[Fixed]: Something was fixed"
- "[Security]": Some Security Patch was included"
- kind: added
description: Something New was added
- kind: changed
description: Changed Something within this chart
- kind: changed
description: Changed Something else within this chart
- kind: deprecated
description: Something deprecated
- kind: removed
description: Something was removed
- kind: fixed
description: Something was fixed
- kind: security
description: Some Security Patch was included
```
## Documentation
## Testing
The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation.
We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges):
```
bash scripts/helm-docs.sh
```
**NOTE**: When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file.
# Testing
## Testing Argo Workflows Changes
### Testing Argo Workflows Changes
Minimally:
```
```shell
helm install charts/argo-workflows -n argo
argo version
```
Follow this instructions for running a hello world workflow.
## Testing Argo CD Changes
### Testing Argo CD Changes
Clean-up:
```
```shell
helm delete argo-cd --purge
kubectl delete crd -l app.kubernetes.io/part-of=argocd
```
Pre-requisites:
```
```shell
helm repo add redis-ha https://dandydeveloper.github.io/charts/
helm dependency update
```
Minimally:
```
```shell
helm install argocd argo/argo-cd -n argocd --create-namespace
kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
```
In a new terminal:
```
```shell
argocd version --server localhost:8080 --insecure
# reset password to 'Password1!'
kubectl -n argocd patch secret argocd-secret \
-p '{"stringData": {
"admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O",
"admin.passwordMtime": "'$(date +%FT%T%Z)'"
"admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O",
"admin.passwordMtime": "'$(date +%FT%T%Z)'"
}}'
argocd login localhost:8080 --username admin --password 'Password1!'
@ -114,38 +164,25 @@ argocd login localhost:8080 --username admin --password 'Password1!'
Create and sync app:
```
```shell
argocd app create guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --path guestbook --project default --repo https://github.com/argoproj/argocd-example-apps.git
argocd app sync guestbook
```
## New Application Versions
When raising application versions ensure you make the following changes:
- `values.yaml`: Bump all instances of the container image version
- `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version`
Please ensure chart version changes adhere to semantic versioning standards:
- Patch: App version patch updates, backwards compatible optional chart features
- Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes
- Major: Large chart rewrites, major non-backwards compatible or destructive changes
## Testing Charts
### Testing Charts
As part of the Continuous Integration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool.
The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
The checks for Chart Testing are stricter than the standard Helm requirements. For example, fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml)
The linting can be invoked manually with the following command:
```
```shell
./scripts/lint.sh
```
## Publishing Changes
Changes are automatically publish whenever a commit is merged to main. The CI job (see `./.github/workflows/publish.yml`).
Changes are automatically publish whenever a commit is merged to the `main` branch by the CI job (see `./.github/workflows/publish.yml`).

8
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.5.7
appVersion: v2.6.1
kubeVersion: ">=1.22.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.18.0
version: 5.21.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -23,5 +23,5 @@ dependencies:
condition: redis-ha.enabled
annotations:
artifacthub.io/changes: |
- "[Added]: Allow dnsConfig and dnsPolicy pod configuration"
- "[Changed]: Update Argo CD to v2.5.7"
- kind: added
description: Allow dnsConfig pod configuration

111
charts/argo-cd/README.md
View file

@ -105,14 +105,20 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.19.0
This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections.
You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories.
### 5.13.0
This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
### 5.12.0
This version deprecates the `configs.secret.argocdServerTlsConfig` option. Use `server.certificate` or `server.certificateSecret` to provide custom TLS configuration for Argo CD server.
If you terminate TLS on ingress please use `argocd-server-tls` secret instead of `argocd-secret` secret.
If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead.
For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`.
For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys.
### 5.10.0
@ -409,8 +415,8 @@ NAME: my-release
| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret |
| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap |
| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
| configs.knownHosts.data.ssh_known_hosts | string | See [values.yaml] | Known Hosts |
| configs.knownHostsAnnotations | object | `{}` | Known Hosts configmap annotations |
| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
| configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. |
| configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts |
@ -442,9 +448,13 @@ NAME: my-release
| configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events |
| configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events |
| configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events |
| configs.secret.labels | object | `{}` | Labels to be added to argocd-secret |
| configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap |
| configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories |
| configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. |
| configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. |
| configs.tlsCerts | object | See [values.yaml] | TLS certificate |
| configs.tlsCertsAnnotations | object | `{}` | TLS certificate configmap annotations |
| configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap |
| configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories |
## Argo CD Controller
@ -454,14 +464,15 @@ NAME: my-release
| controller.args | object | `{}` | DEPRECATED - Application controller commandline flags |
| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
| controller.containerPort | int | `8082` | Application controller listening port |
| controller.containerPorts.metrics | int | `8082` | Metrics container port |
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| controller.dnsConfig | object | `{}` | [DNS configuration] |
| controller.dnsPolicy | object | `{}` | [DNS configuration] |
| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
| controller.env | list | `[]` | Environment variables to pass to application controller |
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod |
| controller.hostNetwork | bool | `false` | Host Network for application controller pods |
| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller |
@ -533,15 +544,17 @@ NAME: my-release
| repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret |
| repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource |
| repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource |
| repoServer.containerPort | int | `8081` | Configures the repo server port |
| repoServer.containerPorts.metrics | int | `8084` | Metrics container port |
| repoServer.containerPorts.server | int | `8081` | Repo server container port |
| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context |
| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment |
| repoServer.dnsConfig | object | `{}` | [DNS configuration] |
| repoServer.dnsPolicy | object | `{}` | [DNS configuration] |
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod |
| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods |
| repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server |
| repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server |
| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server |
@ -634,21 +647,23 @@ NAME: my-release
| server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret |
| server.certificateSecret.key | string | `""` | Private Key of the certificate |
| server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret |
| server.containerPort | int | `8080` | Configures the server port |
| server.containerPorts.metrics | int | `8082` | Metrics container port |
| server.containerPorts.server | int | `8080` | Server container port |
| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment |
| server.dnsConfig | object | `{}` | [DNS configuration] |
| server.dnsPolicy | object | `{}` | [DNS configuration] |
| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods |
| server.env | list | `[]` | Environment variables to pass to Argo CD server |
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
| server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions |
| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions |
| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image |
| server.extensions.image.tag | string | `"v0.1.0"` | Tag to use for extensions image |
| server.extensions.image.tag | string | `"v0.2.1"` | Tag to use for extensions image |
| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
| server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
| server.hostNetwork | bool | `false` | Host Network for Server pods |
| server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server |
| server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server |
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
@ -726,7 +741,6 @@ NAME: my-release
| server.service.labels | object | `{}` | Server service labels |
| server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
| server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
| server.service.namedTargetPort | bool | `true` | Use named target port for argocd |
| server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") |
| server.service.nodePortHttps | int | `30443` | Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") |
| server.service.servicePortHttp | int | `80` | Server service http port |
@ -778,13 +792,13 @@ server:
| dex.certificateSecret.enabled | bool | `false` | Create argocd-dex-server-tls secret |
| dex.certificateSecret.key | string | `""` | Certificate private key |
| dex.certificateSecret.labels | object | `{}` | Labels to be added to argocd-dex-server-tls secret |
| dex.containerPortGrpc | int | `5557` | Container port for gRPC access |
| dex.containerPortHttp | int | `5556` | Container port for HTTP access |
| dex.containerPortMetrics | int | `5558` | Container port for metrics access |
| dex.containerPorts.grpc | int | `5557` | gRPC container port |
| dex.containerPorts.http | int | `5556` | HTTP container port |
| dex.containerPorts.metrics | int | `5558` | Metrics container port |
| dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context |
| dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment |
| dex.dnsConfig | object | `{}` | [DNS configuration] |
| dex.dnsPolicy | object | `{}` | [DNS configuration] |
| dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods |
| dex.enabled | bool | `true` | Enable dex |
| dex.env | list | `[]` | Environment variables to pass to the Dex server |
| dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server |
@ -856,28 +870,29 @@ server:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
| redis.containerPort | int | `6379` | Redis container port |
| redis.containerPorts.metrics | int | `9121` | Metrics container port |
| redis.containerPorts.redis | int | `6379` | Redis container port |
| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context |
| redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment |
| redis.dnsConfig | object | `{}` | [DNS configuration] |
| redis.dnsPolicy | object | `{}` | [DNS configuration] |
| redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods |
| redis.enabled | bool | `true` | Enable redis |
| redis.env | list | `[]` | Environment variables to pass to the Redis server |
| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server |
| redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context |
| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
| redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar |
| redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server |
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `"IfNotPresent"` | Redis imagePullPolicy |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.0.5-alpine"` | Redis tag |
| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.metrics.containerPort | int | `9121` | Port to use for redis-exporter sidecar |
| redis.metrics.containerSecurityContext | object | See [values.yaml] | Redis exporter security context |
| redis.metrics.enabled | bool | `false` | Deploy metrics service and redis-exporter sidecar |
| redis.metrics.image.imagePullPolicy | string | `"IfNotPresent"` | redis-exporter image PullPolicy |
| redis.metrics.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | redis-exporter image repository |
| redis.metrics.image.tag | string | `"1.26.0-debian-10-r2"` | redis-exporter image tag |
| redis.metrics.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar |
| redis.metrics.enabled | bool | `false` | Deploy metrics service |
| redis.metrics.service.annotations | object | `{}` | Metrics service annotations |
| redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| redis.metrics.service.labels | object | `{}` | Metrics service labels |
@ -927,10 +942,12 @@ The main options are listed here:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
| redis-ha.exporter.enabled | bool | `true` | If `true`, the prometheus exporter sidecar is enabled |
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.image.tag | string | `"7.0.5-alpine"` | Redis tag |
| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
@ -963,14 +980,14 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| applicationSet.affinity | object | `{}` | Assign custom [affinity] rules |
| applicationSet.args.dryRun | bool | `false` | Enable dry run mode |
| applicationSet.args.metricsAddr | string | `":8080"` | The default metric address |
| applicationSet.args.policy | string | `"sync"` | How application is synced between the generator and the cluster |
| applicationSet.args.probeBindAddr | string | `":8081"` | The default health check port |
| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags |
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
| applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment |
| applicationSet.dnsConfig | object | `{}` | [DNS configuration] |
| applicationSet.dnsPolicy | object | `{}` | [DNS configuration] |
| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods |
| applicationSet.enabled | bool | `true` | Enable ApplicationSet controller |
| applicationSet.extraArgs | list | `[]` | List of extra cli args to add |
| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod |
@ -989,8 +1006,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| applicationSet.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| applicationSet.logFormat | string | `""` (defaults to global.logging.format) | ApplicationSet controller log format. Either `text` or `json` |
| applicationSet.logLevel | string | `""` (defaults to global.logging.level) | ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error` |
| applicationSet.metrics.enabled | bool | `false` | Deploy metrics service |
| applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations |
| applicationSet.metrics.service.labels | object | `{}` | Metrics service labels |
@ -1028,10 +1043,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.service.labels | object | `{}` | ApplicationSet service labels |
| applicationSet.service.port | int | `7000` | ApplicationSet service port |
| applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name |
| applicationSet.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| applicationSet.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account |
| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| applicationSet.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name |
| applicationSet.tolerations | list | `[]` | [Tolerations] for use with node taints |
| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations |
| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks |
@ -1052,12 +1068,15 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules |
| notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context |
| notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] |
| notifications.bots.slack.dnsPolicy | object | `{}` | [DNS configuration] |
| notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods |
| notifications.bots.slack.enabled | bool | `false` | Enable slack bot |
| notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot |
| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot |
| notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot |
| notifications.bots.slack.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Slack bot |
| notifications.bots.slack.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| notifications.bots.slack.logFormat | string | `""` (defaults to global.logging.format) | Slack bot log format. Either `text` or `json` |
| notifications.bots.slack.logLevel | string | `""` (defaults to global.logging.level) | Slack bot log level. One of: `debug`, `info`, `warn`, `error` |
| notifications.bots.slack.nodeSelector | object | `{}` | [Node selector] |
| notifications.bots.slack.pdb.annotations | object | `{}` | Annotations to be added to Slack bot pdb |
| notifications.bots.slack.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Slack bot |
@ -1073,11 +1092,12 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. |
| notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints |
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
| notifications.containerPorts.metrics | int | `9001` | Metrics container port |
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
| notifications.context | object | `{}` | Define user-defined context |
| notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment |
| notifications.dnsConfig | object | `{}` | [DNS configuration] |
| notifications.dnsPolicy | object | `{}` | [DNS configuration] |
| notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods |
| notifications.enabled | bool | `true` | Enable notifications controller |
| notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller |
| notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod |
@ -1121,9 +1141,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret |
| notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| notifications.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account |
| notifications.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | The name of the service account to use. |
| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name |
| notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions |
| notifications.templates | object | `{}` | The notification template is used to generate the notification content |
| notifications.tolerations | list | `[]` | [Tolerations] for use with node taints |

10
charts/argo-cd/README.md.gotmpl
View file

@ -104,14 +104,20 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.19.0
This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections.
You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories.
### 5.13.0
This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
### 5.12.0
This version deprecates the `configs.secret.argocdServerTlsConfig` option. Use `server.certificate` or `server.certificateSecret` to provide custom TLS configuration for Argo CD server.
If you terminate TLS on ingress please use `argocd-server-tls` secret instead of `argocd-secret` secret.
If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead.
For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`.
For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys.
### 5.10.0

48
charts/argo-cd/templates/NOTES.txt
View file

@ -52,9 +52,6 @@ DEPRECATED option configs.gpgKeys - Use config.gpg.keys
{{- if .Values.configs.gpgKeysAnnotations }}
DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
{{- end }}
{{- if hasKey .Values "createAggregateRoles" }}
DEPRECATED option createAggregateRoles - Use global.rbac.aggregatedRoles
{{- end }}
{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
@ -64,6 +61,30 @@ DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if .Values.configs.knownHostsAnnotations }}
DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations
{{- end }}
{{- if hasKey .Values.configs "knownHosts" }}
DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts
{{- end }}
{{- if .Values.configs.tlsCertsAnnotations }}
DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations
{{- end }}
{{- if hasKey .Values.configs "tlsCerts" }}
DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates
{{- end }}
{{- if .Values.applicationSet.logFormat }}
DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format
{{- end }}
{{- if .Values.applicationSet.logLevel }}
DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level
{{- end }}
{{- if .Values.applicationSet.args.policy }}
DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy
{{- end }}
{{- if .Values.applicationSet.args.dryRun }}
DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun
{{- end }}
{{- if .Values.controller.service }}
REMOVED option controller.service - Use controller.metrics
{{- end }}
@ -76,6 +97,27 @@ REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
{{- if .Values.applicationSet.args.enableLeaderElection }}
REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
{{- end }}
{{- if .Values.controller.containerPort }}
REMOVED option controller.containerPort - Use controller.containerPorts
{{- end }}
{{- if .Values.server.containerPort }}
REMOVED option server.containerPort - Use server.containerPorts
{{- end }}
{{- if .Values.repoServer.containerPort }}
REMOVED option repoServer.containerPort - Use repoServer.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.metricsAddr }}
REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.probeBindAddr }}
REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.redis.containerPort }}
REMOVED option redis.containerPort - Use redis.containerPorts
{{- end }}
{{- if .Values.redis.metrics.containerPort }}
REMOVED option redis.metrics.containerPort - Use redis.containerPorts
{{- end }}
In order to access the server UI you have the following options:

5
charts/argo-cd/templates/_helpers.tpl
View file

@ -202,10 +202,13 @@ redis.server: {{ . | quote }}
server.dex.server: {{ include "argo-cd.dex.server" . | quote }}
server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }}
{{- end }}
{{- range $component := tuple "controller" "server" "reposerver" }}
{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }}
{{ $component }}.log.format: {{ $.Values.global.logging.format | quote }}
{{ $component }}.log.level: {{ $.Values.global.logging.level | quote }}
{{- end }}
{{- if .Values.applicationSet.enabled }}
applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }}
{{- end }}
{{- end -}}
{{/*

22
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -44,6 +44,13 @@ spec:
containers:
- command:
- argocd-application-controller
- --metrics-port={{ .Values.controller.containerPorts.metrics }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
- --metrics-application-labels
- {{ . }}
{{- end }}
{{- end }}
{{- with .Values.controller.args.statusProcessors }}
- --status-processors
- {{ . | quote }}
@ -76,12 +83,6 @@ spec:
- --loglevel
- {{ . | quote }}
{{- end }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
- --metrics-application-labels
- {{ . }}
{{- end }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
@ -232,7 +233,7 @@ spec:
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPort }}
containerPort: {{ .Values.controller.containerPorts.metrics }}
protocol: TCP
readinessProbe:
httpGet:
@ -311,10 +312,9 @@ spec:
{{- with .Values.controller.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- with .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}

95
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View file

@ -51,16 +51,23 @@ spec:
command:
- entrypoint.sh
- argocd-applicationset-controller
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --enable-leader-election={{ gt ( .Values.applicationSet.replicaCount | int64) 1 }}
- --metrics-addr={{ .Values.applicationSet.args.metricsAddr }}
- --probe-addr={{ .Values.applicationSet.args.probeBindAddr }}
- --policy={{ .Values.applicationSet.args.policy }}
- --dry-run={{ .Values.applicationSet.args.dryRun }}
- --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
- --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
- --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
{{- with .Values.applicationSet.args.policy }}
- --policy={{ . }}
{{- end }}
{{- with .Values.applicationSet.args.dryRun }}
- --dry-run={{ . }}
{{- end }}
{{- with .Values.applicationSet.logFormat }}
- --logformat
- {{ default .Values.global.logging.format .Values.applicationSet.logFormat }}
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.logLevel }}
- --loglevel
- {{ default .Values.global.logging.level .Values.applicationSet.logLevel }}
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
@ -72,19 +79,79 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.leader.election
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.namespace
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.policy
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.debug
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.dryrun
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
{{- with .Values.applicationSet.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ (split ":" .Values.applicationSet.args.metricsAddr)._1 }}
containerPort: {{ .Values.applicationSet.containerPorts.metrics }}
protocol: TCP
- name: probe
containerPort: {{ (split ":" .Values.applicationSet.args.probeBindAddr)._1 }}
containerPort: {{ .Values.applicationSet.containerPorts.probe }}
protocol: TCP
- name: webhook
containerPort: 7000
containerPort: {{ .Values.applicationSet.containerPorts.webhook }}
protocol: TCP
{{- if .Values.applicationSet.livenessProbe.enabled }}
livenessProbe:
@ -165,9 +232,7 @@ spec:
emptyDir: {}
{{- with .Values.applicationSet.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.applicationSet.dnsPolicy }}
{{- end }}

3
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -5,6 +5,9 @@ metadata:
name: argocd-secret
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
{{- with .Values.configs.secret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.configs.secret.annotations }}
annotations:
{{- range $key, $value := . }}

15
charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
View file

@ -3,11 +3,20 @@ kind: ConfigMap
metadata:
name: argocd-ssh-known-hosts-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "ssh-known-hosts-cm") | nindent 4 }}
{{- with .Values.configs.knownHostsAnnotations }}
{{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- toYaml .Values.configs.knownHosts | nindent 0 }}
data:
ssh_known_hosts: |
{{- if hasKey .Values.configs "knownHosts" }}
{{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }}
{{- else }}
{{- .Values.configs.ssh.knownHosts | nindent 4 }}
{{- end }}
{{- with .Values.configs.ssh.extraHosts }}
{{- . | nindent 4 }}
{{- end }}

15
charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
View file

@ -3,13 +3,20 @@ kind: ConfigMap
metadata:
name: argocd-tls-certs-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "tls-certs-cm") | nindent 4 }}
{{- with .Values.configs.tlsCertsAnnotations }}
{{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with .Values.configs.tlsCerts }}
{{- toYaml . | nindent 0 }}
{{- if hasKey .Values.configs "tlsCerts" }}
{{- with .Values.configs.tlsCerts }}
{{- toYaml . | nindent 0 }}
{{- end }}
{{- else }}
{{- with .Values.configs.tls.certificates }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

11
charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml
View file

@ -40,6 +40,11 @@ spec:
command:
- argocd-notifications
- bot
- --loglevel={{ default .Values.global.logging.level .Values.notifications.bots.slack.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.bots.slack.logFormat }}
{{- range .Values.notifications.bots.slack.extraArgs }}
- {{ . | squote }}
{{- end }}
workingDir: /app
ports:
- containerPort: 8080
@ -62,9 +67,7 @@ spec:
{{- end }}
{{- with .Values.notifications.bots.slack.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.notifications.bots.slack.dnsPolicy }}
{{ end }}

10
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -48,9 +48,9 @@ spec:
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }}
command:
- argocd-notifications
- --metrics-port={{ .Values.notifications.containerPorts.metrics }}
- --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
- --metrics-port={{ .Values.notifications.metrics.port }}
- --namespace={{ .Release.Namespace }}
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
{{- range .Values.notifications.extraArgs }}
@ -66,7 +66,7 @@ spec:
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.notifications.metrics.port }}
containerPort: {{ .Values.notifications.containerPorts.metrics }}
protocol: TCP
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
@ -123,9 +123,7 @@ spec:
path: ca.crt
{{- with .Values.notifications.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.notifications.dnsPolicy }}
{{- end }}

13
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -53,6 +53,8 @@ spec:
- entrypoint.sh
args:
- argocd-repo-server
- --port={{ .Values.repoServer.containerPorts.server }}
- --metrics-port={{ .Values.repoServer.containerPorts.metrics }}
{{- with .Values.repoServer.logFormat }}
- --logformat
- {{ . | quote }}
@ -236,10 +238,10 @@ spec:
name: tmp
ports:
- name: repo-server
containerPort: {{ .Values.repoServer.containerPort }}
containerPort: {{ .Values.repoServer.containerPorts.server }}
protocol: TCP
- name: metrics
containerPort: 8084
containerPort: {{ .Values.repoServer.containerPorts.metrics }}
protocol: TCP
livenessProbe:
httpGet:
@ -354,10 +356,9 @@ spec:
{{- with .Values.repoServer.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.repoServer.hostNetwork }}
{{- with .Values.repoServer.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.repoServer.dnsPolicy }}

4
charts/argo-cd/templates/argocd-server/aws/service.yaml
View file

@ -12,11 +12,11 @@ spec:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: server
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: server
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None

25
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -47,6 +47,8 @@ spec:
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
command:
- argocd-server
- --port={{ .Values.server.containerPorts.server }}
- --metrics-port={{ .Values.server.containerPorts.metrics }}
{{- with .Values.server.logFormat }}
- --logformat
- {{ . | quote }}
@ -260,6 +262,12 @@ spec:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
- name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.enable.proxy.extension
optional: true
{{- with .Values.server.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
@ -287,16 +295,16 @@ spec:
name: extensions
{{- end }}
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
- name: server
containerPort: {{ .Values.server.containerPorts.server }}
protocol: TCP
- name: metrics
containerPort: 8083
containerPort: {{ .Values.server.containerPorts.metrics }}
protocol: TCP
livenessProbe:
httpGet:
path: /healthz?full=true
port: {{ .Values.server.containerPort }}
port: server
initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
@ -305,7 +313,7 @@ spec:
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
port: server
initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
@ -413,10 +421,9 @@ spec:
{{- with .Values.server.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.server.hostNetwork }}
{{- with .Values.server.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.server.dnsPolicy }}

2
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -29,7 +29,7 @@ spec:
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
- host: {{ $host | quote }}
http:
paths:
{{- with $extraPaths }}

6
charts/argo-cd/templates/argocd-server/service.yaml
View file

@ -19,14 +19,14 @@ spec:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: {{ .Values.server.containerPorts.server }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttp }}
{{- end }}
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: {{ .Values.server.containerPorts.server }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttps }}
{{- end }}
@ -49,4 +49,4 @@ spec:
{{- end }}
{{- with .Values.server.service.sessionAffinity }}
sessionAffinity: {{ . }}
{{- end }}
{{- end }}

1862
charts/argo-cd/templates/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

4048
charts/argo-cd/templates/crds/crd-applicationset.yaml
View file

File diff suppressed because it is too large Load diff

12
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -70,13 +70,13 @@ spec:
{{- end }}
ports:
- name: http
containerPort: {{ .Values.dex.containerPortHttp }}
containerPort: {{ .Values.dex.containerPorts.http }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.dex.containerPortGrpc }}
containerPort: {{ .Values.dex.containerPorts.grpc }}
protocol: TCP
- name: metrics
containerPort: {{ .Values.dex.containerPortMetrics }}
containerPort: {{ .Values.dex.containerPorts.metrics }}
protocol: TCP
{{- if .Values.dex.livenessProbe.enabled }}
livenessProbe:
@ -190,9 +190,7 @@ spec:
{{- end }}
{{- with .Values.dex.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.dex.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.dex.dnsPolicy }}
{{- end }}

24
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -63,7 +63,7 @@ spec:
{{- end }}
ports:
- name: redis
containerPort: {{ .Values.redis.containerPort }}
containerPort: {{ .Values.redis.containerPorts.redis }}
protocol: TCP
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
@ -73,23 +73,23 @@ spec:
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.redis.metrics.enabled }}
{{- if .Values.redis.exporter.enabled }}
- name: metrics
image: {{ .Values.redis.metrics.image.repository }}:{{ .Values.redis.metrics.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.metrics.image.imagePullPolicy }}
image: {{ .Values.redis.exporter.image.repository }}:{{ .Values.redis.exporter.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.exporter.image.imagePullPolicy }}
env:
- name: REDIS_ADDR
value: {{ printf "redis://localhost:%v" .Values.redis.containerPort }}
value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf "0.0.0.0:%v" .Values.redis.metrics.containerPort }}
value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }}
ports:
- name: metrics
containerPort: {{ .Values.redis.metrics.containerPort }}
containerPort: {{ .Values.redis.containerPorts.metrics }}
protocol: TCP
resources:
{{- toYaml .Values.redis.metrics.resources | nindent 10 }}
{{- toYaml .Values.redis.exporter.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.redis.metrics.containerSecurityContext | nindent 10 }}
{{- toYaml .Values.redis.exporter.containerSecurityContext | nindent 10 }}
{{- end }}
{{- with .Values.redis.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
@ -130,9 +130,7 @@ spec:
{{- end }}
{{- with .Values.redis.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.dnsPolicy }}
dnsPolicy: {{ . }}
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.redis.dnsPolicy }}
{{- end }}

2
charts/argo-cd/templates/redis/pdb.yaml
View file

@ -16,7 +16,7 @@ metadata:
{{- end }}
{{- end }}
spec:
{{- with .Values.dex.pdb.maxUnavailable }}
{{- with .Values.redis.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }}

2
charts/argo-cd/templates/redis/service.yaml
View file

@ -19,7 +19,7 @@ spec:
ports:
- name: redis
port: {{ .Values.redis.servicePort }}
targetPort: {{ .Values.redis.containerPort }}
targetPort: redis
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 4 }}
{{- end }}

457
charts/argo-cd/values.yaml
View file

@ -205,6 +205,12 @@ configs:
# -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.
reposerver.parallelism.limit: 0
## ApplicationSet Properties
# -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete`
applicationsetcontroller.policy: sync
# -- Enables use of the Progressive Syncs capability
applicationsetcontroller.enable.progressive.syncs: false
# Argo CD RBAC policy configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbac:
@ -254,6 +260,41 @@ configs:
# ...
# -----END PGP PUBLIC KEY BLOCK-----
# SSH known hosts for Git repositories
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
ssh:
# -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
annotations: {}
# -- Known hosts to be added to the known host list by default.
# @default -- See [values.yaml]
knownHosts: |
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
# -- Additional known hosts for private repositories
extraHosts: ''
# Repository TLS certificates
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
tls:
# -- Annotations to be added to argocd-tls-certs-cm configmap
annotations: {}
# -- TLS certificates for Git repositories
# @default -- `{}` (See [values.yaml])
certificates: {}
# server.example.com: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# -- Provide one or multiple [external cluster credentials]
# @default -- `[]` (See [values.yaml])
@ -282,64 +323,15 @@ configs:
# insecure: false
# caData: "<base64 encoded certificate>"
# -- Known Hosts configmap annotations
knownHostsAnnotations: {}
knownHosts:
data:
# -- Known Hosts
# @default -- See [values.yaml]
ssh_known_hosts: |
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
# -- TLS certificate configmap annotations
tlsCertsAnnotations: {}
# -- TLS certificate
# @default -- See [values.yaml]
tlsCerts:
{}
# data:
# argocd.example.com: |
# -----BEGIN CERTIFICATE-----
# MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL
# BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE
# BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0
# c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda
# Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT
# YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES
# MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi
# MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5
# NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc
# CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u
# P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G
# ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+
# YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E
# Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko
# Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J
# kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u
# kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO
# gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7
# bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86
# r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/
# BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn
# Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx
# CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2
# XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT
# +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr
# d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO
# OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so
# 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr
# jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8
# 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W
# +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
# XWyb96wrUlv+E8I=
# -----END CERTIFICATE-----
# DEPRECATED - Moved to configs.ssh.annotations
# knownHostsAnnotations: {}
# DEPRECATED - Moved to configs.ssh.knownHosts
# knownHosts: {}
# DEPRECATED - Moved to configs.tls.annotations
# tlsCertsAnnotations: {}
# DEPRECATED - Moved to configs.tls.certificates
# tlsCerts: {}
# -- Repository credentials to be used as Templates for other repos
## Creates a secret for each key/value specified below to create repository credentials
@ -392,6 +384,8 @@ configs:
secret:
# -- Create the argocd-secret
createSecret: true
# -- Labels to be added to argocd-secret
labels: {}
# -- Annotations to be added to argocd-secret
annotations: {}
@ -587,6 +581,19 @@ controller:
# cpu: 250m
# memory: 256Mi
# Application controller container ports
containerPorts:
# -- Metrics container port
metrics: 8082
# -- Host Network for application controller pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for application controller pods
dnsPolicy: "ClusterFirst"
# -- Application controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
@ -599,9 +606,6 @@ controller:
drop:
- ALL
# -- Application controller listening port
containerPort: 8082
# Rediness probe for application controller
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe:
@ -732,11 +736,6 @@ controller:
# -- List of custom rules for the application controller's ClusterRole resource
rules: []
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}
## Dex
dex:
# -- Enable dex
@ -883,6 +882,21 @@ dex:
# cpu: 10m
# memory: 32Mi
# Dex container ports
# NOTE: These ports are currently hardcoded and cannot be changed
containerPorts:
# -- HTTP container port
http: 5556
# -- gRPC container port
grpc: 5557
# -- Metrics container port
metrics: 5558
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Dex server pods
dnsPolicy: "ClusterFirst"
# -- Dex container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
@ -910,6 +924,7 @@ dex:
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
readinessProbe:
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
enabled: false
@ -934,20 +949,14 @@ dex:
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Container port for HTTP access
containerPortHttp: 5556
# -- Service port for HTTP access
servicePortHttp: 5556
# -- Service port name for HTTP access
servicePortHttpName: http
# -- Container port for gRPC access
containerPortGrpc: 5557
# -- Service port for gRPC access
servicePortGrpc: 5557
# -- Service port name for gRPC access
servicePortGrpcName: grpc
# -- Container port for metrics access
containerPortMetrics: 5558
# -- Service port for metrics access
servicePortMetrics: 5558
@ -969,11 +978,6 @@ dex:
# -- Priority class for dex
priorityClassName: ""
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}
## Redis
redis:
# -- Enable redis
@ -1002,9 +1006,45 @@ redis:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.5-alpine
# -- Redis imagePullPolicy
imagePullPolicy: IfNotPresent
tag: 7.0.7-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
enabled: false
## Prometheus redis-exporter image
image:
# -- Repository to use for the redis-exporter
repository: public.ecr.aws/bitnami/redis-exporter
# -- Tag to use for the redis-exporter
tag: 1.45.0
# -- Image pull policy for the redis-exporter
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Redis exporter security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for redis-exporter sidecar
resources: {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
@ -1066,6 +1106,18 @@ redis:
seccompProfile:
type: RuntimeDefault
# Redis container ports
containerPorts:
# -- Redis container port
redis: 6379
# -- Metrics container port
metrics: 9121
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Redis server pods
dnsPolicy: "ClusterFirst"
# -- Redis container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
@ -1074,8 +1126,6 @@ redis:
drop:
- ALL
# -- Redis container port
containerPort: 6379
# -- Redis service port
servicePort: 6379
@ -1116,38 +1166,10 @@ redis:
labels: {}
metrics:
# -- Deploy metrics service and redis-exporter sidecar
# -- Deploy metrics service
enabled: false
image:
# -- redis-exporter image repository
repository: public.ecr.aws/bitnami/redis-exporter
# -- redis-exporter image tag
tag: 1.26.0-debian-10-r2
# -- redis-exporter image PullPolicy
imagePullPolicy: IfNotPresent
# -- Port to use for redis-exporter sidecar
containerPort: 9121
# -- Redis exporter security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for redis-exporter sidecar
resources: {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
# Redis metrics service configuration
service:
# -- Metrics service type
type: ClusterIP
@ -1161,6 +1183,7 @@ redis:
servicePort: 9121
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
@ -1185,20 +1208,20 @@ redis:
# -- Prometheus ServiceMonitor annotations
annotations: {}
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}
# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true)
# the custom redis deployment is omitted
# Check the redis-ha chart for more properties
redis-ha:
# -- Enables the Redis HA subchart and disables the custom Redis single node deployment
enabled: false
## Prometheus redis-exporter sidecar
exporter:
# -- If `true`, the prometheus exporter sidecar is enabled
enabled: true
# -- Enable Prometheus redis-exporter sidecar
enabled: false
# -- Repository to use for the redis-exporter
image: public.ecr.aws/bitnami/redis-exporter
# -- Tag to use for the redis-exporter
tag: 1.45.0
persistentVolume:
# -- Configures persistency on Redis nodes
enabled: false
@ -1219,7 +1242,7 @@ redis-ha:
enabled: true
image:
# -- Redis tag
tag: 7.0.5-alpine
tag: 7.0.7-alpine
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints:
@ -1348,7 +1371,7 @@ server:
# -- Repository to use for extensions image
repository: "ghcr.io/argoproj-labs/argocd-extensions"
# -- Tag to use for extensions image
tag: "v0.1.0"
tag: "v0.2.1"
# -- Image pull policy for extensions
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1442,8 +1465,32 @@ server:
# cpu: 50m
# memory: 64Mi
# -- Configures the server port
containerPort: 8080
# Server container ports
containerPorts:
# -- Server container port
server: 8080
# -- Metrics container port
metrics: 8082
# -- Host Network for Server pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Server pods
dnsPolicy: "ClusterFirst"
# -- Server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
@ -1458,6 +1505,7 @@ server:
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
livenessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -1488,18 +1536,6 @@ server:
# -- Priority class for the Argo CD server
priorityClassName: ""
# -- Server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificate:
@ -1573,10 +1609,6 @@ server:
servicePortHttpName: http
# -- Server service https port name, can be used to route traffic via istio
servicePortHttpsName: https
# -- Use named target port for argocd
## Named target ports are not supported by GCE health checks, so when deploying argocd on GKE
## and exposing it via GCE ingress, the health checks fail and the load balancer returns a 502.
namedTargetPort: true
# -- LoadBalancer will get created with the IP specified in this field
loadBalancerIP: ""
# -- Source IP ranges to allow access to service from
@ -1784,11 +1816,6 @@ server:
# enabled: true
# responseCodeName: RESPONSE_CODE
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}
## Repo Server
repoServer:
# -- Repo server name
@ -1929,8 +1956,32 @@ repoServer:
# cpu: 10m
# memory: 64Mi
# -- Configures the repo server port
containerPort: 8081
# Repo server container ports
containerPorts:
# -- Repo server container port
server: 8081
# -- Metrics container port
metrics: 8084
# -- Host Network for Repo server pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Repo server pods
dnsPolicy: "ClusterFirst"
# -- Repo server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
@ -1945,6 +1996,7 @@ repoServer:
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
livenessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -1975,18 +2027,6 @@ repoServer:
# -- Priority class for the repo server
priorityClassName: ""
# -- Repo server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers.
@ -2086,11 +2126,6 @@ repoServer:
# - list
# - watch
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}
## ApplicationSet controller
applicationSet:
# -- Enable ApplicationSet controller
@ -2134,22 +2169,14 @@ applicationSet:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- ApplicationSet controller log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
logFormat: ""
# -- ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
logLevel: ""
args:
# -- The default metric address
metricsAddr: :8080
# -- The default health check port
probeBindAddr: :8081
# -- DEPRECATED - ApplicationSet controller command line flags
args: {}
# DEPRECATED - Use configs.params.applicationsetcontroller.policy to override
# -- How application is synced between the generator and the cluster
policy: sync
# policy: sync
# DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override
# -- Enable dry run mode
dryRun: false
# dryRun: false
# -- List of extra cli args to add
extraArgs: []
@ -2230,15 +2257,16 @@ applicationSet:
portName: webhook
serviceAccount:
# -- Specifies whether a service account should be created
# -- Create ApplicationSet controller service account
create: true
# -- Annotations to add to the service account
# -- ApplicationSet controller service account name
name: argocd-applicationset-controller
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Annotations to be added to ApplicationSet controller Deployment
deploymentAnnotations: {}
@ -2258,6 +2286,20 @@ applicationSet:
# cpu: 100m
# memory: 128Mi
# ApplicationSet controller container ports
containerPorts:
# -- Metrics container port
metrics: 8080
# -- Probe container port
probe: 8081
# -- Webhook container port
webhook: 7000
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for ApplicationSet controller pods
dnsPolicy: "ClusterFirst"
# -- ApplicationSet controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
@ -2357,11 +2399,6 @@ applicationSet:
# hosts:
# - argocd-applicationset.example.com
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}
## Notifications controller
notifications:
# -- Enable notifications controller
@ -2528,6 +2565,16 @@ notifications:
# cpu: 100m
# memory: 128Mi
# Notification controller container ports
containerPorts:
# -- Metrics container port
metrics: 9001
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for notifications controller Pods
dnsPolicy: "ClusterFirst"
# -- Notification controller container-level security Context
# @default -- See [values.yaml]
containerSecurityContext:
@ -2553,18 +2600,17 @@ notifications:
priorityClassName: ""
serviceAccount:
# -- Specifies whether a service account should be created
# -- Create notifications controller service account
create: true
# -- The name of the service account to use.
## If not set and create is true, a name is generated using the fullname template
# -- Notification controller service account name
name: argocd-notifications-controller
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
cm:
# -- Whether helm chart creates notifications controller config map
create: true
@ -2841,11 +2887,6 @@ notifications:
# defaultTriggers: |
# - on-sync-status-unknown
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}
## The optional bot component simplifies managing subscriptions
## For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/
bots:
@ -2886,6 +2927,16 @@ notifications:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- Slack bot log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
logFormat: ""
# -- Slack bot log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
logLevel: ""
# -- List of extra cli args to add for Slack bot
extraArgs: []
service:
# -- Service annotations for Slack bot
annotations: {}
@ -2905,6 +2956,11 @@ notifications:
# -- Annotations applied to created service account
annotations: {}
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Slack bot pods
dnsPolicy: "ClusterFirst"
# -- Slack bot container-level security Context
# @default -- See [values.yaml]
containerSecurityContext:
@ -2934,8 +2990,3 @@ notifications:
# -- [Node selector]
nodeSelector: {}
# -- [DNS configuration]
dnsConfig: {}
# -- [DNS configuration]
dnsPolicy: {}

7
charts/argo-events/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.7.4
appVersion: v1.7.5
description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events
version: 2.0.11
version: 2.1.2
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-events/assets/logo.png
keywords:
@ -15,4 +15,5 @@ maintainers:
url: https://argoproj.github.io/
annotations:
artifacthub.io/changes: |
- "[Fixed]: Added missing NATS version in values.yaml"
- kind: fixed
description: Align changelog structure to show changelogs on Artifact Hub

1
charts/argo-events/README.md
View file

@ -62,6 +62,7 @@ done
| crds.install | bool | `true` | Install and upgrade CRDs |
| crds.keep | bool | `true` | Keep CRDs on chart uninstall |
| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-events crds Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) |
| extraObjects | list | `[]` | Array of extra K8s manifests to deploy |
| fullnameOverride | string | `""` | String to fully override "argo-events.fullname" template |
| global.additionalLabels | object | `{}` | Additional labels to add to all resources |
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |

12
charts/argo-events/templates/argo-events-controller/rbac.yaml
View file

@ -71,7 +71,6 @@ rules:
- pods
- pods/exec
- configmaps
- secrets
- services
- persistentvolumeclaims
verbs:
@ -82,6 +81,17 @@ rules:
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- update
- patch
- delete
- apiGroups:
- apps
resources:

4
charts/argo-events/templates/extra-manifests.yaml Normal file
View file

@ -0,0 +1,4 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{ end }}

29
charts/argo-events/values.yaml
View file

@ -99,6 +99,35 @@ configs:
configReloaderImage: natsio/nats-server-config-reloader:latest
startCommand: /nats-server
# -- Array of extra K8s manifests to deploy
## Note: Supports use of custom Helm templates
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argo-events-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argo-events"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argo-events-secrets-store
# type: Opaque
# labels:
# app.kubernetes.io/part-of: argocd
## Argo Events controller
controller:
# -- Argo Events controller name string

7
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.3.1
appVersion: v1.4.0
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.21.2
version: 2.22.2
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:
@ -15,4 +15,5 @@ maintainers:
url: https://argoproj.github.io/
annotations:
artifacthub.io/changes: |
- "[Added]: Add support for topologySpreadConstraints"
- kind: fixed
description: Align changelog structure to show changelogs on Artifact Hub

8
charts/argo-rollouts/README.md
View file

@ -55,6 +55,14 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
| notifications.templates | object | `{}` | Notification templates |
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
| providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole |
| providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider |
| providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider |
| providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider |
| providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider |
| providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider |
| providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider |
| providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider |
### Controller

16
charts/argo-rollouts/templates/_helpers.tpl
View file

@ -31,6 +31,20 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create kubernetes friendly chart version label.
Examples:
image.tag = v1.3.1
output = v1.3.1
image.tag = v1.3.1@sha256:38828e693b02e6f858d89fa22a9d9811d3d7a2430a1d4c7d687b6f509775c6ce
output = v1.3.1
*/}}
{{- define "argo-rollouts.chart_version_label" -}}
{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default .Chart.AppVersion $.Values.controller.image.tag) "") "" | trunc 63 | quote -}}
{{- end -}}
{{/*
Common labels
*/}}
@ -38,7 +52,7 @@ Common labels
helm.sh/chart: {{ include "argo-rollouts.chart" . }}
{{ include "argo-rollouts.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ default .Chart.AppVersion $.Values.controller.image.tag | quote }}
app.kubernetes.io/version: {{ include "argo-rollouts.chart_version_label" . }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argo-rollouts

42
charts/argo-rollouts/templates/controller/clusterrole.yaml
View file

@ -89,7 +89,7 @@ rules:
- create
- get
- update
# secret access to run analysis templates which reference secrets, allow init containers to manipulate secrets
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
@ -99,9 +99,6 @@ rules:
- get
- list
- watch
- create
- patch
- update
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
@ -110,6 +107,7 @@ rules:
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
@ -151,6 +149,8 @@ rules:
- update
- patch
- delete
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
@ -163,6 +163,8 @@ rules:
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
@ -174,6 +176,8 @@ rules:
- get
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
@ -188,7 +192,9 @@ rules:
- update
- list
- delete
# Endpoints and TargetGroupBindings needed for ALB target group verification
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
@ -202,6 +208,8 @@ rules:
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
@ -224,3 +232,27 @@ rules:
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- end }}
{{- end }}

117
charts/argo-rollouts/templates/controller/role.yaml
View file

@ -56,7 +56,19 @@ rules:
- update
- patch
- delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
# services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups:
- ""
resources:
@ -66,8 +78,18 @@ rules:
- list
- watch
- patch
# secret access to run analysis templates which reference secrets
# configmap access to read notification-engine configuration
- create
- delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
@ -77,9 +99,6 @@ rules:
- get
- list
- watch
- create
- patch
- update
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
@ -88,6 +107,7 @@ rules:
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
@ -129,16 +149,22 @@ rules:
- update
- patch
- delete
# virtualservice access needed for using the Istio provider
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
@ -151,3 +177,82 @@ rules:
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- end }}
{{- end }}

3
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -2742,6 +2742,9 @@ spec:
type: array
insecure:
type: boolean
jsonBody:
type: object
x-kubernetes-preserve-unknown-fields: true
jsonPath:
type: string
method:

3
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -2738,6 +2738,9 @@ spec:
type: array
insecure:
type: boolean
jsonBody:
type: object
x-kubernetes-preserve-unknown-fields: true
jsonPath:
type: string
method:

3
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -2738,6 +2738,9 @@ spec:
type: array
insecure:
type: boolean
jsonBody:
type: object
x-kubernetes-preserve-unknown-fields: true
jsonPath:
type: string
method:

39
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -89,6 +89,12 @@ spec:
revisionHistoryLimit:
format: int32
type: integer
rollbackWindow:
properties:
revisions:
format: int32
type: integer
type: object
selector:
properties:
matchExpressions:
@ -397,6 +403,9 @@ spec:
- type: integer
- type: string
x-kubernetes-int-or-string: true
minPodsPerReplicaSet:
format: int32
type: integer
pingPong:
properties:
pingService:
@ -713,6 +722,20 @@ spec:
required:
- mappings
type: object
apisix:
properties:
route:
properties:
name:
type: string
rules:
items:
type: string
type: array
required:
- name
type: object
type: object
appMesh:
properties:
virtualNodeGroup:
@ -770,6 +793,14 @@ spec:
items:
type: string
type: array
tcpRoutes:
items:
properties:
port:
format: int64
type: integer
type: object
type: array
tlsRoutes:
items:
properties:
@ -794,6 +825,14 @@ spec:
items:
type: string
type: array
tcpRoutes:
items:
properties:
port:
format: int64
type: integer
type: object
type: array
tlsRoutes:
items:
properties:

7
charts/argo-rollouts/templates/dashboard/clusterrole.yaml
View file

@ -44,17 +44,18 @@ rules:
- get
- list
- watch
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
{{- if not .Values.dashboard.readonly }}
- update
- patch
{{- end }}
- apiGroups:
- apps
resources:

20
charts/argo-rollouts/values.yaml
View file

@ -190,6 +190,26 @@ podLabels: {}
imagePullSecrets: []
# - name: argo-pull-secret
providerRBAC:
# -- Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole
enabled: true
# providerRBAC.enabled must be true in order to toggle the individual providers
providers:
# -- Adds RBAC rules for the Istio provider
istio: true
# -- Adds RBAC rules for the SMI provider
smi: true
# -- Adds RBAC rules for the Ambassador provider
ambassador: true
# -- Adds RBAC rules for the AWS Load Balancer Controller provider
awsLoadBalancerController: true
# -- Adds RBAC rules for the AWS App Mesh provider
awsAppMesh: true
# -- Adds RBAC rules for the Traefik provider
traefik: true
# -- Adds RBAC rules for the Apisix provider
apisix: true
dashboard:
# -- Deploy dashboard server
enabled: false

7
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.4.4
appVersion: v3.4.5
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.22.8
version: 0.22.11
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -13,4 +13,5 @@ maintainers:
url: https://argoproj.github.io/
annotations:
artifacthub.io/changes: |
- "[Added]: Helm helper function to allow image registry to be absent"
- kind: changed
description: Cleaned RBAC permissions for subresources (pods/log, pods/exec).

7
charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View file

@ -14,7 +14,6 @@ rules:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
@ -23,6 +22,12 @@ rules:
- update
- patch
- delete
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:

9
charts/argo-workflows/templates/server/server-cluster-roles.yaml
View file

@ -23,13 +23,18 @@ rules:
- ""
resources:
- pods
- pods/exec
- pods/log
verbs:
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
{{- if .Values.server.sso }}
- apiGroups:
- ""

5
charts/argocd-apps/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-apps
description: A Helm chart for managing additional Argo CD Applications and Projects
type: application
version: 0.0.6
version: 0.0.8
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -14,4 +14,5 @@ maintainers:
url: https://argoproj.github.io/
annotations:
artifacthub.io/changes: |
- "[Added]: Changelog link on README"
- kind: added
description: Multiple sources for Application and ApplicationSet

28
charts/argocd-apps/ci/applications-multiple-sources-values.yaml Normal file
View file

@ -0,0 +1,28 @@
# Test with multi-source applications
applications:
- name: argocd-application-multiple-sources
additionalLabels: {}
additionalAnnotations: {}
finalizers:
- resources-finalizer.argocd.argoproj.io
project: default
sources:
- chart: elasticsearch
repoURL: https://helm.elastic.co
targetRevision: 8.5.1
- repoURL: https://github.com/argoproj/argocd-example-apps.git
path: guestbook
targetRevision: HEAD
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: false
selfHeal: false
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas

30
charts/argocd-apps/ci/applications-values.yaml Normal file
View file

@ -0,0 +1,30 @@
# Test with applications
applications:
- name: argocd-application
additionalLabels: {}
additionalAnnotations: {}
finalizers:
- resources-finalizer.argocd.argoproj.io
project: default
source:
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
path: guestbook
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: false
selfHeal: false
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas
info:
- name: url
value: https://argoproj.github.io/

24
charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml Normal file
View file

@ -0,0 +1,24 @@
# Test with multi-source applicationsets
applicationsets:
- name: applicationset-multiple-sources
generators:
- list:
elements:
- cluster: default-cluster
url: https://kubernetes.default.svc
template:
metadata:
name: '{{cluster}}-guestbook'
spec:
project: default
sources:
- chart: elasticsearch
repoURL: https://helm.elastic.co
targetRevision: 8.5.1
- repoURL: https://github.com/argoproj/argocd-example-apps.git
path: guestbook
targetRevision: HEAD
destination:
server: '{{url}}'
namespace: default

3
charts/argocd-apps/ci/applicationsets-values.yaml
View file

@ -1,8 +1,7 @@
# Test with applicationsets
applicationsets:
- name: guestbook
namespace: default # Only for test purpose.
- name: applicationset
additionalLabels: {}
additionalAnnotations: {}
# See PR #10026 (ArgoCD v2.5 or later)

8
charts/argocd-apps/templates/applications.yaml
View file

@ -23,8 +23,14 @@ metadata:
{{- end }}
spec:
project: {{ tpl .project $ }}
{{- with .source }}
source:
{{- toYaml .source | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .sources }}
sources:
{{- toYaml . | nindent 4 }}
{{- end }}
destination:
{{- toYaml .destination | nindent 4 }}
{{- with .syncPolicy }}

8
charts/argocd-apps/templates/applicationsets.yaml
View file

@ -52,8 +52,14 @@ spec:
{{- with .spec }}
spec:
project: {{ tpl .project $ }}
{{- with .source }}
source:
{{- toYaml .source | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .sources }}
sources:
{{- toYaml . | nindent 8 }}
{{- end }}
destination:
{{- toYaml .destination | nindent 8 }}
{{- with .syncPolicy }}

8
charts/argocd-apps/values.yaml
View file

@ -15,6 +15,14 @@ applications: []
# path: guestbook
# directory:
# recurse: true
# # ArgoCD v2.6 or later
# sources:
# - chart: elasticsearch
# repoURL: https://helm.elastic.co
# targetRevision: 8.5.1
# - repoURL: https://github.com/argoproj/argocd-example-apps.git
# path: guestbook
# targetRevision: HEAD
# destination:
# server: https://kubernetes.default.svc
# namespace: guestbook

7
charts/argocd-image-updater/Chart.yaml
View file

@ -2,8 +2,8 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.8.1
appVersion: v0.12.0
version: 0.8.4
appVersion: v0.12.2
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -15,4 +15,5 @@ maintainers:
url: https://argoproj.github.io/
annotations:
artifacthub.io/changes: |
- "[Added]: Add support for additional initContainers and additional volume/volumeMounts"
- kind: changed
description: Update Argo CD Image Updater to v0.12.2

2
charts/argocd-image-updater/templates/_helpers.tpl
View file

@ -38,7 +38,7 @@ Common labels
helm.sh/chart: {{ include "argocd-image-updater.chart" . }}
{{ include "argocd-image-updater.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion | trunc 63 | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

6
scripts/helm-docs.sh
View file

@ -1,11 +1,11 @@
#!/bin/bash
## Reference: https://github.com/norwoodj/helm-docs
set -eux
CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)"
echo "$CHART_DIR"
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
echo "$REPO_ROOT"
echo "Running Helm-Docs"
docker run \
-v "$CHART_DIR:/helm-docs" \
-v "$REPO_ROOT:/helm-docs" \
-u $(id -u) \
jnorwood/helm-docs:v1.9.1