From 4a81cb07144fae12c1f819f7f9d0e949a9b846dd Mon Sep 17 00:00:00 2001 From: kornesh Date: Tue, 7 May 2019 22:45:50 +0800 Subject: [PATCH 01/19] Add archiveLogs option to Argo workflow controller config map (#32) --- charts/argo/templates/workflow-controller-config-map.yaml | 3 +++ charts/argo/values.yaml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index f77637a0..6d456905 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -17,6 +17,9 @@ data: {{- end }} artifactRepository: {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} + {{- if .Values.artifactRepository.archiveLogs }} + archiveLogs: {{ .Values.artifactRepository.archiveLogs }} + {{- end }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 09faee2f..85a4fc37 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -79,6 +79,8 @@ ui: useDefaultArtifactRepo: false useStaticCredentials: true artifactRepository: + # archiveLogs will archive the main container logs as an artifact + archiveLogs: false s3: # Note the `key` attribute is not the actual secret, it's the PATH to # the contents in the associated secret, as defined by the `name` attribute. From 315ea0516efacbb0d203dcf816a80832d225d219 Mon Sep 17 00:00:00 2001 From: Kouta Ozaki Date: Tue, 7 May 2019 23:46:21 +0900 Subject: [PATCH 02/19] Add configManagementPlugins option to argo-cd (#63) --- charts/argo-cd/templates/argocd-cm.yaml | 6 +++++- charts/argo-cd/values.yaml | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/templates/argocd-cm.yaml b/charts/argo-cd/templates/argocd-cm.yaml index ab7f1961..7dfea6e6 100755 --- a/charts/argo-cd/templates/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm - labels: + labels: app.kubernetes.io/name: {{ include "argo-cd.name" . }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} @@ -28,3 +28,7 @@ data: oidc.config: | {{ toYaml .Values.config.oidcConfig | indent 4 }} {{- end }} +{{- if .Values.config.configManagementPlugins }} + configManagementPlugins: | +{{ toYaml .Values.config.configManagementPlugins | indent 4 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 479e0820..ab13e770 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -62,9 +62,9 @@ ingress: hosts: - argocd.example.com -# Standard Argo CD installation with cluster-admin access. -# Set this true if you plan to use Argo CD to deploy applications in the same cluster that -# Argo CD runs in (i.e. kubernetes.svc.default). +# Standard Argo CD installation with cluster-admin access. +# Set this true if you plan to use Argo CD to deploy applications in the same cluster that +# Argo CD runs in (i.e. kubernetes.svc.default). # Will still be able to deploy to external clusters with inputted credentials. clusterAdminAccess: @@ -119,9 +119,18 @@ config: # provider webhook secret. The payload URL configured in the git provider should use the # /api/webhook endpoint of your Argo CD instance (e.g. https://argocd.example.com/api/webhook) webhook: - githubSecret: + githubSecret: gitlabSecret: bitbucketSecret: + configManagementPlugins: + # - name: pluginName + # init: # Optional command to initialize application source directory + # command: ["sample command"] + # args: ["sample args"] + # generate: # Command to generate manifests YAML + # command: ["sample command"] + # args: ["sample args"] + rbac: # # An RBAC policy .csv file containing additional policy and role definitions. # # See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies. From baf210b4a3a3f6391a2669db03436ccf6dc8a089 Mon Sep 17 00:00:00 2001 From: Arnar Date: Tue, 7 May 2019 22:51:16 +0000 Subject: [PATCH 03/19] Adding option for resource customizations in ArgoCD (#65) --- charts/argo-cd/templates/argocd-cm.yaml | 4 ++++ charts/argo-cd/values.yaml | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/charts/argo-cd/templates/argocd-cm.yaml b/charts/argo-cd/templates/argocd-cm.yaml index 7dfea6e6..2c8f2f36 100755 --- a/charts/argo-cd/templates/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-cm.yaml @@ -28,6 +28,10 @@ data: oidc.config: | {{ toYaml .Values.config.oidcConfig | indent 4 }} {{- end }} +{{- if .Values.config.resourceCustomizations }} + resource.customizations: | +{{ toYaml .Values.config.resourceCustomizations | indent 4 }} +{{- end }} {{- if .Values.config.configManagementPlugins }} configManagementPlugins: | {{ toYaml .Values.config.configManagementPlugins | indent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ab13e770..71f5c1a7 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -122,6 +122,14 @@ config: githubSecret: gitlabSecret: bitbucketSecret: + # resourceCustomizations can be used to create custom health checks for resources + # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/health.md#way-1-define-a-custom-health-check-in-argocd-cm-configmap + resourceCustomizations: + # certmanager.k8s.io/Certificate: + # health.lua: | + # hs = {} + # ... + # return hs configManagementPlugins: # - name: pluginName # init: # Optional command to initialize application source directory From 10376b2f8a51134a222a5c9765ba2397fea1468a Mon Sep 17 00:00:00 2001 From: Dennis Webb Date: Wed, 8 May 2019 09:45:37 -0500 Subject: [PATCH 04/19] fix(argocd): Adds argocd-server ClusterRole and ClusterRoleBinding (#62) --- .../templates/argocd-server-clusterrole.yaml | 35 +++++++++++++++++++ .../argocd-server-clusterrolebinding.yaml | 21 +++++++++++ 2 files changed, 56 insertions(+) create mode 100644 charts/argo-cd/templates/argocd-server-clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml diff --git a/charts/argo-cd/templates/argocd-server-clusterrole.yaml b/charts/argo-cd/templates/argocd-server-clusterrole.yaml new file mode 100644 index 00000000..703e953e --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-clusterrole.yaml @@ -0,0 +1,35 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - delete + - get + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml new file mode 100644 index 00000000..34a92829 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-server +subjects: + - kind: ServiceAccount + name: argocd-server + namespace: {{ .Release.Namespace }} +{{- end -}} From add39cf90b520bf170e164c8d0f7d3181cd2e0d8 Mon Sep 17 00:00:00 2001 From: Dat Truong Date: Thu, 9 May 2019 17:45:52 +0200 Subject: [PATCH 05/19] Add force namespace isolation for UI (#66) --- charts/argo/Chart.yaml | 2 +- charts/argo/templates/ui-deployment.yaml | 4 ++++ charts/argo/values.yaml | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 3ab858f2..3f4428ef 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "v2.2.1" description: A Helm chart for Kubernetes name: argo -version: 0.3.1 +version: 0.3.2 diff --git a/charts/argo/templates/ui-deployment.yaml b/charts/argo/templates/ui-deployment.yaml index 8790a277..8df55b7f 100644 --- a/charts/argo/templates/ui-deployment.yaml +++ b/charts/argo/templates/ui-deployment.yaml @@ -22,6 +22,10 @@ spec: - name: ui image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}" env: + {{- if .Values.ui.forceNamespaceIsolation }} + - name: FORCE_NAMESPACE_ISOLATION + value: "true" + {{- end }} - name: IN_CLUSTER value: "true" - name: ARGO_NAMESPACE diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 85a4fc37..e9d1c7e9 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -37,6 +37,8 @@ controller: ui: enabled: true + # only show workflows where UI installed + forceNamespaceIsolation: false # optional map of annotations to be applied to the ui Pods podAnnotations: {} name: ui From 02ae101dbea42299c7bd2bfdfc83b98d0e7e6cb2 Mon Sep 17 00:00:00 2001 From: Naseem Date: Mon, 13 May 2019 16:16:44 -0400 Subject: [PATCH 06/19] [argo] Create aggregate roles as pre-install hook (#69) --- charts/argo/Chart.yaml | 2 +- .../templates/workflow-aggregate-roles.yaml | 74 +++++++++++++++++++ charts/argo/values.yaml | 2 + 3 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 charts/argo/templates/workflow-aggregate-roles.yaml diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 3f4428ef..0b51be4a 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "v2.2.1" description: A Helm chart for Kubernetes name: argo -version: 0.3.2 +version: 0.4.0 diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo/templates/workflow-aggregate-roles.yaml new file mode 100644 index 00000000..3898f3c7 --- /dev/null +++ b/charts/argo/templates/workflow-aggregate-roles.yaml @@ -0,0 +1,74 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index e9d1c7e9..c1097ade 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -12,6 +12,8 @@ init: # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. serviceAccount: "" +createAggregateRoles: true + controller: # podAnnotations is an optional map of annotations to be applied to the controller Pods podAnnotations: {} From 2bcf073bfbb924ed01c2bc7636fe6cae83caaabc Mon Sep 17 00:00:00 2001 From: Paulo Miguel Almeida Date: Thu, 16 May 2019 03:29:56 +1200 Subject: [PATCH 07/19] Key 'metadata' is duplicated (#71) --- charts/argo/templates/workflow-aggregate-roles.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo/templates/workflow-aggregate-roles.yaml index 3898f3c7..5164ade0 100644 --- a/charts/argo/templates/workflow-aggregate-roles.yaml +++ b/charts/argo/templates/workflow-aggregate-roles.yaml @@ -48,7 +48,6 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: metadata: annotations: helm.sh/hook: pre-install From 0e05194822b5de1150da12d1f12cd252cbdc3a43 Mon Sep 17 00:00:00 2001 From: Vaibhav Date: Wed, 15 May 2019 13:27:40 -0500 Subject: [PATCH 08/19] update image versions (#72) --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 4b9eac9f..a68d9d65 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 0.4.1 +version: 0.4.2 keywords: - argo-events - sensor-controller @@ -11,4 +11,4 @@ sources: maintainers: - name: Vaibhav Page - name: Matt Magaldi -appVersion: 0.8.1 +appVersion: 0.9.2 diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index d187f0c7..53f1c470 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -23,11 +23,11 @@ singleNamespace: true sensorController: name: sensor-controller image: sensor-controller - tag: v0.8.1 + tag: v0.9.2 replicaCount: 1 gatewayController: name: gateway-controller image: gateway-controller - tag: v0.8.1 + tag: v0.9.2 replicaCount: 1 From fc5d0d2ff07dcc0fb1e40968168989be6508b1a5 Mon Sep 17 00:00:00 2001 From: Penn Date: Thu, 23 May 2019 16:32:28 -0700 Subject: [PATCH 09/19] Update argo and argo-ci helm charts to enable (#74) --- charts/argo-ci/templates/ci-deployment.yaml | 1 + charts/argo-ci/values.yaml | 1 + charts/argo/templates/ui-deployment.yaml | 1 + charts/argo/templates/workflow-controller-deployment.yaml | 1 + charts/argo/values.yaml | 1 + 5 files changed, 5 insertions(+) diff --git a/charts/argo-ci/templates/ci-deployment.yaml b/charts/argo-ci/templates/ci-deployment.yaml index c5577cab..8495176b 100644 --- a/charts/argo-ci/templates/ci-deployment.yaml +++ b/charts/argo-ci/templates/ci-deployment.yaml @@ -16,6 +16,7 @@ spec: containers: - name: ci image: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}" + imagePullPolicy: {{ .Values.imagePullPolicy }} env: - name: IN_CLUSTER value: "true" diff --git a/charts/argo-ci/values.yaml b/charts/argo-ci/values.yaml index 59e4daec..092b182e 100644 --- a/charts/argo-ci/values.yaml +++ b/charts/argo-ci/values.yaml @@ -1,6 +1,7 @@ imageNamespace: argoproj ciImage: argoci imageTag: v1.0.0-alpha2 +imagePullPolicy: Always workflowNamespace: default argo: diff --git a/charts/argo/templates/ui-deployment.yaml b/charts/argo/templates/ui-deployment.yaml index 8df55b7f..c81d09ea 100644 --- a/charts/argo/templates/ui-deployment.yaml +++ b/charts/argo/templates/ui-deployment.yaml @@ -21,6 +21,7 @@ spec: containers: - name: ui image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} env: {{- if .Values.ui.forceNamespaceIsolation }} - name: FORCE_NAMESPACE_ISOLATION diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml index 2f35f983..bb489ba6 100644 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ b/charts/argo/templates/workflow-controller-deployment.yaml @@ -21,6 +21,7 @@ spec: containers: - name: controller image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ .Values.images.tag }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} command: [ "workflow-controller" ] args: - "--configmap" diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index c1097ade..dcfa4fb8 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -3,6 +3,7 @@ images: controller: workflow-controller ui: argoui executor: argoexec + pullPolicy: Always tag: v2.2.1 crdVersion: v1alpha1 From b45b779c2e4eb0fb8737e802558286656ed7ce31 Mon Sep 17 00:00:00 2001 From: Daisuke Taniwaki Date: Tue, 18 Jun 2019 01:33:17 +0900 Subject: [PATCH 10/19] Make containerRuntimeExecutor configurable (#36) --- charts/argo/templates/workflow-controller-config-map.yaml | 1 + charts/argo/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index 6d456905..00acc301 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -15,6 +15,7 @@ data: instanceID: {{ .Values.controller.instanceID.explicitID }} {{- end }} {{- end }} + containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} artifactRepository: {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} {{- if .Values.artifactRepository.archiveLogs }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index dcfa4fb8..e24130f3 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -26,6 +26,7 @@ controller: name: workflow-controller workflowNamespaces: - default + containerRuntimeExecutor: docker instanceID: # `instanceID.enabled` configures the controller to filter workflow submissions # to only those which have a matching instanceID attribute. From ff190bdc0a3972285f64b5a10e5204f35c2903b2 Mon Sep 17 00:00:00 2001 From: Donald Rauscher Date: Mon, 17 Jun 2019 12:04:39 -0500 Subject: [PATCH 11/19] Add support for S3 artifact keyPrefix (#78) --- charts/argo/templates/workflow-controller-config-map.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index 00acc301..639f7737 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -33,6 +33,9 @@ data: bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }} endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }} insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.keyPrefix }} + keyPrefix: {{ .Values.artifactRepository.s3.keyPrefix }} + {{- end }} {{- end}} {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: From 62319a934fbc750830b5f9d592065e218c21f961 Mon Sep 17 00:00:00 2001 From: Jakub Liska Date: Tue, 25 Jun 2019 17:57:20 +0200 Subject: [PATCH 12/19] loadBalancerIP support in argo-ui (#80) --- charts/argo/templates/ui-service.yaml | 3 +++ charts/argo/values.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/charts/argo/templates/ui-service.yaml b/charts/argo/templates/ui-service.yaml index 3a63613d..5cd848cc 100644 --- a/charts/argo/templates/ui-service.yaml +++ b/charts/argo/templates/ui-service.yaml @@ -19,6 +19,9 @@ spec: app: {{ .Release.Name }}-{{ .Values.ui.name }} sessionAffinity: None type: {{ .Values.ui.serviceType }} + {{- if and (eq .Values.ui.serviceType "LoadBalancer") .Values.ui.loadBalancerIP }} + loadBalancerIP: {{ .Values.ui.loadBalancerIP | quote }} + {{- end }} {{- if and (eq .Values.ui.serviceType "LoadBalancer") .Values.ui.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.ui.loadBalancerSourceRanges | indent 4 }}{{- end }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index e24130f3..45976b09 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -51,6 +51,9 @@ ui: serviceAccount: argo-ui # Annotations to be applied to the UI Service serviceAnnotations: {} + # Static IP address to assign to loadBalancer + # service type `LoadBalancer` + loadBalancerIP: "" # Source ranges to allow access to service from. Only applies to # service type `LoadBalancer` loadBalancerSourceRanges: [] From 9f882e9190d1ce0a31bd793fc4ef635188b70b03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Prud=27homme?= Date: Tue, 2 Jul 2019 22:41:28 +0200 Subject: [PATCH 13/19] Update Argo to v2.3.0 and add support for Prometheus operator (#73) --- charts/argo/Chart.yaml | 2 +- .../workflow-controller-config-map.yaml | 3 ++ .../workflow-controller-service.yaml | 35 +++++++++++++++++++ .../workflow-controller-servicemonitor.yaml | 33 +++++++++++++++++ charts/argo/values.yaml | 17 ++++++++- 5 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 charts/argo/templates/workflow-controller-service.yaml create mode 100644 charts/argo/templates/workflow-controller-servicemonitor.yaml diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 0b51be4a..9a98250c 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "v2.2.1" description: A Helm chart for Kubernetes name: argo -version: 0.4.0 +version: 0.5.0 diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index 639f7737..b635ec81 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -40,3 +40,6 @@ data: {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: {{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + telemetryConfig: +{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }} diff --git a/charts/argo/templates/workflow-controller-service.yaml b/charts/argo/templates/workflow-controller-service.yaml new file mode 100644 index 00000000..5d4391de --- /dev/null +++ b/charts/argo/templates/workflow-controller-service.yaml @@ -0,0 +1,35 @@ +{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-{{ .Values.controller.name }} + labels: + app: {{ .Release.Name }}-{{ .Values.controller.name}} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.controller.serviceAnnotations }} + annotations: +{{ toYaml .Values.controller.serviceAnnotations | indent 4}}{{- end }} +spec: + ports: + {{- if .Values.controller.metricsConfig.enabled }} + - name: metrics + port: {{ .Values.controller.metricsServicePort }} + protocol: TCP + targetPort: {{ .Values.controller.metricsConfig.port }} + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - name: telemetry + port: {{ .Values.controller.telemetryServicePort }} + protocol: TCP + targetPort: {{ .Values.controller.telemetryConfig.port }} + {{- end }} + selector: + app: {{ .Release.Name }}-{{ .Values.controller.name }} + sessionAffinity: None + type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }}{{- end }} +{{- end -}} diff --git a/charts/argo/templates/workflow-controller-servicemonitor.yaml b/charts/argo/templates/workflow-controller-servicemonitor.yaml new file mode 100644 index 00000000..425fedac --- /dev/null +++ b/charts/argo/templates/workflow-controller-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-{{ .Values.controller.name }} + labels: + app: {{ .Release.Name }}-{{ .Values.controller.name}} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.controller.serviceMonitor.additionalLabels }} +{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + endpoints: + {{- if .Values.controller.metricsConfig.enabled }} + - port: metrics + path: {{ .Values.controller.metricsConfig.path }} + interval: 30s + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - port: telemetry + path: {{ .Values.controller.telemetryConfig.path }} + interval: 30s + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ .Values.controller.name}} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 45976b09..0db0db25 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -4,7 +4,7 @@ images: ui: argoui executor: argoexec pullPolicy: Always - tag: v2.2.1 + tag: v2.3.0 crdVersion: v1alpha1 @@ -22,6 +22,13 @@ controller: enabled: false path: /metrics port: 8080 + telemetryConfig: + enabled: false + path: /telemetry + port: 8081 + serviceMonitor: + enabled: false + additionalLabels: {} serviceAccount: argo name: workflow-controller workflowNamespaces: @@ -38,6 +45,14 @@ controller: logging: level: info globallevel: "0" + serviceType: ClusterIP + metricsServicePort: 8080 + telemetryServicePort: 8081 + # Annotations to be applied to the controller Service + serviceAnnotations: {} + # Source ranges to allow access to service from. Only applies to + # service type `LoadBalancer` + loadBalancerSourceRanges: [] ui: enabled: true From 6cfac41a4b327a01788fa474a1fe259e69c61b5c Mon Sep 17 00:00:00 2001 From: Pablo Osinaga Date: Mon, 8 Jul 2019 19:31:18 +0200 Subject: [PATCH 14/19] [Argo] Fix appVersion in argo chart (#83) --- charts/argo/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 9a98250c..d7c5ee0e 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v2.2.1" +appVersion: "v2.3.0" description: A Helm chart for Kubernetes name: argo version: 0.5.0 From 6e108f3aae4d5fa5788640f8bd8b3407e1425c13 Mon Sep 17 00:00:00 2001 From: Mike Hume Date: Mon, 8 Jul 2019 14:06:48 -0700 Subject: [PATCH 15/19] Small url fixes (#82) --- charts/argo-cd/templates/NOTES.txt | 2 +- charts/argo-cd/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index ecd1f64b..36ade656 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -5,7 +5,7 @@ In order to access the server UI you have the following options: and then open the browser on http://localhost:8080 and accept the certificate 2. enable ingress and check the first option ssl passthrough: - https://github.com/argoproj/argo-cd/blob/master/docs/ingress.md#option-1-ssl-passthrough + https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough After reaching the UI the first time you can login with username: admin and the password will be the name of the server pod. You can get the pod name by running: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 71f5c1a7..15d909dd 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -96,7 +96,7 @@ config: # # url: https://argo-cd-demo.argoproj.io # # # A dex connector configuration. See documentation on how to configure SSO: - # # https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso + # # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso.md#2-configure-argo-cd-for-sso # connectors: # # GitHub example # - type: github @@ -141,7 +141,7 @@ config: rbac: # # An RBAC policy .csv file containing additional policy and role definitions. -# # See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies. +# # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md on how to write RBAC policies. # policy.csv: | # # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project" # p, my-org:team-alpha, applications, sync, my-project/*, allow From c7b415b6341b9db6c57e3d378e2d98ec493bfbe5 Mon Sep 17 00:00:00 2001 From: Minh Monmen Date: Tue, 23 Jul 2019 01:11:28 +0700 Subject: [PATCH 16/19] add rbac scopes support (#85) --- charts/argo-cd/templates/argocd-rbac-cm.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/charts/argo-cd/templates/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-rbac-cm.yaml index fb688d03..7d3aa6ea 100755 --- a/charts/argo-cd/templates/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-rbac-cm.yaml @@ -16,3 +16,6 @@ data: policy.csv: {{- toYaml .Values.rbac.policyCsv | indent 4 }} {{- end }} +{{- if .Values.rbac.scopes }} + scopes: {{ .Values.rbac.scopes }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 15d909dd..c4d7c677 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -157,6 +157,8 @@ rbac: # g, your-github-org:your-team, role:org-admin # The default role Argo CD will fall back to, when authorizing API requests policyDefault: #role:readonly + # Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). + scopes: #[groups] redis: image: From c9a426068e2af901412e4827e2ea47d9d1f6c81a Mon Sep 17 00:00:00 2001 From: Tom Powell Date: Wed, 24 Jul 2019 16:13:27 -0400 Subject: [PATCH 17/19] argo: add support for individual image tags. (#81) --- charts/argo/templates/ui-deployment.yaml | 2 +- .../templates/workflow-controller-deployment.yaml | 4 ++-- charts/argo/values.yaml | 11 +++++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argo/templates/ui-deployment.yaml b/charts/argo/templates/ui-deployment.yaml index c81d09ea..fda2a0d9 100644 --- a/charts/argo/templates/ui-deployment.yaml +++ b/charts/argo/templates/ui-deployment.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: {{ .Values.ui.serviceAccount | quote }} containers: - name: ui - image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}" + image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ default .Values.images.tag .Values.ui.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} env: {{- if .Values.ui.forceNamespaceIsolation }} diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml index bb489ba6..586d4132 100644 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ b/charts/argo/templates/workflow-controller-deployment.yaml @@ -20,14 +20,14 @@ spec: serviceAccountName: {{ .Values.controller.serviceAccount | quote }} containers: - name: controller - image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ .Values.images.tag }}" + image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} command: [ "workflow-controller" ] args: - "--configmap" - "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap" - "--executor-image" - - "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ .Values.images.tag }}" + - "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ default .Values.images.tag .Values.executor.image.tag }}" - "--loglevel" - "{{ .Values.controller.logging.level }}" - "--gloglevel" diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 0db0db25..f4a60c10 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -16,6 +16,9 @@ init: createAggregateRoles: true controller: + image: + # Overrides .images.tag if defined. + tag: "" # podAnnotations is an optional map of annotations to be applied to the controller Pods podAnnotations: {} metricsConfig: @@ -54,10 +57,18 @@ controller: # service type `LoadBalancer` loadBalancerSourceRanges: [] +executor: + image: + # Overrides .images.tag if defined. + tag: "" + ui: enabled: true # only show workflows where UI installed forceNamespaceIsolation: false + image: + # Overrides .images.tag if defined. + tag: "" # optional map of annotations to be applied to the ui Pods podAnnotations: {} name: ui From f9863c5b6c2853f7b28994862d5a0ca11e315503 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20J=C3=A4ger?= Date: Thu, 25 Jul 2019 18:22:51 +0200 Subject: [PATCH 18/19] Improve chart description (#89) --- charts/argo-ci/Chart.yaml | 2 +- charts/argo/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-ci/Chart.yaml b/charts/argo-ci/Chart.yaml index 1ae37023..bdbd58e5 100644 --- a/charts/argo-ci/Chart.yaml +++ b/charts/argo-ci/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v1 -description: A Helm chart for Kubernetes +description: A Helm chart for Argo-CI name: argo-ci version: 0.1.2 diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index d7c5ee0e..58745eb6 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "v2.3.0" -description: A Helm chart for Kubernetes +description: A Helm chart for Argo Workflows name: argo version: 0.5.0 From e41f156cbe1c3ac67faef821acaa9b990d770f8f Mon Sep 17 00:00:00 2001 From: razvan-wework <45373007+razvan-wework@users.noreply.github.com> Date: Tue, 30 Jul 2019 13:44:56 -0700 Subject: [PATCH 19/19] Adds annotations to argocd server (#90) --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-server-deployment.yaml | 4 ++++ charts/argo-cd/values.yaml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0de073cc..0a889553 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "0.12.3" description: A Helm chart for Argo-CD name: argo-cd -version: 0.2.2 +version: 0.2.3 diff --git a/charts/argo-cd/templates/argocd-server-deployment.yaml b/charts/argo-cd/templates/argocd-server-deployment.yaml index 73d21b2d..01231ae3 100755 --- a/charts/argo-cd/templates/argocd-server-deployment.yaml +++ b/charts/argo-cd/templates/argocd-server-deployment.yaml @@ -22,6 +22,10 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} app.kubernetes.io/component: server + annotations: + {{- range $key, $value := .Values.server.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: serviceAccountName: argocd-server initContainers: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c4d7c677..49202837 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -24,6 +24,7 @@ server: extraArgs: [] volumeMounts: [] volumes: [] + annotations: {} repoServer: containerPort: 8081