chore(argo-cd): Consolidated GnuPG configuration (#1609)
Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
This commit is contained in:
Petr Drastil
GitHub
parent
cde6e849a3
commit
6f3c468639
6 changed files with 39 additions and 36 deletions
|
|
@ -3,7 +3,7 @@ appVersion: v2.5.2
|
|||
kubeVersion: ">=1.22.0-0"
|
||||
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
|
||||
name: argo-cd
|
||||
version: 5.13.9
|
||||
version: 5.14.0
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
|
||||
sources:
|
||||
|
|
@ -23,4 +23,7 @@ dependencies:
|
|||
condition: redis-ha.enabled
|
||||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- "[Changed]: Document imporatant changes in changelog"
|
||||
- "[Added]: Configuration option configs.gpg"
|
||||
- "[Deprecated]: Configuration option configs.gpgKeys"
|
||||
- "[Deprecated]: Configuration option configs.gpgKeysAnnotations"
|
||||
- "[Fixed]: Documentation for declarative setup"
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ This is a **community maintained** chart. This chart installs [argo-cd](https://
|
|||
|
||||
The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
|
||||
|
||||
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative set up](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) of Argo CD.
|
||||
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
|
||||
For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
|
||||
|
||||
## High Availability
|
||||
|
|
@ -402,12 +402,12 @@ NAME: my-release
|
|||
| configs.cm."timeout.hard.reconciliation" | int | `0` | Timeout to refresh application data as well as target manifests cache |
|
||||
| configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository |
|
||||
| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap |
|
||||
| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [Declarative setup] |
|
||||
| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] |
|
||||
| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO |
|
||||
| configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos |
|
||||
| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret |
|
||||
| configs.gpgKeys | object | `{}` (See [values.yaml]) | [GnuPG](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) keys to add to the key ring |
|
||||
| configs.gpgKeysAnnotations | object | `{}` | GnuPG key ring annotations |
|
||||
| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap |
|
||||
| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
|
||||
| configs.knownHosts.data.ssh_known_hosts | string | See [values.yaml] | Known Hosts |
|
||||
| configs.knownHostsAnnotations | object | `{}` | Known Hosts configmap annotations |
|
||||
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
|
||||
|
|
@ -1109,8 +1109,9 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
|
|||
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
|
||||
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
|
||||
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
|
||||
[Declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
|
||||
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
|
||||
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
|
||||
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
|
||||
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
||||
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
|
||||
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ This is a **community maintained** chart. This chart installs [argo-cd](https://
|
|||
|
||||
The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
|
||||
|
||||
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative set up](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) of Argo CD.
|
||||
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
|
||||
For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
|
||||
|
||||
## High Availability
|
||||
|
|
@ -517,8 +517,9 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
|
|||
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
|
||||
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
|
||||
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
|
||||
[Declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
|
||||
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
|
||||
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
|
||||
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
|
||||
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
||||
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
|
||||
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
|
|
|
|||
|
|
@ -43,6 +43,12 @@ DEPRECATED option server.rbacConfig - Use configs.rbac
|
|||
{{- if .Values.configs.secret.argocdServerTlsConfig }}
|
||||
DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
|
||||
{{- end }}
|
||||
{{- if .Values.configs.gpgKeys }}
|
||||
DEPRECATED option configs.gpgKeys - Use config.gpg.keys
|
||||
{{- end }}
|
||||
{{- if .Values.configs.gpgKeysAnnotations }}
|
||||
DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service }}
|
||||
REMOVED option controller.service - Use controller.metrics
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -4,13 +4,13 @@ metadata:
|
|||
name: argocd-gpg-keys-cm
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
|
||||
{{- with .Values.configs.gpgKeysAnnotations }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}}
|
||||
annotations:
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.configs.gpgKeys }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}}
|
||||
data:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ configs:
|
|||
# General Argo CD configuration
|
||||
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
|
||||
cm:
|
||||
# -- Create the argocd-cm configmap for [Declarative setup]
|
||||
# -- Create the argocd-cm configmap for [declarative setup]
|
||||
create: true
|
||||
|
||||
# -- Annotations to be added to argocd-cm configmap
|
||||
|
|
@ -234,6 +234,22 @@ configs:
|
|||
# The scope value can be a string, or a list of strings.
|
||||
scopes: "[groups]"
|
||||
|
||||
# GnuPG public keys for commit verification
|
||||
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
|
||||
gpg:
|
||||
# -- Annotations to be added to argocd-gpg-keys-cm configmap
|
||||
annotations: {}
|
||||
|
||||
# -- [GnuPG] public keys to add to the keyring
|
||||
# @default -- `{}` (See [values.yaml])
|
||||
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
|
||||
keys: {}
|
||||
# 4AEE18F83AFDEB23: |
|
||||
# -----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
# ...
|
||||
# -----END PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
|
||||
# -- Provide one or multiple [external cluster credentials]
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
## Ref:
|
||||
|
|
@ -261,30 +277,6 @@ configs:
|
|||
# insecure: false
|
||||
# caData: "<base64 encoded certificate>"
|
||||
|
||||
# -- GnuPG key ring annotations
|
||||
gpgKeysAnnotations: {}
|
||||
# -- [GnuPG](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) keys to add to the key ring
|
||||
# @default -- `{}` (See [values.yaml])
|
||||
gpgKeys: {}
|
||||
# 4AEE18F83AFDEB23: |
|
||||
# -----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
#
|
||||
# mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta
|
||||
# x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT
|
||||
# SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ
|
||||
# 7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa
|
||||
# buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v
|
||||
# yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs
|
||||
# b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW
|
||||
# BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf
|
||||
# DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6
|
||||
# 9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws
|
||||
# +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5
|
||||
# 4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O
|
||||
# j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48=
|
||||
# =Bvzs
|
||||
# -----END PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
# -- Known Hosts configmap annotations
|
||||
knownHostsAnnotations: {}
|
||||
knownHosts:
|
||||
|
|
|
|||
Loading…
Reference in a new issue