From f80ab1a2fb2ed34fe73dbb85614f9fcc3f40c704 Mon Sep 17 00:00:00 2001 From: chgl Date: Wed, 21 Apr 2021 14:42:16 +0200 Subject: [PATCH 1/4] fix(argocd-applicationset): corrected chart directory name (#672) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: corrected argocd-applicationset chart dir Signed-off-by: chgl * bumped chart version Signed-off-by: chgl Co-authored-by: Oliver Bähler --- .../.helmignore | 0 .../{argo-applicationset => argocd-applicationset}/Chart.yaml | 2 +- .../{argo-applicationset => argocd-applicationset}/README.md | 4 ++-- .../ci/default-values.yaml | 0 .../ci/leader-election-values.yaml | 0 .../crds/crd-applicationset.yaml | 0 .../templates/_helpers.tpl | 0 .../templates/crds.yaml | 0 .../templates/deployment.yaml | 0 .../templates/psp.yaml | 0 .../templates/rbac.yaml | 0 .../templates/serviceaccount.yaml | 0 .../values.yaml | 0 13 files changed, 3 insertions(+), 3 deletions(-) rename charts/{argo-applicationset => argocd-applicationset}/.helmignore (100%) rename charts/{argo-applicationset => argocd-applicationset}/Chart.yaml (95%) rename charts/{argo-applicationset => argocd-applicationset}/README.md (98%) rename charts/{argo-applicationset => argocd-applicationset}/ci/default-values.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/ci/leader-election-values.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/crds/crd-applicationset.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/templates/_helpers.tpl (100%) rename charts/{argo-applicationset => argocd-applicationset}/templates/crds.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/templates/deployment.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/templates/psp.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/templates/rbac.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/templates/serviceaccount.yaml (100%) rename charts/{argo-applicationset => argocd-applicationset}/values.yaml (100%) diff --git a/charts/argo-applicationset/.helmignore b/charts/argocd-applicationset/.helmignore similarity index 100% rename from charts/argo-applicationset/.helmignore rename to charts/argocd-applicationset/.helmignore diff --git a/charts/argo-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml similarity index 95% rename from charts/argo-applicationset/Chart.yaml rename to charts/argocd-applicationset/Chart.yaml index c467c3c6..ebb5ee1c 100644 --- a/charts/argo-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.2 +version: 0.1.3 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argo-applicationset/README.md b/charts/argocd-applicationset/README.md similarity index 98% rename from charts/argo-applicationset/README.md rename to charts/argocd-applicationset/README.md index 316bd8ce..b200d9cf 100644 --- a/charts/argo-applicationset/README.md +++ b/charts/argocd-applicationset/README.md @@ -18,7 +18,7 @@ To install the chart with the release name `my-release`: $ helm repo add argo https://argoproj.github.io/argo-helm "argo" has been added to your repositories -$ helm install --name my-release argo/argo-applicationset +$ helm install --name my-release argo/argocd-applicationset NAME: my-release ... ``` @@ -61,7 +61,7 @@ ct install --namespace argocd | mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume | | mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume | | mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` | -| nameOverride | string | `""` | Provide a name in place of `argo-applicationset` | +| nameOverride | string | `""` | Provide a name in place of `argocd-applicationset` | | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | | podAnnotations | object | `{}` | Annotations for the controller pods | | podSecurityContext | object | `{}` | Pod Security Context | diff --git a/charts/argo-applicationset/ci/default-values.yaml b/charts/argocd-applicationset/ci/default-values.yaml similarity index 100% rename from charts/argo-applicationset/ci/default-values.yaml rename to charts/argocd-applicationset/ci/default-values.yaml diff --git a/charts/argo-applicationset/ci/leader-election-values.yaml b/charts/argocd-applicationset/ci/leader-election-values.yaml similarity index 100% rename from charts/argo-applicationset/ci/leader-election-values.yaml rename to charts/argocd-applicationset/ci/leader-election-values.yaml diff --git a/charts/argo-applicationset/crds/crd-applicationset.yaml b/charts/argocd-applicationset/crds/crd-applicationset.yaml similarity index 100% rename from charts/argo-applicationset/crds/crd-applicationset.yaml rename to charts/argocd-applicationset/crds/crd-applicationset.yaml diff --git a/charts/argo-applicationset/templates/_helpers.tpl b/charts/argocd-applicationset/templates/_helpers.tpl similarity index 100% rename from charts/argo-applicationset/templates/_helpers.tpl rename to charts/argocd-applicationset/templates/_helpers.tpl diff --git a/charts/argo-applicationset/templates/crds.yaml b/charts/argocd-applicationset/templates/crds.yaml similarity index 100% rename from charts/argo-applicationset/templates/crds.yaml rename to charts/argocd-applicationset/templates/crds.yaml diff --git a/charts/argo-applicationset/templates/deployment.yaml b/charts/argocd-applicationset/templates/deployment.yaml similarity index 100% rename from charts/argo-applicationset/templates/deployment.yaml rename to charts/argocd-applicationset/templates/deployment.yaml diff --git a/charts/argo-applicationset/templates/psp.yaml b/charts/argocd-applicationset/templates/psp.yaml similarity index 100% rename from charts/argo-applicationset/templates/psp.yaml rename to charts/argocd-applicationset/templates/psp.yaml diff --git a/charts/argo-applicationset/templates/rbac.yaml b/charts/argocd-applicationset/templates/rbac.yaml similarity index 100% rename from charts/argo-applicationset/templates/rbac.yaml rename to charts/argocd-applicationset/templates/rbac.yaml diff --git a/charts/argo-applicationset/templates/serviceaccount.yaml b/charts/argocd-applicationset/templates/serviceaccount.yaml similarity index 100% rename from charts/argo-applicationset/templates/serviceaccount.yaml rename to charts/argocd-applicationset/templates/serviceaccount.yaml diff --git a/charts/argo-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml similarity index 100% rename from charts/argo-applicationset/values.yaml rename to charts/argocd-applicationset/values.yaml From 50caa3d28941d7e5966d9097931f9c0ff12aaebf Mon Sep 17 00:00:00 2001 From: Kai Kahllund Date: Wed, 21 Apr 2021 15:05:39 +0200 Subject: [PATCH 2/4] fix: add missing status resources in rbac role (#667) Signed-off-by: shortmann --- charts/argo-events/Chart.yaml | 2 +- charts/argo-events/templates/argo-events-roles.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index d579e214..a7a9854e 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.3.0 +version: 1.3.1 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml index d6de39d2..56721159 100644 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ b/charts/argo-events/templates/argo-events-roles.yaml @@ -49,10 +49,13 @@ rules: - workflowtemplates/finalizers - sensors - sensors/finalizers + - sensors/status - eventsources - eventsources/finalizers + - eventsources/status - eventbus - eventbus/finalizers + - eventbus/status - apiGroups: - "" resources: From 5955a3bef8409a3edb19a59f6eda32023b255b2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Wed, 21 Apr 2021 15:18:55 +0200 Subject: [PATCH 3/4] fix(argo-cd): Disable Dex ServiceAccount (#648) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: oliverbaehler as codeowner Signed-off-by: Oliver Bähler * Disable ServiceAccount on disabled Dex Signed-off-by: Oliver Bähler --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/dex/serviceaccount.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d3c33558..8019e90d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.1.1 +version: 3.1.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index bb235eec..71707f09 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.dex.serviceAccount.create }} +{{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} From abcd61717ff91c1f3b3d547be2bcd2d2c5a61db3 Mon Sep 17 00:00:00 2001 From: Sergey <41047934+1Psy@users.noreply.github.com> Date: Wed, 21 Apr 2021 18:45:05 +0300 Subject: [PATCH 4/4] feat(argocd-notifications): Add securityContext (#644) Signed-off-by: 1Psy <41047934+1Psy@users.noreply.github.com> --- charts/argocd-notifications/Chart.yaml | 2 +- charts/argocd-notifications/templates/deployment.yaml | 8 ++++++-- charts/argocd-notifications/values.yaml | 7 +++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 2d1ada91..881c18ae 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.1.1 +version: 1.1.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/deployment.yaml b/charts/argocd-notifications/templates/deployment.yaml index bc6948d3..0e18f698 100644 --- a/charts/argocd-notifications/templates/deployment.yaml +++ b/charts/argocd-notifications/templates/deployment.yaml @@ -26,8 +26,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argocd-notifications.serviceAccountName" . }} - securityContext: - runAsNonRoot: true + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 8 }} + {{- end }} containers: - name: {{ include "argocd-notifications.name" . }}-controller image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -51,6 +52,9 @@ spec: name: metrics protocol: TCP {{- end }} + {{- if .Values.containerSecurityContext }} + securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- end }} {{- with .Values.extraEnv }} env: {{ toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index 35cce8df..0a27e643 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -65,6 +65,13 @@ notifiers: podAnnotations: {} +## Pod Security Context +securityContext: + runAsNonRoot: true + +## Container Security Context +containerSecurityContext: {} + resources: {} # limits: # cpu: 100m