diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index 01fdbe0c..154dbfbf 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -1,2 +1,12 @@ ## Reference: https://github.com/helm/chart-releaser -index-path: "./index.yaml" \ No newline at end of file +index-path: "./index.yaml" + +# PGP signing +sign: true +key: Argo Helm maintainers +# keyring: # Set via env variable CR_KEYRING +# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE + +# Enable automatic generation of release notes using GitHubs release notes generator. +# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes +generate-release-notes: true diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 65c36c00..ed14509e 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,6 +1,8 @@ + Checklist: @@ -11,4 +13,4 @@ Checklist: * [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md). * [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/stable/developer-guide/ci/)). -Changes are automatically published when merged to `main`. They are not published on branches. + diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index d54748a3..9b9a1870 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -6,27 +6,39 @@ permissions: contents: read jobs: + linter-artifacthub: + runs-on: ubuntu-latest + container: + image: public.ecr.aws/artifacthub/ah:v1.14.0 + options: --user 1001 + steps: + - name: Checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - name: Run ah lint + working-directory: ./charts + run: ah lint + chart-test: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 with: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@v4 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: 3.9 - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.4.0 + uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 with: # Note: Also update in scripts/lint.sh version: v3.7.1 @@ -58,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index bcdfc440..18a87c50 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -1,8 +1,12 @@ ## Reference: https://github.com/pascalgn/size-label-action name: 'PR Labeling' + on: pull_request_target: - types: [opened, synchronize, reopened] + types: + - opened + - synchronize + - reopened permissions: contents: read @@ -12,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" @@ -21,7 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - name: size-label - uses: "pascalgn/size-label-action@v0.4.3" + - uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index a636b08b..2d45de12 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -31,6 +31,7 @@ jobs: argo-workflows argocd-image-updater argocd-apps + deps github # Configure that a scope must always be provided. requireScope: true diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9b78646f..84721417 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 with: version: v3.10.1 # Also update in lint-and-test.yaml @@ -39,8 +39,24 @@ jobs: mkdir .cr-release-packages helm package charts/argo-cd -u -d .cr-release-packages/ + # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key + # in ASCII-armored format. To export a (new) key, run this command: + # `gpg --armor --export-secret-key ` + - name: Prepare PGP key + run: | + IFS="" + echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg + echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt + + # Tell chart-releaser-action where to find the key and its passphrase + echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV" + echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV" + env: + PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}" + PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" + - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 with: config: "./.github/configs/cr.yaml" skip_packaging: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..066d3c57 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '21 6 * * 6' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + if: github.repository_owner == 'argoproj' + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + with: + sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 9b4053bb..b0356dc7 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale diff --git a/CODEOWNERS b/CODEOWNERS index aea8942f..f7432a77 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,16 +1,14 @@ -# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners - -# Other and new charts -/charts/ @oliverbaehler +# All +* @mkilchhofer @jmeridth # Argo Workflows -/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @jmeridth @yu-croco +/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 # Argo CD -/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil +/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 # Argo Events -/charts/argo-events/ @jbehling @VaibhavPage @pdrastil +/charts/argo-events/ @pdrastil @jmeridth @tico24 # Argo Rollouts -/charts/argo-rollouts/ +/charts/argo-rollouts/ @jmeridth diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..37789a9d --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,9 @@ +# Code of Conduct + +We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). Please reference the link for details. + +## TL;DR (too long didn't read) + +Be kind + +Your participation is at the discression of the maintainers of this project. diff --git a/EMERITUS.md b/EMERITUS.md new file mode 100644 index 00000000..2c299690 --- /dev/null +++ b/EMERITUS.md @@ -0,0 +1,12 @@ +# Emeritus Approvers + +These are the people who have been approvers in the past, and have since retired from the role. + +We thank them for their service to the project. + +* @oliverbaehler +* @stefansedich +* @paguos +* @yann-soubeyrand +* @davidkarlsen +* @jbehling diff --git a/OWNERS b/OWNERS deleted file mode 100644 index e393c5ba..00000000 --- a/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -owners: -- alexec -- alexmt -- jessesuen - -approvers: -- alexec -- alexmt -- jessesuen diff --git a/README.md b/README.md index ac71eb3e..b29bb3d1 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ [![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm) Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: @@ -35,7 +36,7 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" ### Security Policy -If you have a security concern relating to either this project repo or an individual helm chart, please [open an issue](https://github.com/argoproj/argo-helm/issues/new/choose) or [start a discussion](https://github.com/argoproj/argo-helm/discussions/new). +Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues. ### Changelog diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..7c30259c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions and Upstream Reporting + +Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy docueent to find out how to report the security issue. + +* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) +* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) +* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md) +* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md) +* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md) + +## Reporting a Vulnerability for Argo Helm Charts + +We have enabled the ability to privately report security issues through the Security tab above. + +[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that + +A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation. + +Thank you for helping to ensure this code stays secure. diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index e21296c6..edd5df2b 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.22.5 -digest: sha256:d2e927511e515fb862f23dd413ee3a356c855d808f6f9ad1d345ee62b8c7ea16 -generated: "2023-03-30T08:25:32.738257836+02:00" + version: 4.23.0 +digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c +generated: "2023-05-15T19:25:26.049618+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ce84a3b5..db894848 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.0-cap-CR-18430-del-app +appVersion: v2.7.0-cap-CR-18361-custom-instance-label +kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.29.2-cap-CR-18430 -kubeVersion: ">=1.22.0-0" +version: 5.38.1-0-v2.7.0-cap-CR-18361-custom-instance-label home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,10 +18,13 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.22.5 + version: 4.23.0 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Send app deleted event to codefresh platform. + - kind: added + description: Adding the option to set `annotations` for `Certificate` resources diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 47a1988c..0cb7571d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,16 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.35.0 +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + ### 5.24.0 This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). @@ -351,7 +361,9 @@ server: ## Prerequisites -- Kubernetes: `>=1.22.0-0` +- Kubernetes: `>=1.23.0-0` + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -374,6 +386,7 @@ NAME: my-release | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | @@ -389,14 +402,15 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| +| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. | | global.additionalLabels | object | `{}` | Common labels for the all resources | | global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | | global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | +| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | -| global.entrypoint.entrypoint | string | `"entrypoint.sh"` | The entrypoint to use for the containers. | -| global.entrypoint.useImplicit | bool | `false` | Implicitly use the docker image's entrypoint. This requires the image to have ENTRYPOINT set properly | +| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | | global.image.repository | string | `"quay.io/codefresh/argocd"` | If defined, a repository applied to all Argo CD deployments | @@ -453,6 +467,7 @@ NAME: my-release | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | | configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". | | configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap | +| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | @@ -510,9 +525,11 @@ NAME: my-release | controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | | controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | controller.metrics.service.labels | object | `{}` | Metrics service labels | | controller.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -587,6 +604,7 @@ NAME: my-release | repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | | repoServer.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods | +| repoServer.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-repo-server container | | repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | @@ -594,9 +612,11 @@ NAME: my-release | repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.metrics.enabled | bool | `false` | Deploy metrics service | | repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| repoServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | repoServer.metrics.service.labels | object | `{}` | Metrics service labels | | repoServer.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | repoServer.metrics.service.servicePort | int | `8084` | Metrics service port | +| repoServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -657,6 +677,7 @@ NAME: my-release | server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | | server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | | server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | | server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | @@ -669,6 +690,7 @@ NAME: my-release | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | +| server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | | server.certificateSecret.crt | string | `""` | Certificate data | | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | @@ -728,9 +750,11 @@ NAME: my-release | server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | server.metrics.enabled | bool | `false` | Deploy metrics service | | server.metrics.service.annotations | object | `{}` | Metrics service annotations | +| server.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | server.metrics.service.labels | object | `{}` | Metrics service labels | | server.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | server.metrics.service.servicePort | int | `8083` | Metrics service port | +| server.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -835,7 +859,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.35.3"` | Dex image tag | +| dex.image.tag | string | `"v2.37.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -847,6 +871,8 @@ server: | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.logFormat | string | `""` (defaults to global.logging.format) | Dex log format. Either `text` or `json` | +| dex.logLevel | string | `""` (defaults to global.logging.level) | Dex log level. One of: `debug`, `info`, `warn`, `error` | | dex.metrics.enabled | bool | `false` | Deploy metrics service | | dex.metrics.service.annotations | object | `{}` | Metrics service annotations | | dex.metrics.service.labels | object | `{}` | Metrics service labels | @@ -919,7 +945,7 @@ server: | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"quay.io/codefresh/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -977,7 +1003,7 @@ The main options are listed here: | redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | -| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -1011,6 +1037,20 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | +| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | +| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | @@ -1039,9 +1079,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | | applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | +| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | -| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port | +| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port | +| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -1074,6 +1116,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | | applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name | +| applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type | | applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | @@ -1122,8 +1165,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | | notifications.metrics.port | int | `9001` | Metrics port | | notifications.metrics.service.annotations | object | `{}` | Metrics service annotations | +| notifications.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | notifications.metrics.service.labels | object | `{}` | Metrics service labels | | notifications.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| notifications.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -1182,3 +1227,6 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 945bab72..f1dea7f2 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,17 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.35.0 +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + + +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + ### 5.24.0 This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). @@ -352,6 +363,8 @@ server: ## Prerequisites - {{ template "chart.kubeVersionLine" . }} + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -546,3 +559,6 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index bf0c1e84..f8c84c9c 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -46,6 +46,7 @@ helm.sh/chart: {{ include "argo-cd.chart" .context }} {{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argocd +app.kubernetes.io/version: {{ include "argo-cd.defaultTag" .context }} {{- with .context.Values.global.additionalLabels }} {{ toYaml . }} {{- end }} @@ -123,13 +124,13 @@ nodeAffinity: {{/* Common deployment strategy definition -- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite +- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite */}} {{- define "argo-cd.strategy" -}} {{- $preset := . -}} -{{- if (eq $preset.type "Recreate") }} +{{- if (eq (toString $preset.type) "Recreate") }} type: Recreate -{{- else if (eq $preset.type "RollingUpdate") }} +{{- else if (eq (toString $preset.type) "RollingUpdate") }} type: RollingUpdate {{- with $preset.rollingUpdate }} rollingUpdate: diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2338d1c0..2786d6ed 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -207,7 +207,7 @@ applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.r Merge Argo Params Configuration with Preset Configuration */}} {{- define "argo-cd.config.params" -}} -{{- $config := omit .Values.configs.params "annotations" }} +{{- $config := omit .Values.configs.params "create" "annotations" }} {{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}} {{- range $key, $value := mergeOverwrite $preset $config }} {{ $key }}: {{ toString $value | toYaml }} diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index 88827a85..01b7a779 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -3,18 +3,27 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} {{- with .Values.controller.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.controller.metrics.service.annotations }} + {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.controller.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.controller.metrics.service.type }} + {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml index bbb6b324..e7448c52 100644 --- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml index b6804c54..7eaf28e1 100644 --- a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index c44a63f5..86d66564 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.rules.namespace }} - namespace: {{ .Values.controller.metrics.rules.namespace }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- if .Values.controller.metrics.rules.selector }} diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index 75aec8db..56ef17b5 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index f37f4b0c..5f07f109 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index 96d786cd..fe56d376 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.controller.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 3c8b0ca4..10ba7767 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- with .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 0bef6ced..b671e245 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: @@ -50,8 +51,8 @@ spec: {{- end }} serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller - --metrics-port={{ .Values.controller.containerPorts.metrics }} {{- if .Values.controller.metrics.applicationLabels.enabled }} {{- range .Values.controller.metrics.applicationLabels.labels }} @@ -98,7 +99,7 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} name: {{ .Values.controller.name }} env: - {{- with .Values.controller.env }} + {{- with (concat .Values.global.env .Values.controller.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_CONTROLLER_REPLICAS @@ -254,8 +255,10 @@ spec: failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} securityContext: - {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} workingDir: /home/argocd volumeMounts: {{- with .Values.controller.volumeMounts }} diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml new file mode 100644 index 00000000..f3b7d5d1 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -0,0 +1,39 @@ +{{- if .Values.applicationSet.certificate.enabled -}} +apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} +kind: Certificate +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + secretName: {{ .Values.applicationSet.certificate.secretName }} + commonName: {{ .Values.applicationSet.certificate.domain | quote }} + dnsNames: + - {{ .Values.applicationSet.certificate.domain | quote }} + {{- range .Values.applicationSet.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.applicationSet.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }} + name: {{ .Values.applicationSet.certificate.issuer.name | quote }} + {{- with .Values.applicationSet.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 39dd9e4d..c62227cf 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: @@ -23,12 +24,13 @@ spec: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} template: metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }} @@ -55,12 +57,8 @@ spec: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }} - {{- if not .Values.global.entrypoint.useImplicit }} - command: - - {{ .Values.global.entrypoint.entrypoint | quote }} - {{- end }} args: - - argocd-applicationset-controller + - /usr/local/bin/argocd-applicationset-controller - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} @@ -82,7 +80,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} env: - {{- with .Values.applicationSet.extraEnv }} + {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} - name: NAMESPACE @@ -185,8 +183,10 @@ spec: {{- end }} resources: {{- toYaml .Values.applicationSet.resources | nindent 12 }} + {{- with .Values.applicationSet.containerSecurityContext }} securityContext: - {{- toYaml .Values.applicationSet.containerSecurityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: {{- with .Values.applicationSet.extraVolumeMounts }} {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index 7a9397cd..ad26d22d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -3,18 +3,27 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} {{- with .Values.applicationSet.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.applicationSet.metrics.service.annotations }} + {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.applicationSet.metrics.service.type }} + {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.applicationSet.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index 176de64b..81020f54 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml index 51974356..8f179032 100644 --- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index a9ec2f92..f8f55405 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index 91cddeae..8a70526c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 9e0de533..e3a07b6f 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -9,12 +9,14 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: + type: {{ .Values.applicationSet.service.type }} ports: - name: {{ .Values.applicationSet.service.portName }} port: {{ .Values.applicationSet.service.port }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index cf5c0ef5..a196626e 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.applicationSet.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index b836ccc5..bb814a25 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -4,9 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - {{- with .Values.applicationSet.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml index 5285c6f2..d98f9423 100644 --- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml @@ -7,6 +7,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.webhook.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index a9ff71d9..829a6776 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 0628ff9c..9d60d932 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -1,7 +1,9 @@ +{{- if .Values.configs.params.create }} apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} {{- if .Values.configs.params.annotations }} @@ -12,3 +14,4 @@ metadata: {{- end }} data: {{- include "argo-cd.config.params" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml index 39a6db6b..a3400605 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmp-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} {{- with .Values.configs.cmp.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml index 7e3ae6b0..c543e8a7 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-dex-server-tls + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} {{- with .Values.dex.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index 72f9823b..982867f9 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-gpg-keys-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} {{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index 593da721..c8cdefc4 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-notifications-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index dc5bd383..cde4d555 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-notifications-secret + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.secret.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index 8ebb43d2..c882cb39 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml index b0f35aa2..4e1b3dc9 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-server-tls + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} {{- with .Values.repoServer.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 84a51197..1e69bcea 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} {{- with .Values.configs.secret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml index 1e9f8dd3..c612a62c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-server-tls + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} {{- with .Values.server.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 7b8e5d0b..a7f3abdf 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-ssh-known-hosts-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml index 149104f1..b98e40df 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-styles-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 1ba0176d..6a5a95e5 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-tls-certs-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index c1aaa531..83b1c15d 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + namespace: {{ $.Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .labels }} diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index 80dfc475..9bfcd983 100644 --- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .Values.externalRedis.secretAnnotations }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml index 96efd67c..ed1d2fd7 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-creds-{{ $repo_cred_key }} + namespace: {{ $.Release.Namespace | quote }} labels: argocd.argoproj.io/secret-type: repo-creds {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml index bd0c067c..4c028958 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-{{ $repo_key }} + namespace: {{ $.Release.Namespace | quote }} labels: argocd.argoproj.io/secret-type: repository {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index fc51bb00..d2eca77f 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: @@ -55,8 +56,8 @@ spec: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }} - command: - - argocd-notifications + args: + - /usr/local/bin/argocd-notifications - --metrics-port={{ .Values.notifications.containerPorts.metrics }} - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} @@ -65,10 +66,22 @@ spec: {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} - {{- with .Values.notifications.extraEnv }} env: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} @@ -79,8 +92,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.notifications.resources | nindent 12 }} + {{- with .Values.notifications.containerSecurityContext }} securityContext: - {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} workingDir: /app volumeMounts: - name: tls-certs diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index 3b80e97b..b5ce611d 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -3,18 +3,27 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.notifications.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} {{- with .Values.notifications.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.notifications.metrics.service.annotations }} + {{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.notifications.metrics.port | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.notifications.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.notifications.metrics.service.type }} + {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} ports: diff --git a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml index 6bd0c04e..011a7c33 100644 --- a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/pdb.yaml index f1f32715..71619547 100644 --- a/charts/argo-cd/templates/argocd-notifications/pdb.yaml +++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 52df9ad1..128c24f5 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml index e78ac5c6..7bc6e1d1 100644 --- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml index d6219280..aa824242 100644 --- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.notificationsServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.notifications.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.notifications.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 2dd280bf..de3cc5a3 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.notifications.fullname" . }} - {{- if .Values.notifications.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.notifications.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 906a544f..f438c8b5 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: @@ -60,12 +61,8 @@ spec: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} - {{- if not .Values.global.entrypoint.useImplicit }} - command: - - {{ .Values.global.entrypoint.entrypoint | quote }} - {{- end }} args: - - argocd-repo-server + - /usr/local/bin/argocd-repo-server - --port={{ .Values.repoServer.containerPorts.server }} - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} {{- with .Values.repoServer.logFormat }} @@ -80,7 +77,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.repoServer.env }} + {{- with (concat .Values.global.env .Values.repoServer.env) }} {{- toYaml . | nindent 10 }} {{- end }} {{- if .Values.openshift.enabled }} @@ -276,14 +273,20 @@ spec: failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} securityContext: - {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.repoServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.repoServer.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index d7f74320..2cba8324 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }}-hpa + namespace: {{ .Release.Namespace | quote }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index 1124057e..514595a2 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -3,18 +3,27 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.repoServer.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} {{- with .Values.repoServer.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.repoServer.metrics.service.annotations }} + {{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.repoServer.metrics.service.type }} + {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.repoServer.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 619a65ca..08a1c214 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml index 318671f0..658a1fe3 100644 --- a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml index bc422c43..5f9324d5 100644 --- a/charts/argo-cd/templates/argocd-repo-server/role.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index 3cfa312f..8834b778 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index 541ea41e..c2c43463 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -13,6 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ports: - name: {{ .Values.repoServer.service.portName }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 71f75583..7b26928f 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.repoServerServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.repoServer.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 82937d9b..aec96461 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - {{- with .Values.repoServer.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index a0368023..e9032f92 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -7,16 +7,17 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc + namespace: {{ .Release.Namespace | quote }} spec: ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: server + targetPort: {{ .Values.server.containerPorts.server }} - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: server + targetPort: {{ .Values.server.containerPorts.server }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index ed844aa2..716c38ea 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -2,7 +2,14 @@ apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} kind: Certificate metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: @@ -29,4 +36,8 @@ spec: privateKey: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.certificate.usages }} + usages: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index a5bea81b..cc928981 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: @@ -57,8 +58,8 @@ spec: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} - command: - - argocd-server + args: + - /usr/local/bin/argocd-server - --port={{ .Values.server.containerPorts.server }} - --metrics-port={{ .Values.server.containerPorts.metrics }} {{- with .Values.server.logFormat }} @@ -73,7 +74,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.server.env }} + {{- with (concat .Values.global.env .Values.server.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_SERVER_INSECURE @@ -333,8 +334,10 @@ spec: failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.server.resources | nindent 10 }} + {{- with .Values.server.containerSecurityContext }} securityContext: - {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.server.lifecycle }} lifecycle: {{- toYaml . | nindent 10 }} @@ -345,8 +348,10 @@ spec: imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }} resources: {{- toYaml .Values.server.extensions.resources | nindent 10 }} + {{- with .Values.server.extensions.containerSecurityContext }} securityContext: - {{- toYaml .Values.server.extensions.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: - name: extensions mountPath: /tmp/extensions/ diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml index 69a42093..e2ae3d84 100644 --- a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }} kind: BackendConfig metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index 46fc43a9..31687596 100644 --- a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -3,6 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 81e1e710..942c6b3f 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -3,6 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: domains: {{- with .Values.server.GKEmanagedCertificate.domains }} diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index af107b7f..cbc17c31 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-hpa + namespace: {{ .Release.Namespace | quote }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index b728a11b..b671f86f 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -7,6 +7,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }}-grpc + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingressGrpc.labels }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 0e064b0b..98ec1cb1 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -7,6 +7,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index bf8ee083..3844820e 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -3,18 +3,27 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.server.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} {{- with .Values.server.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.server.metrics.service.annotations }} + {{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.server.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.server.metrics.service.type }} + {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.server.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.server.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml index 8300d696..443ff359 100644 --- a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - {} diff --git a/charts/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml index f1fc8012..59313798 100644 --- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -3,6 +3,7 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.route.annotations }} diff --git a/charts/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo-cd/templates/argocd-server/pdb.yaml index 89c54c65..adc47aec 100644 --- a/charts/argo-cd/templates/argocd-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-server/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 16164a9a..6bfe32a4 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: @@ -22,7 +23,9 @@ rules: - argoproj.io resources: - applications + {{- if .Values.applicationSet.enabled }} - applicationsets + {{- end }} - appprojects {{- if .Values.server.extensions.enabled }} - argocdextensions diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 54d4eaeb..93b1fa94 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 879bdb32..b9881f88 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.service.labels }} @@ -30,6 +31,9 @@ spec: {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttps }} {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} {{- if eq .Values.server.service.type "LoadBalancer" }} diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index a2eb9b11..5d03aaf6 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.server.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.server.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index d00e5657..65d102e3 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.server.fullname" . }} - {{- if .Values.server.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index ae0f7295..cbb480e6 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: applications.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: applications.argoproj.io spec: group: argoproj.io @@ -310,6 +313,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -341,6 +348,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -572,6 +602,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -604,6 +639,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -950,6 +1008,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -980,6 +1042,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1203,6 +1288,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -1234,6 +1323,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1604,6 +1716,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -1636,6 +1753,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1869,6 +2009,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -1901,6 +2046,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2279,6 +2447,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -2311,6 +2484,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2562,6 +2758,11 @@ spec: additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -2594,6 +2795,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2945,6 +3169,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -2977,6 +3206,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3221,6 +3473,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -3253,6 +3510,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3602,6 +3882,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -3634,6 +3919,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3878,6 +4186,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -3910,6 +4223,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index d81a2439..b05f50f8 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: applicationsets.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: applicationsets.argoproj.io spec: group: argoproj.io @@ -241,6 +244,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -263,6 +268,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -405,6 +427,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -427,6 +451,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -728,6 +769,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -750,6 +793,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -892,6 +952,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -914,6 +976,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1219,6 +1298,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1241,6 +1322,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1383,6 +1481,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1405,6 +1505,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1515,6 +1632,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -1684,6 +1803,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1706,6 +1827,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1848,6 +1986,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1870,6 +2010,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2179,6 +2336,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2201,6 +2360,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2343,6 +2519,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2365,6 +2543,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2666,6 +2861,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2688,6 +2885,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2830,6 +3044,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2852,6 +3068,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3157,6 +3390,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3179,6 +3414,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3321,6 +3573,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3343,6 +3597,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3453,6 +3724,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -3622,6 +3895,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3644,6 +3919,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3786,6 +4078,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3808,6 +4102,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4205,6 +4516,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4227,6 +4540,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4369,6 +4699,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4391,6 +4723,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4835,6 +5184,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4857,6 +5208,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4999,6 +5367,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5021,6 +5391,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5316,6 +5703,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5338,6 +5727,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5480,6 +5886,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5502,6 +5910,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5811,6 +6236,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5833,6 +6260,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5975,6 +6419,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5997,6 +6443,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6298,6 +6761,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6320,6 +6785,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6462,6 +6944,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6484,6 +6968,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6789,6 +7290,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6811,6 +7314,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6953,6 +7473,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6975,6 +7497,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7085,6 +7624,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -7254,6 +7795,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7276,6 +7819,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7418,6 +7978,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7440,6 +8002,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7837,6 +8416,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7859,6 +8440,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8001,6 +8599,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8023,6 +8623,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8467,6 +9084,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8489,6 +9108,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8631,6 +9267,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8653,6 +9291,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8952,6 +9607,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8974,6 +9631,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9116,6 +9790,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9138,6 +9814,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9532,6 +10225,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9554,6 +10249,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9696,6 +10408,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9718,6 +10432,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10162,6 +10893,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10184,6 +10917,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10326,6 +11076,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10348,6 +11100,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10476,6 +11245,13 @@ spec: type: array goTemplate: type: boolean + preservedFields: + properties: + annotations: + items: + type: string + type: array + type: object strategy: properties: rollingSync: @@ -10681,6 +11457,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10703,6 +11481,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10845,6 +11640,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10867,6 +11664,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object diff --git a/charts/argo-cd/templates/crds/crd-extension.yaml b/charts/argo-cd/templates/crds/crd-extension.yaml index 802f0e8c..30fbce70 100644 --- a/charts/argo-cd/templates/crds/crd-extension.yaml +++ b/charts/argo-cd/templates/crds/crd-extension.yaml @@ -13,6 +13,9 @@ metadata: labels: app.kubernetes.io/name: argocdextensions.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: argocdextensions.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 81e57d82..0a6da4f0 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: appprojects.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index af6523d5..ce9741d2 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} spec: @@ -61,13 +62,15 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }} command: - /shared/argocd-dex + - --logformat={{ default .Values.global.logging.format .Values.dex.logFormat }} + - --loglevel={{ default .Values.global.logging.level .Values.dex.logLevel }} args: - rundex {{- with .Values.dex.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.dex.env }} + {{- with (concat .Values.global.env .Values.dex.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_DEX_SERVER_DISABLE_TLS @@ -114,8 +117,10 @@ spec: {{- end }} resources: {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: {{- with .Values.dex.volumeMounts }} {{- toYaml . | nindent 8 }} @@ -134,7 +139,7 @@ spec: image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex @@ -145,8 +150,10 @@ spec: name: dexconfig resources: {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.dex.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml index e79a2e3e..cb0fcc55 100644 --- a/charts/argo-cd/templates/dex/networkpolicy.yaml +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/dex/pdb.yaml b/charts/argo-cd/templates/dex/pdb.yaml index 45bd0050..c0adc73f 100644 --- a/charts/argo-cd/templates/dex/pdb.yaml +++ b/charts/argo-cd/templates/dex/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.pdb.labels }} diff --git a/charts/argo-cd/templates/dex/role.yaml b/charts/argo-cd/templates/dex/role.yaml index 6b9b3f69..49d40891 100644 --- a/charts/argo-cd/templates/dex/role.yaml +++ b/charts/argo-cd/templates/dex/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 4cc47005..08da1544 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 9661c7e0..73c98483 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.dex.metrics.service.annotations }} annotations: {{- range $key, $value := .Values.dex.metrics.service.annotations }} diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 71707f09..65abd57c 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.dexServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.dex.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.dex.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index d08d018f..21d12be2 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.dex.fullname" . }} - {{- with .Values.dex.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/extra-manifests.yaml b/charts/argo-cd/templates/extra-manifests.yaml index a9bb3b6b..fc9a76b8 100644 --- a/charts/argo-cd/templates/extra-manifests.yaml +++ b/charts/argo-cd/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml index 3d47a397..b499ab03 100644 --- a/charts/argo-cd/templates/networkpolicy-default-deny.yaml +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} name: {{ template "argo-cd.fullname" . }}-default-deny + namespace: {{ .Release.Namespace | quote }} spec: podSelector: {} policyTypes: diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 3376d732..419e5f31 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -10,6 +10,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} spec: @@ -53,14 +54,14 @@ spec: image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.image.imagePullPolicy }} args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} - --save - "" - --appendonly - "no" - {{- with .Values.redis.extraArgs }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.env }} + {{- with (concat .Values.global.env .Values.redis.env) }} env: {{- toYaml . | nindent 8 }} {{- end }} @@ -74,8 +75,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.resources | nindent 10 }} + {{- with .Values.redis.containerSecurityContext }} securityContext: - {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.redis.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} @@ -89,7 +92,7 @@ spec: value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} - {{- with .Values.redis.exporter.env }} + {{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- toYaml . | nindent 8 }} {{- end }} ports: @@ -98,8 +101,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.exporter.resources | nindent 10 }} + {{- with .Values.redis.exporter.containerSecurityContext }} securityContext: - {{- toYaml .Values.redis.exporter.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- end }} {{- with .Values.redis.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} diff --git a/charts/argo-cd/templates/redis/metrics.yaml b/charts/argo-cd/templates/redis/metrics.yaml index 6886a740..67b4c3ac 100644 --- a/charts/argo-cd/templates/redis/metrics.yaml +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -4,21 +4,26 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.redis.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.redis.metrics.service.annotations }} + {{- if or .Values.redis.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.redis.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.redis.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: type: {{ .Values.redis.metrics.service.type }} - {{- with .Values.redis.metrics.service.clusterIP }} - clusterIP: {{ . }} + {{- if and .Values.redis.metrics.service.clusterIP (eq .Values.redis.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.redis.metrics.service.clusterIP }} {{- end }} ports: - name: {{ .Values.redis.metrics.service.portName }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml index 8b564add..cd8150e1 100644 --- a/charts/argo-cd/templates/redis/networkpolicy.yaml +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml index 223c5758..59423b47 100644 --- a/charts/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -4,6 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.pdb.labels }} diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index 6e949fd4..31f497d7 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.service.labels }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml index ae67d3b2..503fb434 100644 --- a/charts/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.redisServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.redis.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.redis.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index ea913467..46a7e32c 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -4,9 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.redis.fullname" . }} - {{- with .Values.redis.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 47f375c1..31ca78c2 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -38,6 +38,8 @@ crds: keep: true # -- Annotations to be added to all CRDs annotations: {} + # -- Addtional labels to be added to all CRDs + additionalLabels: {} ## Globally shared configuration global: @@ -79,6 +81,9 @@ global: # -- Labels for the all deployed pods podLabels: {} + # -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. + addPrometheusAnnotations: false + # -- Toggle and define pod-level security context. # @default -- `{}` (See [values.yaml]) securityContext: {} @@ -132,14 +137,6 @@ global: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule - # POD entrypoint configuration - entrypoint: - # -- Implicitly use the docker image's entrypoint. This requires the image to have - # ENTRYPOINT set properly - useImplicit: false - # -- The entrypoint to use for the containers. - entrypoint: "entrypoint.sh" - # -- Deployment strategy for the all deployed Deployments deploymentStrategy: {} # type: RollingUpdate @@ -147,6 +144,12 @@ global: # maxSurge: 25% # maxUnavailable: 25% + # -- Environment variables to pass to all deployed Deployments + env: [] + + # -- Annotations for the all deployed Certificates + certificateAnnotations: {} + ## Argo Configs configs: # General Argo CD configuration @@ -217,6 +220,10 @@ configs: # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: + # -- Create the argocd-cmd-params-cm configmap + # If false, it is expected the configmap will be created by something else. + create: true + # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap annotations: {} @@ -318,6 +325,11 @@ configs: # -- Known hosts to be added to the known host list by default. # @default -- See [values.yaml] knownHosts: | + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl @@ -770,6 +782,10 @@ controller: # -- Additional labels labels: [] service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -915,7 +931,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.35.3 + tag: v2.37.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1106,6 +1122,13 @@ dex: # maxSurge: 25% # maxUnavailable: 25% + # -- Dex log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Dex log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" + ## Redis redis: # -- Enable redis @@ -1134,7 +1157,7 @@ redis: # -- Redis repository repository: quay.io/codefresh/redis # -- Redis tag - tag: 7.0.7-alpine + tag: 7.0.11-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1377,7 +1400,7 @@ redis-ha: enabled: true image: # -- Redis tag - tag: 7.0.7-alpine + tag: 7.0.11-alpine ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: @@ -1723,6 +1746,11 @@ server: algorithm: RSA # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. size: 2048 + # -- Annotations to be applied to the Server Certificate + annotations: {} + # -- Usages for the certificate + ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage + usages: [] # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server @@ -1758,6 +1786,8 @@ server: servicePortHttpName: http # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https + # -- Server service https port appProtocol. (should be upper case - i.e. HTTPS) + # servicePortHttpsAppProtocol: HTTPS # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from @@ -1774,6 +1804,10 @@ server: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2047,6 +2081,9 @@ repoServer: # - secretRef: # name: secret-name + # -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container + lifecycle: {} + # -- Additional containers to be added to the repo server pod ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ ## Note: Supports use of custom Helm templates @@ -2242,6 +2279,10 @@ repoServer: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2395,12 +2436,16 @@ applicationSet: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels labels: {} # -- Metrics service port - servicePort: 8085 + servicePort: 8080 # -- Metrics service port name portName: http-metrics serviceMonitor: @@ -2433,6 +2478,8 @@ applicationSet: annotations: {} # -- ApplicationSet service labels labels: {} + # -- ApplicationSet service type + type: ClusterIP # -- ApplicationSet service port port: 7000 # -- ApplicationSet service port name @@ -2601,6 +2648,47 @@ applicationSet: # hosts: # - argocd-applicationset.example.com + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- The name of the Secret that will be automatically created and managed by this Certificate resource + secretName: argocd-application-controller-tls + # -- Certificate primary domain (commonName) + domain: argocd.example.com + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + # -- Annotations to be applied to the ApplicationSet Certificate + annotations: {} + ## Notifications controller notifications: # -- Enable notifications controller @@ -2714,6 +2802,10 @@ notifications: # -- Metrics port port: 9001 service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index a702a625..bfb82ea1 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v2 -appVersion: v1.7.6 +appVersion: v1.8.0 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.5 +version: 2.4.0 home: https://github.com/argoproj/argo-helm -icon: https://argoproj.github.io/argo-events/assets/logo.png +icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: - argoproj - argo-events @@ -14,6 +14,11 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: priorityClassName was not being set on pods. + - kind: changed + description: Upgrade Argo Events to v1.8.0 + - kind: added + description: Add managed namespace configuration diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index f06f9d3a..0abf2c31 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -127,6 +127,7 @@ done | controller.podLabels | object | `{}` | Labels to be added to events controller pods | | controller.priorityClassName | string | `""` | Priority class for the events controller pods | | controller.rbac.enabled | bool | `true` | Create events controller RBAC | +| controller.rbac.managedNamespace | string | `""` | Additional namespace to be monitored by the controller | | controller.rbac.namespaced | bool | `false` | Restrict events controller to operate only in a single namespace instead of cluster-wide scope. | | controller.rbac.rules | list | `[]` | Additional user rules for event controller's rbac | | controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index 486fa364..b3293385 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} data: diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 0ca65ee2..a3614c73 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} @@ -47,6 +48,10 @@ spec: {{- if .Values.controller.rbac.namespaced }} - --namespaced {{- end }} + {{- if .Values.controller.rbac.managedNamespace }} + - --managed-namespace + - {{ .Values.controller.rbac.managedNamespace }} + {{- end }} {{- with .Values.controller.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} @@ -63,7 +68,7 @@ spec: {{- end }} {{- with .Values.controller.envFrom }} envFrom: - {{- toYaml | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: - name: config diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml index f1a7b721..0451ecd7 100644 --- a/charts/argo-events/templates/argo-events-controller/pdb.yaml +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml index 1d9a2e55..aa9c7c2b 100644 --- a/charts/argo-events/templates/argo-events-controller/rbac.yaml +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -3,6 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} metadata: name: {{ include "argo-events.controller.fullname" . }} + {{- if .Values.controller.rbac.namespaced }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: @@ -119,5 +122,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml index d0d6ab33..fe36320b 100644 --- a/charts/argo-events/templates/argo-events-controller/service.yaml +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-events.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} {{- with .Values.controller.metrics.service.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml index 7a035b76..3b8a9c81 100644 --- a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml index 6c1f23ca..55cda1d4 100644 --- a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-events.controller.fullname" . }} - {{- with .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} @@ -31,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ .Release.Namespace | quote }} selector: matchLabels: {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml index 5562f139..89226483 100644 --- a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml index e3839caf..0445484e 100644 --- a/charts/argo-events/templates/argo-events-webhook/deployment.yaml +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: events-webhook + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml index 15bf97bf..a3daa745 100644 --- a/charts/argo-events/templates/argo-events-webhook/pdb.yaml +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.webhook.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} {{- with .Values.webhook.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index cb85a8cb..15563d0e 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: events-webhook + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml index b723a77f..e3e2ac5b 100644 --- a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.webhook.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- with .Values.webhook.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/extra-manifests.yaml b/charts/argo-events/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-events/templates/extra-manifests.yaml +++ b/charts/argo-events/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 89a7323d..faba6939 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -138,6 +138,8 @@ controller: enabled: true # -- Restrict events controller to operate only in a single namespace instead of cluster-wide scope. namespaced: false + # -- Additional namespace to be monitored by the controller + managedNamespace: "" # -- Additional user rules for event controller's rbac rules: [] diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 64cc3539..67175469 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.4.1 +appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.23.0 +version: 2.31.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -14,6 +14,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added the ability to set pod annotations separately on controller and dashboard deployment + description: Support Traffic Router Plugins diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 1e8a29f0..5add40c3 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -49,6 +49,7 @@ For full list of changes please check ArtifactHub [changelog]. | createClusterAggregateRoles | bool | `true` | flag to enable creation of cluster aggregate roles (requires cluster RBAC) | | extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | +| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | @@ -75,7 +76,10 @@ For full list of changes please check ArtifactHub [changelog]. | containerSecurityContext | object | `{}` | Security Context to set on container level | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.containerPorts.healthz | int | `8080` | Healthz container port | +| controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | +| controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | | controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | @@ -85,10 +89,15 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.port | int | `8090` | Metrics service port | +| controller.metrics.service.portName | string | `"metrics"` | Metrics service port name | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | | controller.nodeSelector | object | `{}` | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to controller [Pod Disruption Budget] | | controller.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the controller | @@ -102,6 +111,9 @@ For full list of changes please check ArtifactHub [changelog]. | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | +| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | +| controller.volumes | list | `[]` | Additional volumes to add to the controller pod | | podAnnotations | object | `{}` | Annotations for the all deployed pods | | podLabels | object | `{}` | Labels to be added to the Rollout pods | | podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | @@ -118,6 +130,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` | | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | | dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | +| dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | | dashboard.enabled | bool | `false` | Deploy dashboard server | | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | | dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | @@ -161,6 +174,8 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | dashboard.tolerations | list | `[]` | [Tolerations] for use with node taints | | dashboard.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the dashboard server | +| dashboard.volumeMounts | list | `[]` | Additional volumeMounts to add to the dashboard container | +| dashboard.volumes | list | `[]` | Additional volumes to add to the dashboard pod | ## Upgrading diff --git a/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml index cbdb0e23..740f8f6b 100644 --- a/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml new file mode 100644 index 00000000..1978b2b6 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argo-rollouts-config + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +data: + {{- with .Values.controller.metricProviderPlugins }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.controller.trafficRouterPlugins }} + {{- toYaml . | nindent 2 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index ee118e5a..966491c8 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -1,7 +1,14 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -36,6 +43,8 @@ spec: containers: - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" args: + - --healthzPort={{ .Values.controller.containerPorts.healthz }} + - --metricsport={{ .Values.controller.containerPorts.metrics }} {{- if not .Values.clusterInstall }} - --namespaced {{- end }} @@ -52,9 +61,9 @@ spec: imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: argo-rollouts ports: - - containerPort: 8090 + - containerPort: {{ .Values.controller.containerPorts.metrics }} name: metrics - - containerPort: 8080 + - containerPort: {{ .Values.controller.containerPorts.healthz }} name: healthz livenessProbe: {{- toYaml .Values.controller.livenessProbe | nindent 10 }} @@ -64,6 +73,10 @@ spec: {{- toYaml .Values.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.controller.extraContainers }} {{- toYaml . | nindent 6 }} {{- end }} @@ -100,3 +113,7 @@ spec: {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- with .Values.controller.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml index 5e380347..e04d326a 100644 --- a/charts/argo-rollouts/templates/controller/metrics-service.yaml +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-rollouts.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -12,10 +13,10 @@ metadata: {{- end }} spec: ports: - - name: metrics + - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP - port: 8090 - targetPort: 8090 + port: {{ .Values.controller.metrics.service.port }} + targetPort: metrics selector: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml index 3008b327..a370a600 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argo-rollouts-notification-configmap + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/notifications-secret.yaml b/charts/argo-rollouts/templates/controller/notifications-secret.yaml index 4e9cc64c..52b393df 100644 --- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argo-rollouts-notification-secret + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml index 437efab9..7080b55c 100644 --- a/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml +++ b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 72ebdbc9..e3b80672 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/rolebinding.yaml b/charts/argo-rollouts/templates/controller/rolebinding.yaml index 128df3ab..e76bb194 100644 --- a/charts/argo-rollouts/templates/controller/rolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -13,4 +14,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/serviceaccount.yaml b/charts/argo-rollouts/templates/controller/serviceaccount.yaml index 327eb6a5..b0f56633 100644 --- a/charts/argo-rollouts/templates/controller/serviceaccount.yaml +++ b/charts/argo-rollouts/templates/controller/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index 72d9a691..62713764 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -15,7 +16,15 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.service.portName }} + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 70187985..bc2e61db 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -188,6 +188,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -240,6 +242,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1832,6 +1879,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2579,12 +2628,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2710,6 +2768,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2717,6 +2778,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index c2846186..2c73c5c9 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -184,6 +184,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -236,6 +238,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1828,6 +1875,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2575,12 +2624,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2706,6 +2764,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2713,6 +2774,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index a00f68fe..612608de 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -184,6 +184,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -236,6 +238,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1828,6 +1875,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2575,12 +2624,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2706,6 +2764,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2713,6 +2774,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 86af1932..acf98935 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -159,6 +159,9 @@ spec: type: object type: object service: + properties: + name: + type: string type: object template: properties: @@ -1727,6 +1730,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2474,12 +2479,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 3f6ea749..0fafbab3 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -163,6 +163,17 @@ spec: x-kubernetes-int-or-string: true postPromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -220,6 +231,17 @@ spec: type: object prePromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -307,6 +329,17 @@ spec: type: integer analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -440,6 +473,17 @@ spec: properties: analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -580,6 +624,11 @@ spec: type: string type: object type: object + service: + properties: + name: + type: string + type: object specRef: type: string weight: @@ -869,9 +918,14 @@ spec: type: string stableIngress: type: string - required: - - stableIngress + stableIngresses: + items: + type: string + type: array type: object + plugins: + type: object + x-kubernetes-preserve-unknown-fields: true smi: properties: rootService: @@ -2456,6 +2510,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -3203,12 +3259,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -3257,30 +3322,39 @@ spec: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object loadBalancer: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object stableTargetGroup: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object type: object diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml index 5f05d6e6..cb3e457a 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -71,4 +71,18 @@ rules: verbs: - list - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml index 3296060c..2dbf7379 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 0d210934..cae24888 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -2,7 +2,14 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dashboard.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -53,6 +60,10 @@ spec: {{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.dashboard.resources | nindent 10 }} + {{- with .Values.dashboard.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.dashboard.nodeSelector }} nodeSelector: {{- toYaml .Values.dashboard.nodeSelector | nindent 8 }} @@ -82,4 +93,8 @@ spec: {{- with .Values.dashboard.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- with .Values.dashboard.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/ingress.yaml b/charts/argo-rollouts/templates/dashboard/ingress.yaml index 0555d1fc..e7f9e41e 100644 --- a/charts/argo-rollouts/templates/dashboard/ingress.yaml +++ b/charts/argo-rollouts/templates/dashboard/ingress.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- if .Values.dashboard.ingress.labels }} diff --git a/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml index 742b149f..d12ba62a 100644 --- a/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml +++ b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- with .Values.dashboard.pdb.labels }} diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml index 58978150..6a304b82 100644 --- a/charts/argo-rollouts/templates/dashboard/service.yaml +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml index ff0c7300..4b531bd9 100644 --- a/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml +++ b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/extra-manifests.yaml b/charts/argo-rollouts/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-rollouts/templates/extra-manifests.yaml +++ b/charts/argo-rollouts/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index d92e9304..b81ee53a 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -38,9 +38,15 @@ extraObjects: [] # api-key: # app-key: +global: + # -- Annotations for all deployed Deployments + deploymentAnnotations: {} + controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller + # -- Annotations to be added to the controller deployment + deploymentAnnotations: {} # -- Annotations to be added to application controller pods podAnnotations: {} # -- [Node selector] @@ -106,9 +112,21 @@ controller: # -- flag to enable creation of cluster controller role (requires cluster RBAC) createClusterRole: true + # Controller container ports + containerPorts: + # -- Metrics container port + metrics: 8090 + # -- Healthz container port + healthz: 8080 + metrics: # -- Deploy metrics service enabled: false + service: + # -- Metrics service port name + portName: metrics + # -- Metrics service port + port: 8090 serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false @@ -116,6 +134,10 @@ controller: additionalLabels: {} # -- Annotations to be added to the ServiceMonitor additionalAnnotations: {} + # -- RelabelConfigs to apply to samples before scraping + relabelings: [] + # -- MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] # -- Configure liveness [probe] for the controller # @default -- See [values.yaml] @@ -154,6 +176,31 @@ controller: # -- Maximum number / percentage of pods that may be made unavailable maxUnavailable: # 0 + # -- Additional volumes to add to the controller pod + volumes: [] + # - configMap: + # name: my-certs-cm + # name: my-certs + + # -- Additional volumeMounts to add to the controller container + volumeMounts: [] + # - mountPath: /etc/ssl/certs + # name: my-certs + + # -- Configures 3rd party metric providers for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ + metricProviderPlugins: {} + # metricProviderPlugins: |- + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + + # -- Configures 3rd party traffic router plugins for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ + trafficRouterPlugins: {} + # trafficRouterPlugins: |- + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + serviceAccount: # -- Specifies whether a service account should be created create: true @@ -219,6 +266,8 @@ dashboard: readonly: false # -- Value of label `app.kubernetes.io/component` component: rollouts-dashboard + # -- Annotations to be added to the dashboard deployment + deploymentAnnotations: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} # -- [Node selector] @@ -355,6 +404,12 @@ dashboard: # hosts: # - argorollouts.example.com + # -- Additional volumes to add to the dashboard pod + volumes: [] + + # -- Additional volumeMounts to add to the dashboard container + volumeMounts: [] + notifications: secret: # -- Whether to create notifications secret diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6524a472..ade0d8b5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v2 -appVersion: v3.4.6 +appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.16 -icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +version: 0.31.0 +icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: - https://github.com/argoproj/argo-workflows @@ -12,6 +12,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.4.6. + - kind: added + description: Add support for artifactRepositoryRef diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 0c4dd649..b445df25 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -6,13 +6,6 @@ If you want your deployment of this helm chart to most closely match the [argo C ## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to create these. - -A few options are: - -- Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - ### Custom resource definitions Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. @@ -28,6 +21,41 @@ kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" ``` +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + ## Installing the Chart To install the chart with the release name `my-release`: @@ -73,6 +101,8 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | +| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | @@ -104,10 +134,12 @@ Fields to note: |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | +| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | | controller.extraEnv | list | `[]` | Extra environment variables to provide to the controller container | +| controller.extraInitContainers | list | `[]` | Enables init containers to be added to the controller deployment | | controller.image.registry | string | `"quay.io"` | Registry to use for the controller | | controller.image.repository | string | `"argoproj/workflow-controller"` | Registry to use for the controller | | controller.image.tag | string | `""` | Image tag for the workflow controller. Defaults to `.Values.images.tag`. | @@ -124,13 +156,16 @@ Fields to note: | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | | controller.metricsConfig.port | int | `9090` | Port is the port where metrics are emitted | | controller.metricsConfig.portName | string | `"metrics"` | Container metrics port name | +| controller.metricsConfig.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping | | controller.metricsConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS | | controller.metricsConfig.servicePort | int | `8080` | Service metrics port | | controller.metricsConfig.servicePortName | string | `"metrics"` | Service metrics port name | +| controller.metricsConfig.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric | | controller.name | string | `"workflow-controller"` | Workflow controller name string | | controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace | | controller.navColor | string | `""` | Set ui navigation bar background color | @@ -145,6 +180,7 @@ Fields to note: | controller.podLabels | object | `{}` | Optional labels to add to the controller pods | | controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods | | controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. | +| controller.rbac.accessAllSecrets | bool | `false` | Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. | | controller.rbac.create | bool | `true` | Adds Role and RoleBinding for the controller. | | controller.rbac.secretWhitelist | list | `[]` | Allows controller to get, list, and watch certain k8s secrets | | controller.rbac.writeConfigMaps | bool | `false` | Allows controller to create and update ConfigMaps. Enables memoization feature | @@ -206,7 +242,19 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | +| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | +| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | +| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | +| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | +| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | +| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo Server [HPA] | +| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo Server [HPA] | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo Server [HPA] | | server.baseHref | string | `"/"` | Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. | | server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. | | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | @@ -215,6 +263,7 @@ Fields to note: | server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. | | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | +| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | | server.image.registry | string | `"quay.io"` | Registry to use for the server | | server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server | | server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. | @@ -254,7 +303,21 @@ Fields to note: | server.servicePort | int | `2746` | Service port for server | | server.servicePortName | string | `""` | Service port name | | server.serviceType | string | `"ClusterIP"` | Service type for server pods | -| server.sso | object | `{}` | SSO configuration when SSO is specified as a server auth mode. | +| server.sso.clientId.key | string | `"client-id"` | Key of secret to retrieve the app OIDC client ID | +| server.sso.clientId.name | string | `"argo-server-sso"` | Name of secret to retrieve the app OIDC client ID | +| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | +| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | +| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | +| server.sso.enabled | bool | `false` | Create SSO configuration | +| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | +| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | +| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | +| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | +| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | +| server.sso.redirectUrl | string | `"https://argo/oauth2/callback"` | | +| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | +| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | +| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | | server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. | @@ -268,8 +331,8 @@ Fields to note: | artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | -| customArtifactRepository | object | `{}` | The section of custom artifact repository. Will be added to the config in case useDefaultArtifactRepo is set to false | -| useDefaultArtifactRepo | bool | `false` | Influences the creation of the ConfigMap for the workflow-controller itself. | +| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). Each map key is the name of configmap | +| customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | ## Breaking changes from the deprecated `argo` chart @@ -293,7 +356,10 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 95c626e2..8316e9a0 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -6,13 +6,6 @@ If you want your deployment of this helm chart to most closely match the [argo C ## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to create these. - -A few options are: - -- Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - ### Custom resource definitions Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. @@ -28,6 +21,41 @@ kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" ``` +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + ## Installing the Chart To install the chart with the release name `my-release`: @@ -160,7 +188,10 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml new file mode 100644 index 00000000..54c6c523 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml @@ -0,0 +1,41 @@ +artifactRepositoryRef: + # 1st ConfigMap + artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # 1st data + default-v1-s3-artifact-repository: + archiveLogs: true + s3: + bucket: my-bucket + endpoint: minio:9000 + insecure: true + accessKeySecret: + name: my-minio-cred + key: accesskey + secretKeySecret: + name: my-minio-cred + key: secretkey + # 2nd data + oss-artifact-repository: + archiveLogs: false + oss: + endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + bucket: $mybucket + accessKeySecret: + name: $mybucket-credentials + key: accessKey + secretKeySecret: + name: $mybucket-credentials + key: secretKey + # 2nd ConfigMap + another-artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: gcs + gcs: + archiveLogs: false + bucket: my-bucket + keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey diff --git a/charts/argo-workflows/ci/enable-artifact-repo-values.yaml b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml new file mode 100644 index 00000000..c20a5775 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml @@ -0,0 +1,46 @@ +# Test with artifact repository +crds: + keep: false + +useStaticCredentials: true +artifactRepository: + archiveLogs: false + s3: + accessKeySecret: + name: "{{ .Release.Name }}-minio" + key: accesskey + secretKeySecret: + name: "{{ .Release.Name }}-minio" + key: secretkey + insecure: false + bucket: + endpoint: + region: + roleARN: + useSDKCreds: true + encryptionOptions: + enableEncryption: true + gcs: + bucket: project-argo + keyFormat: "{{ `{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}` }}" + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey + azure: + endpoint: https://mystorageaccountname.blob.core.windows.net + container: my-container-name + blobNameFormat: path/in/container + useSDKCreds: true + accountKeySecret: + name: my-azure-storage-credentials + key: account-access-key + +customArtifactRepository: + artifactory: + repoUrl: https://artifactory.example.com/raw + usernameSecret: + name: artifactory-creds + key: username + passwordSecret: + name: artifactory-creds + key: password diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 7719052d..f81e6fc4 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -153,3 +153,29 @@ Return full image name including or excluding registry based on existence {{ .image.repository }} {{- end -}} {{- end -}} + +{{/* +Return the appropriate apiVersion for autoscaling +*/}} +{{- define "argo-workflows.apiVersion.autoscaling" -}} +{{- if .Values.apiVersionOverrides.autoscaling -}} +{{- print .Values.apiVersionOverrides.autoscaling -}} +{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}} +{{- print "autoscaling/v2beta1" -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for GKE resources +*/}} +{{- define "argo-workflows.apiVersions.cloudgoogle" -}} +{{- if .Values.apiVersionOverrides.cloudgoogle -}} +{{- print .Values.apiVersionOverrides.cloudgoogle -}} +{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} +{{- print "cloud.google.com/v1" -}} +{{- else -}} +{{- print "cloud.google.com/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml new file mode 100644 index 00000000..ce7cd55b --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -0,0 +1,19 @@ +{{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $cm_name }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} + {{- with $cm_val.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{- range $data_key, $data_val := (omit $cm_val "annotations") }} + {{- $data_key | nindent 2 }}: | + {{- toYaml $data_val | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 6b1a724e..c2d2a771 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -7,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: @@ -184,6 +187,16 @@ rules: - watch resourceNames: {{- toYaml . | nindent 4 }} {{- end }} +{{- if and (not .Values.controller.rbac.secretWhitelist) (.Values.controller.rbac.accessAllSecrets) }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +{{- end }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d03ecf7d..54a7be60 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "argo-workflows.controller.fullname" . }}-configmap + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} data: @@ -54,35 +55,35 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if .Values.useDefaultArtifactRepo }} + {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} {{- end }} {{- with .Values.artifactRepository.gcs }} - gcs: {{- toYaml . | nindent 8 }} + gcs: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.artifactRepository.azure }} - azure: {{- toYaml . | nindent 8 }} + azure: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- if and (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }} + {{- if .Values.artifactRepository.s3 }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: - key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }} secretKeySecret: - key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket }} - endpoint: {{ .Values.artifactRepository.s3.endpoint }} + bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} + endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} {{- if .Values.artifactRepository.s3.region }} - region: {{ .Values.artifactRepository.s3.region }} + region: {{ tpl .Values.artifactRepository.s3.region $ }} {{- end }} {{- if .Values.artifactRepository.s3.roleARN }} roleARN: {{ .Values.artifactRepository.s3.roleARN }} @@ -95,9 +96,8 @@ data: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- else }} {{- if .Values.customArtifactRepository }} - artifactRepository: {{- toYaml .Values.customArtifactRepository | nindent 6 }} + {{- toYaml .Values.customArtifactRepository | nindent 6 }} {{- end }} {{- end }} {{- if .Values.controller.metricsConfig.enabled }} @@ -128,37 +128,35 @@ data: {{- if .Values.controller.workflowDefaults }} workflowDefaults: {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} - {{- with .Values.server.sso }} + {{- if .Values.server.sso.enabled }} sso: - issuer: {{ .issuer }} + issuer: {{ .Values.server.sso.issuer }} clientId: - name: {{ .clientId.name }} - key: {{ .clientId.key }} + name: {{ .Values.server.sso.clientId.name }} + key: {{ .Values.server.sso.clientId.key }} clientSecret: - name: {{ .clientSecret.name }} - key: {{ .clientSecret.key }} - redirectUrl: {{ .redirectUrl }} - {{- with .rbac }} + name: {{ .Values.server.sso.clientSecret.name }} + key: {{ .Values.server.sso.clientSecret.key }} + redirectUrl: {{ .Values.server.sso.redirectUrl }} rbac: - enabled: {{ .enabled }} + enabled: {{ .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.scopes }} + scopes: {{ toYaml . | nindent 8 }} {{- end }} - {{- if .scopes }} - scopes: {{ toYaml .scopes | nindent 8 }} + {{- with .Values.server.sso.issuerAlias }} + issuerAlias: {{ toYaml . }} {{- end }} - {{- if .issuerAlias }} - issuerAlias: {{ .issuerAlias }} + {{- with .Values.server.sso.sessionExpiry }} + sessionExpiry: {{ toYaml . }} {{- end }} - {{- if .sessionExpiry }} - sessionExpiry: {{ .sessionExpiry }} + {{- with .Values.server.sso.customGroupClaimName }} + customGroupClaimName: {{ toYaml . }} {{- end }} - {{- if .customGroupClaimName }} - customGroupClaimName: {{ .customGroupClaimName }} + {{- with .Values.server.sso.userInfoPath }} + userInfoPath: {{ toYaml . }} {{- end }} - {{- if .userInfoPath }} - userInfoPath: {{ .userInfoPath }} - {{- end }} - {{- if .insecureSkipVerify }} - insecureSkipVerify: {{ .insecureSkipVerify }} + {{- with .Values.server.sso.insecureSkipVerify }} + insecureSkipVerify: {{ toYaml . }} {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} @@ -167,6 +165,9 @@ data: {{- with .Values.controller.links }} links: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.columns }} + columns: {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.controller.navColor }} navColor: {{ . }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index c630bac6..9fa7a7f6 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -7,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: @@ -20,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- @@ -37,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index 4e7545c7..ee38445f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 8f4f783f..c391bee8 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} @@ -32,6 +33,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} containers: - name: controller image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}" diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index 36245900..c6a8bf66 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 3ca1afad..5ade3d40 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag | trunc 63 | quote }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index f71d3507..6643d634 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} - {{- with .Values.controller.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceMonitor.additionalLabels }} @@ -14,18 +12,38 @@ metadata: spec: endpoints: {{- if .Values.controller.metricsConfig.enabled }} - - port: metrics + - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} interval: 30s + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} interval: 30s + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.controller.metricsConfig.targetLabels }} + targetLabels: + {{- toYaml . | nindent 8 }} {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ .Release.Namespace | quote }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml index 7f767b24..9264eaba 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,4 +1,5 @@ {{- if .Values.crds.install }} +{{- if or (.Values.server.clusterWorkflowTemplates.enabled) (.Values.controller.clusterWorkflowTemplates.enabled) }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -43,3 +44,4 @@ spec: served: true storage: true {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/extra-manifests.yaml b/charts/argo-workflows/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-workflows/templates/extra-manifests.yaml +++ b/charts/argo-workflows/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml new file mode 100644 index 00000000..4597db3d --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEbackendConfig.enabled }} +apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} +kind: BackendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml new file mode 100644 index 00000000..6b81c923 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEfrontendConfig.enabled }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml new file mode 100644 index 00000000..b77c3131 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -0,0 +1,12 @@ +{{- if .Values.server.GKEmanagedCertificate.enabled }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +spec: + domains: + {{- with .Values.server.GKEmanagedCertificate.domains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 4d702860..4afc1eb6 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -7,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: @@ -37,8 +40,7 @@ rules: verbs: - get - list ->>>>>>> argo-cd-5.27.1 -{{- if .Values.server.sso }} +{{- if .Values.server.sso.enabled }} - apiGroups: - "" resources: @@ -54,7 +56,7 @@ rules: - secrets verbs: - create - {{- if .Values.server.sso.rbac }} + {{- if .Values.server.sso.rbac.enabled }} - apiGroups: - "" resources: @@ -73,11 +75,9 @@ rules: - get - list - watch -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} - {{- with .Values.server.sso.rbac.secretWhitelist }} +{{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} - {{- end }} {{- end }} {{- end }} - apiGroups: diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index 6ac17aef..e8d6511d 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.enabled .Values.server.serviceAccount.create .Values.server.rbac.create -}} +{{- if and .Values.server.enabled .Values.server.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: RoleBinding @@ -7,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -20,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.server.clusterWorkflowTemplates.enabled }} --- @@ -37,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end -}} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml new file mode 100644 index 00000000..9194bbd9 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.server.enabled .Values.server.autoscaling.enabled }} +apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "argo-workflows.server.fullname" . }} + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index d92a4083..7ea6d465 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index e5230cd0..b2e50967 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} @@ -11,7 +12,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.replicas }} + {{- end }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} @@ -33,6 +36,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} containers: - name: argo-server image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}" diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index 969676e1..36209f5b 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.ingress.labels }} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index 2f6644ed..382d565e 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 22fc2b01..f7096a8d 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 3537ac89..cd992c10 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -29,6 +29,13 @@ fullnameOverride: # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" +# Override APIVersions +apiVersionOverrides: + # -- String to override apiVersion of autoscaling rendered by this helm chart + autoscaling: "" # autoscaling/v2 + # -- String to override apiVersion of GKE resources rendered by this helm chart + cloudgoogle: "" # cloud.google.com/v1 + # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster # equivalents, and start workflow-controller with the --namespaced flag. Use it @@ -74,6 +81,8 @@ controller: create: true # -- Allows controller to get, list, and watch certain k8s secrets secretWhitelist: [] + # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. + accessAllSecrets: false # -- Allows controller to create and update ConfigMaps. Enables memoization feature writeConfigMaps: false @@ -109,6 +118,15 @@ controller: servicePort: 8080 # -- Service metrics port name servicePortName: metrics + # -- ServiceMonitor relabel configs to apply to samples before scraping + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + relabelings: [] + # -- ServiceMonitor metric relabel configs to apply to samples before ingestion + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + metricRelabelings: [] + # -- ServiceMonitor will add labels from the service to the Prometheus metric + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec + targetLabels: [] # -- the controller container's securityContext securityContext: readOnlyRootFilesystem: true @@ -143,9 +161,13 @@ controller: # Only valid for 2.7+ ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/ workflowDefaults: {} - # spec: - # ttlStrategy: - # secondsAfterCompletion: 84600 + # spec: + # ttlStrategy: + # secondsAfterCompletion: 84600 + # # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/ + # artifactRepositoryRef: + # configMap: my-artifact-repository # default is "artifact-repositories" + # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. # -- Number of workflow workers workflowWorkers: # 32 @@ -287,6 +309,9 @@ controller: # -- Configure Argo Server to show custom [links] ## Ref: https://argoproj.github.io/argo-workflows/links/ links: [] + # -- Configure Argo Server to show custom [columns] + ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 + columns: [] # -- Set ui navigation bar background color navColor: "" clusterWorkflowTemplates: @@ -295,6 +320,9 @@ controller: # -- Extra containers to be added to the controller deployment extraContainers: [] + # -- Enables init containers to be added to the controller deployment + extraInitContainers: [] + # -- Workflow retention by number of workflows retentionPolicy: {} # completed: 10 @@ -426,6 +454,32 @@ server: resources: {} # -- The number of server pods to run replicas: 1 + ## Argo Server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: false + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 1 + # -- Maximum number of replicas for the Argo Server [HPA] + maxReplicas: 5 + # -- Average CPU utilization percentage for the Argo Server [HPA] + targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the Argo Server [HPA] + targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 pdb: # -- Configure [Pod Disruption Budget] for the server pods enabled: false @@ -531,45 +585,97 @@ server: # hosts: # - argoworkflows.example.com + ## Create a Google Backendconfig for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters + GKEbackendConfig: + # -- Enable BackendConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [BackendConfigSpec] + spec: {} + # spec: + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argoworkflows-secret + + ## Create a Google Managed Certificate for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + GKEmanagedCertificate: + # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. + enabled: false + # -- Domains for the Google Managed Certificate + domains: + - argoworkflows.example.com + + ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + GKEfrontendConfig: + # -- Enable FrontConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [FrontendConfigSpec] + spec: {} + # spec: + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. enabled: true # -- Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true - # -- SSO configuration when SSO is specified as a server auth mode. - sso: {} - ## All the values are required. SSO is activated by adding --auth-mode=sso - ## to the server command line. - # - ## The root URL of the OIDC identity provider. - # issuer: https://accounts.google.com - ## Name of a secret and a key in it to retrieve the app OIDC client ID from. - # clientId: - # name: argo-server-sso - # key: client-id - ## Name of a secret and a key in it to retrieve the app OIDC client secret from. - # clientSecret: - # name: argo-server-sso - # key: client-secret - ## The OIDC redirect URL. Should be in the form /oauth2/callback. - # redirectUrl: https://argo/oauth2/callback - # rbac: - # enabled: true + # SSO configuration when SSO is specified as a server auth mode. + sso: + # -- Create SSO configuration + ## SSO is activated by adding --auth-mode=sso to the server command line. + enabled: false + # -- The root URL of the OIDC identity provider + issuer: https://accounts.google.com + clientId: + # -- Name of secret to retrieve the app OIDC client ID + name: argo-server-sso + # -- Key of secret to retrieve the app OIDC client ID + key: client-id + clientSecret: + # -- Name of a secret to retrieve the app OIDC client secret + name: argo-server-sso + # -- Key of a secret to retrieve the app OIDC client secret + key: client-secret + # - The OIDC redirect URL. Should be in the form /oauth2/callback. + redirectUrl: https://argo/oauth2/callback + rbac: + # -- Adds ServiceAccount Policy to server (Cluster)Role. + enabled: true + # -- Whitelist to allow server to fetch Secrets ## When present, restricts secrets the server can read to a given list. ## You can use it to restrict the server to only be able to access the ## service account token secrets that are associated with service accounts ## used for authorization. - # secretWhitelist: [] - ## Scopes requested from the SSO ID provider. The 'groups' scope requests - ## group membership information, which is usually used for authorization - ## decisions. - # scopes: - # - groups + secretWhitelist: [] + # -- Scopes requested from the SSO ID provider + ## The 'groups' scope requests group membership information, which is usually used for authorization decisions. + scopes: [] + # - groups + # -- Define how long your login is valid for (in hours) + ## If omitted, defaults to 10h. + sessionExpiry: "" + # -- Alternate root URLs that can be included for some OIDC providers + issuerAlias: "" + # -- Override claim name for OIDC groups + customGroupClaimName: "" + # -- Specify the user info endpoint that contains the groups claim + ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta) + userInfoPath: "" + # -- Skip TLS verification for the HTTP client + insecureSkipVerify: false # -- Extra containers to be added to the server deployment extraContainers: [] + # -- Enables init containers to be added to the server deployment + extraInitContainers: [] + # -- Array of extra K8s manifests to deploy extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 @@ -596,8 +702,6 @@ extraObjects: [] # secretName: argo-server-sso-secrets-store # type: Opaque -# -- Influences the creation of the ConfigMap for the workflow-controller itself. -useDefaultArtifactRepo: false # -- Use static credentials for S3 (eg. when not using AWS IRSA) useStaticCredentials: true artifactRepository: @@ -605,17 +709,17 @@ artifactRepository: archiveLogs: false # -- Store artifact in a S3-compliant object store # @default -- See [values.yaml] - s3: - # Note the `key` attribute is not the actual secret, it's the PATH to - # the contents in the associated secret, as defined by the `name` attribute. - accessKeySecret: - # name: -minio - key: accesskey - secretKeySecret: - # name: -minio - key: secretkey - # insecure will disable TLS. Primarily used for minio installs not configured with TLS - insecure: false + s3: {} + # # Note the `key` attribute is not the actual secret, it's the PATH to + # # the contents in the associated secret, as defined by the `name` attribute. + # accessKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: accesskey + # secretKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: secretkey + # # insecure will disable TLS. Primarily used for minio installs not configured with TLS + # insecure: false # bucket: # endpoint: # region: @@ -627,7 +731,7 @@ artifactRepository: # @default -- `{}` (See [values.yaml]) gcs: {} # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}" + # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" # serviceAccountKeySecret is a secret selector. # It references the k8s secret named 'my-gcs-credentials'. # This secret is expected to have have the key 'serviceAccountKey', @@ -659,18 +763,69 @@ artifactRepository: # key: account-access-key # -- The section of custom artifact repository. -# Will be added to the config in case useDefaultArtifactRepo is set to false +# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) customArtifactRepository: {} -# customArtifactRepository: -# archiveLogs: true -# artifactory: -# repoUrl: https://artifactory.example.com/raw -# usernameSecret: -# name: artifactory-creds -# key: username -# passwordSecret: -# name: artifactory-creds -# key: password +# artifactory: +# repoUrl: https://artifactory.example.com/raw +# usernameSecret: +# name: artifactory-creds +# key: username +# passwordSecret: +# name: artifactory-creds +# key: password + +# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). +# Each map key is the name of configmap +# @default -- `{}` (See [values.yaml]) +artifactRepositoryRef: {} + # # -- 1st ConfigMap + # # If you want to use this config map by default, name it "artifact-repositories". + # # Otherwise, you can provide a reference to a + # # different config map in `artifactRepositoryRef.configMap`. + # artifact-repositories: + # # -- v3.0 and after - if you want to use a specific key, put that key into this annotation. + # annotations: + # workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # # 1st data of configmap. See above artifactRepository or customArtifactRepository. + # default-v1-s3-artifact-repository: + # archiveLogs: false + # s3: + # bucket: my-bucket + # endpoint: minio:9000 + # insecure: true + # accessKeySecret: + # name: my-minio-cred + # key: accesskey + # secretKeySecret: + # name: my-minio-cred + # key: secretkey + # # 2nd data + # oss-artifact-repository: + # archiveLogs: false + # oss: + # endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + # bucket: $mybucket + # # accessKeySecret and secretKeySecret are secret selectors. + # # It references the k8s secret named 'bucket-workflow-artifect-credentials'. + # # This secret is expected to have have the keys 'accessKey' + # # and 'secretKey', containing the base64 encoded credentials + # # to the bucket. + # accessKeySecret: + # name: $mybucket-credentials + # key: accessKey + # secretKeySecret: + # name: $mybucket-credentials + # key: secretKey + # # 2nd ConfigMap + # another-artifact-repositories: + # annotations: + # workflows.argoproj.io/default-artifact-repository: gcs + # gcs: + # bucket: my-bucket + # keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey emissary: # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 2f7a6d5c..fc733b22 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 0.0.9 +version: 1.2.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -13,6 +13,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Multiple sources for Application and ApplicationSet + description: Rollout strategy for ApplicationSet diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index bc0d0685..0e5bbbe2 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -31,6 +31,7 @@ $ helm install my-release argo/argocd-apps | applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | | applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | | extensions | list | `[]` (See [values.yaml]) | Deploy Argo UI Extensions within this helm release | +| itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | | projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | ---------------------------------------------- diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml new file mode 100644 index 00000000..2fa58978 --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -0,0 +1,41 @@ +# Test applicationsets with Progressive Syncs + +applicationsets: +- name: applicationset-progressive-syncs + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index 2258f422..6142b1bb 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -42,3 +42,32 @@ applicationsets: syncPolicy: # Set Application finalizer preserveResourcesOnDeletion: false +- name: applicationset-list-generator + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + template: + metadata: {} + spec: + project: '{{cluster}}' + source: + targetRevision: HEAD + repoURL: https://github.com/argoproj/argo-cd.git + # New path value is generated here: + path: 'applicationset/examples/template-override/{{cluster}}-override' + destination: {} + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: '{{cluster}}' + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + # This 'default' value is not used: it is is replaced by the generator's template path, above + path: applicationset/examples/template-override/default + destination: + server: '{{url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/item-templates.yaml b/charts/argocd-apps/ci/item-templates.yaml new file mode 100644 index 00000000..8a08c684 --- /dev/null +++ b/charts/argocd-apps/ci/item-templates.yaml @@ -0,0 +1,61 @@ +itemTemplates: + - items: + - name: my-appset + generators: &generators + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: "{{ .name }}" + spec: + generators: *generators + template: + metadata: + name: "{{`{{cluster}}`}}-guestbook" + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: "{{`{{cluster}}`}}" + namespace: guestbook + - items: + - name: my-appset + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: |- + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: {{ .name }} + spec: + generators: {{ toYaml .generators | nindent 4 }} + template: + metadata: + name: '{{`{{cluster}}`}}-guestbook' + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: '{{`{{cluster}}`}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index aa7a3b79..0d3a47e9 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -26,6 +26,10 @@ spec: generators: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} @@ -51,7 +55,7 @@ spec: {{- end }} {{- with .spec }} spec: - project: {{ tpl .project $ }} + project: {{ .project | squote }} {{- with .source }} source: {{- toYaml . | nindent 8 }} diff --git a/charts/argocd-apps/templates/item-templates.yaml b/charts/argocd-apps/templates/item-templates.yaml new file mode 100644 index 00000000..a209cc2a --- /dev/null +++ b/charts/argocd-apps/templates/item-templates.yaml @@ -0,0 +1,15 @@ +{{- range .Values.itemTemplates }} +{{- if kindIs "string" .template }} +{{- $template := .template -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- else }} +{{- $template := .template | toYaml -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index eb0767b9..500849df 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -103,10 +103,28 @@ applicationsets: [] # directories: # - path: guestbook # - path: kustomize-* +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar # template: # metadata: # name: '{{path.basename}}' -# labels: {} +# labels: +# project: '{{path.basename}}' # annotations: {} # spec: # project: default @@ -133,6 +151,71 @@ applicationsets: [] # # Set Application finalizer # preserveResourcesOnDeletion: false +# -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release +# @default -- `[]` (See [values.yaml]) +## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ +itemTemplates: [] +# - items: +# - name: my-appset +# generators: &generators +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: "{{ .name }}" +# spec: +# generators: *generators +# template: +# metadata: +# name: "{{`{{cluster}}`}}-guestbook" +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: "{{`{{cluster}}`}}" +# namespace: guestbook +# - items: +# - name: my-appset +# generators: +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: |- +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: {{ .name }} +# spec: +# generators: {{ toYaml .generators | nindent 4 }} +# template: +# metadata: +# name: '{{`{{cluster}}`}}-guestbook' +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: '{{`{{cluster}}`}}' +# namespace: guestbook + # -- Deploy Argo UI Extensions within this helm release # @default -- `[]` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index f64d558b..665f4bad 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.8.5 +version: 0.9.1 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -14,6 +14,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Added support for pod labels + - kind: added + description: Introduce chart signing diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index fe834149..3659fbaf 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-authscripts + namespace: {{ .Release.Namespace | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 548f3100..45554c0e 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -4,6 +4,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config + namespace: {{ .Release.Namespace | quote }} data: {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 0e0b6cfc..75f69b13 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-config + namespace: {{ .Release.Namespace | quote }} data: {{- with .Values.config.applicationsAPIKind }} applications_api: {{ . }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 936a4a70..9cc71fe3 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} spec: @@ -21,7 +22,7 @@ spec: labels: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- include "argocd-image-updater.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml index 5d1232ae..186abb41 100644 --- a/charts/argocd-image-updater/templates/metrics-service.yaml +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -14,6 +14,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "argocd-image-updater.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} spec: ports: - name: metrics diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index cb508a43..c6316f42 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -5,7 +5,8 @@ kind: Role metadata: labels: {{ include "argocd-image-updater.labels" . | nindent 4 }} - name: {{ include "argocd-image-updater.fullname" . }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ .Release.Namespace | quote }} rules: - apiGroups: - '' @@ -45,4 +46,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index d0e7bb24..c4cb7781 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -3,9 +3,10 @@ apiVersion: v1 kind: Secret metadata: name: argocd-image-updater-secret + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} type: Opaque -data: +data: argocd.token: {{ .Values.config.argocd.token | b64enc }} {{- end }} diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index c208ee69..c755731d 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/argocd-image-updater/templates/servicemonitor.yaml b/charts/argocd-image-updater/templates/servicemonitor.yaml index fa0b26a6..969f1190 100644 --- a/charts/argocd-image-updater/templates/servicemonitor.yaml +++ b/charts/argocd-image-updater/templates/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argocd-image-updater.fullname" . }}-metrics - {{- with .Values.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.metrics.serviceMonitor.selector }}