feat(argo-cd): Implement image digest for all components

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
2021-03-29 21:33:36 +02:00 · 2021-03-29 21:33:36 +02:00 · 7cff1d8f31
commit 7cff1d8f31
parent c7f1bfbda3
8 changed files with 78 additions and 16 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.3
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 3.6.3
+version: 3.7.0
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -176,4 +176,18 @@ Merge Argo Configuration with Preset Configuration
  {{- if .Values.server.configEnabled -}}
 {{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }}
  {{- end -}}
-{{- end -}}
+{{- end -}}
+
+{{/*
+Return a label-conform value of the image digest
+Ref: https://docs.docker.com/registry/spec/api/#content-digests
+*/}}
+{{- define "argo-cd.stripDigest" -}}
+{{- $imageDigest := "" -}}
+{{- if . -}}
+{{- $imageDigest = . -}}
+{{ end -}}
+{{- $algorithm := (split ":" $imageDigest)._0 -}}
+{{- $hex := (split ":" $imageDigest)._1 | trunc 12 -}}
+{{- printf "%s-%s" $algorithm $hex | trimSuffix "-" -}}
+{{- end -}}
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -1,11 +1,15 @@
 {{- $redisHa := (index .Values "redis-ha") -}}
+{{- $imageDigest := default .Values.global.image.digest .Values.controller.image.digest -}}
+{{- $strippedDigest := include "argo-cd.stripDigest" $imageDigest -}}
+{{- $imageRepository := default .Values.global.image.repository .Values.controller.image.repository -}}
+{{- $imageTag := default .Values.global.image.tag .Values.controller.image.tag -}}
 apiVersion: apps/v1
 kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }}
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
+    app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }}
 spec:
  selector:
    matchLabels:
@ -25,7 +29,7 @@ spec:
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
+        app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }}
        {{- if .Values.controller.podLabels }}
 {{- toYaml .Values.controller.podLabels | nindent 8 }}
        {{- end }}
@ -61,7 +65,11 @@ spec:
        {{- with .Values.controller.extraArgs }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
-        image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }}
+        {{- if $imageDigest }}
+        image: {{ $imageRepository }}@{{ $imageDigest }}
+        {{- else }}
+        image: {{ $imageRepository }}:{{ $imageTag }}
+        {{- end }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
        name: {{ .Values.controller.name }}
        {{- if .Values.controller.containerSecurityContext }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -1,11 +1,15 @@
 {{- $redisHa := (index .Values "redis-ha") -}}
+{{- $imageDigest := default .Values.global.image.digest .Values.repoServer.image.digest -}}
+{{- $strippedDigest := include "argo-cd.stripDigest" $imageDigest -}}
+{{- $imageRepository := default .Values.global.image.repository .Values.repoServer.image.repository -}}
+{{- $imageTag := default .Values.global.image.tag .Values.repoServer.image.tag -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "argo-cd.repoServer.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
+    app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }}
 spec:
  selector:
    matchLabels:
@ -24,7 +28,7 @@ spec:
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
+        app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }}
        {{- if .Values.repoServer.podLabels }}
 {{- toYaml .Values.repoServer.podLabels | nindent 8 }}
        {{- end }}
@ -38,7 +42,11 @@ spec:
      {{- end }}
      containers:
      - name: {{ .Values.repoServer.name }}
-        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
+        {{- if $imageDigest }}
+        image: {{ $imageRepository }}@{{ $imageDigest }}
+        {{- else }}
+        image: {{ $imageRepository }}:{{ $imageTag }}
+        {{- end }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        command:
        - uid_entrypoint.sh
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -1,11 +1,15 @@
 {{- $redisHa := (index .Values "redis-ha") -}}
+{{- $imageDigest := default .Values.global.image.digest .Values.server.image.digest -}}
+{{- $strippedDigest := include "argo-cd.stripDigest" $imageDigest -}}
+{{- $imageRepository := default .Values.global.image.repository .Values.server.image.repository -}}
+{{- $imageTag := default .Values.global.image.tag .Values.server.image.tag -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "argo-cd.server.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
+    app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }}
 spec:
  selector:
    matchLabels:
@ -24,7 +28,7 @@ spec:
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
+        app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }}
        {{- if .Values.server.podLabels }}
 {{- toYaml .Values.server.podLabels | nindent 8 }}
        {{- end }}
@ -38,7 +42,11 @@ spec:
      {{- end }}
      containers:
      - name: {{ .Values.server.name }}
-        image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }}
+        {{- if $imageDigest }}
+        image: {{ $imageRepository }}@{{ $imageDigest }}
+        {{- else }}
+        image: {{ $imageRepository }}:{{ $imageTag }}
+        {{- end }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
        command:
        - argocd-server
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -1,11 +1,15 @@
 {{- if .Values.dex.enabled }}
+{{- $strippedDigest := include "argo-cd.stripDigest" .Values.dex.image.digest -}}
+{{- $initImageDigest := default .Values.global.image.digest .Values.dex.initImage.digest -}}
+{{- $initImageRepository := default .Values.global.image.repository .Values.dex.initImage.repository -}}
+{{- $initImageTag := default .Values.global.image.tag .Values.dex.initImage.tag -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "argo-cd.dex.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
+    app.kubernetes.io/version: {{ default .Values.dex.image.tag $strippedDigest | quote }}
 spec:
  selector:
    matchLabels:
@ -20,7 +24,7 @@ spec:
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
+        app.kubernetes.io/version: {{ default .Values.dex.image.tag $strippedDigest | quote }}
        {{- if .Values.dex.podLabels }}
 {{- toYaml .Values.dex.podLabels | nindent 8 }}
        {{- end }}
@ -34,7 +38,11 @@ spec:
      {{- end }}
      initContainers:
      - name: copyutil
-        image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }}
+        {{- if $initImageDigest }}
+        image: {{ $initImageRepository }}@{{ $initImageDigest }}
+        {{- else }}
+        image: {{ $initImageRepository }}:{{ $initImageTag }}
+        {{- end }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
        resources:
 {{- toYaml .Values.dex.resources | nindent 10 }}
@ -51,7 +59,11 @@ spec:
          name: static-files
      containers:
      - name: {{ .Values.dex.name }}
+        {{- if .Values.dex.image.digest }}
+        image: {{ .Values.dex.image.repository }}@{{ .Values.dex.image.digest }}
+        {{- else }}
        image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
+        {{- end }}
        imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }}
        command:
        - /shared/argocd-dex
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -1,4 +1,5 @@
 {{- $redisHa := (index .Values "redis-ha") -}}
+{{- $strippedDigest := include "argo-cd.stripDigest" .Values.redis.image.digest -}}
 {{- if and .Values.redis.enabled (not $redisHa.enabled) -}}
 apiVersion: apps/v1
 kind: Deployment
@ -6,7 +7,7 @@ metadata:
  name: {{ template "argo-cd.redis.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
+    app.kubernetes.io/version: {{ default .Values.redis.image.tag $strippedDigest | quote }}
 spec:
  selector:
    matchLabels:
@ -21,7 +22,7 @@ spec:
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
+        app.kubernetes.io/version: {{ default .Values.redis.image.tag $strippedDigest | quote }}
        {{- if .Values.redis.podLabels }}
 {{- toYaml .Values.redis.podLabels | nindent 8 }}
        {{- end }}
@ -44,7 +45,11 @@ spec:
        {{- with .Values.redis.extraArgs }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
+        {{- if .Values.redis.image.digest }}
+        image: {{ .Values.redis.image.repository }}@{{ .Values.redis.image.digest }}
+        {{- else }}
        image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
+        {{- end }}
        imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
        {{- if .Values.redis.containerSecurityContext }}
        securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -12,6 +12,7 @@ global:
  image:
    repository: quay.io/argoproj/argocd
    tag: v2.0.3
+    digest: # sha256:a2888d810d0741fe009b4ee4f4e7e76750be8e8732b05fe3f954e0ae319f7a61
    imagePullPolicy: IfNotPresent
  securityContext: {}
  #  runAsUser: 999
@ -30,6 +31,7 @@ controller:
  image:
    repository: # defaults to global.image.repository
    tag: # defaults to global.image.tag
+    digest:
    imagePullPolicy: # IfNotPresent

  # If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable
@ -218,10 +220,12 @@ dex:
  image:
    repository: quay.io/dexidp/dex
    tag: v2.26.0
+    digest:
    imagePullPolicy: IfNotPresent
  initImage:
    repository:
    tag:
+    digest:
    imagePullPolicy:

  ## Environment variables to pass to the Dex server
@ -302,6 +306,7 @@ redis:
  image:
    repository: redis
    tag: 6.2.2-alpine
+    digest:
    imagePullPolicy: IfNotPresent

  ## Additional command line arguments to pass to redis-server
@ -404,6 +409,7 @@ server:
  image:
    repository: # defaults to global.image.repository
    tag: # defaults to global.image.tag
+    digest:
    imagePullPolicy: # IfNotPresent

  ## Additional command line arguments to pass to argocd-server
@ -784,6 +790,7 @@ repoServer:
  image:
    repository: # defaults to global.image.repository
    tag: # defaults to global.image.tag
+    digest:
    imagePullPolicy: # IfNotPresent

  ## Additional command line arguments to pass to argocd-repo-server