From 7cff1d8f310cd36b2017c3bd3eb839ee35f9ab90 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 29 Mar 2021 21:33:36 +0200 Subject: [PATCH] feat(argo-cd): Implement image digest for all components Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/_helpers.tpl | 16 +++++++++++++++- .../deployment.yaml | 14 +++++++++++--- .../argocd-repo-server/deployment.yaml | 14 +++++++++++--- .../templates/argocd-server/deployment.yaml | 14 +++++++++++--- charts/argo-cd/templates/dex/deployment.yaml | 18 +++++++++++++++--- charts/argo-cd/templates/redis/deployment.yaml | 9 +++++++-- charts/argo-cd/values.yaml | 7 +++++++ 8 files changed, 78 insertions(+), 16 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e8f58a65..a9215761 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.3 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.3 +version: 3.7.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 65081951..e1440598 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -176,4 +176,18 @@ Merge Argo Configuration with Preset Configuration {{- if .Values.server.configEnabled -}} {{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Return a label-conform value of the image digest +Ref: https://docs.docker.com/registry/spec/api/#content-digests +*/}} +{{- define "argo-cd.stripDigest" -}} +{{- $imageDigest := "" -}} +{{- if . -}} +{{- $imageDigest = . -}} +{{ end -}} +{{- $algorithm := (split ":" $imageDigest)._0 -}} +{{- $hex := (split ":" $imageDigest)._1 | trunc 12 -}} +{{- printf "%s-%s" $algorithm $hex | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 7902be76..7f5d6e16 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -1,11 +1,15 @@ {{- $redisHa := (index .Values "redis-ha") -}} +{{- $imageDigest := default .Values.global.image.digest .Values.controller.image.digest -}} +{{- $strippedDigest := include "argo-cd.stripDigest" $imageDigest -}} +{{- $imageRepository := default .Values.global.image.repository .Values.controller.image.repository -}} +{{- $imageTag := default .Values.global.image.tag .Values.controller.image.tag -}} apiVersion: apps/v1 kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }} metadata: name: {{ template "argo-cd.controller.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} + app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }} spec: selector: matchLabels: @@ -25,7 +29,7 @@ spec: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} + app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} @@ -61,7 +65,11 @@ spec: {{- with .Values.controller.extraArgs }} {{- . | toYaml | nindent 8 }} {{- end }} - image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} + {{- if $imageDigest }} + image: {{ $imageRepository }}@{{ $imageDigest }} + {{- else }} + image: {{ $imageRepository }}:{{ $imageTag }} + {{- end }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} name: {{ .Values.controller.name }} {{- if .Values.controller.containerSecurityContext }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index bd924d4b..eccd5253 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -1,11 +1,15 @@ {{- $redisHa := (index .Values "redis-ha") -}} +{{- $imageDigest := default .Values.global.image.digest .Values.repoServer.image.digest -}} +{{- $strippedDigest := include "argo-cd.stripDigest" $imageDigest -}} +{{- $imageRepository := default .Values.global.image.repository .Values.repoServer.image.repository -}} +{{- $imageTag := default .Values.global.image.tag .Values.repoServer.image.tag -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-cd.repoServer.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} + app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }} spec: selector: matchLabels: @@ -24,7 +28,7 @@ spec: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} + app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }} {{- if .Values.repoServer.podLabels }} {{- toYaml .Values.repoServer.podLabels | nindent 8 }} {{- end }} @@ -38,7 +42,11 @@ spec: {{- end }} containers: - name: {{ .Values.repoServer.name }} - image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} + {{- if $imageDigest }} + image: {{ $imageRepository }}@{{ $imageDigest }} + {{- else }} + image: {{ $imageRepository }}:{{ $imageTag }} + {{- end }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} command: - uid_entrypoint.sh diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 44b89c0e..882d1818 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -1,11 +1,15 @@ {{- $redisHa := (index .Values "redis-ha") -}} +{{- $imageDigest := default .Values.global.image.digest .Values.server.image.digest -}} +{{- $strippedDigest := include "argo-cd.stripDigest" $imageDigest -}} +{{- $imageRepository := default .Values.global.image.repository .Values.server.image.repository -}} +{{- $imageTag := default .Values.global.image.tag .Values.server.image.tag -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} + app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }} spec: selector: matchLabels: @@ -24,7 +28,7 @@ spec: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} + app.kubernetes.io/version: {{ default $imageTag $strippedDigest | quote }} {{- if .Values.server.podLabels }} {{- toYaml .Values.server.podLabels | nindent 8 }} {{- end }} @@ -38,7 +42,11 @@ spec: {{- end }} containers: - name: {{ .Values.server.name }} - image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} + {{- if $imageDigest }} + image: {{ $imageRepository }}@{{ $imageDigest }} + {{- else }} + image: {{ $imageRepository }}:{{ $imageTag }} + {{- end }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} command: - argocd-server diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 557140ce..1c5945c1 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -1,11 +1,15 @@ {{- if .Values.dex.enabled }} +{{- $strippedDigest := include "argo-cd.stripDigest" .Values.dex.image.digest -}} +{{- $initImageDigest := default .Values.global.image.digest .Values.dex.initImage.digest -}} +{{- $initImageRepository := default .Values.global.image.repository .Values.dex.initImage.repository -}} +{{- $initImageTag := default .Values.global.image.tag .Values.dex.initImage.tag -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-cd.dex.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} - app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} + app.kubernetes.io/version: {{ default .Values.dex.image.tag $strippedDigest | quote }} spec: selector: matchLabels: @@ -20,7 +24,7 @@ spec: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }} - app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} + app.kubernetes.io/version: {{ default .Values.dex.image.tag $strippedDigest | quote }} {{- if .Values.dex.podLabels }} {{- toYaml .Values.dex.podLabels | nindent 8 }} {{- end }} @@ -34,7 +38,11 @@ spec: {{- end }} initContainers: - name: copyutil - image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} + {{- if $initImageDigest }} + image: {{ $initImageRepository }}@{{ $initImageDigest }} + {{- else }} + image: {{ $initImageRepository }}:{{ $initImageTag }} + {{- end }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} resources: {{- toYaml .Values.dex.resources | nindent 10 }} @@ -51,7 +59,11 @@ spec: name: static-files containers: - name: {{ .Values.dex.name }} + {{- if .Values.dex.image.digest }} + image: {{ .Values.dex.image.repository }}@{{ .Values.dex.image.digest }} + {{- else }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} + {{- end }} imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }} command: - /shared/argocd-dex diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index a6f0c46a..fef2505d 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -1,4 +1,5 @@ {{- $redisHa := (index .Values "redis-ha") -}} +{{- $strippedDigest := include "argo-cd.stripDigest" .Values.redis.image.digest -}} {{- if and .Values.redis.enabled (not $redisHa.enabled) -}} apiVersion: apps/v1 kind: Deployment @@ -6,7 +7,7 @@ metadata: name: {{ template "argo-cd.redis.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} - app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} + app.kubernetes.io/version: {{ default .Values.redis.image.tag $strippedDigest | quote }} spec: selector: matchLabels: @@ -21,7 +22,7 @@ spec: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }} - app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} + app.kubernetes.io/version: {{ default .Values.redis.image.tag $strippedDigest | quote }} {{- if .Values.redis.podLabels }} {{- toYaml .Values.redis.podLabels | nindent 8 }} {{- end }} @@ -44,7 +45,11 @@ spec: {{- with .Values.redis.extraArgs }} {{- . | toYaml | nindent 8 }} {{- end }} + {{- if .Values.redis.image.digest }} + image: {{ .Values.redis.image.repository }}@{{ .Values.redis.image.digest }} + {{- else }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} + {{- end }} imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} {{- if .Values.redis.containerSecurityContext }} securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 97b14fd0..0d161a8a 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -12,6 +12,7 @@ global: image: repository: quay.io/argoproj/argocd tag: v2.0.3 + digest: # sha256:a2888d810d0741fe009b4ee4f4e7e76750be8e8732b05fe3f954e0ae319f7a61 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 @@ -30,6 +31,7 @@ controller: image: repository: # defaults to global.image.repository tag: # defaults to global.image.tag + digest: imagePullPolicy: # IfNotPresent # If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable @@ -218,10 +220,12 @@ dex: image: repository: quay.io/dexidp/dex tag: v2.26.0 + digest: imagePullPolicy: IfNotPresent initImage: repository: tag: + digest: imagePullPolicy: ## Environment variables to pass to the Dex server @@ -302,6 +306,7 @@ redis: image: repository: redis tag: 6.2.2-alpine + digest: imagePullPolicy: IfNotPresent ## Additional command line arguments to pass to redis-server @@ -404,6 +409,7 @@ server: image: repository: # defaults to global.image.repository tag: # defaults to global.image.tag + digest: imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-server @@ -784,6 +790,7 @@ repoServer: image: repository: # defaults to global.image.repository tag: # defaults to global.image.tag + digest: imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-repo-server