diff --git a/.argo/argo-checkout.yaml b/.argo/argo-checkout.yaml deleted file mode 100644 index d7280c3b..00000000 --- a/.argo/argo-checkout.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -type: container -version: 1 -name: argo-checkout -description: Checks out a source repository to /src -resources: - mem_mib: 500 - cpu_cores: 0.1 -image: argoproj/argoscm:v2.0 -command: ["axscm"] -args: ["clone", "%%inputs.parameters.REPO%%", "/src", "--commit", "%%inputs.parameters.COMMIT%%"] -inputs: - parameters: - COMMIT: - default: "%%session.commit%%" - REPO: - default: "%%session.repo%%" -outputs: - artifacts: - CODE: - path: /src diff --git a/.argo/publish.yaml b/.argo/publish.yaml deleted file mode 100644 index 7f15760c..00000000 --- a/.argo/publish.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -type: workflow -version: 1 -name: Publish Charts -inputs: - parameters: - COMMIT: - default: "%%session.commit%%" - REPO: - default: "%%session.repo%%" -steps: -- CHECKOUT: - template: argo-checkout -- PREPARE: - image: hypnoglow/kubernetes-helm:v2.6.1 - resources: - mem_mib: 500 - cpu_cores: 0.1 - command: ["sh", "-c"] - args: [cd /src && helm init --client-only && ./scripts/publish.sh] - inputs: - artifacts: - CODE: - from: "%%steps.CHECKOUT.outputs.artifacts.CODE%%" - path: /src - outputs: - artifacts: - CODE: - path: /src/output -- PUBLISH: - image: argoproj/argoscm:v2.0 - command: ["sh", "-c"] - args: [ - axscm clone %%inputs.parameters.REPO%% --commit gh-pages /src && cd /src && cp -r /output/* . && - git add . && git commit -m "Build on `date`" && - axscm clone %%inputs.parameters.REPO%% /src --commit gh-pages --merge=gh-pages --push] - resources: - mem_mib: 500 - cpu_cores: 0.1 - inputs: - artifacts: - CODE: - from: "%%steps.PREPARE.outputs.artifacts.CODE%%" - path: /output - ---- -type: policy -version: 1 -name: Publish Charts Policy -template: Publish Charts -notifications: -- when: - - on_failure - whom: - - committer - - author -when: -- event: on_push diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 79e8d1dc..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: 2.1 -jobs: - lint: - docker: - - image: quay.io/helmpack/chart-testing:v3.3.1 - steps: - - checkout - - run: ct lint --config .github/configs/ct-lint.yaml --lint-conf .github/configs/lintconf.yaml - publish: - docker: - - image: bash - steps: - - run: echo "Replaced by Github Workflow - https://github.com/argoproj/argo-helm/actions/workflows/publish.yml" - -workflows: - version: 2 - workflow: - jobs: - - lint - - publish: - requires: - - lint \ No newline at end of file diff --git a/.github/semantic.yml b/.github/semantic.yml new file mode 100644 index 00000000..d93cf9cc --- /dev/null +++ b/.github/semantic.yml @@ -0,0 +1,3 @@ +## Reference: https://github.com/zeke/semantic-pull-requests +# Always validate the PR title, and ignore the commits +titleOnly: true diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 1056a239..2de22a8b 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -21,7 +21,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.0.1 + uses: helm/chart-testing-action@v2.1.0 - name: List changed charts id: list-changed @@ -37,7 +37,7 @@ jobs: run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml - name: Create kind cluster - uses: helm/kind-action@v1.1.0 + uses: helm/kind-action@v1.2.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) diff --git a/CODEOWNERS b/CODEOWNERS index 0cf6f6db..012ac7f7 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -4,16 +4,16 @@ /charts/ @mkilchhofer # Argo Workflows -/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler +/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler # Argo CD -/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler +/charts/argo-cd/ @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1 # Argo Events -/charts/argo-events @jbehling @VaibhavPage @oliverbaehler +/charts/argo-events/ @jbehling @VaibhavPage @oliverbaehler # Argo Rollouts -/charts/argo-rollouts @oliverbaehler +/charts/argo-rollouts/ @oliverbaehler # Argo CD Notifications -/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler +/charts/argocd-notifications/ @alexmt @andyfeller @oliverbaehler @mbevc1 diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 502cad37..77b0fc3d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.0.1 +appVersion: 2.0.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.5.0 +version: 3.7.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3c7a8be7..c0322bad 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -34,6 +34,21 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop ## Upgrading +### 3.2.* + +With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**, +especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). + +If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: + +```yaml +kubeVersionOverride: "1.18.0" +``` + +Then you should no longer encounter this issue. + + ### 3.0.0 and above Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. @@ -68,6 +83,7 @@ server: ## Prerequisites - Kubernetes 1.7+ +- Helm v3.0.0+ ## Installing the Chart @@ -82,25 +98,22 @@ NAME: my-release ... ``` -### Helm v3 Compatibility - -Requires chart version 1.5.2 or newer. - -Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. - ## Chart Values | Parameter | Description | Default | |-----|------|---------| | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` | +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.0.4"` | | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | +| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | -| installCRDs | Install CRDs if you are using Helm2. | `true` | +| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | +| configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` | +| configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | | configs.secret.annotations | Annotations for argocd-secret | `{}` | @@ -130,6 +143,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | | controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` | | controller.env | Environment variables for the controller. | `[]` | +| controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) | | controller.image.repository | Repository to use for the controller | `global.image.repository` | | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | | controller.image.tag | Tag to use for the controller | `global.image.tag` | @@ -181,6 +195,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | repoServer.containerPort | Repo server port | `8081` | | repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | | repoServer.env | Environment variables for the repo server. | `[]` | +| repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) | | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -241,6 +256,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.containerPort | Server container port. | `8080` | | server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | | server.env | Environment variables for the server. | `[]` | +| server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) | | server.image.repository | Repository to use for the server | `global.image.repository` | | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | | server.image.tag | Tag to use for the server | `global.image.tag` | @@ -326,6 +342,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | | dex.name | Dex name | `"dex-server"` | | dex.env | Environment variables for the Dex server. | `[]` | +| dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) | | dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | dex.podAnnotations | Annotations for the Dex server pods | `{}` | | dex.podLabels | Labels for the Dex server pods | `{}` | @@ -359,6 +376,7 @@ through `xxx.extraArgs` | redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` | | redis.name | Redis name | `"redis"` | | redis.env | Environment variables for the Redis server. | `[]` | +| redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) | | redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | redis.podAnnotations | Annotations for the Redis server pods | `{}` | | redis.podLabels | Labels for the Redis server pods | `{}` | diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index c62189e8..74364ae4 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -5,8 +5,6 @@ metadata: app.kubernetes.io/name: applications.argoproj.io app.kubernetes.io/part-of: argocd name: applications.argoproj.io - annotations: - helm.sh/hook: crd-install spec: group: argoproj.io names: diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/crds/crd-project.yaml index 40182848..7bb09652 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/crds/crd-project.yaml @@ -5,8 +5,6 @@ metadata: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd name: appprojects.argoproj.io - annotations: - helm.sh/hook: crd-install spec: group: argoproj.io names: diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 79723e71..65081951 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -144,15 +144,22 @@ app.kubernetes.io/component: {{ .component }} Return the appropriate apiVersion for ingress */}} {{- define "argo-cd.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-cd.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} + {{/* Argo Configuration Preset Values (Incluenced by Values configuration) */}} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml new file mode 100644 index 00000000..e96ef9aa --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + {{- if .Values.configs.gpgKeysAnnotations }} + annotations: + {{- range $key, $value := .Values.configs.gpgKeysAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} + name: argocd-gpg-keys-cm +{{- with .Values.configs.gpgKeys }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index b0458fad..30082b2d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -67,13 +67,15 @@ spec: value: argocd {{- end }} {{- end }} - {{- with .Values.openshift.envFrom }} + {{- with .Values.repoServer.envFrom }} envFrom: {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} -{{- toYaml .Values.repoServer.volumeMounts | nindent 8}} + {{- toYaml .Values.repoServer.volumeMounts | nindent 8 }} {{- end }} + - mountPath: /app/config/gpg/source + name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring {{- if .Values.configs.knownHosts }} @@ -134,8 +136,11 @@ spec: {{- end }} volumes: {{- if .Values.repoServer.volumes }} -{{- toYaml .Values.repoServer.volumes | nindent 6}} + {{- toYaml .Values.repoServer.volumes | nindent 6 }} {{- end }} + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm - emptyDir: {} name: gpg-keyring {{- if .Values.configs.knownHosts }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 05b38acc..027cdb5f 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -17,7 +17,7 @@ metadata: spec: endpoints: - port: metrics - {{- with .Values.controller.metrics.serviceMonitor.interval }} + {{- with .Values.repoServer.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} path: /metrics diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 7212922c..753dc8bc 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -23,5 +23,5 @@ spec: issuerRef: kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-secret + secretName: {{ .Values.server.certificate.secretName | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 44b89c0e..68c98845 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -90,6 +90,8 @@ spec: subPath: "custom.styles.css" name: custom-styles {{- end }} + - mountPath: /tmp + name: tmp-dir ports: - name: {{ .Values.server.name }} containerPort: {{ .Values.server.containerPort }} @@ -149,6 +151,8 @@ spec: {{- end }} - emptyDir: {} name: static-files + - emptyDir: {} + name: tmp-dir {{- if .Values.configs.styles }} - configMap: name: argocd-custom-styles diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 1f5fc4ea..1fb89979 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -3,6 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} {{- $paths := .Values.server.ingressGrpc.paths -}} {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} +{{- $pathType := .Values.server.ingressGrpc.pathType -}} apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: @@ -36,7 +37,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} @@ -63,7 +64,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 1bd2c53c..aa7d49dc 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -3,6 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} {{- $paths := .Values.server.ingress.paths -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} +{{- $pathType := .Values.server.ingress.pathType -}} apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: @@ -36,7 +37,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} @@ -63,7 +64,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} diff --git a/charts/argo-cd/templates/crds.yaml b/charts/argo-cd/templates/crds.yaml deleted file mode 100644 index 45ab72d4..00000000 --- a/charts/argo-cd/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d5ca989d..087a091d 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3,14 +3,12 @@ ## nameOverride: argocd fullnameOverride: "" - -# Optional CRD installation for those without Helm hooks -installCRDs: true +kubeVersionOverride: "" global: image: repository: quay.io/argoproj/argocd - tag: v2.0.1 + tag: v2.0.4 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 @@ -213,10 +211,14 @@ dex: serviceMonitor: enabled: false interval: 30s + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} image: - repository: quay.io/dexidp/dex - tag: v2.26.0 + repository: ghcr.io/dexidp/dex + tag: v2.27.0 imagePullPolicy: IfNotPresent initImage: repository: @@ -493,8 +495,11 @@ server: certificate: enabled: false domain: argocd.example.com - issuer: {} + issuer: + kind: # ClusterIssuer + name: # letsencrypt additionalHosts: [] + secretName: argocd-server-tls ## Server service configuration service: @@ -552,19 +557,28 @@ server: # - argocd.example.com paths: - / + pathType: Prefix extraPaths: [] # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false - # dedicated ingess for gRPC as documented at + # dedicated ingress for gRPC as documented at # https://argoproj.github.io/argo-cd/operator-manual/ingress/ ingressGrpc: enabled: false @@ -581,15 +595,24 @@ server: # - argocd.example.com paths: - / + pathType: Prefix extraPaths: [] # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false @@ -663,7 +686,7 @@ server: ## Annotations to be added to ArgoCD rbac ConfigMap rbacConfigAnnotations: {} - # Boolean determining whether or not to create the configmap. If false, it is expected tthe configmap will be created + # Boolean determining whether or not to create the configmap. If false, it is expected the configmap will be created # by something else. ArgoCD will not work if there is no configMap created with the name above. rbacConfigCreate: true @@ -956,6 +979,27 @@ configs: # insecure: false # caData: "" + gpgKeysAnnotations: {} + gpgKeys: {} + # 4AEE18F83AFDEB23: | + # -----BEGIN PGP PUBLIC KEY BLOCK----- + # + # mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta + # x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT + # SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ + # 7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa + # buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v + # yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs + # b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW + # BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf + # DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6 + # 9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws + # +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5 + # 4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O + # j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48= + # =Bvzs + # -----END PGP PUBLIC KEY BLOCK----- + knownHostsAnnotations: {} knownHosts: data: diff --git a/charts/argo-events/.helmignore b/charts/argo-events/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo-events/.helmignore +++ b/charts/argo-events/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 1ce4415f..eb208b2f 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.3 +version: 1.6.2 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 3c375c3a..2bece9b9 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -15,6 +15,6 @@ This is a **community maintained** chart. It installs the [argo-events](https:// ## Notes on CRD Installation -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart. +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. You can install the CRDs manually from `crds` folder. \ No newline at end of file diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml index bfd2d021..c3904980 100644 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ b/charts/argo-events/templates/argo-events-cluster-roles.yaml @@ -1,5 +1,4 @@ {{- if not .Values.singleNamespace }} - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -26,9 +25,9 @@ kind: ClusterRole metadata: name: argo-events-role rules: -{{- if .Values.additionalServiceAccountRules }} -{{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} -{{- end }} + {{- with .Values.additionalServiceAccountRules }} + {{- toYaml . | nindent 2 }} + {{- end }} - apiGroups: - argoproj.io verbs: diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml index 56721159..1371f6a6 100644 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ b/charts/argo-events/templates/argo-events-roles.yaml @@ -1,5 +1,4 @@ {{- if .Values.singleNamespace }} - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -28,8 +27,8 @@ metadata: name: argo-events-role namespace: {{ .Release.Namespace }} rules: - {{- if .Values.additionalServiceAccountRules }} - {{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} + {{- with .Values.additionalServiceAccountRules }} + {{- toYaml . | nindent 2 }} {{- end }} - apiGroups: - argoproj.io diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml index f13b8a1d..fec88b4d 100644 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ b/charts/argo-events/templates/argo-events-sa.yaml @@ -5,7 +5,11 @@ kind: ServiceAccount metadata: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccountAnnotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.additionalSaNamespaces }} +{{ $annotations := .Values.serviceAccountAnnotations }} {{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} --- @@ -14,5 +18,8 @@ kind: ServiceAccount metadata: name: {{ $sa }} namespace: {{ $namespace }} + {{- with $annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml index e3631828..591d8da3 100644 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.eventbusController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -55,6 +56,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} {{- with .Values.eventbusController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/eventbus-crd.yaml b/charts/argo-events/templates/eventbus-crd.yaml deleted file mode 100644 index 4a67294e..00000000 --- a/charts/argo-events/templates/eventbus-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml index a6522da6..62fe150e 100644 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -53,6 +54,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} {{- with .Values.eventsourceController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/eventsource-crd.yaml b/charts/argo-events/templates/eventsource-crd.yaml deleted file mode 100644 index 5c6a0b6b..00000000 --- a/charts/argo-events/templates/eventsource-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - scope: Namespaced - names: - kind: EventSource - plural: eventsources - singular: eventsource - listKind: EventSourceList - shortNames: - - es - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml index e6a1c104..0b51d1de 100644 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ b/charts/argo-events/templates/sensor-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.sensorController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.sensorController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -53,6 +54,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} {{- with .Values.sensorController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/sensor-crd.yaml b/charts/argo-events/templates/sensor-crd.yaml deleted file mode 100644 index d121019e..00000000 --- a/charts/argo-events/templates/sensor-crd.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.installCRD }} -# Define a "sensor" custom resource definition -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - singular: sensor - shortNames: - - sn - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index a54ec010..11827406 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -1,5 +1,5 @@ # docker registry -registry: argoproj +registry: quay.io # The image pull policy imagePullPolicy: Always @@ -8,12 +8,12 @@ imagePullPolicy: Always imagePullSecrets: [] # - name: argo-pull-secret -# If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation. -installCRD: true - # ServiceAccount to use for running controller. serviceAccount: argo-events-sa +# serviceAccountAnnotations can be used to enable GKE workload identity, or other use-cases +serviceAccountAnnotations: {} + # Create service accounts in additional namespaces specified # The SA will always be created in the release namespaces additionalSaNamespaces: [] @@ -44,33 +44,35 @@ singleNamespace: true # sensor controller sensorController: name: sensor-controller - image: sensor-controller + image: argoproj/sensor-controller tag: v1.3.1 replicaCount: 1 - sensorImage: sensor + sensorImage: argoproj/sensor podAnnotations: {} nodeSelector: {} podLabels: {} priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventsourceController: name: eventsource-controller - image: eventsource-controller + image: argoproj/eventsource-controller tag: v1.3.1 replicaCount: 1 - eventsourceImage: eventsource + eventsourceImage: argoproj/eventsource podAnnotations: {} nodeSelector: {} podLabels: {} priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventbusController: name: eventbus-controller - image: eventbus-controller + image: argoproj/eventbus-controller tag: v1.3.1 replicaCount: 1 podAnnotations: {} @@ -79,6 +81,7 @@ eventbusController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} natsStreamingImage: nats-streaming:0.17.0 natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2 diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 5b595a4e..c636d436 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ -apiVersion: v1 -appVersion: "0.10.2" +apiVersion: v2 +appVersion: "v1.0.1" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.3 +version: 1.0.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 6d2bef84..8916a86c 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -1,12 +1,11 @@ -Argo Rollouts Chart -============= -A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. +# Argo Rollouts Chart -Current chart version is `0.5.0` +A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. Source code can be found [here](https://github.com/argoproj/argo-rollouts) ## Additional Information + This is a **community maintained** chart. This chart installs [argo-rollouts](https://argoproj.github.io/argo-rollouts/), progressive delivery for Kubernetes. The default installation is intended to be similar to the provided Argo Rollouts [releases](https://github.com/argoproj/argo-rollouts/releases). @@ -14,6 +13,7 @@ The default installation is intended to be similar to the provided Argo Rollouts ## Prerequisites - Kubernetes 1.7+ +- Helm v3.0.0+ ## Installing the Chart @@ -22,27 +22,49 @@ To install the chart with the release name `my-release`: ```console $ helm repo add argo https://argoproj.github.io/argo-helm -$ helm install --name my-release argo/argo-rollouts +$ helm install my-release argo/argo-rollouts ``` ## Chart Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| clusterInstall | bool | `true` | | -| controller.component | string | `"rollouts-controller"` | | -| controller.image.pullPolicy | string | `"IfNotPresent"` | | -| controller.image.repository | string | `"argoproj/argo-rollouts"` | | -| controller.image.tag | string | `"v0.10.2"` | | -| controller.name | string | `"argo-rollouts"` | | -| controller.resources | Resource limits and requests for the controller pods. | `{}` | -| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| controller.metrics.serviceMonitor.enabled | bool | `false` | | -| imagePullSecrets | list | `[]` | | -| installCRDs | bool | `true` | | -| crdAnnotations | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| serviceAccount.name | string | `"argo-rollouts"` | | +| clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) | +| controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| controller.image.registry | string | `quay.io` | Registry to use | +| controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | +| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| controller.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | +| controller.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | +| imagePullSecrets | list | `[]` | Registry secret names as an array | +| installCRDs | bool | `true` | Install and upgrade CRDs | +| crdAnnotations | object | `{}` | Annotations to be added to all CRDs | +| podAnnotations | object | `{}` | Annotations to be added to the Rollout pods | +| podLabels | object | `{}` | Labels to be added to the Rollout pods | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level | +| containerSecurityContext | object | `{}` | Security Context to set on container level | + +## Upgrading + +### To 1.0.0 + +* This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020. + To migrate to Helm v3 please have a look at the [Helm 2to3 Plugin](https://github.com/helm/helm-2to3). This tool will convert the existing ConfigMap used for Tiller to a Secret of type `helm.sh/release.v1`. +* `quay.io` is the default registry now +* We introduce a template function for the labels here to reduce code duplication. This also affects the Deployment `matchLabels` selector. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment resource** before you upgrade. This is necessary because Deployment's label selector is immutable. +* All resources are now prefixed with the template `"argo-rollouts.fullname"`. + This enables the users to override resource names via the `nameOverride` and `fullnameOverride` parameters. +* Breaking parameters update + * `securityContext` was renamed to `containerSecurityContext` + * Added `controller.image.registry`. Prior to this chart version you had to override the registry via `controller.image.repository` diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 48744885..2e5153b5 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -30,3 +30,35 @@ Create chart name and version as used by the chart label. {{- define "argo-rollouts.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-rollouts.labels" -}} +helm.sh/chart: {{ include "argo-rollouts.chart" . }} +{{ include "argo-rollouts.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: argo-rollouts +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-rollouts.selectorLabels" -}} +app.kubernetes.io/name: {{ include "argo-rollouts.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "argo-rollouts.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "argo-rollouts.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml index 715aa001..ab3ac6dd 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml @@ -2,12 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-view + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-view - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -27,12 +26,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-edit + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-edit - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -58,12 +56,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-admin + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-admin - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml index c3fb9f0c..5872d59d 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml @@ -2,11 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-clusterrole + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-clusterrole - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -57,6 +56,16 @@ rules: - update - patch - delete +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch # services patch needed to update selector of canary/stable/active/preview services - apiGroups: - "" @@ -135,6 +144,7 @@ rules: - watch - get - update + - patch - list # trafficsplit access needed for using the SMI provider - apiGroups: @@ -147,4 +157,15 @@ rules: - get - update - patch +- apiGroups: + - getambassador.io + resources: + - mappings + verbs: + - create + - watch + - get + - update + - list + - delete {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml index 1d446845..b48ce5b5 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml @@ -2,17 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ .Release.Name }}-clusterrolebinding + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-clusterrolebinding - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Release.Name }}-clusterrole + name: {{ include "argo-rollouts.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index 1c4342bf..fb632312 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -1,52 +1,54 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }} + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 4 }} - {{- end }} + {{- include "argo-rollouts.labels" . | nindent 4 }} spec: selector: matchLabels: - app.kubernetes.io/name: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate template: metadata: - {{- if .Values.podAnnotations }} + {{- with .Values.podAnnotations }} annotations: - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/name: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + {{- range $key, $value := .Values.podLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ .Values.serviceAccount.name }} + serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }} containers: - - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" {{- if not .Values.clusterInstall }} args: - --namespaced {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - name: {{ .Values.controller.name }} - resources: -{{- toYaml .Values.controller.resources | nindent 10 }} + name: argo-rollouts + ports: + - containerPort: 8090 + name: metrics securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{- toYaml .Values.controller.nodeSelector | nindent 8 }} {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.controller.tolerations }} tolerations: {{- toYaml .Values.controller.tolerations | nindent 8 }} @@ -55,5 +57,3 @@ spec: affinity: {{- toYaml .Values.controller.affinity | nindent 8 }} {{- end }} - strategy: - type: Recreate diff --git a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml index 4301b7c8..6f2c975f 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml @@ -1,14 +1,14 @@ +{{- if .Values.controller.metrics.enabled }} apiVersion: v1 kind: Service metadata: - name: {{ .Release.Name }}-metrics + name: {{ include "argo-rollouts.fullname" . }}-metrics labels: app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAnnotations }} annotations: - {{- range $key, $value := .Values.serviceAnnotations }} - {{ $key }}: {{ $value | quote }} + {{- toYaml . | nindent 4 }} {{- end }} spec: ports: @@ -17,4 +17,5 @@ spec: port: 8090 targetPort: 8090 selector: - app.kubernetes.io/name: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-role.yaml b/charts/argo-rollouts/templates/argo-rollouts-role.yaml index 4c80d507..a981d95d 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-role.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-role.yaml @@ -1,11 +1,11 @@ +{{- if not .Values.clusterInstall }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Release.Name }}-role + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-role - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -145,3 +145,4 @@ rules: - get - update - patch +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml b/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml index ddc0e27d..128df3ab 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml @@ -1,15 +1,16 @@ +{{- if not .Values.clusterInstall }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Release.Name }}-role-binding + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-role-binding - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-role + name: {{ include "argo-rollouts.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml b/charts/argo-rollouts/templates/argo-rollouts-sa.yaml index dca70793..327eb6a5 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-sa.yaml @@ -1,8 +1,13 @@ +{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml b/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml index ea67f356..f94a25b8 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml @@ -1,18 +1,17 @@ -{{- if .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ .Release.Name }} + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- range $key, $value := .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{ $key }}: {{ $value | quote }} {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.additionalAnnotations }} + {{- with .Values.controller.metrics.serviceMonitor.additionalAnnotations }} annotations: -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalAnnotations | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: @@ -23,6 +22,5 @@ spec: selector: matchLabels: app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index b70b6f0b..08786ca0 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysisruns.argoproj.io spec: group: argoproj.io @@ -2305,6 +2308,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2324,6 +2328,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2345,8 +2350,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2404,6 +2411,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 4712ae2d..12fc5340 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysistemplates.argoproj.io spec: group: argoproj.io @@ -2300,6 +2303,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2319,6 +2323,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2340,8 +2345,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2399,6 +2406,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 72832f03..e357b4d2 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: clusteranalysistemplates.argoproj.io spec: group: argoproj.io @@ -2300,6 +2303,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2319,6 +2323,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2340,8 +2345,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2399,6 +2406,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 1fa5b261..5f9f8cfc 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: experiments.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 888ca599..10d0a8e1 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: rollouts.argoproj.io spec: group: argoproj.io @@ -29,11 +32,13 @@ spec: jsonPath: .status.replicas name: Current type: integer - - description: Total number of non-terminated pods targeted by this rollout that have the desired template spec + - description: Total number of non-terminated pods targeted by this rollout that + have the desired template spec jsonPath: .status.updatedReplicas name: Up-to-date type: integer - - description: Total number of available pods (ready for at least minReadySeconds) targeted by this rollout + - description: Total number of available pods (ready for at least minReadySeconds) + targeted by this rollout jsonPath: .status.availableReplicas name: Available type: integer @@ -300,6 +305,12 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + scaleDownDelayRevisionLimit: + format: int32 + type: integer + scaleDownDelaySeconds: + format: int32 + type: integer stableMetadata: properties: annotations: @@ -487,6 +498,15 @@ spec: - ingress - servicePort type: object + ambassador: + properties: + mappings: + items: + type: string + type: array + required: + - mappings + type: object istio: properties: destinationRule: @@ -2648,9 +2668,15 @@ spec: - containers type: object type: object - required: - - selector - - template + workloadRef: + properties: + apiVersion: + type: string + kind: + type: string + name: + type: string + type: object type: object status: properties: @@ -2765,6 +2791,8 @@ spec: currentStepIndex: format: int32 type: integer + message: + type: string observedGeneration: type: string pauseConditions: @@ -2780,6 +2808,8 @@ spec: - startTime type: object type: array + phase: + type: string promoteFull: type: boolean readyReplicas: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index a3200728..e778377f 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -3,7 +3,6 @@ installCRDs: true clusterInstall: true controller: - name: argo-rollouts component: rollouts-controller ## Node selectors and tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ @@ -12,8 +11,9 @@ controller: tolerations: [] affinity: {} image: + registry: quay.io repository: argoproj/argo-rollouts - tag: v0.10.2 + tag: "" pullPolicy: IfNotPresent resources: {} @@ -25,13 +25,20 @@ controller: # memory: 64Mi metrics: + enabled: false serviceMonitor: enabled: false additionalLabels: {} additionalAnnotations: {} serviceAccount: - name: argo-rollouts + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" ## Annotations to be added to all CRDs ## @@ -41,6 +48,21 @@ crdAnnotations: {} ## podAnnotations: {} +## Security Context to set on pod level +## +podSecurityContext: + runAsNonRoot: true + +## Security Context to set on container level +## +containerSecurityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + ## Annotations to be added to the Rollout service ## serviceAnnotations: {} diff --git a/charts/argo-workflows/.helmignore b/charts/argo-workflows/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo-workflows/.helmignore +++ b/charts/argo-workflows/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0b78a390..2a51b0b3 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.3 -appVersion: "v3.0.2" +version: 0.2.6 +appVersion: "v3.0.7" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt index b6ac65d4..b4933a7d 100644 --- a/charts/argo-workflows/templates/NOTES.txt +++ b/charts/argo-workflows/templates/NOTES.txt @@ -1,6 +1,6 @@ 1. Get Argo Server external IP/domain by running: -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }} +kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} 2. Submit the hello-world workflow by running: diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index f5c8a4c3..18eae994 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -26,9 +26,17 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "argo-workflows.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- end -}} +{{- end -}} {{/* Create chart name and version as used by the chart label. @@ -65,7 +73,7 @@ Create the name of the server service account to use */}} {{- define "argo-workflows.serverServiceAccountName" -}} {{- if .Values.server.serviceAccount.create -}} - {{ default (include "argo-workflows.fullname" .) .Values.server.serviceAccount.name }} + {{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }} {{- else -}} {{ default "default" .Values.server.serviceAccount.name }} {{- end -}} @@ -76,7 +84,7 @@ Create the name of the controller service account to use */}} {{- define "argo-workflows.controllerServiceAccountName" -}} {{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-workflows.fullname" .) .Values.controller.serviceAccount.name }} + {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }} {{- else -}} {{ default "default" .Values.controller.serviceAccount.name }} {{- end -}} @@ -86,11 +94,18 @@ Create the name of the controller service account to use Return the appropriate apiVersion for ingress */}} {{- define "argo-workflows.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}} +{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-workflows.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index 2143f208..ba1c202d 100644 --- a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -2,10 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-workflows-aggregate-to-view + name: {{ template "argo-workflows.fullname" . }}-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: @@ -30,10 +27,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-workflows-aggregate-to-edit + name: {{ template "argo-workflows.fullname" . }}-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: @@ -63,10 +57,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-workflows-aggregate-to-admin + name: {{ template "argo-workflows.fullname" . }}-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index de5e88a3..34340d14 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -55,8 +55,6 @@ rules: resources: - workflowtemplates - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers verbs: - get - list @@ -131,11 +129,13 @@ rules: - update - patch - delete + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template rules: - apiGroups: - argoproj.io @@ -146,3 +146,4 @@ rules: - get - list - watch +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 6879d282..1235e325 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -31,6 +31,8 @@ subjects: {{- end }} {{- end }} {{- end }} + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -46,3 +48,4 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index c35894ec..e085b899 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -70,19 +70,15 @@ spec: apiVersion: v1 fieldPath: metadata.name {{- with .Values.controller.extraEnv }} - {{ toYaml . | nindent 10 }} + {{- toYaml . | nindent 12 }} {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 12 }} ports: - name: metrics containerPort: {{ .Values.controller.metricsConfig.port }} - livenessProbe: - httpGet: - port: metrics - path: {{ .Values.controller.metricsConfig.path }} - initialDelaySeconds: 30 - periodSeconds: 30 + - containerPort: 6060 + livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index e917bb41..f5e10857 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controller.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: @@ -6,3 +7,4 @@ metadata: annotations: {{- toYaml .| nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 5901bbd1..6403bf96 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -111,6 +111,8 @@ rules: - update - patch - delete + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -134,3 +136,4 @@ rules: - delete {{- end }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index fd9450d5..16d55902 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -21,6 +21,8 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} namespace: {{ .Release.Namespace }} + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -37,3 +39,4 @@ subjects: name: {{ template "argo-workflows.serverServiceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 9d1696dd..5effabf6 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -21,7 +21,7 @@ spec: {{- end }} {{- with .Values.server.podAnnotations }} annotations: - {{- toYaml .Values.server.podAnnotations | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} spec: serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }} @@ -60,15 +60,18 @@ spec: initialDelaySeconds: 10 periodSeconds: 20 env: - - name: IN_CLUSTER - value: "true" - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: BASE_HREF - value: {{ .Values.server.baseHref | quote }} + - name: IN_CLUSTER + value: "true" + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: BASE_HREF + value: {{ .Values.server.baseHref | quote }} + {{- with .Values.server.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.server.resources | nindent 12 }} volumeMounts: diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index f0488031..6072c9d7 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -19,7 +19,7 @@ metadata: {{- toYaml .Values.server.ingress.labels | nindent 4 }} {{- end }} spec: - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} @@ -35,11 +35,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: @@ -62,11 +62,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 375c5eb1..864c9931 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -12,6 +12,18 @@ init: createAggregateRoles: true +## String to partially override "argo-workflows.fullname" template +## +nameOverride: + +## String to fully override "argo-workflows.fullname" template +## +fullnameOverride: + +## Override the Kubernetes version, which is used to evaluate certain manifests +## +kubeVersionOverride: "" + # Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, # and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. singleNamespace: false @@ -93,7 +105,7 @@ controller: additionalLabels: {} serviceAccount: create: true - name: argo + name: "" # Annotations applied to created service account annotations: {} name: workflow-controller @@ -120,9 +132,22 @@ controller: # service type `LoadBalancer` loadBalancerSourceRanges: [] resources: {} - # The list of environment variable definitions to be added to the controller - # manages container verbatim. + livenessProbe: + httpGet: + port: 6060 + path: /healthz + # Require three failures to tolerate transient errors. + failureThreshold: 3 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 + + ## Extra environment variables to provide to the controller container + ## extraEnv: + ## - name: FOO + ## value: "bar" extraEnv: [] + # Extra arguments to be added to the controller extraArgs: [] replicas: 1 @@ -143,6 +168,9 @@ controller: priorityClassName: "" # https://argoproj.github.io/argo-workflows/links/ links: [] + clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. + enabled: true # executor controls how the init and wait container should be customized executor: @@ -187,7 +215,7 @@ server: # servicePortName: http serviceAccount: create: true - name: argo-server + name: "" annotations: {} # Annotations to be applied to the UI Service serviceAnnotations: {} @@ -223,6 +251,12 @@ server: # https://argoproj.github.io/argo-workflows/tls/ secure: false + ## Extra environment variables to provide to the argo-server container + ## extraEnv: + ## - name: FOO + ## value: "bar" + extraEnv: [] + # Extra arguments to provide to the Argo server binary. extraArgs: [] @@ -254,6 +288,14 @@ server: # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service + # name: ssl-redirect + # port: + # name: use-annotation tls: [] # - secretName: argocd-example-tls @@ -262,6 +304,8 @@ server: https: false clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. + enabled: true # Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true sso: diff --git a/charts/argocd-applicationset/templates/deployment.yaml b/charts/argocd-applicationset/templates/deployment.yaml index d2cd345c..4840bd65 100644 --- a/charts/argocd-applicationset/templates/deployment.yaml +++ b/charts/argocd-applicationset/templates/deployment.yaml @@ -98,3 +98,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/charts/argocd-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml index f7be897d..1be0c0ff 100644 --- a/charts/argocd-applicationset/values.yaml +++ b/charts/argocd-applicationset/values.yaml @@ -71,6 +71,8 @@ tolerations: [] affinity: {} +priorityClassName: "" + mountSSHKnownHostsVolume: true mountTLSCertsVolume: true mountGPGKeysVolume: false diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 745b9277..55cc4398 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.3.2 +version: 1.4.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml index badee60f..f888811c 100644 --- a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} labels: {{- include "argocd-notifications.bots.slack.labels" . | nindent 4 }} + {{- with .Values.bots.slack.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} {{ end }} diff --git a/charts/argocd-notifications/templates/service-metrics.yaml b/charts/argocd-notifications/templates/service-metrics.yaml index 5645a4d3..aea5d90e 100644 --- a/charts/argocd-notifications/templates/service-metrics.yaml +++ b/charts/argocd-notifications/templates/service-metrics.yaml @@ -5,6 +5,13 @@ metadata: name: {{ include "argocd-notifications.name" . }}-metrics labels: {{- include "argocd-notifications.metrics.labels" . | nindent 4 }} + {{- with .Values.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: {{- include "argocd-notifications.selectorLabels" . | nindent 4 }} diff --git a/charts/argocd-notifications/templates/serviceaccount.yaml b/charts/argocd-notifications/templates/serviceaccount.yaml index 591d13bd..418b6800 100644 --- a/charts/argocd-notifications/templates/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.serviceAccountName" . }} labels: {{- include "argocd-notifications.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index bfe746c3..ff5ca14d 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -52,6 +52,9 @@ extraArgs: [] metrics: enabled: false port: 9001 + service: + annotations: {} + labels: {} serviceMonitor: enabled: false additionalLabels: {} @@ -93,6 +96,8 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-controller + annotations: {} + cm: # Whether helm chart creates controller config map create: true @@ -371,6 +376,8 @@ bots: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-bot + annotations: {} + resources: {} # limits: # cpu: 100m