diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8b70c98b..f6b967a1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 1.7.6 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.9.5 +version: 2.10.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b58434e2..07b72e20 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -119,6 +119,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | | controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| controller.replicas | The number of controller pods to run | `1` |\ | controller.resources | Resource limits and requests for the controller pods. | `{}` | | controller.service.annotations | Controller service annotations. | `{}` | | controller.service.labels | Controller service labels. | `{}` | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 3067e969..3dde5e51 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -17,7 +17,7 @@ spec: app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller app.kubernetes.io/instance: {{ .Release.Name }} revisionHistoryLimit: 5 - replicas: 1 + replicas: {{ .Values.controller.replicas }} template: metadata: {{- if .Values.controller.podAnnotations }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 57095815..745b270b 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -31,6 +31,10 @@ controller: tag: # v1.7.6 imagePullPolicy: # IfNotPresent + # If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable + replicas: 1 + + ## Argo controller commandline flags args: statusProcessors: "20" @@ -49,6 +53,9 @@ controller: ## Environment variables to pass to argocd-controller ## env: [] + # - name: "ARGOCD_CONTROLLER_REPLICAS" + # value: "" + ## Annotations to be added to controller pods ## diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 7ac88c50..63fbbdbb 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v2.11.7 description: A Helm chart for Argo Workflows name: argo -version: 0.13.6 +version: 0.13.8 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/server-cluster-roles.yaml b/charts/argo/templates/server-cluster-roles.yaml index eb7b71a4..ac51e455 100644 --- a/charts/argo/templates/server-cluster-roles.yaml +++ b/charts/argo/templates/server-cluster-roles.yaml @@ -13,12 +13,6 @@ rules: - get - watch - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - apiGroups: - "" resources: @@ -30,6 +24,21 @@ rules: - list - watch - delete +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +{{- with .Values.server.rbac.secretWhitelist }} + resourceNames: {{- toYaml . | nindent 4 }} +{{- end }} - apiGroups: - "" resources: @@ -41,15 +50,14 @@ rules: - "" resources: - secrets - - serviceaccounts resourceNames: - {{- if .Values.controller.persistence.postgresql }} - - {{ .Values.controller.persistence.postgresql.userNameSecret.name }} - - {{ .Values.controller.persistence.postgresql.passwordSecret.name }} + {{- with .Values.controller.persistence.postgresql }} + - {{ .userNameSecret.name }} + - {{ .passwordSecret.name }} {{- end}} - {{- if .Values.controller.persistence.mysql }} - - {{ .Values.controller.persistence.mysql.userNameSecret.name }} - - {{ .Values.controller.persistence.mysql.passwordSecret.name }} + {{- with .Values.controller.persistence.mysql }} + - {{ .userNameSecret.name }} + - {{ .passwordSecret.name }} {{- end}} verbs: - get diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml old mode 100644 new mode 100755 index 74828caa..dda3df94 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ b/charts/argo/templates/workflow-controller-deployment.yaml @@ -51,7 +51,7 @@ spec: - "--workflow-workers" - {{ . | quote }} {{- end }} - {{- if .Values.controller.podWorkers }} + {{- with .Values.controller.podWorkers }} - "--pod-workers" - {{ . | quote }} {{- end }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 4fa4cd7a..5a9a452b 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -164,6 +164,9 @@ server: serviceType: ClusterIP servicePort: 2746 # servicePortName: http + rbac: + # When present, restricts secrets the server can read to a given list. + secretWhitelist: [] serviceAccount: argo-server # Whether to create the service account with the name specified in # server.serviceAccount and bind it to the server role.