From abcd61717ff91c1f3b3d547be2bcd2d2c5a61db3 Mon Sep 17 00:00:00 2001 From: Sergey <41047934+1Psy@users.noreply.github.com> Date: Wed, 21 Apr 2021 18:45:05 +0300 Subject: [PATCH 01/47] feat(argocd-notifications): Add securityContext (#644) Signed-off-by: 1Psy <41047934+1Psy@users.noreply.github.com> --- charts/argocd-notifications/Chart.yaml | 2 +- charts/argocd-notifications/templates/deployment.yaml | 8 ++++++-- charts/argocd-notifications/values.yaml | 7 +++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 2d1ada91..881c18ae 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.1.1 +version: 1.1.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/deployment.yaml b/charts/argocd-notifications/templates/deployment.yaml index bc6948d3..0e18f698 100644 --- a/charts/argocd-notifications/templates/deployment.yaml +++ b/charts/argocd-notifications/templates/deployment.yaml @@ -26,8 +26,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argocd-notifications.serviceAccountName" . }} - securityContext: - runAsNonRoot: true + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 8 }} + {{- end }} containers: - name: {{ include "argocd-notifications.name" . }}-controller image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -51,6 +52,9 @@ spec: name: metrics protocol: TCP {{- end }} + {{- if .Values.containerSecurityContext }} + securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- end }} {{- with .Values.extraEnv }} env: {{ toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index 35cce8df..0a27e643 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -65,6 +65,13 @@ notifiers: podAnnotations: {} +## Pod Security Context +securityContext: + runAsNonRoot: true + +## Container Security Context +containerSecurityContext: {} + resources: {} # limits: # cpu: 100m From 49ccf4ae8ab84a244a09c0a20deac3a4f32d09e9 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 21 Apr 2021 21:31:16 +0200 Subject: [PATCH 02/47] feat(argo-cd): Add compatibility to v1 Ingress (#637) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argo-cd): Add compatibility to v1 Ingress Signed-off-by: Marco Kilchhofer * chore(argo-cd): Add spaces to improve readability Signed-off-by: Marco Kilchhofer * feat(argo-cd): Bump chart version Signed-off-by: Marco Kilchhofer * fix: Apply review changes Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler Co-authored-by: Oliver Bähler --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 2 + charts/argo-cd/templates/_helpers.tpl | 15 +++- .../templates/argocd-server/ingress-grpc.yaml | 71 +++++++++++++------ .../templates/argocd-server/ingress.yaml | 71 +++++++++++++------ charts/argo-cd/values.yaml | 2 + 6 files changed, 119 insertions(+), 44 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8019e90d..ed2d87be 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.1.2 +version: 3.2.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d94003d7..6d1430d1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -227,12 +227,14 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.ingress.enabled | Enable an ingress resource for the server | `false` | | server.ingress.hosts | List of ingress hosts | `[]` | | server.ingress.labels | Additional ingress labels. | `{}` | +| server.ingress.ingressClassName | Defines which ingress controller will implement the resource | `""` | | server.ingress.tls | Ingress TLS configuration. | `[]` | | server.ingress.https | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | `false` | | server.ingressGrpc.annotations | Additional ingress annotations for dedicated [gRPC-ingress] | `{}` | | server.ingressGrpc.enabled | Enable an ingress resource for the server for dedicated [gRPC-ingress] | `false` | | server.ingressGrpc.hosts | List of ingress hosts for dedicated [gRPC-ingress] | `[]` | | server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` | +| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` | | server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` | | server.route.enabled | Enable a OpenShift route for the server | `false` | | server.route.hostname | Hostname of OpenShift route | `""` | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 431f9069..9ab07ef4 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -138,4 +138,17 @@ app.kubernetes.io/instance: {{ .context.Release.Name }} {{- if .component }} app.kubernetes.io/component: {{ .component }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* +Return the appropriate apiVersion for ingress +*/}} +{{- define "argo-cd.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 914f1b8a..1f5fc4ea 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -3,11 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} {{- $paths := .Values.server.ingressGrpc.paths -}} {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} +apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: {{- if .Values.server.ingressGrpc.annotations }} @@ -19,41 +15,74 @@ metadata: name: {{ template "argo-cd.server.fullname" . }}-grpc labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.ingressGrpc.labels }} -{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} -{{- end }} + {{- if .Values.server.ingressGrpc.labels }} + {{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} + {{- end }} spec: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} rules: {{- if .Values.server.ingressGrpc.hosts }} - {{- range $host := .Values.server.ingressGrpc.hosts }} + {{- range $host := .Values.server.ingressGrpc.hosts }} - host: {{ $host }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end -}} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} - {{- end -}} + {{- end }} + {{- end -}} + {{- end -}} {{- else }} - http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end -}} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} + {{- end }} + {{- end -}} {{- end -}} {{- if .Values.server.ingressGrpc.tls }} tls: -{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} + {{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index d4e5020f..1bd2c53c 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -3,11 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} {{- $paths := .Values.server.ingress.paths -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} +apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: {{- if .Values.server.ingress.annotations }} @@ -19,41 +15,74 @@ metadata: name: {{ template "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.ingress.labels }} -{{- toYaml .Values.server.ingress.labels | nindent 4 }} -{{- end }} + {{- if .Values.server.ingress.labels }} + {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- end }} spec: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} rules: {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} - host: {{ $host }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} - {{- end -}} + {{- end }} + {{- end -}} + {{- end -}} {{- else }} - http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} + {{- end }} + {{- end -}} {{- end -}} {{- if .Values.server.ingress.tls }} tls: -{{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- toYaml .Values.server.ingress.tls | nindent 4 }} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1b7c2682..32e244ab 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -493,6 +493,7 @@ server: enabled: false annotations: {} labels: {} + ingressClassName: "" ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. @@ -521,6 +522,7 @@ server: enabled: false annotations: {} labels: {} + ingressClassName: "" ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. From 8f7d9ff0d8e9a2afcbfc20407f857d95df1afcc9 Mon Sep 17 00:00:00 2001 From: Spencer Gilbert Date: Thu, 22 Apr 2021 11:50:04 -0400 Subject: [PATCH 03/47] Update CODEOWNERS (#691) Unfortunately I haven't had the time to participate here for a while, and seem to be moving away from using ArgoCD so I think it'd be appropriate to remove me from here. Signed-off-by: Spencer Gilbert --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index f35c9b71..bb890183 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -4,7 +4,7 @@ /charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler # Argo CD -/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler +/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler # Argo Events /charts/argo-events @jbehling @VaibhavPage @oliverbaehler From 7e5a2e136f537a7af0080dd408ae9477f80923bf Mon Sep 17 00:00:00 2001 From: AIKAWA Date: Sat, 24 Apr 2021 00:36:55 +0900 Subject: [PATCH 04/47] chore(argo): fix referenced URL (#693) * fix referenced URL Signed-off-by: yu-croco * update chart version due to referenced link fix Signed-off-by: yu-croco --- charts/argo/Chart.yaml | 2 +- charts/argo/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 1ce323cc..741fa2e6 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v2.12.5 description: A Helm chart for Argo Workflows name: argo -version: 0.16.8 +version: 0.16.9 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 0a5be36d..31a36041 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -136,7 +136,7 @@ controller: # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ # PriorityClass: system-cluster-critical priorityClassName: "" - # https://argoproj.github.io/argo/links/ + # https://argoproj.github.io/argo-workflows/links/ links: [] # executor controls how the init and wait container should be customized @@ -206,7 +206,7 @@ server: # Run the argo server in "secure" mode. Configure this value instead of # "--secure" in extraArgs. See the following documentation for more details # on secure mode: - # https://argoproj.github.io/argo/tls/#encrypted + # https://argoproj.github.io/argo-workflows/tls/#encrypted secure: false # Extra arguments to provide to the Argo server binary. From bb9af68fc2cc7d1f846855e19d00c8659a8a7c4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 23 Apr 2021 21:54:05 +0200 Subject: [PATCH 05/47] feat(argo-ci): deprecate argo-ci helm chart (#688) Co-authored-by: Alex Collins --- charts/argo-ci/Chart.yaml | 13 +++++++------ charts/argo-ci/README.md | 2 ++ charts/argo-ci/requirements.lock | 6 ------ charts/argo-ci/requirements.yaml | 4 ---- 4 files changed, 9 insertions(+), 16 deletions(-) delete mode 100644 charts/argo-ci/requirements.lock delete mode 100644 charts/argo-ci/requirements.yaml diff --git a/charts/argo-ci/Chart.yaml b/charts/argo-ci/Chart.yaml index b658915d..c41334d9 100644 --- a/charts/argo-ci/Chart.yaml +++ b/charts/argo-ci/Chart.yaml @@ -1,11 +1,12 @@ -apiVersion: v1 +apiVersion: v2 description: A Helm chart for Argo-CI name: argo-ci -version: 0.1.7 +version: 1.0.0 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png appVersion: v1.0.0-alpha2 home: https://github.com/argoproj/argo-helm -maintainers: - - name: alexec - - name: alexmt - - name: jessesuen +deprecated: true +dependencies: + - name: argo + version: "^0.16.0" + repository: https://argoproj.github.io/argo-helm diff --git a/charts/argo-ci/README.md b/charts/argo-ci/README.md index 28231e8c..7eaa9039 100644 --- a/charts/argo-ci/README.md +++ b/charts/argo-ci/README.md @@ -1,3 +1,5 @@ # Argo CI Chart +**Deprecated** - Use [Argo-Events](./argo-events) instead. + This is a **community maintained** chart. diff --git a/charts/argo-ci/requirements.lock b/charts/argo-ci/requirements.lock deleted file mode 100644 index 14b83c58..00000000 --- a/charts/argo-ci/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: argo - repository: https://argoproj.github.io/argo-helm - version: 0.2.1 -digest: sha256:af0f837200061b1720c0e05168dfc4a9537582f3004de62eeb5ef01b4c78db64 -generated: 2018-10-23T14:50:47.570677461-07:00 diff --git a/charts/argo-ci/requirements.yaml b/charts/argo-ci/requirements.yaml deleted file mode 100644 index e9370ec3..00000000 --- a/charts/argo-ci/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: -- name: argo - version: 0.2.1 - repository: https://argoproj.github.io/argo-helm From 7b78693819dcea0d34097865df71b3978b12b712 Mon Sep 17 00:00:00 2001 From: kostas-theo <43744618+kostas-theo@users.noreply.github.com> Date: Fri, 23 Apr 2021 23:00:23 +0200 Subject: [PATCH 06/47] fix: add missing status resources in rbac clusterrole (#694) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: kostas-theo Co-authored-by: Oliver Bähler --- charts/argo-events/Chart.yaml | 2 +- charts/argo-events/templates/argo-events-cluster-roles.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index a7a9854e..1f138c3c 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.3.1 +version: 1.3.2 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml index 16f55e46..bfd2d021 100644 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ b/charts/argo-events/templates/argo-events-cluster-roles.yaml @@ -47,10 +47,13 @@ rules: - workflowtemplates/finalizers - sensors - sensors/finalizers + - sensors/status - eventsources - eventsources/finalizers + - eventsources/status - eventbus - eventbus/finalizers + - eventbus/status - apiGroups: - "" resources: From 71cbdbb811655b2a8ed1b7f8f36347061052ce1c Mon Sep 17 00:00:00 2001 From: Mike Sarver Date: Fri, 23 Apr 2021 17:14:52 -0600 Subject: [PATCH 07/47] feat(argo-cd): Add label to cluster-secrets for usage with appSet cluster selector (#692) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add cluster label for use with appSet cluster selector Signed-off-by: mike sarver * feat(argo-cd): Add label to cluster-secrets for usage with appSet cluster selector Signed-off-by: mike sarver * feat(argo-cd): use with for adding labels Signed-off-by: mike sarver Co-authored-by: Oliver Bähler --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ed2d87be..72994ece 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.0 +version: 3.2.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index a4190768..4fb7e883 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -6,6 +6,9 @@ metadata: name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} argocd.argoproj.io/secret-type: cluster {{- with .annotations }} annotations: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 32e244ab..adc358f7 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -881,6 +881,7 @@ configs: clusterCredentials: [] # - name: mycluster # server: https://mycluster.com + # labels: {} # annotations: {} # config: # bearerToken: "" @@ -889,6 +890,7 @@ configs: # caData: "" # - name: mycluster2 # server: https://mycluster2.com + # labels: {} # annotations: {} # namespaces: namespace1,namespace2 # config: From 3ba4cdb1ca9bf1c7bdc561b2255886ff4cb17949 Mon Sep 17 00:00:00 2001 From: Marcel Hoyer Date: Sat, 24 Apr 2021 12:50:25 +0200 Subject: [PATCH 08/47] fix(argo-cd): Sync ArgoCD helm chart with kustomize (#659) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * copy CRD resource files from https://github.com/argoproj/argo-cd/tree/v2.0.0/manifests/crds Signed-off-by: Marcel Hoyer * update `global.image` values in `values.yaml` to quay.io Signed-off-by: Marcel Hoyer * update redis image to 6.2.1 Signed-off-by: Marcel Hoyer * add optional volume mount to secret `argocd-repo-server-tls` according to https://github.com/argoproj/argo-cd/commit/7a68880e2ea825afb0076637b51b1e9b26a9c8f0 Signed-off-by: Marcel Hoyer * increase patch version of chart to 3.0.1 Signed-off-by: Marcel Hoyer * add `redis.extraArgs` to enable customization of `redis-server` arguments Signed-off-by: Marcel Hoyer * add some notes to the `README` about syncing changes from original `manifests/install.yaml` Signed-off-by: Marcel Hoyer * fix example for `extraArgs` in `values.yaml` of argo-cd chart Signed-off-by: Marcel Hoyer * Bump chart version to 3.1.2 Signed-off-by: Marcel Hoyer * Bump argo-cd version to 3.2.2 Signed-off-by: Marcel Hoyer Co-authored-by: Oliver Bähler Co-authored-by: Oliver Bähler --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 25 +- charts/argo-cd/crds/crd-application.yaml | 506 ++++++++++-------- charts/argo-cd/crds/crd-project.yaml | 33 +- .../deployment.yaml | 17 +- .../argocd-repo-server/deployment.yaml | 13 + .../templates/argocd-server/deployment.yaml | 13 + .../argo-cd/templates/redis/deployment.yaml | 5 +- charts/argo-cd/values.yaml | 24 +- 9 files changed, 386 insertions(+), 252 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 72994ece..766578ef 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.1 +version: 3.2.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6d1430d1..7716e41e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -12,6 +12,26 @@ The default installation is intended to be similar to the provided ArgoCD [relea This chart currently installs the non-HA version of ArgoCD. +### Synchronizing Changes from Original Repository + +In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). + +When installing ArgoCD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`. + +To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`: + +https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket + +Or you clone the repository and do a local `git-diff`: + +```bash +git clone https://github.com/argoproj/argo-cd.git +cd argo-cd +git diff v1.8.7 v2.0.0 -- manifests/install.yaml +``` + +Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds). + ## Upgrading ### 3.0.0 and above @@ -334,7 +354,8 @@ through `xxx.extraArgs` | redis.enabled | Enable redis | `true` | | redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | | redis.image.repository | Redis repository | `"redis"` | -| redis.image.tag | Redis tag | `"5.0.8"` | +| redis.image.tag | Redis tag | `"6.2.1-alpine"` | +| redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` | | redis.name | Redis name | `"redis"` | | redis.env | Environment variables for the Redis server. | `[]` | | redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | @@ -354,6 +375,6 @@ through `xxx.extraArgs` | redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` | | redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` | | redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` | -| redis-ha.image.tag | Redis tag | `"5.0.8-alpine"` | +| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` | [gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index cd4678fa..c62189e8 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -19,10 +19,7 @@ spec: singular: application scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: + - additionalPrinterColumns: - jsonPath: .status.sync.status name: Sync Status type: string @@ -33,7 +30,7 @@ spec: name: Revision priority: 10 type: string - subresources: {} + name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. @@ -47,9 +44,10 @@ spec: metadata: type: object operation: - description: Operation contains requested operation parameters. + description: Operation contains information about a requested or running operation properties: info: + description: Info is a list of informational items for this operation items: properties: name: @@ -62,20 +60,20 @@ spec: type: object type: array initiatedBy: - description: OperationInitiator holds information about the operation initiator + description: InitiatedBy contains information about who initiated the operations properties: automated: description: Automated is set to true if operation was initiated automatically by the application controller. type: boolean username: - description: Name of a user who started operation. + description: Username contains the name of a user who started operation type: string type: object retry: - description: Retry controls failed sync retry behavior + description: Retry controls the strategy to apply if a sync fails properties: backoff: - description: Backoff is a backoff strategy + description: Backoff controls how to backoff on subsequent retries of failed syncs properties: duration: description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") @@ -89,15 +87,15 @@ spec: type: string type: object limit: - description: Limit is the maximum number of attempts when retrying a container + description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. format: int64 type: integer type: object sync: - description: SyncOperation contains sync operation details. + description: Sync contains parameters for the operation properties: dryRun: - description: DryRun will perform a `kubectl apply --dry-run` without actually performing the sync + description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync type: boolean manifests: description: Manifests is an optional field that overrides sync source with a local directory for development @@ -105,10 +103,10 @@ spec: type: string type: array prune: - description: Prune deletes resources that are no longer tracked in git + description: Prune specifies to delete resources from the cluster that are no longer tracked in git type: boolean resources: - description: Resources describes which resources to sync + description: Resources describes which resources shall be part of the sync items: description: SyncOperationResource contains resources to sync. properties: @@ -126,26 +124,30 @@ spec: type: object type: array revision: - description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. type: string source: - description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation + description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options + description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -166,7 +168,7 @@ spec: tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -181,6 +183,7 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: @@ -189,34 +192,34 @@ spec: fileParameters: description: FileParameters are file parameters to the helm template items: - description: HelmFileParameter is a file parameter to a helm template + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string path: - description: Path is the path value for the helm parameter + description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to the helm template + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: - description: HelmParameter is a parameter to a helm template + description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string value: - description: Value is the value for the helm parameter + description: Value is the value for the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted it will use the application name + description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -224,10 +227,10 @@ spec: type: string type: array values: - description: Values is Helm values, typically defined as a block + description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: - description: Version is the Helm version to use for templating with + description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -259,42 +262,45 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional kustomize commonAnnotations + description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional kustomize commonLabels + description: CommonLabels is a list of additional labels to add to rendered manifests type: object images: - description: Images are kustomize image overrides + description: Images is a list of Kustomize image override specifications items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps + description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps + description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize version + description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: - description: Path is a directory path within the Git repository + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment variable entries items: + description: EnvEntry represents an entry in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of the variable type: string required: - name @@ -305,10 +311,10 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of the application manifests + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -342,20 +348,20 @@ spec: description: ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision. properties: destination: - description: Destination overrides the kubernetes server and namespace defined in the environment ksonnet app.yaml + description: Destination is a reference to the target Kubernetes server and namespace properties: name: - description: Name of the destination cluster which can be used instead of server (url) field + description: Name is an alternate way of specifying the target cluster by its symbolic name type: string namespace: - description: Namespace overrides the environment namespace value in the ksonnet app.yaml + description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server overrides the environment server value in the ksonnet app.yaml + description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: - description: IgnoreDifferences controls resources fields which should be ignored during comparison + description: IgnoreDifferences is a list of resources and their fields which should be ignored during comparison items: description: ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state. properties: @@ -377,7 +383,7 @@ spec: type: object type: array info: - description: Infos contains a list of useful information (URLs, email addresses, and plain text) that relates to the application + description: Info contains a list of information (URLs, email addresses, and plain text) that relates to the application items: properties: name: @@ -390,30 +396,34 @@ spec: type: object type: array project: - description: Project is a application project name. Empty name means that application belongs to 'default' project. + description: Project is a reference to the project this application belongs to. The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: This limits this number of items kept in the apps revision history. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. + description: RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. format: int64 type: integer source: - description: Source is a reference to the location ksonnet application definition + description: Source is a reference to the location of the application's manifests or chart properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options + description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -434,7 +444,7 @@ spec: tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -449,6 +459,7 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: @@ -457,34 +468,34 @@ spec: fileParameters: description: FileParameters are file parameters to the helm template items: - description: HelmFileParameter is a file parameter to a helm template + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string path: - description: Path is the path value for the helm parameter + description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to the helm template + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: - description: HelmParameter is a parameter to a helm template + description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string value: - description: Value is the value for the helm parameter + description: Value is the value for the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted it will use the application name + description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -492,10 +503,10 @@ spec: type: string type: array values: - description: Values is Helm values, typically defined as a block + description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: - description: Version is the Helm version to use for templating with + description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -527,42 +538,45 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional kustomize commonAnnotations + description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional kustomize commonLabels + description: CommonLabels is a list of additional labels to add to rendered manifests type: object images: - description: Images are kustomize image overrides + description: Images is a list of Kustomize image override specifications items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps + description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps + description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize version + description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: - description: Path is a directory path within the Git repository + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment variable entries items: + description: EnvEntry represents an entry in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of the variable type: string required: - name @@ -573,16 +587,16 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of the application manifests + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object syncPolicy: - description: SyncPolicy controls when a sync will be performed + description: SyncPolicy controls when and how a sync will be performed properties: automated: description: Automated will keep an application synced to the target revision @@ -591,17 +605,17 @@ spec: description: 'AllowEmpty allows apps have zero live resources (default: false)' type: boolean prune: - description: 'Prune will prune resources automatically as part of automated sync (default: false)' + description: 'Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)' type: boolean selfHeal: - description: 'SelfHeal enables auto-syncing if (default: false)' + description: 'SelfHeal specifes whether to revert resources back to their desired state upon modification in the cluster (default: false)' type: boolean type: object retry: description: Retry controls failed sync retry behavior properties: backoff: - description: Backoff is a backoff strategy + description: Backoff controls how to backoff on subsequent retries of failed syncs properties: duration: description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") @@ -615,7 +629,7 @@ spec: type: string type: object limit: - description: Limit is the maximum number of attempts when retrying a container + description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. format: int64 type: integer type: object @@ -631,14 +645,15 @@ spec: - source type: object status: - description: ApplicationStatus contains information about application sync, health status + description: ApplicationStatus contains status information for the application properties: conditions: + description: Conditions is a list of currently observed application conditions items: - description: ApplicationCondition contains details about current application condition + description: ApplicationCondition contains details about an application condition, which is usally an error or warning properties: lastTransitionTime: - description: LastTransitionTime is the time the condition was first observed. + description: LastTransitionTime is the time the condition was last observed format: date-time type: string message: @@ -653,24 +668,26 @@ spec: type: object type: array health: + description: Health contains information about the application's current health status properties: message: + description: Message is a human-readable informational message describing the health status type: string status: - description: Represents resource health status + description: Status holds the status code of the application or resource type: string type: object history: - description: RevisionHistories is a array of history, oldest first and newest last + description: History contains information about the application's sync history items: - description: RevisionHistory contains information relevant to an application deployment + description: RevisionHistory contains history information about a previous sync properties: deployStartedAt: - description: DeployStartedAt holds the time the deployment started + description: DeployStartedAt holds the time the sync operation started format: date-time type: string deployedAt: - description: DeployedAt holds the time the deployment completed + description: DeployedAt holds the time the sync operation completed format: date-time type: string id: @@ -678,26 +695,30 @@ spec: format: int64 type: integer revision: - description: Revision holds the revision of the sync + description: Revision holds the revision the sync was performed against type: string source: - description: ApplicationSource contains information about github repository, path within repository and target application environment. + description: Source is a reference to the application source used for the sync operation properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options + description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -718,7 +739,7 @@ spec: tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -733,6 +754,7 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: @@ -741,34 +763,34 @@ spec: fileParameters: description: FileParameters are file parameters to the helm template items: - description: HelmFileParameter is a file parameter to a helm template + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string path: - description: Path is the path value for the helm parameter + description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to the helm template + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: - description: HelmParameter is a parameter to a helm template + description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string value: - description: Value is the value for the helm parameter + description: Value is the value for the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted it will use the application name + description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -776,10 +798,10 @@ spec: type: string type: array values: - description: Values is Helm values, typically defined as a block + description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: - description: Version is the Helm version to use for templating with + description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -811,42 +833,45 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional kustomize commonAnnotations + description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional kustomize commonLabels + description: CommonLabels is a list of additional labels to add to rendered manifests type: object images: - description: Images are kustomize image overrides + description: Images is a list of Kustomize image override specifications items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps + description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps + description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize version + description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: - description: Path is a directory path within the Git repository + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment variable entries items: + description: EnvEntry represents an entry in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of the variable type: string required: - name @@ -857,10 +882,10 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of the application manifests + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -876,19 +901,20 @@ spec: format: date-time type: string operationState: - description: OperationState contains information about state of currently performing operation on application. + description: OperationState contains information about any ongoing operations, such as a sync properties: finishedAt: description: FinishedAt contains time of operation completion format: date-time type: string message: - description: Message hold any pertinent messages when attempting to perform operation (typically errors). + description: Message holds any pertinent messages when attempting to perform operation (typically errors). type: string operation: description: Operation is the original requested operation properties: info: + description: Info is a list of informational items for this operation items: properties: name: @@ -901,20 +927,20 @@ spec: type: object type: array initiatedBy: - description: OperationInitiator holds information about the operation initiator + description: InitiatedBy contains information about who initiated the operations properties: automated: description: Automated is set to true if operation was initiated automatically by the application controller. type: boolean username: - description: Name of a user who started operation. + description: Username contains the name of a user who started operation type: string type: object retry: - description: Retry controls failed sync retry behavior + description: Retry controls the strategy to apply if a sync fails properties: backoff: - description: Backoff is a backoff strategy + description: Backoff controls how to backoff on subsequent retries of failed syncs properties: duration: description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") @@ -928,15 +954,15 @@ spec: type: string type: object limit: - description: Limit is the maximum number of attempts when retrying a container + description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. format: int64 type: integer type: object sync: - description: SyncOperation contains sync operation details. + description: Sync contains parameters for the operation properties: dryRun: - description: DryRun will perform a `kubectl apply --dry-run` without actually performing the sync + description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync type: boolean manifests: description: Manifests is an optional field that overrides sync source with a local directory for development @@ -944,10 +970,10 @@ spec: type: string type: array prune: - description: Prune deletes resources that are no longer tracked in git + description: Prune specifies to delete resources from the cluster that are no longer tracked in git type: boolean resources: - description: Resources describes which resources to sync + description: Resources describes which resources shall be part of the sync items: description: SyncOperationResource contains resources to sync. properties: @@ -965,26 +991,30 @@ spec: type: object type: array revision: - description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. type: string source: - description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation + description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options + description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1005,7 +1035,7 @@ spec: tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1020,6 +1050,7 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: @@ -1028,34 +1059,34 @@ spec: fileParameters: description: FileParameters are file parameters to the helm template items: - description: HelmFileParameter is a file parameter to a helm template + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string path: - description: Path is the path value for the helm parameter + description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to the helm template + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: - description: HelmParameter is a parameter to a helm template + description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string value: - description: Value is the value for the helm parameter + description: Value is the value for the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted it will use the application name + description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1063,10 +1094,10 @@ spec: type: string type: array values: - description: Values is Helm values, typically defined as a block + description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: - description: Version is the Helm version to use for templating with + description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -1098,42 +1129,45 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional kustomize commonAnnotations + description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional kustomize commonLabels + description: CommonLabels is a list of additional labels to add to rendered manifests type: object images: - description: Images are kustomize image overrides + description: Images is a list of Kustomize image override specifications items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps + description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps + description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize version + description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: - description: Path is a directory path within the Git repository + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment variable entries items: + description: EnvEntry represents an entry in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of the variable type: string required: - name @@ -1144,10 +1178,10 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of the application manifests + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1192,34 +1226,39 @@ spec: description: SyncResult is the result of a Sync operation properties: resources: - description: Resources holds the sync result of each individual resource + description: Resources contains a list of sync result items for each individual resource in a sync operation items: description: ResourceResult holds the operation result details of a specific resource properties: group: + description: Group specifies the API group of the resource type: string hookPhase: - description: 'the state of any operation associated with this resource OR hook note: can contain values for non-hook resources' + description: HookPhase contains the state of any operation associated with this resource OR hook This can also contain values for non-hook resources. type: string hookType: - description: the type of the hook, empty for non-hook resources + description: HookType specifies the type of the hook. Empty for non-hook resources type: string kind: + description: Kind specifies the API kind of the resource type: string message: - description: message for the last sync OR operation + description: Message contains an informational or error message for the last sync OR operation type: string name: + description: Name specifies the name of the resource type: string namespace: + description: Namespace specifies the target namespace of the resource type: string status: - description: the final result of the sync, this is be empty if the resources is yet to be applied/pruned and is always zero-value for hooks + description: Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks type: string syncPhase: - description: indicates the particular phase of the sync that this is for + description: SyncPhase indicates the particular phase of the sync that this result was acquired in type: string version: + description: Version specifies the API version of the resource type: string required: - group @@ -1230,26 +1269,30 @@ spec: type: object type: array revision: - description: Revision holds the revision of the sync + description: Revision holds the revision this sync operation was performed to type: string source: description: Source records the application source information of the sync, used for comparing auto-sync properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options + description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1270,7 +1313,7 @@ spec: tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1285,6 +1328,7 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: @@ -1293,34 +1337,34 @@ spec: fileParameters: description: FileParameters are file parameters to the helm template items: - description: HelmFileParameter is a file parameter to a helm template + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string path: - description: Path is the path value for the helm parameter + description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to the helm template + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: - description: HelmParameter is a parameter to a helm template + description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string value: - description: Value is the value for the helm parameter + description: Value is the value for the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted it will use the application name + description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1328,10 +1372,10 @@ spec: type: string type: array values: - description: Values is Helm values, typically defined as a block + description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: - description: Version is the Helm version to use for templating with + description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -1363,42 +1407,45 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional kustomize commonAnnotations + description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional kustomize commonLabels + description: CommonLabels is a list of additional labels to add to rendered manifests type: object images: - description: Images are kustomize image overrides + description: Images is a list of Kustomize image override specifications items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps + description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps + description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize version + description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: - description: Path is a directory path within the Git repository + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment variable entries items: + description: EnvEntry represents an entry in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of the variable type: string required: - name @@ -1409,10 +1456,10 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of the application manifests + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1430,17 +1477,20 @@ spec: format: date-time type: string resources: + description: Resources is a list of Kubernetes resources managed by this application items: - description: ResourceStatus holds the current sync and health status of a resource + description: 'ResourceStatus holds the current sync and health status of a resource TODO: describe members of this type' properties: group: type: string health: + description: HealthStatus contains information about the currently observed health state of an application or resource properties: message: + description: Message is a human-readable informational message describing the health status type: string status: - description: Represents resource health status + description: Status holds the status code of the application or resource type: string type: object hook: @@ -1461,8 +1511,10 @@ spec: type: object type: array sourceType: + description: SourceType specifies the type of this application type: string summary: + description: Summary contains a list of URLs and container images used by this application properties: externalURLs: description: ExternalURLs holds all external URLs of application child resources. @@ -1476,42 +1528,46 @@ spec: type: array type: object sync: - description: SyncStatus is a comparison result of application spec and deployed application. + description: Sync contains information about the application's current sync status properties: comparedTo: - description: ComparedTo contains application source and target which was used for resources comparison + description: ComparedTo contains information about what has been compared properties: destination: - description: ApplicationDestination contains deployment destination information + description: Destination is a reference to the application's destination used for comparison properties: name: - description: Name of the destination cluster which can be used instead of server (url) field + description: Name is an alternate way of specifying the target cluster by its symbolic name type: string namespace: - description: Namespace overrides the environment namespace value in the ksonnet app.yaml + description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server overrides the environment server value in the ksonnet app.yaml + description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API type: string type: object source: - description: ApplicationSource contains information about github repository, path within repository and target application environment. + description: Source is a reference to the application's source used for comparison properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options + description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1532,7 +1588,7 @@ spec: tlas: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1547,6 +1603,7 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to scan a directory recursively for manifests type: boolean type: object helm: @@ -1555,34 +1612,34 @@ spec: fileParameters: description: FileParameters are file parameters to the helm template items: - description: HelmFileParameter is a file parameter to a helm template + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation properties: name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string path: - description: Path is the path value for the helm parameter + description: Path is the path to the file containing the values for the Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to the helm template + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation items: - description: HelmParameter is a parameter to a helm template + description: HelmParameter is a parameter that's passed to helm template during manifest generation properties: forceString: description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings type: boolean name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string value: - description: Value is the value for the helm parameter + description: Value is the value for the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted it will use the application name + description: ReleaseName is the Helm release name to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1590,10 +1647,10 @@ spec: type: string type: array values: - description: Values is Helm values, typically defined as a block + description: Values specifies Helm values to be passed to helm template, typically defined as a block type: string version: - description: Version is the Helm version to use for templating with + description: Version is the Helm version to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -1625,42 +1682,45 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional kustomize commonAnnotations + description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional kustomize commonLabels + description: CommonLabels is a list of additional labels to add to rendered manifests type: object images: - description: Images are kustomize image overrides + description: Images is a list of Kustomize image override specifications items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: type: string type: array namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps + description: NamePrefix is a prefix appended to resources for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps + description: NameSuffix is a suffix appended to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize version + description: Version controls which version of Kustomize to use for rendering manifests type: string type: object path: - description: Path is a directory path within the Git repository + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment variable entries items: + description: EnvEntry represents an entry in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of the variable type: string required: - name @@ -1671,10 +1731,10 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of the application manifests + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1684,9 +1744,10 @@ spec: - source type: object revision: + description: Revision contains information about the revision the comparison has been performed to type: string status: - description: SyncStatusCode is a type which represents possible comparison results + description: Status is the sync state of the comparison type: string required: - status @@ -1696,3 +1757,6 @@ spec: - metadata - spec type: object + served: true + storage: true + subresources: {} diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/crds/crd-project.yaml index 2dab45a5..40182848 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/crds/crd-project.yaml @@ -20,8 +20,6 @@ spec: scope: Namespaced versions: - name: v1alpha1 - served: true - storage: true schema: openAPIV3Schema: description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)' @@ -71,16 +69,16 @@ spec: destinations: description: Destinations contains list of destinations available for deployment items: - description: ApplicationDestination contains deployment destination information + description: ApplicationDestination holds information about the application's destination properties: name: - description: Name of the destination cluster which can be used instead of server (url) field + description: Name is an alternate way of specifying the target cluster by its symbolic name type: string namespace: - description: Namespace overrides the environment namespace value in the ksonnet app.yaml + description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server overrides the environment server value in the ksonnet app.yaml + description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API type: string type: object type: array @@ -116,7 +114,9 @@ spec: description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project properties: ignore: + description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring items: + description: OrphanedResourceKey is a reference to a resource to be ignored from properties: group: type: string @@ -173,7 +173,7 @@ spec: type: object type: array signatureKeys: - description: List of PGP key IDs that commits to be synced to must be signed with + description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync items: description: SignatureKey is the specification of a key required to verify commit signatures with properties: @@ -225,34 +225,35 @@ spec: type: array type: object status: - description: Status of the AppProject + description: AppProjectStatus contains status information for AppProject CRs properties: jwtTokensByRole: - description: JWT Tokens issued for each of the roles in the project additionalProperties: + description: JWTTokens represents a list of JWT tokens properties: - items: - description: List of JWT Tokens issued for the role - items: - description: Holds the issuedAt and expiresAt values of the token + items: + items: + description: JWTToken holds the issuedAt and expiresAt values of a token properties: exp: - description: The expiresAt value of a token format: int64 type: integer iat: - description: The issuedAt value of a token format: int64 type: integer id: - description: ID of the token type: string + required: + - iat type: object type: array type: object + description: JWTTokensByRole contains a list of JWT tokens issued for a given role type: object type: object required: - metadata - spec type: object + served: true + storage: true diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 6fe98a24..7c87bce8 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -92,8 +92,10 @@ spec: timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} -{{- if .Values.controller.volumeMounts }} volumeMounts: + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls +{{- if .Values.controller.volumeMounts }} {{- toYaml .Values.controller.volumeMounts | nindent 10}} {{- end }} resources: @@ -115,8 +117,19 @@ spec: hostAliases: {{ toYaml . | indent 6 }} {{- end }} -{{- if .Values.controller.volumes }} volumes: + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +{{- if .Values.controller.volumes }} {{- toYaml .Values.controller.volumes | nindent 8 }} {{- end }} {{- if .Values.controller.priorityClassName }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 47f04d9d..7350db37 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -81,6 +81,8 @@ spec: - mountPath: /app/config/tls name: tls-certs {{- end }} + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls - mountPath: /tmp name: tmp-dir ports: @@ -143,6 +145,17 @@ spec: name: argocd-tls-certs-cm name: tls-certs {{- end }} + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls - emptyDir: {} name: tmp-dir {{- if .Values.repoServer.initContainers }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 4ae1c4c2..d12c8446 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -80,6 +80,8 @@ spec: - mountPath: /app/config/tls name: tls-certs {{- end }} + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls ports: - name: {{ .Values.server.name }} containerPort: {{ .Values.server.containerPort }} @@ -149,6 +151,17 @@ spec: name: argocd-tls-certs-cm name: tls-certs {{- end }} + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls {{- if .Values.server.priorityClassName }} priorityClassName: {{ .Values.server.priorityClassName }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index de88c0d3..f3dd7f05 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -41,11 +41,14 @@ spec: - "" - --appendonly - "no" + {{- with .Values.redis.extraArgs }} + {{- . | toYaml | nindent 8 }} + {{- end }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} {{- if .Values.redis.containerSecurityContext }} securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} - {{- end }} + {{- end }} {{- if .Values.redis.env }} env: {{- toYaml .Values.redis.env | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index adc358f7..dc04e3eb 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -9,7 +9,7 @@ installCRDs: true global: image: - repository: argoproj/argocd + repository: quay.io/argoproj/argocd tag: v2.0.0 imagePullPolicy: IfNotPresent securityContext: {} @@ -27,8 +27,8 @@ controller: name: application-controller image: - repository: # argoproj/argocd - tag: # v1.7.11 + repository: # defaults to global.image.repository + tag: # defaults to global.image.tag imagePullPolicy: # IfNotPresent # If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable @@ -276,9 +276,15 @@ redis: image: repository: redis - tag: 5.0.10-alpine + tag: 6.2.1-alpine imagePullPolicy: IfNotPresent + ## Additional command line arguments to pass to redis-server + ## + extraArgs: [] + # - --bind + # - "0.0.0.0" + containerPort: 6379 servicePort: 6379 @@ -347,7 +353,7 @@ redis-ha: metrics: enabled: true image: - tag: 5.0.8-alpine + tag: 6.2.1-alpine ## Server server: @@ -363,8 +369,8 @@ server: targetMemoryUtilizationPercentage: 50 image: - repository: # argoproj/argocd - tag: # v1.7.11 + repository: # defaults to global.image.repository + tag: # defaults to global.image.tag imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-server @@ -733,8 +739,8 @@ repoServer: targetMemoryUtilizationPercentage: 50 image: - repository: # argoproj/argocd - tag: # v1.7.11 + repository: # defaults to global.image.repository + tag: # defaults to global.image.tag imagePullPolicy: # IfNotPresent ## Additional command line arguments to pass to argocd-repo-server From 72f71923f2b7e01a0651b404aefe6d62fb8aacfb Mon Sep 17 00:00:00 2001 From: t3mi Date: Mon, 26 Apr 2021 15:35:41 +0300 Subject: [PATCH 09/47] feat(argo-events): add priorityClassName and podLabels options (#610) Signed-off-by: t3mi --- charts/argo-events/Chart.yaml | 2 +- .../templates/eventbus-controller-deployment.yaml | 6 ++++++ .../templates/eventsource-controller-deployment.yaml | 6 ++++++ .../templates/sensor-controller-deployment.yaml | 6 ++++++ charts/argo-events/values.yaml | 12 +++++++++--- 5 files changed, 28 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 1f138c3c..c9f2ae12 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.3.2 +version: 1.3.3 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml index 900daf41..e3631828 100644 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml @@ -18,6 +18,9 @@ spec: labels: app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} release: {{ .Release.Name }} + {{- with .Values.eventbusController.podLabels }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- with .Values.eventbusController.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} @@ -52,6 +55,9 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + {{- with .Values.eventbusController.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml index 9fcd1eaf..a6522da6 100644 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml @@ -18,6 +18,9 @@ spec: labels: app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} release: {{ .Release.Name }} + {{- with .Values.eventsourceController.podLabels }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- with .Values.eventsourceController.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} @@ -50,6 +53,9 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + {{- with .Values.eventsourceController.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml index 371fe82f..e6a1c104 100644 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ b/charts/argo-events/templates/sensor-controller-deployment.yaml @@ -18,6 +18,9 @@ spec: labels: app: {{ .Release.Name }}-{{ .Values.sensorController.name }} release: {{ .Release.Name }} + {{- with .Values.sensorController.podLabels }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- with .Values.sensorController.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} @@ -50,6 +53,9 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + {{- with .Values.sensorController.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index ec251fe6..b786e260 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -50,7 +50,9 @@ sensorController: sensorImage: sensor podAnnotations: {} nodeSelector: {} - tolerations: {} + podLabels: {} + priorityClassName: "" + tolerations: [] affinity: {} eventsourceController: @@ -61,7 +63,9 @@ eventsourceController: eventsourceImage: eventsource podAnnotations: {} nodeSelector: {} - tolerations: {} + podLabels: {} + priorityClassName: "" + tolerations: [] affinity: {} eventbusController: @@ -71,7 +75,9 @@ eventbusController: replicaCount: 1 podAnnotations: {} nodeSelector: {} - tolerations: {} + podLabels: {} + priorityClassName: "" + tolerations: [] affinity: {} natsStreamingImage: nats-streaming:0.17.0 natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2 From 4e0bf1e19d75f3efc9f48f422440455a11f5c95a Mon Sep 17 00:00:00 2001 From: Sergey <41047934+1Psy@users.noreply.github.com> Date: Mon, 26 Apr 2021 21:55:12 +0300 Subject: [PATCH 10/47] fix(argocd-notifications): Changes to rules RBAC role. (#697) add role resourceNames argoproj-labs/argocd-notifications#199 allow configmap/secret list verb argoproj-labs/argocd-notifications#244 Signed-off-by: 1Psy <41047934+1Psy@users.noreply.github.com> --- charts/argocd-notifications/Chart.yaml | 2 +- .../templates/bots/slack/role.yaml | 18 +++++++++--------- .../argocd-notifications/templates/role.yaml | 19 +++++++++++++++++-- 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 881c18ae..04851ad0 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.1.2 +version: 1.1.3 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/bots/slack/role.yaml b/charts/argocd-notifications/templates/bots/slack/role.yaml index b509f6d4..5193a109 100644 --- a/charts/argocd-notifications/templates/bots/slack/role.yaml +++ b/charts/argocd-notifications/templates/bots/slack/role.yaml @@ -4,6 +4,15 @@ kind: Role metadata: name: {{ include "argocd-notifications.name" . }}-bot rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch - apiGroups: - argoproj.io resources: @@ -15,13 +24,4 @@ rules: - watch - update - patch -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch {{ end }} diff --git a/charts/argocd-notifications/templates/role.yaml b/charts/argocd-notifications/templates/role.yaml index fcd99ef6..0b07afd7 100644 --- a/charts/argocd-notifications/templates/role.yaml +++ b/charts/argocd-notifications/templates/role.yaml @@ -19,9 +19,24 @@ rules: - apiGroups: - "" resources: + - configmaps - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - {{ include "argocd-notifications.name" . }}-cm + resources: - configmaps verbs: - get - - list - - watch +- apiGroups: + - "" + resourceNames: + - {{ include "argocd-notifications.name" . }}-secret + resources: + - secrets + verbs: + - get \ No newline at end of file From d40a9be8106a207067241c75557888a7127fa55b Mon Sep 17 00:00:00 2001 From: Geoffrey Gouez Date: Mon, 26 Apr 2021 23:38:11 +0200 Subject: [PATCH 11/47] feat(argocd-notifications): Optional ConfigMap for argocd-notifications (#656) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argocd-notifications): Optional ConfigMap for argocd-notifications Signed-off-by: Cicatrice * feat(argocd-notifications): version bump Co-authored-by: Oliver Bähler Signed-off-by: Cicatrice Co-authored-by: Oliver Bähler --- charts/argocd-notifications/Chart.yaml | 2 +- charts/argocd-notifications/templates/configmap.yaml | 4 +++- charts/argocd-notifications/values.yaml | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 04851ad0..12c03d53 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.1.3 +version: 1.2.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/configmap.yaml b/charts/argocd-notifications/templates/configmap.yaml index 9090a162..442234bc 100644 --- a/charts/argocd-notifications/templates/configmap.yaml +++ b/charts/argocd-notifications/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{ if .Values.cm.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -19,4 +20,5 @@ data: {{- end }} {{- with .Values.triggers }} {{- toYaml . | nindent 2 }} - {{- end }} \ No newline at end of file + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index 0a27e643..ace4c84e 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -88,6 +88,10 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-controller +cm: + # Whether helm chart creates controller config map + create: true + subscriptions: # For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ From 7efd2d4a44da349c508ec50a8f3630c47ad1456d Mon Sep 17 00:00:00 2001 From: "Wen-Chih (Ryan) Lo" Date: Wed, 28 Apr 2021 02:33:31 +0800 Subject: [PATCH 12/47] chore(argo): Fix service name in argo/templates/NOTES.txt (#701) Signed-off-by: Ryan Lo --- charts/argo/Chart.yaml | 2 +- charts/argo/templates/NOTES.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 741fa2e6..3f10ee6f 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v2.12.5 description: A Helm chart for Argo Workflows name: argo -version: 0.16.9 +version: 0.16.10 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/NOTES.txt b/charts/argo/templates/NOTES.txt index 327b262d..7b4c02f0 100644 --- a/charts/argo/templates/NOTES.txt +++ b/charts/argo/templates/NOTES.txt @@ -11,6 +11,6 @@ argo submit https://raw.githubusercontent.com/argoproj/argo/master/examples/hell 3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following command: -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio-svc +kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio {{ end }} From dbec4ad82e98770e7768eda751e771683fadf0db Mon Sep 17 00:00:00 2001 From: jandersen-plaid <52045989+jandersen-plaid@users.noreply.github.com> Date: Wed, 5 May 2021 18:59:18 -0400 Subject: [PATCH 13/47] fix: spec.preserveUnknownFields must be set to false to allow upgrades from v1beta1 (#709) Signed-off-by: Jack Andersen --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/templates/crds/analysis-run-crd.yaml | 1 + charts/argo-rollouts/templates/crds/analysis-template-crd.yaml | 1 + .../templates/crds/cluster-analysis-template-crd.yaml | 1 + charts/argo-rollouts/templates/crds/experiment-crd.yaml | 1 + charts/argo-rollouts/templates/crds/rollout-crd.yaml | 1 + 6 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index bf8cd3b3..99269837 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.0 +version: 0.5.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 0ddf3ca3..b70b6f0b 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - ar singular: analysisrun + preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 0854fc4c..4712ae2d 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - at singular: analysistemplate + preserveUnknownFields: false scope: Namespaced versions: - name: v1alpha1 diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index dd9d89cd..72832f03 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - cat singular: clusteranalysistemplate + preserveUnknownFields: false scope: Cluster versions: - name: v1alpha1 diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 6fec00ab..1fa5b261 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - exp singular: experiment + preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 01eaccac..888ca599 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -17,6 +17,7 @@ spec: shortNames: - ro singular: rollout + preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: From e39ccfe31585a9843ac64cbdc0706e098e992df4 Mon Sep 17 00:00:00 2001 From: cskh Date: Fri, 7 May 2021 13:29:36 -0400 Subject: [PATCH 14/47] feat: add resources to argo-rollouts deployment (#711) - add destinationrule to clusterrolebinding Signed-off-by: Hui Kang Co-authored-by: Hui Kang --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml | 1 + charts/argo-rollouts/templates/argo-rollouts-deployment.yaml | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 99269837..84752bf3 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.1 +version: 0.5.2 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml index b9595710..c3fb9f0c 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml @@ -130,6 +130,7 @@ rules: - networking.istio.io resources: - virtualservices + - destinationrules verbs: - watch - get diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index dd04516a..1c4342bf 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -38,6 +38,10 @@ spec: imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: {{ .Values.controller.name }} resources: +{{- toYaml .Values.controller.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} nodeSelector: From 26b3d9167243291e98286fb09893db74c33439cd Mon Sep 17 00:00:00 2001 From: Alec Rajeev Date: Sun, 9 May 2021 15:55:53 -0400 Subject: [PATCH 15/47] chore(argo-events): update argo-events to 1.3.3 (#720) Signed-off-by: Alec Rajeev --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index c9f2ae12..5def36c7 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.3.3 +version: 1.4.0 keywords: - argo-events - sensor-controller @@ -12,6 +12,6 @@ sources: maintainers: - name: VaibhavPage - name: whynowy -appVersion: 1.2.3 +appVersion: 1.3.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index b786e260..a54ec010 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -45,7 +45,7 @@ singleNamespace: true sensorController: name: sensor-controller image: sensor-controller - tag: v1.2.3 + tag: v1.3.1 replicaCount: 1 sensorImage: sensor podAnnotations: {} @@ -58,7 +58,7 @@ sensorController: eventsourceController: name: eventsource-controller image: eventsource-controller - tag: v1.2.3 + tag: v1.3.1 replicaCount: 1 eventsourceImage: eventsource podAnnotations: {} @@ -71,7 +71,7 @@ eventsourceController: eventbusController: name: eventbus-controller image: eventbus-controller - tag: v1.2.3 + tag: v1.3.1 replicaCount: 1 podAnnotations: {} nodeSelector: {} From 19d019039c78fe7b60a1cb6f0649b8b9ac04b68b Mon Sep 17 00:00:00 2001 From: aniekgul Date: Sun, 9 May 2021 16:05:51 -0400 Subject: [PATCH 16/47] chore(argo-cd): upgrade redis-ha version to 4.12.14 (#710) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aniek Gul Co-authored-by: Oliver Bähler --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 497aa297..52941728 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.10.4 -digest: sha256:e36321520ffd6f91962b0bcfeae947a86983d6b6d273eb616f08425e2b8ab9c2 -generated: "2021-04-14T13:41:16.151666-07:00" + version: 4.12.14 +digest: sha256:34275a4f4df92c570d07b0553da5d1fa200b6f057f7091746c853fd7399ee30a +generated: "2021-05-03T16:02:41.4356045-04:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 766578ef..584ef6e2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.2 +version: 3.2.3 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: @@ -16,6 +16,6 @@ maintainers: - name: seanson dependencies: - name: redis-ha - version: 4.10.4 + version: 4.12.14 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled From 6735d66f1ab58c82474f38e114092c3036cd82b1 Mon Sep 17 00:00:00 2001 From: sgavrylenko <13081190+sgavrylenko@users.noreply.github.com> Date: Tue, 11 May 2021 14:19:17 +0300 Subject: [PATCH 17/47] feat(argocd-notification): add context variable for templating purpose (#713) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add context variable for templating purpose Signed-off-by: Sergiy Gavrylenko Signed-off-by: Sergiy Gavrylenko * update version of argocd-notification chart Signed-off-by: Sergiy Gavrylenko Signed-off-by: Sergiy Gavrylenko * fix: spec.preserveUnknownFields must be set to false to allow upgrades from v1beta1 (#709) Signed-off-by: Jack Andersen Signed-off-by: Sergiy Gavrylenko * feat: add resources to argo-rollouts deployment (#711) - add destinationrule to clusterrolebinding Signed-off-by: Hui Kang Co-authored-by: Hui Kang Signed-off-by: Sergiy Gavrylenko * chore(argo-events): update argo-events to 1.3.3 (#720) Signed-off-by: Alec Rajeev Signed-off-by: Sergiy Gavrylenko * chore(argo-cd): upgrade redis-ha version to 4.12.14 (#710) Signed-off-by: Aniek Gul Co-authored-by: Oliver Bähler Signed-off-by: Sergiy Gavrylenko * Update charts/argocd-notifications/Chart.yaml Co-authored-by: Oliver Bähler Signed-off-by: Sergiy Gavrylenko * Update charts/argocd-notifications/templates/configmap.yaml Co-authored-by: Oliver Bähler Signed-off-by: Sergiy Gavrylenko Co-authored-by: Sergiy Gavrylenko Co-authored-by: jandersen-plaid <52045989+jandersen-plaid@users.noreply.github.com> Co-authored-by: cskh Co-authored-by: Hui Kang Co-authored-by: Alec Rajeev Co-authored-by: aniekgul Co-authored-by: Oliver Bähler --- charts/argocd-notifications/Chart.yaml | 2 +- charts/argocd-notifications/templates/configmap.yaml | 5 ++++- charts/argocd-notifications/values.yaml | 5 +++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 12c03d53..8a1e04d8 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.2.0 +version: 1.3.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/configmap.yaml b/charts/argocd-notifications/templates/configmap.yaml index 442234bc..37f95b53 100644 --- a/charts/argocd-notifications/templates/configmap.yaml +++ b/charts/argocd-notifications/templates/configmap.yaml @@ -8,6 +8,9 @@ metadata: data: context: | argocdUrl: {{ .Values.argocdUrl | quote }} + {{- with .Values.context }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.notifiers }} {{- toYaml . | nindent 2 }} {{- end }} @@ -21,4 +24,4 @@ data: {{- with .Values.triggers }} {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index ace4c84e..bfe746c3 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -19,6 +19,11 @@ nodeSelector: {} updateStrategy: type: Recreate +context: + # Add custom values into context + # region: east + # environmentName: staging + secret: # Whether helm chart creates controller secret create: true From a25cfd221cd8093cd79282413b2201c9a1e789d9 Mon Sep 17 00:00:00 2001 From: loreleimccollum-work <66749079+loreleimccollum-work@users.noreply.github.com> Date: Thu, 13 May 2021 01:36:13 -0400 Subject: [PATCH 18/47] feat: Support custom rules for the Application Controller Cluster Role (#730) * feat: Support custom rules for the Application Controller Cluster Role Signed-off-by: Lorelei McCollum * Add newline at end of file Signed-off-by: Lorelei McCollum --- CONTRIBUTING.md | 6 ++++++ charts/argo-cd/Chart.yaml | 2 +- .../argocd-application-controller/clusterrole.yaml | 6 +++++- charts/argo-cd/values.yaml | 7 +++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b64861bb..f4c7d89c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -22,6 +22,12 @@ helm delete argo-cd --purge kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` +Pre-requisites: +``` +helm repo add redis-ha https://dandydeveloper.github.io/charts/ +helm dependency update +``` + Minimally: ``` diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 584ef6e2..07d6fb7b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.3 +version: 3.2.4 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 3426c9c8..bd6ff8aa 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: +{{- if .Values.controller.clusterRoleRules.enabled }} +{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} +{{ else }} - apiGroups: - '*' resources: @@ -16,4 +19,5 @@ rules: - '*' verbs: - '*' -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index dc04e3eb..ef68a320 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -183,6 +183,13 @@ controller: ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. clusterAdminAccess: enabled: true + ## Enable Custom Rules for the Application Controller's Cluster Role resource + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + enabled: false + rules: [] + ## Dex dex: From 331d3445d2b5abb37cbf24dc29d2af5fb475b8eb Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 14 May 2021 21:04:24 +0200 Subject: [PATCH 19/47] chore: Nominate mkilchhofer as an approver (#714) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Oliver Bähler --- CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index bb890183..a3926889 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,5 +1,8 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners +# All charts +/charts/* @mkilchhofer + # Argo Workflows /charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler From 9548bffc6959f965b1edc259f1c29400c5f1e351 Mon Sep 17 00:00:00 2001 From: Aman Shah Date: Sun, 16 May 2021 18:18:39 +0530 Subject: [PATCH 20/47] chore(argo-cd): Bumped argo-cd to 2.0.1 (#732) Signed-off-by: aman chore(argo-cd): bumped chart version Signed-off-by: aman Co-authored-by: aman Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 07d6fb7b..e154e4b0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.0.0 +appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.4 +version: 3.2.5 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ef68a320..f5bff3b4 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -10,7 +10,7 @@ installCRDs: true global: image: repository: quay.io/argoproj/argocd - tag: v2.0.0 + tag: v2.0.1 imagePullPolicy: IfNotPresent securityContext: {} # runAsUser: 999 From 0919bbc11639499d240325265a84f7383b2b1c8b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Sun, 16 May 2021 14:57:24 +0200 Subject: [PATCH 21/47] feat(argo-ci): remove deprecated helm chart (#734) Signed-off-by: Marco Kilchhofer --- charts/argo-ci/.helmignore | 21 ----------- charts/argo-ci/Chart.yaml | 12 ------- charts/argo-ci/README.md | 5 --- charts/argo-ci/templates/NOTES.txt | 0 charts/argo-ci/templates/_helpers.tpl | 16 --------- charts/argo-ci/templates/ci-deployment.yaml | 39 --------------------- charts/argo-ci/templates/ci-service.yaml | 17 --------- charts/argo-ci/values.yaml | 14 -------- 8 files changed, 124 deletions(-) delete mode 100644 charts/argo-ci/.helmignore delete mode 100644 charts/argo-ci/Chart.yaml delete mode 100644 charts/argo-ci/README.md delete mode 100644 charts/argo-ci/templates/NOTES.txt delete mode 100644 charts/argo-ci/templates/_helpers.tpl delete mode 100644 charts/argo-ci/templates/ci-deployment.yaml delete mode 100644 charts/argo-ci/templates/ci-service.yaml delete mode 100644 charts/argo-ci/values.yaml diff --git a/charts/argo-ci/.helmignore b/charts/argo-ci/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/charts/argo-ci/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/argo-ci/Chart.yaml b/charts/argo-ci/Chart.yaml deleted file mode 100644 index c41334d9..00000000 --- a/charts/argo-ci/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -description: A Helm chart for Argo-CI -name: argo-ci -version: 1.0.0 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -appVersion: v1.0.0-alpha2 -home: https://github.com/argoproj/argo-helm -deprecated: true -dependencies: - - name: argo - version: "^0.16.0" - repository: https://argoproj.github.io/argo-helm diff --git a/charts/argo-ci/README.md b/charts/argo-ci/README.md deleted file mode 100644 index 7eaa9039..00000000 --- a/charts/argo-ci/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Argo CI Chart - -**Deprecated** - Use [Argo-Events](./argo-events) instead. - -This is a **community maintained** chart. diff --git a/charts/argo-ci/templates/NOTES.txt b/charts/argo-ci/templates/NOTES.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/argo-ci/templates/_helpers.tpl b/charts/argo-ci/templates/_helpers.tpl deleted file mode 100644 index f0d83d2e..00000000 --- a/charts/argo-ci/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/argo-ci/templates/ci-deployment.yaml b/charts/argo-ci/templates/ci-deployment.yaml deleted file mode 100644 index bf2e4121..00000000 --- a/charts/argo-ci/templates/ci-deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-ci - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-ci - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-ci - release: {{ .Release.Name }} - spec: - containers: - - name: ci - image: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - env: - - name: IN_CLUSTER - value: "true" - - name: NAMESPACE - value: {{ .Values.workflowNamespace }} - - name: ARGO_CI_IMAGE - value: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}" - - name: CONTROLLER_INSTANCE_ID - value: {{ .Release.Name }} - ports: - - containerPort: 8001 - - containerPort: 8002 - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/argo-ci/templates/ci-service.yaml b/charts/argo-ci/templates/ci-service.yaml deleted file mode 100644 index 3c335c62..00000000 --- a/charts/argo-ci/templates/ci-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-ci - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8001 - selector: - app: {{ .Release.Name }}-ci - sessionAffinity: None - type: LoadBalancer diff --git a/charts/argo-ci/values.yaml b/charts/argo-ci/values.yaml deleted file mode 100644 index 86dadf98..00000000 --- a/charts/argo-ci/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -imageNamespace: argoproj -ciImage: argoci -imageTag: v1.0.0-alpha2 -imagePullPolicy: Always -# Secrets with credentials to pull images from a private registry -imagePullSecrets: [] -# - name: argo-pull-secret -workflowNamespace: default - -argo: - imagesNamespace: argoproj - installMinio: true - minioBucketName: argo-artifacts - useReleaseAsInstanceID: true From a70e1779afbda0b8d0385f96f460ecbff53abe2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Sun, 16 May 2021 17:32:19 +0200 Subject: [PATCH 22/47] feat: Define custom styles via values (#689) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: define custom styles via values Signed-off-by: Oliver Bähler * Version Bump Signed-off-by: Oliver Bähler * Mount to correct server Signed-off-by: Oliver Bähler * fix(argo-cd): correct alphabetical place of new values Signed-off-by: Marco Kilchhofer * fix(argo-cd): correct alphabetical place of new values in README Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/_helpers.tpl | 18 ++++++++++++++++++ .../templates/argocd-configs/argocd-cm.yaml | 3 +-- .../argocd-configs/argocd-styles-cm.yaml | 11 +++++++++++ .../templates/argocd-server/deployment.yaml | 10 ++++++++++ charts/argo-cd/values.yaml | 9 ++++++++- 7 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e154e4b0..07e35492 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.2.5 +version: 3.3.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7716e41e..5513a8fd 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -113,6 +113,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` | | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | +| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) | | openshift.enabled | enables using arbitrary uid for argo repo server | `false` | ## ArgoCD Controller diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 9ab07ef4..79723e71 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -151,4 +151,22 @@ Return the appropriate apiVersion for ingress {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} +{{- end -}} + +{{/* +Argo Configuration Preset Values (Incluenced by Values configuration) +*/}} +{{- define "argo-cd.config.presets" -}} + {{- if .Values.configs.styles }} +ui.cssurl: "./custom/custom.styles.css" + {{- end }} +{{- end -}} + +{{/* +Merge Argo Configuration with Preset Configuration +*/}} +{{- define "argo-cd.config" -}} + {{- if .Values.server.configEnabled -}} +{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }} + {{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index b17f4f1b..0da0c1ed 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -11,6 +11,5 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -data: -{{- toYaml .Values.server.config | nindent 4 }} +data: {{- include "argo-cd.config" $ | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml new file mode 100644 index 00000000..a8079671 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -0,0 +1,11 @@ +{{- if .Values.configs.styles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-custom-styles + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +data: + custom.styles.css: | + {{- .Values.configs.styles | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index d12c8446..2ee5b7e3 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -82,6 +82,11 @@ spec: {{- end }} - mountPath: /app/config/server/tls name: argocd-repo-server-tls + {{- if .Values.configs.styles }} + - mountPath: "/shared/app/custom/custom.styles.css" + subPath: "custom.styles.css" + name: custom-styles + {{- end }} ports: - name: {{ .Values.server.name }} containerPort: {{ .Values.server.containerPort }} @@ -141,6 +146,11 @@ spec: {{- end }} - emptyDir: {} name: static-files + {{- if .Values.configs.styles }} + - configMap: + name: argocd-custom-styles + name: custom-styles + {{- end }} {{- if .Values.configs.knownHosts }} - configMap: name: argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f5bff3b4..d0f813bb 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1015,9 +1015,16 @@ configs: # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - # argocdServerAdminPassword: + # argocdServerAdminPassword: "" # Password modification time defaults to current time if not set # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z" + ## Custom CSS Styles + ## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + # styles: | + # .nav-bar { + # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); + # } + openshift: enabled: false From 17ad65e635f5a585419c40975b60f785e42edb7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Sun, 16 May 2021 19:50:39 +0200 Subject: [PATCH 23/47] fix: Increased Redis Version (#700) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 07e35492..189a3eb3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.0 +version: 3.3.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d0f813bb..1a9fab3b 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -283,7 +283,7 @@ redis: image: repository: redis - tag: 6.2.1-alpine + tag: 6.2.2-alpine imagePullPolicy: IfNotPresent ## Additional command line arguments to pass to redis-server @@ -360,7 +360,7 @@ redis-ha: metrics: enabled: true image: - tag: 6.2.1-alpine + tag: 6.2.2-alpine ## Server server: From 7c94b7af7e69a61cf92e7ff00ef9c2ee3818f3dc Mon Sep 17 00:00:00 2001 From: Marco Zoveralli Date: Mon, 17 May 2021 07:40:38 +0200 Subject: [PATCH 24/47] fix(argo-cd): properly generate volumes and volumeMounts for application controller (#724) * fix: volumes and volumeMounts configurations are properly generated for the application controller (#723) Signed-off-by: marcozov * fix: Chart.yaml bump (#723) Signed-off-by: marcozov * fix: use consistent indentation Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- .../argocd-application-controller/deployment.yaml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 189a3eb3..c2e9e948 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.1 +version: 3.3.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 7c87bce8..524f302e 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -95,9 +95,9 @@ spec: volumeMounts: - mountPath: /app/config/controller/tls name: argocd-repo-server-tls -{{- if .Values.controller.volumeMounts }} -{{- toYaml .Values.controller.volumeMounts | nindent 10}} -{{- end }} + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} @@ -129,9 +129,9 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls -{{- if .Values.controller.volumes }} -{{- toYaml .Values.controller.volumes | nindent 8 }} -{{- end }} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- if .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName }} {{- end }} From c311a91921c338d846ac90683a94aaa0f9109b2a Mon Sep 17 00:00:00 2001 From: Meiblorn Date: Mon, 17 May 2021 10:21:53 +0400 Subject: [PATCH 25/47] fix(argocd-applicationset): Removed duplicated "app.kubernetes.io/name" label (#728) * Removed duplicated "app.kubernetes.io/name" label Updated helpers.tpl Signed-off-by: Vadim Fedorenko * Bump argocd-applicationset chart's version Signed-off-by: Vadim Fedorenko Co-authored-by: Marco Kilchhofer --- charts/argocd-applicationset/Chart.yaml | 2 +- charts/argocd-applicationset/templates/_helpers.tpl | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index ebb5ee1c..fba7f6bd 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.3 +version: 0.1.4 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argocd-applicationset/templates/_helpers.tpl b/charts/argocd-applicationset/templates/_helpers.tpl index 4d0e98b5..e86139e1 100644 --- a/charts/argocd-applicationset/templates/_helpers.tpl +++ b/charts/argocd-applicationset/templates/_helpers.tpl @@ -40,7 +40,6 @@ helm.sh/chart: {{ include "argo-applicationset.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/name: {{ include "argo-applicationset.name" . }} app.kubernetes.io/part-of: argo-cd-applicationset app.kubernetes.io/component: controller {{- end }} From fdc6daa970a75e3bc05cf78a0facfc5df21ad0b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= Date: Mon, 17 May 2021 10:05:38 +0300 Subject: [PATCH 26/47] fix(argo-cd): fixed typos in chart's README.md file (#727) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Batuhan Apaydın --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c2e9e948..720ea31d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.2 +version: 3.3.3 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5513a8fd..3c7a8be7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -40,7 +40,7 @@ Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Re ### 2.14.7 and above -The `matchLabels` key in the ArgoCD Appliaction Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. +The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. ### 2.10.x to 2.11.0 From 8ab948d1e332c6f98950e8f3e4eb5366774527d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Lemos?= Date: Tue, 18 May 2021 08:24:45 +0100 Subject: [PATCH 27/47] feat(argocd): Added externalTrafficPolicy to server service (#736) * feat(argocd): Added externalTrafficPolicy to server service Signed-off-by: flavio.lemos * chore: apply review changes Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-server/service.yaml | 3 +++ charts/argo-cd/values.yaml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 720ea31d..05e0df40 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.3 +version: 3.3.4 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 72a4018c..87877d92 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -44,3 +44,6 @@ spec: {{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} {{- end }} {{- end -}} +{{- with .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1a9fab3b..f1ddd6d3 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -479,6 +479,7 @@ server: loadBalancerIP: "" loadBalancerSourceRanges: [] externalIPs: [] + externalTrafficPolicy: "" ## Server metrics service configuration metrics: From adfe72f72b582992af7442ab54d18040e086b648 Mon Sep 17 00:00:00 2001 From: valerauko Date: Tue, 18 May 2021 16:39:56 +0900 Subject: [PATCH 28/47] fix(argo-cd): update initial password guidance in NOTES (#707) * fix: Update NOTES to match the latest version Signed-off-by: Vale * chore: Bump chart version Signed-off-by: Vale * Add colon for better format Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/NOTES.txt | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 05e0df40..f4cb6e67 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.4 +version: 3.3.5 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 138ba588..a5f59108 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -9,7 +9,8 @@ In order to access the server UI you have the following options: - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts -After reaching the UI the first time you can login with username: admin and the password will be the -name of the server pod. You can get the pod name by running: +After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 +kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d + +(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli) From 454a6576251b95fa36f5dac53e638b659736d44e Mon Sep 17 00:00:00 2001 From: Scott Cabrinha Date: Tue, 18 May 2021 08:37:24 -0700 Subject: [PATCH 29/47] chore: Remove cabrinha from CODEOWNERS (#716) Co-authored-by: Marco Kilchhofer --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index a3926889..eff2aab2 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -13,7 +13,7 @@ /charts/argo-events @jbehling @VaibhavPage @oliverbaehler # Argo Rollouts -/charts/argo-rollouts @cabrinha @oliverbaehler +/charts/argo-rollouts @oliverbaehler # Argo CD Notifications /charts/argocd-notifications @alexmt @andyfeller @oliverbaehler From 70234a635eea57940594620a6de5b468fe818f11 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Tue, 18 May 2021 17:37:55 +0200 Subject: [PATCH 30/47] chore: remove '*' in CODEOWNERS to allow recursive approvals (#737) According to documentation, the pattern /path/* only allows approval on this level: ~~~ # The `docs/*` pattern will match files like # `docs/getting-started.md` but not further nested files like # `docs/build-app/troubleshooting.md`. docs/* docs@example.com # In this example, @doctocat owns any file in the `/docs` # directory in the root of your repository and any of its # subdirectories. /docs/ @doctocat ~~~ Ref: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax Signed-off-by: Marco Kilchhofer --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index eff2aab2..0cf6f6db 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,7 +1,7 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners # All charts -/charts/* @mkilchhofer +/charts/ @mkilchhofer # Argo Workflows /charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler From 82b655dadcaba8aad895465b0033ba26aed170da Mon Sep 17 00:00:00 2001 From: chgl Date: Fri, 21 May 2021 14:19:05 +0200 Subject: [PATCH 31/47] feat(argo-workflows): added new argo-workflows chart and deprecated argo chart (#668) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: added new argo-workflows chart and deprecated argo chart Signed-off-by: chgl * fix: removed maintainers from deprecated argo chart Signed-off-by: chgl * docs: rm pullPolicy from snippet since the global images.pullPolicy is actually used Signed-off-by: chgl * use Chart.AppVersion as the default image tag Signed-off-by: chgl * updated various links Signed-off-by: chgl * enabled metrics endpoint and liveness probe by default Signed-off-by: chgl * fix: use new-style labels Signed-off-by: chgl * fix: set securitycontext for server to something more secure Signed-off-by: chgl * Update charts/argo-workflows/templates/_helpers.tpl Signed-off-by: chgl Co-authored-by: Brandon Mayfield <563214+bmayfi3ld@users.noreply.github.com> Signed-off-by: chgl * bumped argo chart version Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Update charts/argo-workflows/templates/controller/workflow-controller-service.yaml Co-authored-by: Oliver Bähler Signed-off-by: chgl * Apply suggestions from code review Co-authored-by: Brandon Mayfield <563214+bmayfi3ld@users.noreply.github.com> Co-authored-by: Oliver Bähler Signed-off-by: chgl * used ingress from argo-cd Signed-off-by: chgl * Update charts/argo-workflows/templates/server/server-deployment.yaml Signed-off-by: chgl Co-authored-by: Brandon Mayfield * updated argo-wf to v3.0.2 Signed-off-by: chgl * aligned serviceAccount configuration with argo-cd values Signed-off-by: chgl * docs: updated breaking changes in README Signed-off-by: chgl * fix: use .Capabilities.APIVersions.Has in Ingress template Signed-off-by: chgl Co-authored-by: Brandon Mayfield <563214+bmayfi3ld@users.noreply.github.com> Co-authored-by: Oliver Bähler Co-authored-by: Brandon Mayfield --- charts/argo-workflows/.helmignore | 21 ++ charts/argo-workflows/Chart.yaml | 15 + charts/argo-workflows/README.md | 48 +++ .../ci/enable-ingress-values.yaml | 5 + .../ci/enable-metrics-values.yaml | 7 + .../argo-workflows/ci/enable-rbac-values.yaml | 5 + .../argoproj.io_clusterworkflowtemplates.yaml | 35 ++ .../crds/argoproj.io_cronworkflows.yaml | 38 ++ .../argoproj.io_workfloweventbindings.yaml | 34 ++ .../crds/argoproj.io_workflows.yaml | 48 +++ .../crds/argoproj.io_workflowtemplates.yaml | 34 ++ charts/argo-workflows/templates/NOTES.txt | 7 + charts/argo-workflows/templates/_helpers.tpl | 96 +++++ .../controller/workflow-aggregate-roles.yaml | 95 +++++ .../workflow-controller-cluster-roles.yaml | 148 ++++++++ .../workflow-controller-config-map.yaml | 87 +++++ .../controller/workflow-controller-crb.yaml | 48 +++ .../workflow-controller-deployment-pdb.yaml | 19 + .../workflow-controller-deployment.yaml | 104 ++++++ .../controller/workflow-controller-sa.yaml | 8 + .../workflow-controller-service.yaml | 38 ++ .../workflow-controller-servicemonitor.yaml | 29 ++ .../templates/controller/workflow-rb.yaml | 19 + .../templates/controller/workflow-role.yaml | 25 ++ .../templates/controller/workflow-sa.yaml | 13 + .../server/server-cluster-roles.yaml | 136 +++++++ .../templates/server/server-crb.yaml | 39 +++ .../server/server-deployment-pdb.yaml | 19 + .../templates/server/server-deployment.yaml | 105 ++++++ .../templates/server/server-ingress.yaml | 88 +++++ .../templates/server/server-sa.yaml | 10 + .../templates/server/server-service.yaml | 31 ++ charts/argo-workflows/values.yaml | 331 ++++++++++++++++++ charts/argo/Chart.yaml | 8 +- charts/argo/README.md | 2 + 35 files changed, 1789 insertions(+), 6 deletions(-) create mode 100644 charts/argo-workflows/.helmignore create mode 100644 charts/argo-workflows/Chart.yaml create mode 100644 charts/argo-workflows/README.md create mode 100644 charts/argo-workflows/ci/enable-ingress-values.yaml create mode 100644 charts/argo-workflows/ci/enable-metrics-values.yaml create mode 100644 charts/argo-workflows/ci/enable-rbac-values.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_workflows.yaml create mode 100644 charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml create mode 100644 charts/argo-workflows/templates/NOTES.txt create mode 100644 charts/argo-workflows/templates/_helpers.tpl create mode 100644 charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-crb.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-sa.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-service.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-rb.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-role.yaml create mode 100644 charts/argo-workflows/templates/controller/workflow-sa.yaml create mode 100644 charts/argo-workflows/templates/server/server-cluster-roles.yaml create mode 100644 charts/argo-workflows/templates/server/server-crb.yaml create mode 100644 charts/argo-workflows/templates/server/server-deployment-pdb.yaml create mode 100644 charts/argo-workflows/templates/server/server-deployment.yaml create mode 100644 charts/argo-workflows/templates/server/server-ingress.yaml create mode 100644 charts/argo-workflows/templates/server/server-sa.yaml create mode 100644 charts/argo-workflows/templates/server/server-service.yaml create mode 100644 charts/argo-workflows/values.yaml diff --git a/charts/argo-workflows/.helmignore b/charts/argo-workflows/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/argo-workflows/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml new file mode 100644 index 00000000..32eb38d9 --- /dev/null +++ b/charts/argo-workflows/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: argo-workflows +description: A Helm chart for Argo Workflows +type: application +version: 0.1.0 +appVersion: "v3.0.2" +icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +home: https://github.com/argoproj/argo-helm +sources: + - https://github.com/argoproj/argo-workflows +maintainers: + - name: alexec + - name: alexmt + - name: jessesuen + - name: benjaminws diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md new file mode 100644 index 00000000..7e1c9dd7 --- /dev/null +++ b/charts/argo-workflows/README.md @@ -0,0 +1,48 @@ +# Argo Workflows Chart + +This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). + +If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. + +## Pre-Requisites + +This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. + +A few options are: + +- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute +- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions + +## Usage Notes + +This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. + +## Values + +The `values.yaml` contains items used to tweak a deployment of this chart. +Fields to note: + +- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute +- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name +- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor +- `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran + +## Breaking changes from the deprecated `argo` chart + +1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory +1. the CRDs were updated to `apiextensions.k8s.io/v1` +1. the container image registry/project/tag format was changed to be more in line with the more common + + ```yaml + image: + registry: quay.io + repository: argoproj/argocli + tag: v3.0.1 + ``` + + this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images. + +1. switched to quay.io as the default registry for all images +1. removed any included usage of Minio +1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create` +1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml new file mode 100644 index 00000000..d3485603 --- /dev/null +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -0,0 +1,5 @@ +server: + ingress: + enabled: true + hosts: + - argo-workflows.127.0.0.1.xip.io diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml new file mode 100644 index 00000000..9818ebe5 --- /dev/null +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -0,0 +1,7 @@ +controller: + serviceMonitor: + enabled: true + metricsConfig: + enabled: true + telemetryConfig: + enabled: true diff --git a/charts/argo-workflows/ci/enable-rbac-values.yaml b/charts/argo-workflows/ci/enable-rbac-values.yaml new file mode 100644 index 00000000..10f717ac --- /dev/null +++ b/charts/argo-workflows/ci/enable-rbac-values.yaml @@ -0,0 +1,5 @@ +workflow: + serviceAccount: + create: true # Specifies whether a service account should be created + rbac: + create: true # adds Role and RoleBinding for the above specified service account to be able to run workflows diff --git a/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml new file mode 100644 index 00000000..fa7da83a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml new file mode 100644 index 00000000..2878fe9b --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000..9585686a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workflows.yaml b/charts/argo-workflows/crds/argoproj.io_workflows.yaml new file mode 100644 index 00000000..f3751e18 --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflows.yaml @@ -0,0 +1,48 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml new file mode 100644 index 00000000..f6fa080a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt new file mode 100644 index 00000000..b6ac65d4 --- /dev/null +++ b/charts/argo-workflows/templates/NOTES.txt @@ -0,0 +1,7 @@ +1. Get Argo Server external IP/domain by running: + +kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }} + +2. Submit the hello-world workflow by running: + +argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl new file mode 100644 index 00000000..f5c8a4c3 --- /dev/null +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -0,0 +1,96 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create argo workflows server name and version as used by the chart label. +*/}} +{{- define "argo-workflows.server.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-workflows.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-workflows.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "argo-workflows.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-workflows.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-workflows.labels" -}} +helm.sh/chart: {{ include "argo-workflows.chart" .context }} +{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argo-workflows +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-workflows.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Create the name of the server service account to use +*/}} +{{- define "argo-workflows.serverServiceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-workflows.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-workflows.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-workflows.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress +*/}} +{{- define "argo-workflows.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml new file mode 100644 index 00000000..2143f208 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -0,0 +1,95 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-workflows-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-workflows-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation + name: argo-workflows-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml new file mode 100644 index 00000000..de5e88a3 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -0,0 +1,148 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "policy" + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +{{- if .Values.controller.persistence }} +- apiGroups: + - "" + resources: + - secrets + resourceNames: + {{- if .Values.controller.persistence.postgresql }} + - {{ .Values.controller.persistence.postgresql.userNameSecret.name }} + - {{ .Values.controller.persistence.postgresql.passwordSecret.name }} + {{- end}} + {{- if .Values.controller.persistence.mysql }} + - {{ .Values.controller.persistence.mysql.userNameSecret.name }} + - {{ .Values.controller.persistence.mysql.passwordSecret.name }} + {{- end}} + verbs: + - get +{{- end}} +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - workflow-controller + - workflow-controller-lease + verbs: + - get + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template +rules: +- apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml new file mode 100644 index 00000000..afddb194 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -0,0 +1,87 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "argo-workflows.controller.fullname" . }}-configmap + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} +data: + config: | + {{- if .Values.controller.instanceID.enabled }} + {{- if .Values.controller.instanceID.useReleaseName }} + instanceID: {{ .Release.Name }} + {{- else }} + instanceID: {{ .Values.controller.instanceID.explicitID }} + {{- end }} + {{- end }} + containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} + {{- if .Values.controller.parallelism }} + parallelism: {{ .Values.controller.parallelism }} + {{- end }} + {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} + executor: + {{- with .Values.executor.resources }} + resources: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.executor.env }} + env: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.executor.securityContext }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.useDefaultArtifactRepo }} + artifactRepository: + {{- if .Values.artifactRepository.archiveLogs }} + archiveLogs: {{ .Values.artifactRepository.archiveLogs }} + {{- end }} + {{- if .Values.artifactRepository.gcs }} + gcs: +{{ toYaml .Values.artifactRepository.gcs | indent 8}} + {{- else }} + s3: + {{- if .Values.useStaticCredentials }} + accessKeySecret: + key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} + name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} + secretKeySecret: + key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} + name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} + {{- end }} + bucket: {{ .Values.artifactRepository.s3.bucket }} + endpoint: {{ .Values.artifactRepository.s3.endpoint }} + insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.keyFormat }} + keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} + {{- end }} + {{- if .Values.artifactRepository.s3.region }} + region: {{ .Values.artifactRepository.s3.region }} + {{- end }} + {{- if .Values.artifactRepository.s3.roleARN }} + roleARN: {{ .Values.artifactRepository.s3.roleARN }} + {{- end }} + {{- if .Values.artifactRepository.s3.useSDKCreds }} + useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }} + {{- end }} + {{- end }} + {{- end}} + {{- if .Values.controller.metricsConfig.enabled }} + metricsConfig: +{{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + telemetryConfig: +{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }} + {{- if .Values.controller.persistence }} + persistence: +{{ toYaml .Values.controller.persistence | indent 6 }}{{- end }} + {{- if .Values.controller.workflowDefaults }} + workflowDefaults: +{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} + {{- with .Values.server.sso }} + sso: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.workflowRestrictions }} + workflowRestrictions: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.links }} + links: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml new file mode 100644 index 00000000..6879d282 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +{{ else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + {{ else }} + kind: ClusterRole + {{- end }} + name: {{ template "argo-workflows.controller.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.controller.workflowNamespaces }} +{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }} +{{- $namespace := .Release.Namespace }} +{{- range $key := .Values.controller.workflowNamespaces }} + {{- if not (eq $key $namespace) }} + - kind: ServiceAccount + name: {{ $uiServiceAccount }} + namespace: {{ $key }} + {{- end }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template +subjects: + - kind: ServiceAccount + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml new file mode 100644 index 00000000..564ba412 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + {{- if .Values.controller.pdb.minAvailable }} + minAvailable: {{ .Values.controller.pdb.minAvailable }} + {{- else if .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml new file mode 100644 index 00000000..c35894ec --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with.Values.controller.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{- with .Values.controller.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: controller + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + command: [ "workflow-controller" ] + args: + - "--configmap" + - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "--executor-image" + - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}" + - "--loglevel" + - "{{ .Values.controller.logging.level }}" + - "--gloglevel" + - "{{ .Values.controller.logging.globallevel }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + {{- with .Values.controller.workflowWorkers }} + - "--workflow-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podWorkers }} + - "--pod-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + securityContext: + {{- toYaml .Values.controller.securityContext | nindent 12 }} + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- with .Values.controller.extraEnv }} + {{ toYaml . | nindent 10 }} + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + ports: + - name: metrics + containerPort: {{ .Values.controller.metricsConfig.port }} + livenessProbe: + httpGet: + port: metrics + path: {{ .Values.controller.metricsConfig.path }} + initialDelaySeconds: 30 + periodSeconds: 30 + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml new file mode 100644 index 00000000..e917bb41 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{ with .Values.controller.serviceAccount.annotations }} + annotations: + {{- toYaml .| nindent 4 }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml new file mode 100644 index 00000000..5c248f49 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -0,0 +1,38 @@ +{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with .Values.controller.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} +spec: + ports: + {{- if .Values.controller.metricsConfig.enabled }} + - name: {{ .Values.controller.metricsConfig.servicePortName }} + port: {{ .Values.controller.metricsConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.metricsConfig.port }} + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - name: {{ .Values.controller.telemetryConfig.servicePortName }} + port: {{ .Values.controller.telemetryConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.telemetryConfig.port }} + {{- end }} + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml new file mode 100644 index 00000000..54cf1b31 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- if .Values.controller.metricsConfig.enabled }} + - port: metrics + path: {{ .Values.controller.metricsConfig.path }} + interval: 30s + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - port: telemetry + path: {{ .Values.controller.telemetryConfig.path }} + interval: 30s + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml new file mode 100644 index 00000000..9b27c045 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.workflow.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" . }}-workflow + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" . }}-workflow +subjects: +- kind: ServiceAccount + name: {{ .Values.workflow.serviceAccount.name }} + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml new file mode 100644 index 00000000..bf8b3cff --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -0,0 +1,25 @@ +{{- if .Values.workflow.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" . }}-workflow + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml new file mode 100644 index 00000000..dc84f2b1 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -0,0 +1,13 @@ +{{- if .Values.workflow.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.workflow.serviceAccount.name }} + {{- with .Values.workflow.namespace }} + namespace: {{ . }} + {{- end }} + {{- with .Values.workflow.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml new file mode 100644 index 00000000..5901bbd1 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -0,0 +1,136 @@ +{{- if .Values.server.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 + {{- if .Values.singleNamespace }} +kind: Role + {{- else }} +kind: ClusterRole + {{- end }} +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete + {{- if .Values.server.sso }} +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - sso + verbs: + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + {{- if .Values.server.sso.rbac }} +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + {{- end }} + {{- end }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +{{- if .Values.server.sso }} + {{- if .Values.server.sso.rbac }} + {{- with .Values.server.sso.rbac.secretWhitelist }} + resourceNames: {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} +- apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch +{{- if .Values.controller.persistence }} +- apiGroups: + - "" + resources: + - secrets + resourceNames: + {{- with .Values.controller.persistence.postgresql }} + - {{ .userNameSecret.name }} + - {{ .passwordSecret.name }} + {{- end}} + {{- with .Values.controller.persistence.mysql }} + - {{ .userNameSecret.name }} + - {{ .passwordSecret.name }} + {{- end}} + verbs: + - get +{{- end}} +- apiGroups: + - argoproj.io + resources: + - eventsources + - sensors + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + verbs: + - get + - list + - watch + {{- if .Values.server.clusterWorkflowTemplates.enableEditing }} + - create + - update + - patch + - delete + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml new file mode 100644 index 00000000..fd9450d5 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +{{ else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + {{ else }} + kind: ClusterRole + {{- end }} + name: {{ template "argo-workflows.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml new file mode 100644 index 00000000..aeba6547 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.server.enabled .Values.server.pdb.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- if .Values.server.pdb.minAvailable }} + minAvailable: {{ .Values.server.pdb.minAvailable }} + {{- else if .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml new file mode 100644 index 00000000..9d1696dd --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -0,0 +1,105 @@ +{{- if .Values.server.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} +spec: + replicas: {{ .Values.server.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.podAnnotations }} + annotations: + {{- toYaml .Values.server.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: argo-server + image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + securityContext: + {{- toYaml .Values.server.securityContext | nindent 12 }} + args: + - server + - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + {{- with .Values.server.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + - "--secure={{ .Values.server.secure }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + ports: + - name: web + containerPort: 2746 + readinessProbe: + httpGet: + path: / + port: 2746 + {{- if .Values.server.secure }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 20 + env: + - name: IN_CLUSTER + value: "true" + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: BASE_HREF + value: {{ .Values.server.baseHref | quote }} + resources: + {{- toYaml .Values.server.resources | nindent 12 }} + volumeMounts: + - name: tmp + mountPath: /tmp + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 10}} + {{- end }} + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + {{- with .Values.server.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml new file mode 100644 index 00000000..fe67c0a3 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -0,0 +1,88 @@ +{{- if .Values.server.ingress.enabled -}} +{{- $serviceName := include "argo-workflows.server.fullname" . -}} +{{- $servicePort := .Values.server.servicePort -}} +{{- $paths := .Values.server.ingress.paths -}} +{{- $extraPaths := .Values.server.ingress.extraPaths -}} +apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- if .Values.server.ingress.labels }} + {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- end }} +spec: + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} + rules: + {{- if .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: Prefix + {{- end }} + backend: + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: Prefix + {{- end }} + backend: + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.server.ingress.tls }} + tls: + {{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml new file mode 100644 index 00000000..10e03d0e --- /dev/null +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.serviceAccount.annotations }} + annotations: + {{- toYaml . | indent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml new file mode 100644 index 00000000..5d161ee8 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.server.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - port: {{ .Values.server.servicePort }} + {{- with .Values.server.servicePortName }} + name: {{ . }} + {{- end }} + targetPort: 2746 + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.serviceType }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} + loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- end }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml new file mode 100644 index 00000000..375c5eb1 --- /dev/null +++ b/charts/argo-workflows/values.yaml @@ -0,0 +1,331 @@ +images: + # imagePullPolicy to apply to all containers + pullPolicy: Always + # Secrets with credentials to pull images from a private registry + pullSecrets: [] + # - name: argo-pull-secret + +init: + # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is + # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. + serviceAccount: "" + +createAggregateRoles: true + +# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, +# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. +singleNamespace: false + +workflow: + namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. + serviceAccount: + create: false # Specifies whether a service account should be created + annotations: {} + name: "argo-workflow" # Service account which is used to run workflows + rbac: + create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows + +controller: + image: + registry: quay.io + repository: argoproj/workflow-controller + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # parallelism dictates how many workflows can be running at the same time + parallelism: + # podAnnotations is an optional map of annotations to be applied to the controller Pods + podAnnotations: {} + # Optional labels to add to the controller pods + podLabels: {} + # SecurityContext to set on the controller pods + podSecurityContext: {} + # podPortName: http + metricsConfig: + enabled: false + path: /metrics + port: 9090 + servicePort: 8080 + servicePortName: metrics + # the controller container's securityContext + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + persistence: {} + # connectionPool: + # maxIdleConns: 100 + # maxOpenConns: 0 + # # save the entire workflow into etcd and DB + # nodeStatusOffLoad: false + # # enable archiving of old workflows + # archive: false + # postgresql: + # host: localhost + # port: 5432 + # database: postgres + # tableName: argo_workflows + # # the database secrets must be in the same namespace of the controller + # userNameSecret: + # name: argo-postgres-config + # key: username + # passwordSecret: + # name: argo-postgres-config + # key: password + workflowDefaults: {} # Only valid for 2.7+ + # spec: + # ttlStrategy: + # secondsAfterCompletion: 84600 + # workflowWorkers: 32 + # podWorkers: 32 + workflowRestrictions: {} # Only valid for 2.9+ + # templateReferencing: Strict|Secure + telemetryConfig: + enabled: false + path: /telemetry + port: 8081 + servicePort: 8081 + servicePortName: telemetry + serviceMonitor: + enabled: false + additionalLabels: {} + serviceAccount: + create: true + name: argo + # Annotations applied to created service account + annotations: {} + name: workflow-controller + workflowNamespaces: + - default + containerRuntimeExecutor: docker + instanceID: + # `instanceID.enabled` configures the controller to filter workflow submissions + # to only those which have a matching instanceID attribute. + enabled: false + # NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName` + # or `instanceID.explicitID` must be defined. + # useReleaseName: true + # explicitID: unique-argo-controller-identifier + logging: + level: info + globallevel: "0" + serviceType: ClusterIP + # Annotations to be applied to the controller Service + serviceAnnotations: {} + # Optional labels to add to the controller Service + serviceLabels: {} + # Source ranges to allow access to service from. Only applies to + # service type `LoadBalancer` + loadBalancerSourceRanges: [] + resources: {} + # The list of environment variable definitions to be added to the controller + # manages container verbatim. + extraEnv: [] + # Extra arguments to be added to the controller + extraArgs: [] + replicas: 1 + pdb: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1 + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + affinity: {} + # Leverage a PriorityClass to ensure your pods survive resource shortages + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + # PriorityClass: system-cluster-critical + priorityClassName: "" + # https://argoproj.github.io/argo-workflows/links/ + links: [] + +# executor controls how the init and wait container should be customized +executor: + image: + registry: quay.io + repository: argoproj/argoexec + # Overrides the image tag whose default is the chart appVersion. + tag: "" + resources: {} + # Adds environment variables for the executor. + env: {} + # sets security context for the executor container + securityContext: {} + +server: + enabled: true + # only updates base url of resources on client side, + # it's expected that a proxy server rewrites the request URL and gets rid of this prefix + # https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190 + baseHref: / + image: + registry: quay.io + repository: argoproj/argocli + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # optional map of annotations to be applied to the ui Pods + podAnnotations: {} + # Optional labels to add to the UI pods + podLabels: {} + # SecurityContext to set on the server pods + podSecurityContext: {} + securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + name: server + serviceType: ClusterIP + servicePort: 2746 + # servicePortName: http + serviceAccount: + create: true + name: argo-server + annotations: {} + # Annotations to be applied to the UI Service + serviceAnnotations: {} + # Optional labels to add to the UI Service + serviceLabels: {} + # Static IP address to assign to loadBalancer + # service type `LoadBalancer` + loadBalancerIP: "" + # Source ranges to allow access to service from. Only applies to + # service type `LoadBalancer` + loadBalancerSourceRanges: [] + resources: {} + replicas: 1 + pdb: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1 + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + affinity: {} + # Leverage a PriorityClass to ensure your pods survive resource shortages + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + # PriorityClass: system-cluster-critical + priorityClassName: "" + + # Run the argo server in "secure" mode. Configure this value instead of + # "--secure" in extraArgs. See the following documentation for more details + # on secure mode: + # https://argoproj.github.io/argo-workflows/tls/ + secure: false + + # Extra arguments to provide to the Argo server binary. + extraArgs: [] + + ## Additional volumes to the server main container. + volumeMounts: [] + volumes: [] + + ## Ingress configuration. + ## ref: https://kubernetes.io/docs/user-guide/ingress/ + ## + ingress: + enabled: false + annotations: {} + labels: {} + ingressClassName: "" + + ## Argo Workflows Server Ingress. + ## Hostnames must be provided if Ingress is enabled. + ## Secrets must be manually created in the namespace + ## + hosts: + [] + # - argocd.example.com + paths: + - / + extraPaths: + [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + tls: + [] + # - secretName: argocd-example-tls + # hosts: + # - argocd.example.com + https: false + + clusterWorkflowTemplates: + # Give the server permissions to edit ClusterWorkflowTemplates. + enableEditing: true + sso: + ## SSO configuration when SSO is specified as a server auth mode. + ## All the values are required. SSO is activated by adding --auth-mode=sso + ## to the server command line. + # + ## The root URL of the OIDC identity provider. + # issuer: https://accounts.google.com + ## Name of a secret and a key in it to retrieve the app OIDC client ID from. + # clientId: + # name: argo-server-sso + # key: client-id + ## Name of a secret and a key in it to retrieve the app OIDC client secret from. + # clientSecret: + # name: argo-server-sso + # key: client-secret + ## The OIDC redirect URL. Should be in the form /oauth2/callback. + # redirectUrl: https://argo/oauth2/callback + # rbac: + # enabled: true + ## When present, restricts secrets the server can read to a given list. + ## You can use it to restrict the server to only be able to access the + ## service account token secrets that are associated with service accounts + ## used for authorization. + # secretWhitelist: [] + ## Scopes requested from the SSO ID provider. The 'groups' scope requests + ## group membership information, which is usually used for authorization + ## decisions. + # scopes: + # - groups + +# Influences the creation of the ConfigMap for the workflow-controller itself. +useDefaultArtifactRepo: false +useStaticCredentials: true +artifactRepository: + # archiveLogs will archive the main container logs as an artifact + archiveLogs: false + s3: + # Note the `key` attribute is not the actual secret, it's the PATH to + # the contents in the associated secret, as defined by the `name` attribute. + accessKeySecret: + # name: -minio + key: accesskey + secretKeySecret: + # name: -minio + key: secretkey + insecure: true + # bucket: + # endpoint: + # region: + # roleARN: + # useSDKCreds: true + # gcs: + # bucket: -argo + # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" + # serviceAccountKeySecret is a secret selector. + # It references the k8s secret named 'my-gcs-credentials'. + # This secret is expected to have have the key 'serviceAccountKey', + # containing the base64 encoded credentials + # to the bucket. + # + # If it's running on GKE and Workload Identity is used, + # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 3f10ee6f..8e82de87 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,16 +2,12 @@ apiVersion: v2 appVersion: v2.12.5 description: A Helm chart for Argo Workflows name: argo -version: 0.16.10 +version: 1.0.0 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm -maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: benjaminws dependencies: - name: minio version: 8.0.9 repository: https://helm.min.io/ condition: minio.install +deprecated: true diff --git a/charts/argo/README.md b/charts/argo/README.md index b0b5613a..024f0077 100644 --- a/charts/argo/README.md +++ b/charts/argo/README.md @@ -1,5 +1,7 @@ ## Argo Workflows Chart +> ⚠ DEPRECATION WARNING: this chart is for v2 of Argo Workflows. For v3, a new chart is available at + This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. From b971b36317c25c3926661c1012eddacca8de2fcb Mon Sep 17 00:00:00 2001 From: Sergey Shaykhullin <46970457+sergeyshaykhullin@users.noreply.github.com> Date: Fri, 21 May 2021 15:43:10 +0300 Subject: [PATCH 32/47] feat(argo-cd): Extract ServiceMonitor interval to values (#739) * Extract interval and path to values Signed-off-by: Sergey Shaykhullin * Bump chart Signed-off-by: Sergey Shaykhullin * Remove path from values Signed-off-by: Sergey Shaykhullin --- charts/argo-cd/Chart.yaml | 2 +- .../argocd-application-controller/servicemonitor.yaml | 4 +++- .../argo-cd/templates/argocd-repo-server/servicemonitor.yaml | 4 +++- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 4 +++- charts/argo-cd/templates/dex/servicemonitor.yaml | 4 +++- charts/argo-cd/values.yaml | 4 ++++ 6 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f4cb6e67..75e7cdba 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.3.5 +version: 3.4.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 51f81030..0b943982 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 0b343750..05b38acc 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index ddf52efa..00002faa 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index adc3394a..58bae6e2 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -17,7 +17,9 @@ metadata: spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics namespaceSelector: matchNames: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f1ddd6d3..066857e5 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -143,6 +143,7 @@ controller: servicePort: 8082 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -203,6 +204,7 @@ dex: labels: {} serviceMonitor: enabled: false + interval: 30s image: repository: quay.io/dexidp/dex @@ -490,6 +492,7 @@ server: servicePort: 8083 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -838,6 +841,7 @@ repoServer: servicePort: 8084 serviceMonitor: enabled: false + interval: 30s # selector: # prometheus: kube-prometheus # namespace: monitoring From 35c754364f68c8ce360270a1d7225fd75fdf5a98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 15:03:28 +0200 Subject: [PATCH 33/47] chore!: Rewrite Lint Workflow to Github (#685) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Move Linting to Github Actions Signed-off-by: Oliver Bähler Disable ServiceAccount on disabled Dex Signed-off-by: Oliver Bähler Swap Linting to Github Signed-off-by: Oliver Bähler Increase all chart versions Signed-off-by: Oliver Bähler Remove Circle & Improve Github Lint Signed-off-by: Oliver Bähler Remove Circle & Improve Github Lint Signed-off-by: Oliver Bähler Lookup Configmaps update Retest Retest reduce changes reduce changes * Bump argo-events Signed-off-by: Oliver Bähler * Move Config files Signed-off-by: Oliver Bähler * Readd Lint & Remove Argo Chart Signed-off-by: Oliver Bähler * Correct CT config name Signed-off-by: Oliver Bähler * Readd ARgo Signed-off-by: Oliver Bähler --- .circleci/chart-testing.yaml | 4 --- .circleci/config.yml | 7 ++-- .github/ct.yaml | 17 ++++++++++ {.circleci => .github}/lintconf.yaml | 0 .github/stale.yml | 1 - .github/workflows/lint-and-test.yml | 45 ++++++++++++++++++++++++++ .github/workflows/stale.yml | 4 --- charts/argo-events/Chart.yaml | 2 +- charts/argo-events/ci/test-values.yaml | 3 -- scripts/lint.sh | 26 +++++++-------- 10 files changed, 79 insertions(+), 30 deletions(-) delete mode 100644 .circleci/chart-testing.yaml create mode 100644 .github/ct.yaml rename {.circleci => .github}/lintconf.yaml (100%) delete mode 100644 .github/stale.yml create mode 100644 .github/workflows/lint-and-test.yml diff --git a/.circleci/chart-testing.yaml b/.circleci/chart-testing.yaml deleted file mode 100644 index 87e07618..00000000 --- a/.circleci/chart-testing.yaml +++ /dev/null @@ -1,4 +0,0 @@ -chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - - dandydeveloper=https://dandydeveloper.github.io/charts/ diff --git a/.circleci/config.yml b/.circleci/config.yml index 6c3306ec..e62f742c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,8 +5,8 @@ jobs: - image: quay.io/helmpack/chart-testing:v3.3.1 steps: - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml + - run: ct lint --config .github/ct.yaml --lint-conf .github/lintconf.yaml + # Technically this only needs to be run on master, but it's good to have it run on every PR # so that it is regularly tested. publish: @@ -21,6 +21,7 @@ jobs: - checkout - run: helm repo add stable https://charts.helm.sh/stable - run: helm repo add minio https://helm.min.io/ + - run: helm repo add argo https://argoproj.github.io/argo-helm - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ # Only actually publish charts on master. - run: | @@ -38,4 +39,4 @@ workflows: - lint - publish: requires: - - lint + - lint \ No newline at end of file diff --git a/.github/ct.yaml b/.github/ct.yaml new file mode 100644 index 00000000..4b22c6d5 --- /dev/null +++ b/.github/ct.yaml @@ -0,0 +1,17 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: [] diff --git a/.circleci/lintconf.yaml b/.github/lintconf.yaml similarity index 100% rename from .circleci/lintconf.yaml rename to .github/lintconf.yaml diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index b81bf109..00000000 --- a/.github/stale.yml +++ /dev/null @@ -1 +0,0 @@ -# See https://github.com/probot/stale diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml new file mode 100644 index 00000000..30e6b63a --- /dev/null +++ b/.github/workflows/lint-and-test.yml @@ -0,0 +1,45 @@ +## Reference: https://github.com/helm/chart-testing-action +--- +name: Linting and Testing +on: pull_request +jobs: + chart-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v1 + + - name: Set up python + uses: actions/setup-python@v2 + with: + python-version: 3.7 + + - name: Setup Chart Linting + id: lint + uses: helm/chart-testing-action@v2.0.1 + + - name: List changed charts + id: list-changed + run: | + ## If executed with debug this won't work anymore. + changed=$(ct --config ./.github/ct.yaml list-changed) + charts=$(echo "$changed" | tr '\n' ' ' | xargs) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + echo "::set-output name=changed_charts::$charts" + fi + - name: Run chart-testing (lint) + run: ct lint --debug --config ./.github/ct.yaml --lint-conf ./.github/lintconf.yaml + + - name: Create kind cluster + uses: helm/kind-action@v1.1.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + run: ct install --config ./.github/ct.yaml + if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b671fc09..8b16dff4 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,14 +1,10 @@ name: Mark stale issues and pull requests - on: schedule: - cron: "30 1 * * *" - jobs: stale: - runs-on: ubuntu-latest - steps: - uses: actions/stale@v3 with: diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 5def36c7..ea1878d3 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.0 +version: 1.4.1 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml index cd5d3916..3078a2d3 100644 --- a/charts/argo-events/ci/test-values.yaml +++ b/charts/argo-events/ci/test-values.yaml @@ -1,6 +1,3 @@ serviceAccount: argo-events-sa-test -additionalSaNamespaces: - - nsone - - nstwo instanceID: test-argo-events singleNamespace: false diff --git a/scripts/lint.sh b/scripts/lint.sh index 8f084c5b..c97b6863 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -1,19 +1,17 @@ #!/bin/bash +# This script runs the chart-testing tool locally. It simulates the linting that is also done by the github action. Run this without any errors before pushing. +# Reference: https://github.com/helm/chart-testing set -eux SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - name=$(basename $dir) - echo "Running Helm linting for $name" - docker run \ - -v "$SRCROOT:/workdir" \ - gcr.io/kubernetes-charts-ci/test-image:v3.1.0 \ - ct \ - lint \ - --config .circleci/chart-testing.yaml \ - --lint-conf .circleci/lintconf.yaml \ - --charts "/workdir/charts/${name}" -done +echo -e "\n-- Linting all Helm Charts --\n" +docker run \ + -v "$SRCROOT:/workdir" \ + --entrypoint /bin/sh \ + quay.io/helmpack/chart-testing:v3.3.1 \ + -c cd /workdir \ + ct lint \ + --config .github/ct.yaml \ + --lint-conf .github/lintconf.yaml \ + --debug From 9a3077afe2e08ec6b4ff9dd71ccb6d1ca345ce68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 17:59:30 +0200 Subject: [PATCH 34/47] chore!: Chart Publications via Github Workflow (#741) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Move Linting to Github Actions Signed-off-by: Oliver Bähler --- .circleci/config.yml | 28 ++----------- .github/configs/cr.yaml | 2 + .github/configs/ct-install.yaml | 19 +++++++++ .github/{ct.yaml => configs/ct-lint.yaml} | 1 + .github/{ => configs}/lintconf.yaml | 0 .github/workflows/lint-and-test.yml | 6 +-- .github/workflows/publish.yml | 42 +++++++++++++++++++ CONTRIBUTING.md | 11 +---- README.md | 2 + charts/argo-cd/Chart.yaml | 2 +- charts/argo-events/Chart.yaml | 2 +- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-workflows/Chart.yaml | 2 +- .../ci/enable-metrics-values.yaml | 2 +- charts/argocd-applicationset/Chart.yaml | 2 +- charts/argocd-notifications/Chart.yaml | 2 +- scripts/lint.sh | 4 +- scripts/publish.sh | 42 ------------------- 18 files changed, 84 insertions(+), 87 deletions(-) create mode 100644 .github/configs/cr.yaml create mode 100644 .github/configs/ct-install.yaml rename .github/{ct.yaml => configs/ct-lint.yaml} (94%) rename .github/{ => configs}/lintconf.yaml (100%) create mode 100644 .github/workflows/publish.yml delete mode 100755 scripts/publish.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index e62f742c..79e8d1dc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,33 +5,13 @@ jobs: - image: quay.io/helmpack/chart-testing:v3.3.1 steps: - checkout - - run: ct lint --config .github/ct.yaml --lint-conf .github/lintconf.yaml - - # Technically this only needs to be run on master, but it's good to have it run on every PR - # so that it is regularly tested. + - run: ct lint --config .github/configs/ct-lint.yaml --lint-conf .github/configs/lintconf.yaml publish: docker: - # We just need an image with `helm` on it. Handily we know of one already. - - image: quay.io/helmpack/chart-testing:v3.3.1 + - image: bash steps: - # install the additional keys needed to push to GitHub. Alex Collins owns these keys. - - add_ssh_keys - - run: git config --global user.email "nobody@circleci.com" - - run: git config --global user.name "Circle CI Build" - - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: helm repo add minio https://helm.min.io/ - - run: helm repo add argo https://argoproj.github.io/argo-helm - - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ - # Only actually publish charts on master. - - run: | - set -x - if [ "$CIRCLE_BRANCH" = "master" ]; then - export GIT_PUSH=true - else - export GIT_PUSH=false - fi - sh ./scripts/publish.sh + - run: echo "Replaced by Github Workflow - https://github.com/argoproj/argo-helm/actions/workflows/publish.yml" + workflows: version: 2 workflow: diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml new file mode 100644 index 00000000..01fdbe0c --- /dev/null +++ b/.github/configs/cr.yaml @@ -0,0 +1,2 @@ +## Reference: https://github.com/helm/chart-releaser +index-path: "./index.yaml" \ No newline at end of file diff --git a/.github/configs/ct-install.yaml b/.github/configs/ct-install.yaml new file mode 100644 index 00000000..e991d382 --- /dev/null +++ b/.github/configs/ct-install.yaml @@ -0,0 +1,19 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Install Stage +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: + - "argocd-applicationset" diff --git a/.github/ct.yaml b/.github/configs/ct-lint.yaml similarity index 94% rename from .github/ct.yaml rename to .github/configs/ct-lint.yaml index 4b22c6d5..e7188eb1 100644 --- a/.github/ct.yaml +++ b/.github/configs/ct-lint.yaml @@ -1,5 +1,6 @@ ## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md # Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Lint Stage remote: origin chart-dirs: - charts diff --git a/.github/lintconf.yaml b/.github/configs/lintconf.yaml similarity index 100% rename from .github/lintconf.yaml rename to .github/configs/lintconf.yaml diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 30e6b63a..1056a239 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -27,19 +27,19 @@ jobs: id: list-changed run: | ## If executed with debug this won't work anymore. - changed=$(ct --config ./.github/ct.yaml list-changed) + changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) charts=$(echo "$changed" | tr '\n' ' ' | xargs) if [[ -n "$changed" ]]; then echo "::set-output name=changed::true" echo "::set-output name=changed_charts::$charts" fi - name: Run chart-testing (lint) - run: ct lint --debug --config ./.github/ct.yaml --lint-conf ./.github/lintconf.yaml + run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml - name: Create kind cluster uses: helm/kind-action@v1.1.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) - run: ct install --config ./.github/ct.yaml + run: ct install --config ./.github/configs/ct-install.yaml if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..f01702a6 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,42 @@ +--- +name: Chart Publish +on: + push: + branches: + - master + - rewrite-build +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@v1 + + - name: Add dependency chart repos + run: | + helm repo add argo https://argoproj.github.io/argo-helm + helm repo add minio https://helm.min.io/ + helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ + helm repo add stable https://charts.helm.sh/stable + helm repo add incubator https://charts.helm.sh/incubator + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases. + - name: Fetch current Chart Index + run: | + git checkout origin/gh-pages index.yaml + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.2.0 + with: + config: "./.github/configs/cr.yaml" + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f4c7d89c..a4ad43dd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -86,7 +86,7 @@ As part of the Continuous Integration system we run Helm's [Chart Testing](https The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. -Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml) +Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml) The linting can be invoked manually with the following command: @@ -96,11 +96,4 @@ The linting can be invoked manually with the following command: ## Publishing Changes -Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this: - -``` -GIT_PUSH=true ./scripts/publish.sh -``` - -Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch. -Write access to https://github.com/argoproj/argo-helm.git is required to publish changes. +Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`). \ No newline at end of file diff --git a/README.md b/README.md index 63c3aa4b..2db0e70a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Argo Helm Charts +[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) + Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command: ``` diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 75e7cdba..1a9ea518 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.4.0 +version: 3.4.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index ea1878d3..b0770954 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.1 +version: 1.4.2 keywords: - argo-events - sensor-controller diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 84752bf3..63a1fd07 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.2 +version: 0.5.3 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 32eb38d9..fd576f3c 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.0 +version: 0.1.1 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml index 9818ebe5..64c56cc1 100644 --- a/charts/argo-workflows/ci/enable-metrics-values.yaml +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -1,6 +1,6 @@ controller: serviceMonitor: - enabled: true + enabled: false metricsConfig: enabled: true telemetryConfig: diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index fba7f6bd..936734b0 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.4 +version: 0.1.5 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 8a1e04d8..714b0474 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.3.0 +version: 1.3.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/scripts/lint.sh b/scripts/lint.sh index c97b6863..1f0e9104 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -12,6 +12,6 @@ docker run \ quay.io/helmpack/chart-testing:v3.3.1 \ -c cd /workdir \ ct lint \ - --config .github/ct.yaml \ - --lint-conf .github/lintconf.yaml \ + --config .github/configs/ct-lint.yaml \ + --lint-conf .github/configs/lintconf.yaml \ --debug diff --git a/scripts/publish.sh b/scripts/publish.sh deleted file mode 100755 index 025ba5d9..00000000 --- a/scripts/publish.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -set -eux - -SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -GIT_PUSH=${GIT_PUSH:-false} - -rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output - -helm repo add argoproj https://argoproj.github.io/argo-helm - -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - - name=$(basename $dir) - - if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ] - then - echo "Processing chart dependencies" - helm --debug dep build $dir - # Bug with Helm subcharts with hyphen on them - # https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684 - if [ "$name" == "argo-cd" ] - then - echo "Restore ArgoCD RedisHA subchart" - tar -C $dir/charts -xf $dir/charts/redis-ha-*.tgz - fi - fi - - echo "Processing $dir" - helm --debug package $dir -done - -cp $SRCROOT/*.tgz output/ -cd $SRCROOT/output && helm repo index . - -cd $SRCROOT/output && git status - -if [ "$GIT_PUSH" == "true" ] -then - cd $SRCROOT/output && git add . && git commit -m "Publish charts" && git push git@github.com:argoproj/argo-helm.git gh-pages -fi From 60a42675cbd3064e9836d0217266f0ec169beb5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 18:39:07 +0200 Subject: [PATCH 35/47] fix: Remove Argo Chart (#748) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- charts/argo/.helmignore | 21 -- charts/argo/Chart.lock | 6 - charts/argo/Chart.yaml | 13 - charts/argo/README.md | 29 -- .../crds/cluster-workflow-template-crd.yaml | 23 -- charts/argo/crds/cron-workflow-crd.yaml | 23 -- charts/argo/crds/workflow-crd.yaml | 33 -- .../argo/crds/workflow-eventbinding-crd.yaml | 19 - charts/argo/crds/workflow-template-crd.yaml | 22 -- charts/argo/templates/NOTES.txt | 16 - charts/argo/templates/_helpers.tpl | 16 - .../cluster-workflow-template-crd.yaml | 19 - charts/argo/templates/cron-workflow-crd.yaml | 19 - .../argo/templates/server-cluster-roles.yaml | 134 ------- charts/argo/templates/server-crb.yaml | 35 -- .../argo/templates/server-deployment-pdb.yaml | 25 -- charts/argo/templates/server-deployment.yaml | 108 ------ charts/argo/templates/server-ingress.yaml | 46 --- charts/argo/templates/server-sa.yaml | 8 - charts/argo/templates/server-service.yaml | 33 -- .../worfkflow-controller-secrets-access.yaml | 18 - .../templates/workflow-aggregate-roles.yaml | 89 ----- .../workflow-controller-cluster-roles.yaml | 146 -------- .../workflow-controller-config-map.yaml | 89 ----- .../templates/workflow-controller-crb.yaml | 44 --- .../workflow-controller-deployment-pdb.yaml | 23 -- .../workflow-controller-deployment.yaml | 94 ----- .../workflow-controller-minio-secret-crb.yaml | 25 -- .../templates/workflow-controller-sa.yaml | 6 - .../workflow-controller-service.yaml | 38 -- .../workflow-controller-servicemonitor.yaml | 33 -- charts/argo/templates/workflow-crd.yaml | 28 -- charts/argo/templates/workflow-rb.yaml | 19 - charts/argo/templates/workflow-role.yaml | 25 -- charts/argo/templates/workflow-sa.yaml | 13 - .../argo/templates/workflow-template-crd.yaml | 18 - charts/argo/values.yaml | 330 ------------------ 37 files changed, 1686 deletions(-) delete mode 100644 charts/argo/.helmignore delete mode 100644 charts/argo/Chart.lock delete mode 100644 charts/argo/Chart.yaml delete mode 100644 charts/argo/README.md delete mode 100644 charts/argo/crds/cluster-workflow-template-crd.yaml delete mode 100644 charts/argo/crds/cron-workflow-crd.yaml delete mode 100644 charts/argo/crds/workflow-crd.yaml delete mode 100644 charts/argo/crds/workflow-eventbinding-crd.yaml delete mode 100644 charts/argo/crds/workflow-template-crd.yaml delete mode 100644 charts/argo/templates/NOTES.txt delete mode 100644 charts/argo/templates/_helpers.tpl delete mode 100644 charts/argo/templates/cluster-workflow-template-crd.yaml delete mode 100644 charts/argo/templates/cron-workflow-crd.yaml delete mode 100644 charts/argo/templates/server-cluster-roles.yaml delete mode 100644 charts/argo/templates/server-crb.yaml delete mode 100644 charts/argo/templates/server-deployment-pdb.yaml delete mode 100644 charts/argo/templates/server-deployment.yaml delete mode 100644 charts/argo/templates/server-ingress.yaml delete mode 100644 charts/argo/templates/server-sa.yaml delete mode 100644 charts/argo/templates/server-service.yaml delete mode 100644 charts/argo/templates/worfkflow-controller-secrets-access.yaml delete mode 100644 charts/argo/templates/workflow-aggregate-roles.yaml delete mode 100644 charts/argo/templates/workflow-controller-cluster-roles.yaml delete mode 100644 charts/argo/templates/workflow-controller-config-map.yaml delete mode 100644 charts/argo/templates/workflow-controller-crb.yaml delete mode 100644 charts/argo/templates/workflow-controller-deployment-pdb.yaml delete mode 100755 charts/argo/templates/workflow-controller-deployment.yaml delete mode 100644 charts/argo/templates/workflow-controller-minio-secret-crb.yaml delete mode 100644 charts/argo/templates/workflow-controller-sa.yaml delete mode 100644 charts/argo/templates/workflow-controller-service.yaml delete mode 100644 charts/argo/templates/workflow-controller-servicemonitor.yaml delete mode 100644 charts/argo/templates/workflow-crd.yaml delete mode 100644 charts/argo/templates/workflow-rb.yaml delete mode 100644 charts/argo/templates/workflow-role.yaml delete mode 100644 charts/argo/templates/workflow-sa.yaml delete mode 100644 charts/argo/templates/workflow-template-crd.yaml delete mode 100644 charts/argo/values.yaml diff --git a/charts/argo/.helmignore b/charts/argo/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/charts/argo/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/argo/Chart.lock b/charts/argo/Chart.lock deleted file mode 100644 index 4b57ae05..00000000 --- a/charts/argo/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: minio - repository: https://helm.min.io/ - version: 8.0.9 -digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260 -generated: "2021-01-13T15:31:40.823086-08:00" diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml deleted file mode 100644 index 8e82de87..00000000 --- a/charts/argo/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -appVersion: v2.12.5 -description: A Helm chart for Argo Workflows -name: argo -version: 1.0.0 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -home: https://github.com/argoproj/argo-helm -dependencies: -- name: minio - version: 8.0.9 - repository: https://helm.min.io/ - condition: minio.install -deprecated: true diff --git a/charts/argo/README.md b/charts/argo/README.md deleted file mode 100644 index 024f0077..00000000 --- a/charts/argo/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Argo Workflows Chart - -> ⚠ DEPRECATION WARNING: this chart is for v2 of Argo Workflows. For v3, a new chart is available at - -This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). - -If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. - -## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. - -A few options are: -- Setup the CRD yourself manually and use `--set installCRD=false` when installing the helm chart. Find the CRDs in the [argo codebase](https://github.com/argoproj/argo-workflows/tree/master/manifests/base/crds/full) -- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - -## Usage Notes: -This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. - -## Values - -The `values.yaml` contains items used to tweak a deployment of this chart. -Fields to note: -* `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute -* `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name -* `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor -* `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran -* `minio.install`: If this is true, we'll install [minio](https://github.com/kubernetes/charts/tree/master/stable/minio) and build out the artifactRepository section in workflow controller config map. -* `artifactRepository.s3.accessKeySecret` and `artifactRepository.s3.secretKeySecret` These by default link to minio default credentials stored in the secret deployed by the minio chart. diff --git a/charts/argo/crds/cluster-workflow-template-crd.yaml b/charts/argo/crds/cluster-workflow-template-crd.yaml deleted file mode 100644 index a189f17c..00000000 --- a/charts/argo/crds/cluster-workflow-template-crd.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Cluster - names: - kind: ClusterWorkflowTemplate - listKind: ClusterWorkflowTemplateList - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft - singular: clusterworkflowtemplate - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/cron-workflow-crd.yaml b/charts/argo/crds/cron-workflow-crd.yaml deleted file mode 100644 index abd50b30..00000000 --- a/charts/argo/crds/cron-workflow-crd.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - listKind: CronWorkflowList - plural: cronworkflows - shortNames: - - cwf - - cronwf - singular: cronworkflow - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-crd.yaml b/charts/argo/crds/workflow-crd.yaml deleted file mode 100644 index 24f6abc2..00000000 --- a/charts/argo/crds/workflow-crd.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - listKind: WorkflowList - plural: workflows - shortNames: - - wf - singular: workflow - scope: Namespaced - subresources: {} - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-eventbinding-crd.yaml b/charts/argo/crds/workflow-eventbinding-crd.yaml deleted file mode 100644 index a58de8e7..00000000 --- a/charts/argo/crds/workflow-eventbinding-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workfloweventbindings.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings - shortNames: - - wfeb - singular: workfloweventbinding - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-template-crd.yaml b/charts/argo/crds/workflow-template-crd.yaml deleted file mode 100644 index 0be13451..00000000 --- a/charts/argo/crds/workflow-template-crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - listKind: WorkflowTemplateList - plural: workflowtemplates - shortNames: - - wftmpl - singular: workflowtemplate - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/templates/NOTES.txt b/charts/argo/templates/NOTES.txt deleted file mode 100644 index 7b4c02f0..00000000 --- a/charts/argo/templates/NOTES.txt +++ /dev/null @@ -1,16 +0,0 @@ -1. Get Argo Server external IP/domain by running: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }} - -2. Submit the hello-world workflow by running: - -argo submit https://raw.githubusercontent.com/argoproj/argo/master/examples/hello-world.yaml --watch - -{{ if .Values.minio.install }} - -3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following -command: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio - -{{ end }} diff --git a/charts/argo/templates/_helpers.tpl b/charts/argo/templates/_helpers.tpl deleted file mode 100644 index f0d83d2e..00000000 --- a/charts/argo/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/argo/templates/cluster-workflow-template-crd.yaml b/charts/argo/templates/cluster-workflow-template-crd.yaml deleted file mode 100644 index be688da3..00000000 --- a/charts/argo/templates/cluster-workflow-template-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Cluster - names: - kind: ClusterWorkflowTemplate - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft -{{- end }} diff --git a/charts/argo/templates/cron-workflow-crd.yaml b/charts/argo/templates/cron-workflow-crd.yaml deleted file mode 100644 index 923abdf2..00000000 --- a/charts/argo/templates/cron-workflow-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - plural: cronworkflows - shortNames: - - cronwf - - cwf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/server-cluster-roles.yaml b/charts/argo/templates/server-cluster-roles.yaml deleted file mode 100644 index b6d47c09..00000000 --- a/charts/argo/templates/server-cluster-roles.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - events - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - verbs: - - get - - list - - watch - - delete -{{- if .Values.server.sso }} -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - sso - verbs: - - get - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create -{{- end}} -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - {{- end }} -{{- end }} -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} - {{- with .Values.server.sso.rbac.secretWhitelist }} - resourceNames: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} -- apiGroups: - - "" - resources: - - events - verbs: - - watch - - create - - patch -{{- if .Values.controller.persistence }} -- apiGroups: - - "" - resources: - - secrets - resourceNames: - {{- with .Values.controller.persistence.postgresql }} - - {{ .userNameSecret.name }} - - {{ .passwordSecret.name }} - {{- end}} - {{- with .Values.controller.persistence.mysql }} - - {{ .userNameSecret.name }} - - {{ .passwordSecret.name }} - {{- end}} - verbs: - - get -{{- end}} -- apiGroups: - - argoproj.io - resources: - - workflows - - workfloweventbindings - - workflowtemplates - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - verbs: - - create - - get - - list - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template -rules: -- apiGroups: - - argoproj.io - resources: - - clusterworkflowtemplates - verbs: - - get - - list - - watch - {{- if .Values.server.clusterWorkflowTemplates.enableEditing }} - - create - - update - - patch - - delete - {{- end }} -{{- end }} diff --git a/charts/argo/templates/server-crb.yaml b/charts/argo/templates/server-crb.yaml deleted file mode 100644 index ad4cfeda..00000000 --- a/charts/argo/templates/server-crb.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: RoleBinding -{{ else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - {{ else }} - kind: ClusterRole - {{- end }} - name: {{ .Release.Name }}-{{ .Values.server.name}} -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/argo/templates/server-deployment-pdb.yaml b/charts/argo/templates/server-deployment-pdb.yaml deleted file mode 100644 index 31f1d4f8..00000000 --- a/charts/argo/templates/server-deployment-pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.pdb.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - {{- if .Values.server.pdb.minAvailable }} - minAvailable: {{ .Values.server.pdb.minAvailable }} - {{- else if .Values.server.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml deleted file mode 100644 index 832fd37d..00000000 --- a/charts/argo/templates/server-deployment.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.server.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - {{- if .Values.server.podLabels }} - {{- toYaml .Values.server.podLabels | nindent 8 }} - {{- end }} - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.server.serviceAccount | quote }} - {{- if .Values.server.podSecurityContext }} - securityContext: - {{- toYaml .Values.server.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: argo-server - args: - - server - - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap - {{- if .Values.server.extraArgs }} - {{- toYaml .Values.server.extraArgs | nindent 10 }} - {{- end }} - {{- if .Values.server.secure }} - - "--secure" - {{- end }} - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - {{- if .Values.server.podPortName }} - ports: - - name: {{ .Values.server.podPortName }} - containerPort: 2746 - {{- end }} - readinessProbe: - httpGet: - path: / - port: 2746 - {{- if .Values.server.secure }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 10 - periodSeconds: 20 - env: - - name: IN_CLUSTER - value: "true" - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: BASE_HREF - value: {{ .Values.server.baseHref | quote }} - resources: - {{- toYaml .Values.server.resources | nindent 12 }} - volumeMounts: - - name: tmp - mountPath: /tmp - {{- with .Values.server.volumeMounts }} - {{- toYaml . | nindent 10}} - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: tmp - emptyDir: {} - {{- with .Values.server.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - {{- with .Values.server.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} -{{- end -}} diff --git a/charts/argo/templates/server-ingress.yaml b/charts/argo/templates/server-ingress.yaml deleted file mode 100644 index 6eab3f50..00000000 --- a/charts/argo/templates/server-ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.ingress.enabled -}} -{{- $serviceName := printf "%s-%s" .Release.Name .Values.server.name -}} -{{- $servicePort := .Values.server.servicePort -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- range $key, $value := .Values.server.ingress.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $.Values.server.ingress.paths }} - {{- range $.Values.server.ingress.paths }} - - backend: - serviceName: {{ .serviceName }} - servicePort: {{ .servicePort }} - {{- end }} - {{- end }} - - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.server.ingress.tls }} - tls: -{{ toYaml .Values.server.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-sa.yaml b/charts/argo/templates/server-sa.yaml deleted file mode 100644 index 5b419a65..00000000 --- a/charts/argo/templates/server-sa.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.server.serviceAccount }} - annotations: -{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }} -{{- end -}} diff --git a/charts/argo/templates/server-service.yaml b/charts/argo/templates/server-service.yaml deleted file mode 100644 index ba4d74f6..00000000 --- a/charts/argo/templates/server-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.server.serviceLabels }} - {{- toYaml .Values.server.serviceLabels | nindent 4 }} - {{- end }} - {{- if .Values.server.serviceAnnotations }} - annotations: -{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - - port: {{ .Values.server.servicePort }} - {{- if .Values.server.servicePortName }} - name: {{ .Values.server.servicePortName }} - {{- end }} - targetPort: 2746 - selector: - app: {{ .Release.Name }}-{{ .Values.server.name }} - sessionAffinity: None - type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} - {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/worfkflow-controller-secrets-access.yaml b/charts/argo/templates/worfkflow-controller-secrets-access.yaml deleted file mode 100644 index f0d48519..00000000 --- a/charts/argo/templates/worfkflow-controller-secrets-access.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -rules: -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - - {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - verbs: - - get - - watch - - list -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo/templates/workflow-aggregate-roles.yaml deleted file mode 100644 index b89e7b13..00000000 --- a/charts/argo/templates/workflow-aggregate-roles.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{- if .Values.createAggregateRoles }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -{{- end }} diff --git a/charts/argo/templates/workflow-controller-cluster-roles.yaml b/charts/argo/templates/workflow-controller-cluster-roles.yaml deleted file mode 100644 index 4d596b1c..00000000 --- a/charts/argo/templates/workflow-controller-cluster-roles.yaml +++ /dev/null @@ -1,146 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete - - create -- apiGroups: - - argoproj.io - resources: - - workflowtemplates - - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - cronworkflows - - cronworkflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list -- apiGroups: - - "policy" - resources: - - poddisruptionbudgets - verbs: - - create - - get - - delete -{{- if .Values.controller.persistence }} -- apiGroups: - - "" - resources: - - secrets - resourceNames: - {{- if .Values.controller.persistence.postgresql }} - - {{ .Values.controller.persistence.postgresql.userNameSecret.name }} - - {{ .Values.controller.persistence.postgresql.passwordSecret.name }} - {{- end}} - {{- if .Values.controller.persistence.mysql }} - - {{ .Values.controller.persistence.mysql.userNameSecret.name }} - - {{ .Values.controller.persistence.mysql.passwordSecret.name }} - {{- end}} - verbs: - - get -{{- end}} -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - workflow-controller - - workflow-controller-lease - verbs: - - get - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template -rules: -- apiGroups: - - argoproj.io - resources: - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - get - - list - - watch diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml deleted file mode 100644 index 26fe2cd8..00000000 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - config: | - {{- if .Values.controller.instanceID.enabled }} - {{- if .Values.controller.instanceID.useReleaseName }} - instanceID: {{ .Release.Name }} - {{- else }} - instanceID: {{ .Values.controller.instanceID.explicitID }} - {{- end }} - {{- end }} - containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} - {{- if .Values.controller.parallelism }} - parallelism: {{ .Values.controller.parallelism }} - {{- end }} - {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} - executor: - {{- with .Values.executor.resources }} - resources: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.executor.env }} - env: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.executor.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} - artifactRepository: - {{- if .Values.artifactRepository.archiveLogs }} - archiveLogs: {{ .Values.artifactRepository.archiveLogs }} - {{- end }} - {{- if .Values.artifactRepository.gcs }} - gcs: -{{ toYaml .Values.artifactRepository.gcs | indent 8}} - {{- else }} - s3: - {{- if .Values.useStaticCredentials }} - accessKeySecret: - key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} - secretKeySecret: - key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} - {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }} - endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }} - insecure: {{ .Values.artifactRepository.s3.insecure }} - {{- if .Values.artifactRepository.s3.keyFormat }} - keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} - {{- end }} - {{- if .Values.artifactRepository.s3.region }} - region: {{ .Values.artifactRepository.s3.region }} - {{- end }} - {{- if .Values.artifactRepository.s3.roleARN }} - roleARN: {{ .Values.artifactRepository.s3.roleARN }} - {{- end }} - {{- if .Values.artifactRepository.s3.useSDKCreds }} - useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }} - {{- end }} - {{- end }} - {{- end}} - {{- if .Values.controller.metricsConfig.enabled }} - metricsConfig: -{{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - telemetryConfig: -{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }} - {{- if .Values.controller.persistence }} - persistence: -{{ toYaml .Values.controller.persistence | indent 6 }}{{- end }} - {{- if .Values.controller.workflowDefaults }} - workflowDefaults: -{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} - {{- with .Values.server.sso }} - sso: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.controller.workflowRestrictions }} - workflowRestrictions: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.controller.links }} - links: {{- toYaml . | nindent 6 }} - {{- end }} diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo/templates/workflow-controller-crb.yaml deleted file mode 100644 index 66cca4d0..00000000 --- a/charts/argo/templates/workflow-controller-crb.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: RoleBinding -{{ else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - {{ else }} - kind: ClusterRole - {{- end }} - name: {{ .Release.Name }}-{{ .Values.controller.name }} -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} -{{- $namespace := .Release.Namespace }} -{{- range $key := .Values.controller.workflowNamespaces }} - {{- if not (eq $key $namespace) }} - - kind: ServiceAccount - name: {{ $uiServiceAccount }} - namespace: {{ $key }} - {{- end }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} diff --git a/charts/argo/templates/workflow-controller-deployment-pdb.yaml b/charts/argo/templates/workflow-controller-deployment-pdb.yaml deleted file mode 100644 index a7352a04..00000000 --- a/charts/argo/templates/workflow-controller-deployment-pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.controller.pdb.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - {{- if .Values.controller.pdb.minAvailable }} - minAvailable: {{ .Values.controller.pdb.minAvailable }} - {{- else if .Values.controller.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml deleted file mode 100755 index 9ad509d0..00000000 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} - {{ toYaml .Values.controller.podLabels | nindent 8}} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.controller.serviceAccount | quote }} - {{- if .Values.controller.podSecurityContext }} - securityContext: - {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: controller - image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - command: [ "workflow-controller" ] - args: - - "--configmap" - - "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap" - - "--executor-image" - - "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ default .Values.images.tag .Values.executor.image.tag }}" - - "--loglevel" - - "{{ .Values.controller.logging.level }}" - - "--gloglevel" - - "{{ .Values.controller.logging.globallevel }}" - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - {{- with .Values.controller.workflowWorkers }} - - "--workflow-workers" - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.podWorkers }} - - "--pod-workers" - - {{ . | quote }} - {{- end }} - {{- if .Values.controller.extraArgs }} - {{- toYaml .Values.controller.extraArgs | nindent 10 }} - {{- end }} - env: - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- with .Values.controller.extraEnv }} - {{ toYaml . | nindent 10 }} - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.metricsConfig.enabled }} - ports: - - containerPort: 8080 - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} - {{- end }} diff --git a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml b/charts/argo/templates/workflow-controller-minio-secret-crb.yaml deleted file mode 100644 index 722776a4..00000000 --- a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} -{{- $namespace := .Release.Namespace }} -{{- range $key := .Values.controller.workflowNamespaces }} - {{- if not (eq $key $namespace) }} - - kind: ServiceAccount - name: {{ $uiServiceAccount }} - namespace: {{ $key }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-controller-sa.yaml b/charts/argo/templates/workflow-controller-sa.yaml deleted file mode 100644 index 02d274da..00000000 --- a/charts/argo/templates/workflow-controller-sa.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.controller.serviceAccount }} - annotations: -{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }} diff --git a/charts/argo/templates/workflow-controller-service.yaml b/charts/argo/templates/workflow-controller-service.yaml deleted file mode 100644 index 7985a54c..00000000 --- a/charts/argo/templates/workflow-controller-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceLabels }} - {{ toYaml .Values.controller.serviceLabels | nindent 4}} - {{- end }} - {{- if .Values.controller.serviceAnnotations }} - annotations: -{{ toYaml .Values.controller.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - {{- if .Values.controller.metricsConfig.enabled }} - - name: {{ .Values.controller.metricsServicePortName }} - port: {{ .Values.controller.metricsServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.metricsConfig.port }} - {{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - - name: {{ .Values.controller.telemetryServicePortName }} - port: {{ .Values.controller.telemetryServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.telemetryConfig.port }} - {{- end }} - selector: - app: {{ .Release.Name }}-{{ .Values.controller.name }} - sessionAffinity: None - type: {{ .Values.controller.serviceType }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/workflow-controller-servicemonitor.yaml b/charts/argo/templates/workflow-controller-servicemonitor.yaml deleted file mode 100644 index 425fedac..00000000 --- a/charts/argo/templates/workflow-controller-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - endpoints: - {{- if .Values.controller.metricsConfig.enabled }} - - port: metrics - path: {{ .Values.controller.metricsConfig.path }} - interval: 30s - {{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - - port: telemetry - path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/argo/templates/workflow-crd.yaml b/charts/argo/templates/workflow-crd.yaml deleted file mode 100644 index 44a6fa98..00000000 --- a/charts/argo/templates/workflow-crd.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - plural: workflows - shortNames: - - wf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/workflow-rb.yaml b/charts/argo/templates/workflow-rb.yaml deleted file mode 100644 index 17785257..00000000 --- a/charts/argo/templates/workflow-rb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.workflow.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-workflow -{{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-workflow -subjects: -- kind: ServiceAccount - name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} -{{- end }} diff --git a/charts/argo/templates/workflow-role.yaml b/charts/argo/templates/workflow-role.yaml deleted file mode 100644 index 37365f21..00000000 --- a/charts/argo/templates/workflow-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.workflow.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }}-workflow - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch -{{- end }} diff --git a/charts/argo/templates/workflow-sa.yaml b/charts/argo/templates/workflow-sa.yaml deleted file mode 100644 index 45d97cf0..00000000 --- a/charts/argo/templates/workflow-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.workflow.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} - {{- with .Values.workflow.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/argo/templates/workflow-template-crd.yaml b/charts/argo/templates/workflow-template-crd.yaml deleted file mode 100644 index 757fa098..00000000 --- a/charts/argo/templates/workflow-template-crd.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - plural: workflowtemplates - shortNames: - - wftmpl -{{- end }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml deleted file mode 100644 index 31a36041..00000000 --- a/charts/argo/values.yaml +++ /dev/null @@ -1,330 +0,0 @@ -images: - namespace: argoproj - controller: workflow-controller - server: argocli - executor: argoexec - pullPolicy: Always - # Secrets with credentials to pull images from a private registry - pullSecrets: [] - # - name: argo-pull-secret - tag: v2.12.5 - -crdVersion: v1alpha1 -installCRD: true - -init: - # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is - # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. - serviceAccount: "" - -createAggregateRoles: true - -# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, -# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. -singleNamespace: false - -workflow: - namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. - serviceAccount: - create: false # Specifies whether a service account should be created - annotations: {} - name: "argo-workflow" # Service account which is used to run workflows - rbac: - create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows - -controller: - image: - # Overrides .images.tag if defined. - tag: "" - # parallelism dictates how many workflows can be running at the same time - parallelism: - # podAnnotations is an optional map of annotations to be applied to the controller Pods - podAnnotations: {} - # Optional labels to add to the controller pods - podLabels: {} - # SecurityContext to set on the controller pods - podSecurityContext: {} - # podPortName: http - metricsConfig: - enabled: false - path: /metrics - port: 8080 - persistence: {} - # connectionPool: - # maxIdleConns: 100 - # maxOpenConns: 0 - # # save the entire workflow into etcd and DB - # nodeStatusOffLoad: false - # # enable archiving of old workflows - # archive: false - # postgresql: - # host: localhost - # port: 5432 - # database: postgres - # tableName: argo_workflows - # # the database secrets must be in the same namespace of the controller - # userNameSecret: - # name: argo-postgres-config - # key: username - # passwordSecret: - # name: argo-postgres-config - # key: password - workflowDefaults: {} # Only valid for 2.7+ - # spec: - # ttlStrategy: - # secondsAfterCompletion: 84600 - # workflowWorkers: 32 - # podWorkers: 32 - workflowRestrictions: {} # Only valid for 2.9+ - # templateReferencing: Strict|Secure - telemetryConfig: - enabled: false - path: /telemetry - port: 8081 - serviceMonitor: - enabled: false - additionalLabels: {} - serviceAccount: argo - # Service account annotations - serviceAccountAnnotations: {} - name: workflow-controller - workflowNamespaces: - - default - containerRuntimeExecutor: docker - instanceID: - # `instanceID.enabled` configures the controller to filter workflow submissions - # to only those which have a matching instanceID attribute. - enabled: false - # NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName` - # or `instanceID.explicitID` must be defined. - # useReleaseName: true - # explicitID: unique-argo-controller-identifier - logging: - level: info - globallevel: "0" - serviceType: ClusterIP - metricsServicePort: 8080 - metricsServicePortName: metrics - telemetryServicePort: 8081 - telemetryServicePortName: telemetry - # Annotations to be applied to the controller Service - serviceAnnotations: {} - # Optional labels to add to the controller Service - serviceLabels: {} - # Source ranges to allow access to service from. Only applies to - # service type `LoadBalancer` - loadBalancerSourceRanges: [] - resources: {} - # The list of environment variable definitions to be added to the controller - # manages container verbatim. - extraEnv: [] - # Extra arguments to be added to the controller - extraArgs: [] - replicas: 1 - pdb: - enabled: false - # minAvailable: 1 - # maxUnavailable: 1 - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: - kubernetes.io/os: linux - tolerations: [] - affinity: {} - # Leverage a PriorityClass to ensure your pods survive resource shortages - # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - # PriorityClass: system-cluster-critical - priorityClassName: "" - # https://argoproj.github.io/argo-workflows/links/ - links: [] - -# executor controls how the init and wait container should be customized -executor: - image: - # Overrides .images.tag if defined. - tag: "" - resources: {} - # Adds environment variables for the executor. - env: {} - # sets security context for the executor container - securityContext: {} - -server: - enabled: true - # only updates base url of resources on client side, - # it's expected that a proxy server rewrites the request URL and gets rid of this prefix - # https://github.com/argoproj/argo/issues/716#issuecomment-433213190 - baseHref: / - image: - # Overrides .images.tag if defined. - tag: "" - # optional map of annotations to be applied to the ui Pods - podAnnotations: {} - # Optional labels to add to the UI pods - podLabels: {} - # SecurityContext to set on the server pods - podSecurityContext: {} - name: server - serviceType: ClusterIP - servicePort: 2746 - # servicePortName: http - serviceAccount: argo-server - # Whether to create the service account with the name specified in - # server.serviceAccount and bind it to the server role. - createServiceAccount: true - # Service account annotations - serviceAccountAnnotations: {} - # Annotations to be applied to the UI Service - serviceAnnotations: {} - # Optional labels to add to the UI Service - serviceLabels: {} - # Static IP address to assign to loadBalancer - # service type `LoadBalancer` - loadBalancerIP: "" - # Source ranges to allow access to service from. Only applies to - # service type `LoadBalancer` - loadBalancerSourceRanges: [] - resources: {} - replicas: 1 - pdb: - enabled: false - # minAvailable: 1 - # maxUnavailable: 1 - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: - kubernetes.io/os: linux - tolerations: [] - affinity: {} - # Leverage a PriorityClass to ensure your pods survive resource shortages - # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - # PriorityClass: system-cluster-critical - priorityClassName: "" - - # Run the argo server in "secure" mode. Configure this value instead of - # "--secure" in extraArgs. See the following documentation for more details - # on secure mode: - # https://argoproj.github.io/argo-workflows/tls/#encrypted - secure: false - - # Extra arguments to provide to the Argo server binary. - extraArgs: [] - - ## Additional volumes to the server main container. - volumeMounts: [] - volumes: [] - - ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - enabled: false - - ## Annotations to be added to the web ingress. - ## - # annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - ## Labels to be added to the web ingress. - ## - # labels: - # use-cloudflare-solver: "true" - - ## Hostnames. - ## Must be provided if Ingress is enabled. - ## - # hosts: - # - argo.domain.com - - ## Additional Paths for each host - # paths: - # - serviceName: "ssl-redirect" - # servicePort: "use-annotation" - - ## TLS configuration. - ## Secrets must be manually created in the namespace. - ## - # tls: - # - secretName: argo-ui-tls - # hosts: - # - argo.domain.com - clusterWorkflowTemplates: - # Give the server permissions to edit ClusterWorkflowTemplates. - enableEditing: true - sso: - ## SSO configuration when SSO is specified as a server auth mode. - ## All the values are required. SSO is activated by adding --auth-mode=sso - ## to the server command line. - # - ## The root URL of the OIDC identity provider. - # issuer: https://accounts.google.com - ## Name of a secret and a key in it to retrieve the app OIDC client ID from. - # clientId: - # name: argo-server-sso - # key: client-id - ## Name of a secret and a key in it to retrieve the app OIDC client secret from. - # clientSecret: - # name: argo-server-sso - # key: client-secret - ## The OIDC redirect URL. Should be in the form /oauth2/callback. - # redirectUrl: https://argo/oauth2/callback - # rbac: - # enabled: true - ## When present, restricts secrets the server can read to a given list. - ## You can use it to restrict the server to only be able to access the - ## service account token secrets that are associated with service accounts - ## used for authorization. - # secretWhitelist: [] - ## Scopes requested from the SSO ID provider. The 'groups' scope requests - ## group membership information, which is usually used for authorization - ## decisions. - # scopes: - # - groups - -# Influences the creation of the ConfigMap for the workflow-controller itself. -useDefaultArtifactRepo: false -useStaticCredentials: true -artifactRepository: - # archiveLogs will archive the main container logs as an artifact - archiveLogs: false - s3: - # Note the `key` attribute is not the actual secret, it's the PATH to - # the contents in the associated secret, as defined by the `name` attribute. - accessKeySecret: - # name: -minio (default) - key: accesskey - secretKeySecret: - # name: -minio - key: secretkey - insecure: true - # bucket: - # endpoint: - # region: - # roleARN: - # useSDKCreds: true - # gcs: - # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey - - -# NOTE: These are setting attributes for the `minio` optional dependency -minio: - # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map - install: false - defaultBucket: - enabled: true - name: argo-artifacts From 083c46cf009e0e62fca5a6b80fe0c1526a6afe9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Czeraszkiewicz?= Date: Fri, 21 May 2021 18:43:24 +0200 Subject: [PATCH 36/47] feat(argo-cd): add support for envFrom (#743) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add support for envFrom Signed-off-by: Michał Czeraszkiewicz * config: bump chart version Signed-off-by: Michał Czeraszkiewicz * Apply suggestions from code review Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- .../deployment.yaml | 3 ++ .../argocd-repo-server/deployment.yaml | 3 ++ .../templates/argocd-server/deployment.yaml | 3 ++ charts/argo-cd/templates/dex/deployment.yaml | 3 ++ .../argo-cd/templates/redis/deployment.yaml | 3 ++ charts/argo-cd/values.yaml | 39 +++++++++++++++++++ 7 files changed, 55 insertions(+), 1 deletion(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1a9ea518..502cad37 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.4.1 +version: 3.5.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 524f302e..7902be76 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -70,6 +70,9 @@ spec: {{- if .Values.controller.env }} env: {{- toYaml .Values.controller.env | nindent 8 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: controller diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 7350db37..b0458fad 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -67,6 +67,9 @@ spec: value: argocd {{- end }} {{- end }} + {{- with .Values.openshift.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} + {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} {{- toYaml .Values.repoServer.volumeMounts | nindent 8}} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 2ee5b7e3..44b89c0e 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -67,6 +67,9 @@ spec: {{- if .Values.server.env }} env: {{- toYaml .Values.server.env | nindent 8 }} + {{- end }} + {{- with .Values.server.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: {{- if .Values.server.volumeMounts }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 45a2e09e..557140ce 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -62,6 +62,9 @@ spec: {{- if .Values.dex.env }} env: {{- toYaml .Values.dex.env | nindent 8 }} + {{- end }} + {{- with .Values.dex.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: http diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index f3dd7f05..a6f0c46a 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -52,6 +52,9 @@ spec: {{- if .Values.redis.env }} env: {{- toYaml .Values.redis.env | nindent 8 }} + {{- end }} + {{- with .Values.redis.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - containerPort: {{ .Values.redis.containerPort }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 066857e5..d5ca989d 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -61,6 +61,14 @@ controller: # - name: "ARGOCD_CONTROLLER_REPLICAS" # value: "" + ## envFrom to pass to argocd-controller + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to controller pods ## podAnnotations: {} @@ -219,6 +227,13 @@ dex: ## env: [] + ## envFrom to pass to the Dex server + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Dex server pods ## podAnnotations: {} @@ -301,6 +316,14 @@ redis: ## env: [] + ## envFrom to pass to the Redis server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Redis server pods ## podAnnotations: {} @@ -391,6 +414,14 @@ server: ## env: [] + ## envFrom to pass to argocd-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container ## lifecycle: {} @@ -762,6 +793,14 @@ repoServer: ## env: [] + ## envFrom to pass to argocd-repo-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Argo repoServer log format: text|json logFormat: text ## Argo repoServer log level From 4cb8e058ac101f6d2883e16779ad87c8a9f38c1d Mon Sep 17 00:00:00 2001 From: Abhinav Khanna Date: Fri, 21 May 2021 11:50:05 -0500 Subject: [PATCH 37/47] fix(argo-workflows): fixes server sa annotations and ingress (#747) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(argo-workflows): fixed server sa annotations Signed-off-by: abhinav.khanna * fix(argo-workflows): fixed ingress Signed-off-by: abhinav.khanna * chore(argo-workflows): version bump Signed-off-by: abhinav.khanna Co-authored-by: Oliver Bähler --- charts/argo-workflows/Chart.yaml | 2 +- .../templates/server/server-ingress.yaml | 10 +++++----- charts/argo-workflows/templates/server/server-sa.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index fd576f3c..13b1ea78 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.1 +version: 0.1.2 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index fe67c0a3..f0488031 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -19,7 +19,7 @@ metadata: {{- toYaml .Values.server.ingress.labels | nindent 4 }} {{- end }} spec: - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} @@ -35,11 +35,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: @@ -62,11 +62,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} pathType: Prefix {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index 10e03d0e..adcf7b48 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -5,6 +5,6 @@ metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} {{- with .Values.server.serviceAccount.annotations }} annotations: - {{- toYaml . | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end -}} From 9af9403ed42356430fb3a5fd490d0c31b0657aa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Fri, 21 May 2021 18:55:23 +0200 Subject: [PATCH 38/47] feat: pr size labeling (#749) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- .github/workflows/pr-sizing.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/pr-sizing.yml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml new file mode 100644 index 00000000..d1ba98ee --- /dev/null +++ b/.github/workflows/pr-sizing.yml @@ -0,0 +1,14 @@ +## Reference: https://github.com/pascalgn/size-label-action +--- +name: 'PR Size' +on: + pull_request_target: + types: [opened, synchronize, reopened] +jobs: + size-label: + runs-on: ubuntu-latest + steps: + - name: size-label + uses: "pascalgn/size-label-action@v0.4.2" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file From eb659b10c3b7df8697db2073ede9efe40c7d9181 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Sun, 23 May 2021 14:25:26 +0200 Subject: [PATCH 39/47] fix(argo-cd): Add option to override kubeVersion (#704) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Add global kubeCapabilities Signed-off-by: Oliver Bähler * chore: change var global.kubeCapabilities > kubeVersionOverride Signed-off-by: Marco Kilchhofer * docs: add missing variable in README Signed-off-by: Marco Kilchhofer * fix: Bump version in README again Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 17 +++++++++++++++++ charts/argo-cd/templates/_helpers.tpl | 11 +++++++++-- charts/argo-cd/values.yaml | 1 + 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 502cad37..876a3ffa 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.5.0 +version: 3.6.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3c7a8be7..e05717b1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -34,6 +34,21 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop ## Upgrading +### 3.2.* + +With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**, +especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). + +If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: + +```yaml +kubeVersionOverride: "1.18.0" +``` + +Then you should no longer encounter this issue. + + ### 3.0.0 and above Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. @@ -98,7 +113,9 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | +| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | +| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | | installCRDs | Install CRDs if you are using Helm2. | `true` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 79723e71..65081951 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -144,15 +144,22 @@ app.kubernetes.io/component: {{ .component }} Return the appropriate apiVersion for ingress */}} {{- define "argo-cd.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-cd.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} + {{/* Argo Configuration Preset Values (Incluenced by Values configuration) */}} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d5ca989d..938f258d 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3,6 +3,7 @@ ## nameOverride: argocd fullnameOverride: "" +kubeVersionOverride: "" # Optional CRD installation for those without Helm hooks installCRDs: true From 10bf57b893a86cd9efbcfd45f283ec0317fef78b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Czeraszkiewicz?= Date: Mon, 24 May 2021 21:20:33 +0200 Subject: [PATCH 40/47] fix(argo-cd): envFrom in repoServer (#751) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: envFrom for repoServer Signed-off-by: Michał Czeraszkiewicz * config: bump chart version Signed-off-by: Michał Czeraszkiewicz * docs: add envFrom documentation Signed-off-by: Michał Czeraszkiewicz * docs: improve documentation for envFrom Signed-off-by: Michał Czeraszkiewicz * Apply suggestions from code review Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 5 +++++ charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 876a3ffa..bbe33978 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.0 +version: 3.6.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index e05717b1..1c5f8c17 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -147,6 +147,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | | controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` | | controller.env | Environment variables for the controller. | `[]` | +| controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) | | controller.image.repository | Repository to use for the controller | `global.image.repository` | | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | | controller.image.tag | Tag to use for the controller | `global.image.tag` | @@ -198,6 +199,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | repoServer.containerPort | Repo server port | `8081` | | repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | | repoServer.env | Environment variables for the repo server. | `[]` | +| repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) | | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -258,6 +260,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.containerPort | Server container port. | `8080` | | server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | | server.env | Environment variables for the server. | `[]` | +| server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) | | server.image.repository | Repository to use for the server | `global.image.repository` | | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | | server.image.tag | Tag to use for the server | `global.image.tag` | @@ -343,6 +346,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | | dex.name | Dex name | `"dex-server"` | | dex.env | Environment variables for the Dex server. | `[]` | +| dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) | | dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | dex.podAnnotations | Annotations for the Dex server pods | `{}` | | dex.podLabels | Labels for the Dex server pods | `{}` | @@ -376,6 +380,7 @@ through `xxx.extraArgs` | redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` | | redis.name | Redis name | `"redis"` | | redis.env | Environment variables for the Redis server. | `[]` | +| redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) | | redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | redis.podAnnotations | Annotations for the Redis server pods | `{}` | | redis.podLabels | Labels for the Redis server pods | `{}` | diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index b0458fad..bd924d4b 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -67,7 +67,7 @@ spec: value: argocd {{- end }} {{- end }} - {{- with .Values.openshift.envFrom }} + {{- with .Values.repoServer.envFrom }} envFrom: {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: From 162e10b6d5a10b296d84dc95290cb8abf6865da3 Mon Sep 17 00:00:00 2001 From: cskh Date: Mon, 24 May 2021 17:33:58 -0400 Subject: [PATCH 41/47] feat(argo-rollouts): add labels to crd to identify the rollout crds (#738) - update chart version to 0.5.4 Signed-off-by: Hui Kang --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/README.md | 2 +- charts/argo-rollouts/templates/crds/analysis-run-crd.yaml | 3 +++ charts/argo-rollouts/templates/crds/analysis-template-crd.yaml | 3 +++ .../templates/crds/cluster-analysis-template-crd.yaml | 3 +++ charts/argo-rollouts/templates/crds/experiment-crd.yaml | 3 +++ charts/argo-rollouts/templates/crds/rollout-crd.yaml | 3 +++ 7 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 63a1fd07..8005b1e9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.3 +version: 0.5.4 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 6d2bef84..91d7b9ad 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -2,7 +2,7 @@ Argo Rollouts Chart ============= A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. -Current chart version is `0.5.0` +Current chart version is `0.5.4` Source code can be found [here](https://github.com/argoproj/argo-rollouts) diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index b70b6f0b..bd717905 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -7,6 +7,9 @@ metadata: {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysisruns.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 4712ae2d..b1484066 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -7,6 +7,9 @@ metadata: {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysistemplates.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 72832f03..0dbc04aa 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -7,6 +7,9 @@ metadata: {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: clusteranalysistemplates.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 1fa5b261..b78f5cb4 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -7,6 +7,9 @@ metadata: {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: experiments.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 888ca599..772a1a59 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -7,6 +7,9 @@ metadata: {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: rollouts.argoproj.io spec: group: argoproj.io From 7a06415d83bd4c81b8477be6d1407f587a9c9b9b Mon Sep 17 00:00:00 2001 From: g-linville <53102776+g-linville@users.noreply.github.com> Date: Tue, 25 May 2021 02:06:31 -0400 Subject: [PATCH 42/47] feat(argo-workflows): add value to avoid creating RBAC related to ClusterWorkflowTemplates (#657) * Argo Workflows: avoid creating ClusterRoles and CRBs if singleNamespace is true Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * Argo Workflows: bumped chart version Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * Argo: remove clusterworkflowtemplates from WorkflowController role Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * feat(argo-workflows): add value to disable creation of RBAC relating to ClusterWorkflowTemplates Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * Bumped chart version Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 2 +- .../controller/workflow-controller-cluster-roles.yaml | 5 +++-- .../templates/controller/workflow-controller-crb.yaml | 3 +++ .../templates/server/server-cluster-roles.yaml | 3 +++ charts/argo-workflows/templates/server/server-crb.yaml | 3 +++ charts/argo-workflows/values.yaml | 5 +++++ 6 files changed, 18 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 13b1ea78..2bdcf2aa 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.2 +version: 0.1.3 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index de5e88a3..756e1f0f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -55,8 +55,6 @@ rules: resources: - workflowtemplates - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers verbs: - get - list @@ -131,6 +129,8 @@ rules: - update - patch - delete + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -146,3 +146,4 @@ rules: - get - list - watch +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 6879d282..1235e325 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -31,6 +31,8 @@ subjects: {{- end }} {{- end }} {{- end }} + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -46,3 +48,4 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 5901bbd1..6403bf96 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -111,6 +111,8 @@ rules: - update - patch - delete + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -134,3 +136,4 @@ rules: - delete {{- end }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index fd9450d5..16d55902 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -21,6 +21,8 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} namespace: {{ .Release.Namespace }} + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -37,3 +39,4 @@ subjects: name: {{ template "argo-workflows.serverServiceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 375c5eb1..d2899516 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -143,6 +143,9 @@ controller: priorityClassName: "" # https://argoproj.github.io/argo-workflows/links/ links: [] + clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. + enabled: true # executor controls how the init and wait container should be customized executor: @@ -262,6 +265,8 @@ server: https: false clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. + enabled: true # Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true sso: From cae5f1d8112a8df5bb467b0a6063c9fa977292cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Lemos?= Date: Wed, 26 May 2021 10:44:21 +0100 Subject: [PATCH 43/47] fix(argo-rollouts): Removed duplicated resources declaration (#757) Signed-off-by: flavio.lemos --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/templates/argo-rollouts-deployment.yaml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 8005b1e9..d7fd46ac 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.4 +version: 0.5.5 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index 1c4342bf..87c84929 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -37,8 +37,6 @@ spec: {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: {{ .Values.controller.name }} - resources: -{{- toYaml .Values.controller.resources | nindent 10 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} resources: From 44c15c834e885f5db23b655f18df8aae9f54010f Mon Sep 17 00:00:00 2001 From: Tadayuki Onishi Date: Wed, 26 May 2021 19:00:10 +0900 Subject: [PATCH 44/47] fix(argo-workflows): fix server.podAnnotations template (#758) Signed-off-by: kenchan0130 --- charts/argo-workflows/Chart.yaml | 2 +- charts/argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 2bdcf2aa..a9bf7b20 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.3 +version: 0.1.4 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 9d1696dd..3a97a7fb 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -21,7 +21,7 @@ spec: {{- end }} {{- with .Values.server.podAnnotations }} annotations: - {{- toYaml .Values.server.podAnnotations | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} spec: serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }} From f6069848f53cddb33f5be6e04b1eaebe824a3a5f Mon Sep 17 00:00:00 2001 From: Atze de Vries Date: Wed, 26 May 2021 12:35:19 +0200 Subject: [PATCH 45/47] fix(argo-cd): Fix duplicate secret name (#755) Signed-off-by: Atze de Vries --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-server/certificate.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bbe33978..3dfdf5ed 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.1 +version: 3.6.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 7212922c..edaea3b5 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -23,5 +23,5 @@ spec: issuerRef: kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-secret + secretName: argocd-tls-certificate {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 938f258d..bdcfe854 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -561,7 +561,7 @@ server: # servicePort: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false @@ -590,7 +590,7 @@ server: # servicePort: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false From 6acfdc62ef05211a3dec32d24ebbafe21079ac3a Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Wed, 26 May 2021 16:13:14 -0500 Subject: [PATCH 46/47] feat(argo-events): add support for resource requests/limits (#761) * feat(argo-events): add support for resource requests/limits Signed-off-by: Chris St. Pierre * Fix `resources` scope Signed-off-by: Chris St. Pierre * Apply suggestions from code review Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 2 +- .../argo-events/templates/eventbus-controller-deployment.yaml | 1 + .../templates/eventsource-controller-deployment.yaml | 1 + charts/argo-events/templates/sensor-controller-deployment.yaml | 1 + charts/argo-events/values.yaml | 3 +++ 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index b0770954..c8463ad9 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.2 +version: 1.4.3 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml index e3631828..45d54c88 100644 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml @@ -55,6 +55,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} {{- with .Values.eventbusController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml index a6522da6..18fdcb87 100644 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml @@ -53,6 +53,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} {{- with .Values.eventsourceController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml index e6a1c104..8eb73185 100644 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ b/charts/argo-events/templates/sensor-controller-deployment.yaml @@ -53,6 +53,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} {{- with .Values.sensorController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index a54ec010..518cec4c 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -54,6 +54,7 @@ sensorController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventsourceController: name: eventsource-controller @@ -67,6 +68,7 @@ eventsourceController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventbusController: name: eventbus-controller @@ -79,6 +81,7 @@ eventbusController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} natsStreamingImage: nats-streaming:0.17.0 natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2 From be7c6c572121880f9f7a5561d6a552a331737b3a Mon Sep 17 00:00:00 2001 From: kostas-theo <43744618+kostas-theo@users.noreply.github.com> Date: Wed, 26 May 2021 23:27:12 +0200 Subject: [PATCH 47/47] feat(argo-events): Add annotations to argo-events-sa. (#708) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: sa annotations Signed-off-by: kostas-theo * fix: review recommendations Signed-off-by: kostas-theo * fix: Apply review changes Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler Co-authored-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 2 +- charts/argo-events/templates/argo-events-sa.yaml | 7 +++++++ charts/argo-events/values.yaml | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index c8463ad9..8a5a85b5 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.3 +version: 1.5.0 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml index f13b8a1d..fec88b4d 100644 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ b/charts/argo-events/templates/argo-events-sa.yaml @@ -5,7 +5,11 @@ kind: ServiceAccount metadata: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccountAnnotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.additionalSaNamespaces }} +{{ $annotations := .Values.serviceAccountAnnotations }} {{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} --- @@ -14,5 +18,8 @@ kind: ServiceAccount metadata: name: {{ $sa }} namespace: {{ $namespace }} + {{- with $annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 518cec4c..df7d4a1a 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -14,6 +14,9 @@ installCRD: true # ServiceAccount to use for running controller. serviceAccount: argo-events-sa +# serviceAccountAnnotations can be used to enable GKE workload identity, or other use-cases +serviceAccountAnnotations: {} + # Create service accounts in additional namespaces specified # The SA will always be created in the release namespaces additionalSaNamespaces: []