DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into add-support-k8s-version-to-argowf

Browse source
This commit is contained in:
yu-croco 2023-07-17 22:09:40 +09:00
commit 92f1a35c60
21 changed files with 200 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/lint-and-test.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: 3.9
@ -70,7 +70,7 @@ jobs:
fi
- name: Create kind cluster
uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
if: steps.list-changed.outputs.changed == 'true'
with:
config: .github/configs/kind-config.yaml

2
.github/workflows/pr-sizing.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0
- uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
with:
configuration-path: ".github/configs/labeler.yaml"
repo-token: "${{ secrets.GITHUB_TOKEN }}"

8
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.7.6
appVersion: v2.7.7
kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.36.13
version: 5.40.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -26,5 +26,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Support for setting server certificate usages
- kind: changed
description: Allow configurable metrics in server and repoServer HPAs

8
charts/argo-cd/README.md
View file

@ -407,6 +407,7 @@ NAME: my-release
| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity |
| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` |
| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` |
| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates |
| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments |
| global.env | list | `[]` | Environment variables to pass to all deployed Deployments |
@ -575,6 +576,7 @@ NAME: my-release
| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
| repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server |
| repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] |
| repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ |
| repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] |
| repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] |
| repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] |
@ -672,10 +674,12 @@ NAME: my-release
| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server |
| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] |
| server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ |
| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] |
| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] |
| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] |
| server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate |
| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
| server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
@ -857,11 +861,12 @@ server:
| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
| dex.image.tag | string | `"v2.36.0"` | Dex image tag |
| dex.image.tag | string | `"v2.37.0"` | Dex image tag |
| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| dex.initContainers | list | `[]` | Init containers to add to the dex pod |
| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
| dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository |
| dex.initImage.resources | object | `{}` (defaults to dex.resources) | Argo CD init image resources |
| dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag |
| dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 |
| dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
@ -1036,6 +1041,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags |
| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |
| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |

13
charts/argo-cd/templates/_common.tpl
View file

@ -38,6 +38,13 @@ Create Argo CD app version
{{- default .Chart.AppVersion .Values.global.image.tag }}
{{- end -}}
{{/*
Return valid version label
*/}}
{{- define "argo-cd.versionLabelValue" -}}
{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }}
{{- end -}}
{{/*
Common labels
*/}}
@ -46,7 +53,7 @@ helm.sh/chart: {{ include "argo-cd.chart" .context }}
{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: {{ include "argo-cd.defaultTag" .context }}
app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }}
{{- with .context.Values.global.additionalLabels }}
{{ toYaml . }}
{{- end }}
@ -128,9 +135,9 @@ Common deployment strategy definition
*/}}
{{- define "argo-cd.strategy" -}}
{{- $preset := . -}}
{{- if (eq $preset.type "Recreate") }}
{{- if (eq (toString $preset.type) "Recreate") }}
type: Recreate
{{- else if (eq $preset.type "RollingUpdate") }}
{{- else if (eq (toString $preset.type) "RollingUpdate") }}
type: RollingUpdate
{{- with $preset.rollingUpdate }}
rollingUpdate:

2
charts/argo-cd/templates/_helpers.tpl
View file

@ -207,7 +207,7 @@ applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.r
Merge Argo Params Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config.params" -}}
{{- $config := omit .Values.configs.params "annotations" }}
{{- $config := omit .Values.configs.params "create" "annotations" }}
{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{ $key }}: {{ toString $value | toYaml }}

6
charts/argo-cd/templates/argocd-applicationset/certificate.yaml
View file

@ -2,6 +2,12 @@
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
kind: Certificate
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:

3
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View file

@ -24,8 +24,9 @@ spec:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
template:
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}

4
charts/argo-cd/templates/argocd-repo-server/hpa.yaml
View file

@ -14,6 +14,9 @@ spec:
minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }}
maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }}
metrics:
{{- if .Values.repoServer.autoscaling.metrics }}
{{- toYaml .Values.repoServer.autoscaling.metrics | nindent 4 }}
{{- else }}
{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
@ -38,6 +41,7 @@ spec:
type: Utilization
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.repoServer.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}

6
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -2,6 +2,12 @@
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
kind: Certificate
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:

4
charts/argo-cd/templates/argocd-server/hpa.yaml
View file

@ -14,6 +14,9 @@ spec:
minReplicas: {{ .Values.server.autoscaling.minReplicas }}
maxReplicas: {{ .Values.server.autoscaling.maxReplicas }}
metrics:
{{- if .Values.server.autoscaling.metrics }}
{{ toYaml .Values.server.autoscaling.metrics | nindent 4 }}
{{- else }}
{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
@ -38,6 +41,7 @@ spec:
type: Utilization
{{- end }}
{{- end }}
{{- end}}
{{- with .Values.server.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}

2
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -149,7 +149,7 @@ spec:
- mountPath: /tmp
name: dexconfig
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- toYaml (default .Values.dex.resources .Values.dex.initImage.resources) | nindent 10 }}
{{- with .Values.dex.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}

24
charts/argo-cd/values.yaml
View file

@ -147,6 +147,9 @@ global:
# -- Environment variables to pass to all deployed Deployments
env: []
# -- Annotations for the all deployed Certificates
certificateAnnotations: {}
## Argo Configs
configs:
# General Argo CD configuration
@ -928,7 +931,7 @@ dex:
# -- Dex image repository
repository: ghcr.io/dexidp/dex
# -- Dex image tag
tag: v2.36.0
tag: v2.37.0
# -- Dex imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -948,6 +951,15 @@ dex:
# -- Argo CD init image imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Argo CD init image resources
# @default -- `{}` (defaults to dex.resources)
resources: {}
# requests:
# cpu: 5m
# memory: 96Mi
# limits:
# cpu: 10m
# memory: 144Mi
# -- Environment variables to pass to the Dex server
env: []
@ -1464,6 +1476,9 @@ server:
# - type: Pods
# value: 2
# periodSeconds: 60
# -- Configures custom HPA metrics for the Argo CD server
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
metrics: []
## Argo CD server Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
@ -1743,6 +1758,8 @@ server:
algorithm: RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size: 2048
# -- Annotations to be applied to the Server Certificate
annotations: {}
# -- Usages for the certificate
### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
usages: []
@ -2029,6 +2046,9 @@ repoServer:
# - type: Pods
# value: 2
# periodSeconds: 60
# -- Configures custom HPA metrics for the Argo CD repo server
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
metrics: []
## Repo server Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
@ -2681,6 +2701,8 @@ applicationSet:
algorithm: RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size: 2048
# -- Annotations to be applied to the ApplicationSet Certificate
annotations: {}
## Notifications controller
notifications:

2
charts/argo-workflows/Chart.yaml
View file

@ -4,7 +4,7 @@ kubeVersion: ">=1.23.0-0"
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.31.0
version: 0.32.0
icon: https://argoproj.github.io/argo-workflows/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:

1
charts/argo-workflows/README.md
View file

@ -337,6 +337,7 @@ Fields to note:
| artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage |
| artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store |
| artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store |
| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). Each map key is the name of configmap |
| customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) |
| useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) |

41
charts/argo-workflows/ci/enable-artifact-repo-ref.yaml Normal file
View file

@ -0,0 +1,41 @@
artifactRepositoryRef:
# 1st ConfigMap
artifact-repositories:
annotations:
workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository
# 1st data
default-v1-s3-artifact-repository:
archiveLogs: true
s3:
bucket: my-bucket
endpoint: minio:9000
insecure: true
accessKeySecret:
name: my-minio-cred
key: accesskey
secretKeySecret:
name: my-minio-cred
key: secretkey
# 2nd data
oss-artifact-repository:
archiveLogs: false
oss:
endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com
bucket: $mybucket
accessKeySecret:
name: $mybucket-credentials
key: accessKey
secretKeySecret:
name: $mybucket-credentials
key: secretKey
# 2nd ConfigMap
another-artifact-repositories:
annotations:
workflows.argoproj.io/default-artifact-repository: gcs
gcs:
archiveLogs: false
bucket: my-bucket
keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}}
serviceAccountKeySecret:
name: my-gcs-credentials
key: serviceAccountKey

19
charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $cm_name }}
namespace: {{ $.Release.Namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }}
{{- with $cm_val.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
{{- range $data_key, $data_val := (omit $cm_val "annotations") }}
{{- $data_key | nindent 2 }}: |
{{- toYaml $data_val | nindent 4 }}
{{- end }}
{{- end }}

57
charts/argo-workflows/values.yaml
View file

@ -164,6 +164,10 @@ controller:
# spec:
# ttlStrategy:
# secondsAfterCompletion: 84600
# # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/
# artifactRepositoryRef:
# configMap: my-artifact-repository # default is "artifact-repositories"
# key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map.
# -- Number of workflow workers
workflowWorkers: # 32
@ -770,6 +774,59 @@ customArtifactRepository: {}
# name: artifactory-creds
# key: password
# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/).
# Each map key is the name of configmap
# @default -- `{}` (See [values.yaml])
artifactRepositoryRef: {}
# # -- 1st ConfigMap
# # If you want to use this config map by default, name it "artifact-repositories".
# # Otherwise, you can provide a reference to a
# # different config map in `artifactRepositoryRef.configMap`.
# artifact-repositories:
# # -- v3.0 and after - if you want to use a specific key, put that key into this annotation.
# annotations:
# workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository
# # 1st data of configmap. See above artifactRepository or customArtifactRepository.
# default-v1-s3-artifact-repository:
# archiveLogs: false
# s3:
# bucket: my-bucket
# endpoint: minio:9000
# insecure: true
# accessKeySecret:
# name: my-minio-cred
# key: accesskey
# secretKeySecret:
# name: my-minio-cred
# key: secretkey
# # 2nd data
# oss-artifact-repository:
# archiveLogs: false
# oss:
# endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com
# bucket: $mybucket
# # accessKeySecret and secretKeySecret are secret selectors.
# # It references the k8s secret named 'bucket-workflow-artifect-credentials'.
# # This secret is expected to have have the keys 'accessKey'
# # and 'secretKey', containing the base64 encoded credentials
# # to the bucket.
# accessKeySecret:
# name: $mybucket-credentials
# key: accessKey
# secretKeySecret:
# name: $mybucket-credentials
# key: secretKey
# # 2nd ConfigMap
# another-artifact-repositories:
# annotations:
# workflows.argoproj.io/default-artifact-repository: gcs
# gcs:
# bucket: my-bucket
# keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}}
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
emissary:
# -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used.
## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary

4
charts/argocd-apps/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-apps
description: A Helm chart for managing additional Argo CD Applications and Projects
type: application
version: 1.2.0
version: 1.3.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -18,4 +18,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Rollout strategy for ApplicationSet
description: add permitOnlyProjectScopedClusters flag to Projects defaulting to false

3
charts/argocd-apps/templates/projects.yaml
View file

@ -22,6 +22,9 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .permitOnlyProjectScopedClusters }}
permitOnlyProjectScopedClusters: {{ . }}
{{- end }}
description: {{ .description }}
{{- with .sourceRepos }}
sourceRepos:

1
charts/argocd-apps/values.yaml
View file

@ -48,6 +48,7 @@ projects: []
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# permitOnlyProjectScopedClusters: false
# finalizers:
# - resources-finalizer.argocd.argoproj.io
# description: Example Project