DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into load-balancer-class-workflows

Browse source 
Signed-off-by: Gazal <gazal.gafoor@rea-group.com>
This commit is contained in:
Gazal 2024-08-25 14:15:58 +10:00 committed by GitHub
commit 943cabee7c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
60 changed files with 927 additions and 812 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/lint-and-test.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: 3.9

2
.github/workflows/pr-title.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

2
.github/workflows/publish.yml vendored
View file

@ -66,7 +66,7 @@ jobs:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Login to GHCR
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}

6
.github/workflows/renovate.yaml vendored
View file

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Get token
uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
id: get_token
with:
app-id: ${{ vars.RENOVATE_APP_ID }}
@ -26,11 +26,11 @@ jobs:
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Self-hosted Renovate
uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12
uses: renovatebot/github-action@b266b24b144602ed4f512f0773009d026722f4cc # v40.2.6
with:
configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 37.384.0
renovate-version: 38.18.0
token: '${{ steps.get_token.outputs.token }}'
env:
LOG_LEVEL: 'debug'

6
.github/workflows/scorecard.yml vendored
View file

@ -38,7 +38,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
@ -60,7 +60,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: SARIF file
path: results.sarif
@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
with:
sarif_file: results.sarif

8
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.11.3
kubeVersion: ">=1.23.0-0"
appVersion: v2.12.2
kubeVersion: ">=1.25.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 7.3.0
version: 7.4.5
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -27,4 +27,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: make PrometheusRule deployment conditional on CRD existence
description: Bump argo-cd to v2.12.2

41
charts/argo-cd/README.md
View file

@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 7.0.0
We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
If you used the value, please migrate like below.
```yaml
# before
configs:
clusterCredentials:
- mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
# after
configs:
clusterCredentials:
mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
```
### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
@ -622,7 +647,7 @@ server:
## Prerequisites
- Kubernetes: `>=1.23.0-0`
- Kubernetes: `>=1.25.0-0`
- We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach.
- Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info.
- Helm v3.0.0+
@ -1347,7 +1372,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored |
| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored |
| externalRedis.host | string | `""` | External Redis server host |
| externalRedis.password | string | `""` | External Redis password |
| externalRedis.port | int | `6379` | External Redis server port |
@ -1517,6 +1542,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller |
| notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod |
| notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods |
| notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` |
| notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` |
| notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server |
@ -1545,6 +1576,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods |
| notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods |
| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods |
| notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods |
| notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| notifications.resources | object | `{}` | Resource limits and requests for the notifications controller |
| notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret |
| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |

25
charts/argo-cd/README.md.gotmpl
View file

@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 7.0.0
We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
If you used the value, please migrate like below.
```yaml
# before
configs:
clusterCredentials:
- mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
# after
configs:
clusterCredentials:
mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
```
### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.

4
charts/argo-cd/templates/NOTES.txt
View file

@ -1,6 +1,6 @@
In order to access the server UI you have the following options:
1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
@ -12,7 +12,7 @@ In order to access the server UI you have the following options:
{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
kubectl -n {{ include "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}

2
charts/argo-cd/templates/_helpers.tpl
View file

@ -99,7 +99,7 @@ Create the name of the Redis secret-init service account to use
*/}}
{{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
{{- if .Values.redisSecretInit.serviceAccount.create -}}
{{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }}
{{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.redisSecretInit.serviceAccount.name }}
{{- end -}}

14
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -208,10 +208,22 @@ spec:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}
optional: true
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:

2
charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- if .Values.controller.metrics.rules.selector }}

2
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.metrics.serviceMonitor.selector }}

12
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -211,6 +211,18 @@ spec:
{{- else }}
key: auth
{{- end }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:

2
charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
View file

@ -35,6 +35,8 @@ rules:
- appprojects
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:

2
charts/argo-cd/templates/argocd-applicationset/role.yaml
View file

@ -34,6 +34,8 @@ rules:
- appprojects
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:

2
charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.metrics.serviceMonitor.selector }}

5
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
View file

@ -4,7 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
namespace: {{ $.Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" $ | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with $cluster_value.labels }}
@ -19,6 +19,9 @@ metadata:
{{- end }}
type: Opaque
stringData:
{{- if $cluster_value.shard }}
shard: {{ $cluster_value.shard }}
{{- end }}
name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
{{- if $cluster_value.namespaces }}

2
charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
View file

@ -4,7 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-creds-{{ $repo_cred_key }}
namespace: {{ $.Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" $ | quote }}
labels:
argocd.argoproj.io/secret-type: repo-creds
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}

2
charts/argo-cd/templates/argocd-configs/repository-secret.yaml
View file

@ -4,7 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-{{ $repo_key }}
namespace: {{ $.Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" $ | quote }}
labels:
argocd.argoproj.io/secret-type: repository
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}

20
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -107,6 +107,26 @@ spec:
- name: metrics
containerPort: {{ .Values.notifications.containerPorts.metrics }}
protocol: TCP
{{- if .Values.notifications.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: metrics
initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.notifications.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: metrics
initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
{{- with .Values.notifications.containerSecurityContext }}

2
charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- with .Values.notifications.metrics.serviceMonitor.selector }}

18
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -188,6 +188,18 @@ spec:
{{- else }}
key: auth
{{- end }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
@ -278,6 +290,12 @@ spec:
key: reposerver.revision.cache.lock.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
valueFrom:
configMapKeyRef:
key: reposerver.include.hidden.directories
name: argocd-cmd-params-cm
optional: true
{{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
- name: HELM_CACHE_HOME
value: /helm-working-dir

2
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- with .Values.repoServer.metrics.serviceMonitor.selector }}

12
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -256,6 +256,18 @@ spec:
{{- else }}
key: auth
{{- end }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:

2
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.server.fullname" . }}
namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.metrics.serviceMonitor.selector }}

271
charts/argo-cd/templates/crds/crd-application.yaml
View file

@ -39,20 +39,29 @@ spec:
name: Revision
priority: 10
type: string
- jsonPath: .spec.project
name: Project
priority: 10
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Application is a definition of Application resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@ -150,22 +159,21 @@ spec:
type: object
type: array
revision:
description: Revision is the revision (Git) or chart version (Helm)
which to sync the application to If omitted, will use the revision
specified in app spec.
description: |-
Revision is the revision (Git) or chart version (Helm) which to sync the application to
If omitted, will use the revision specified in app spec.
type: string
revisions:
description: Revisions is the list of revision (Git) or chart
version (Helm) which to sync each source in sources field for
the application to If omitted, will use the revision specified
in app spec.
description: |-
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
If omitted, will use the revision specified in app spec.
items:
type: string
type: array
source:
description: Source overrides the source definition set in the
application. This is typically set in a Rollback operation and
is nil during a Sync operation
description: |-
Source overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name, and must be specified
@ -486,18 +494,18 @@ spec:
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be
commit, tag, or branch. If omitted, will equal to HEAD.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
type: object
sources:
description: Sources overrides the source definition set in the
application. This is typically set in a Rollback operation and
is nil during a Sync operation
description: |-
Sources overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
items:
description: ApplicationSource contains all required information
about the source of an application
@ -825,11 +833,10 @@ spec:
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -848,10 +855,10 @@ spec:
the sync.
properties:
force:
description: Force indicates whether or not to supply
the --force flag to `kubectl apply`. The --force flag
deletes and re-create the resource, when PATCH encounters
conflict and has retried for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
hook:
@ -859,10 +866,10 @@ spec:
perform the sync. This is the default strategy
properties:
force:
description: Force indicates whether or not to supply
the --force flag to `kubectl apply`. The --force flag
deletes and re-create the resource, when PATCH encounters
conflict and has retried for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
type: object
@ -883,9 +890,9 @@ spec:
not set.
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
description: |-
Namespace specifies the target namespace for the application's resources.
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster's
@ -914,10 +921,9 @@ spec:
kind:
type: string
managedFieldsManagers:
description: ManagedFieldsManagers is a list of trusted managers.
Fields mutated by those managers will take precedence over
the desired state defined in the SCM and won't be displayed
in diffs
description: |-
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
desired state defined in the SCM and won't be displayed in diffs
items:
type: string
type: array
@ -944,18 +950,17 @@ spec:
type: object
type: array
project:
description: Project is a reference to the project this application
belongs to. The empty string means that application belongs to the
'default' project.
description: |-
Project is a reference to the project this application belongs to.
The empty string means that application belongs to the 'default' project.
type: string
revisionHistoryLimit:
description: RevisionHistoryLimit limits the number of items kept
in the application's revision history, which is used for informational
purposes as well as for rollbacks to previous versions. This should
only be changed in exceptional circumstances. Setting to zero will
store no history. This will reduce storage used. Increasing will
increase the space used to store the history, so we do not recommend
increasing it. Default is 10.
description: |-
RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
This should only be changed in exceptional circumstances.
Setting to zero will store no history. This will reduce storage used.
Increasing will increase the space used to store the history, so we do not recommend increasing it.
Default is 10.
format: int64
type: integer
source:
@ -1274,10 +1279,10 @@ spec:
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be commit,
tag, or branch. If omitted, will equal to HEAD. In case of Helm,
this is a semver tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -1606,10 +1611,10 @@ spec:
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be commit,
tag, or branch. If omitted, will equal to HEAD. In case of
Helm, this is a semver tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -2102,11 +2107,10 @@ spec:
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -2448,11 +2452,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -2464,9 +2467,9 @@ spec:
type: object
type: array
observedAt:
description: 'ObservedAt indicates when the application state was
updated without querying latest git state Deprecated: controller
no longer updates ObservedAt field'
description: |-
ObservedAt indicates when the application state was updated without querying latest git state
Deprecated: controller no longer updates ObservedAt field
format: date-time
type: string
operationState:
@ -2579,22 +2582,21 @@ spec:
type: object
type: array
revision:
description: Revision is the revision (Git) or chart version
(Helm) which to sync the application to If omitted,
will use the revision specified in app spec.
description: |-
Revision is the revision (Git) or chart version (Helm) which to sync the application to
If omitted, will use the revision specified in app spec.
type: string
revisions:
description: Revisions is the list of revision (Git) or
chart version (Helm) which to sync each source in sources
field for the application to If omitted, will use the
revision specified in app spec.
description: |-
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
If omitted, will use the revision specified in app spec.
items:
type: string
type: array
source:
description: Source overrides the source definition set
in the application. This is typically set in a Rollback
operation and is nil during a Sync operation
description: |-
Source overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name, and must
@ -2937,19 +2939,18 @@ spec:
(Git or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to sync the application to. In case of
Git, this can be commit, tag, or branch. If omitted,
will equal to HEAD. In case of Helm, this is a semver
tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
type: object
sources:
description: Sources overrides the source definition set
in the application. This is typically set in a Rollback
operation and is nil during a Sync operation
description: |-
Sources overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
items:
description: ApplicationSource contains all required
information about the source of an application
@ -3300,11 +3301,10 @@ spec:
(Git or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision
of the source to sync the application to. In case
of Git, this can be commit, tag, or branch. If
omitted, will equal to HEAD. In case of Helm,
this is a semver tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -3325,11 +3325,10 @@ spec:
to perform the sync.
properties:
force:
description: Force indicates whether or not to
supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource,
when PATCH encounters conflict and has retried
for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
hook:
@ -3337,11 +3336,10 @@ spec:
to perform the sync. This is the default strategy
properties:
force:
description: Force indicates whether or not to
supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource,
when PATCH encounters conflict and has retried
for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
type: object
@ -3385,9 +3383,9 @@ spec:
description: Group specifies the API group of the resource
type: string
hookPhase:
description: HookPhase contains the state of any operation
associated with this resource OR hook This can also
contain values for non-hook resources.
description: |-
HookPhase contains the state of any operation associated with this resource OR hook
This can also contain values for non-hook resources.
type: string
hookType:
description: HookType specifies the type of the hook.
@ -3772,11 +3770,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -4127,11 +4124,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to sync the application to. In case of
Git, this can be commit, tag, or branch. If omitted,
will equal to HEAD. In case of Helm, this is a semver
tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -4158,8 +4154,9 @@ spec:
description: Resources is a list of Kubernetes resources managed by
this application
items:
description: 'ResourceStatus holds the current sync and health status
of a resource TODO: describe members of this type'
description: |-
ResourceStatus holds the current sync and health status of a resource
TODO: describe members of this type
properties:
group:
type: string
@ -4242,10 +4239,9 @@ spec:
if Server is not set.
type: string
namespace:
description: Namespace specifies the target namespace
for the application's resources. The namespace will
only be set for namespace-scoped resources that have
not set a value for .metadata.namespace
description: |-
Namespace specifies the target namespace for the application's resources.
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster's
@ -4274,10 +4270,9 @@ spec:
kind:
type: string
managedFieldsManagers:
description: ManagedFieldsManagers is a list of trusted
managers. Fields mutated by those managers will take
precedence over the desired state defined in the SCM
and won't be displayed in diffs
description: |-
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
desired state defined in the SCM and won't be displayed in diffs
items:
type: string
type: array
@ -4623,11 +4618,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -4978,11 +4972,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to sync the application to. In case of
Git, this can be commit, tag, or branch. If omitted,
will equal to HEAD. In case of Helm, this is a semver
tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL

45
charts/argo-cd/templates/crds/crd-applicationset.yaml
View file

@ -72,6 +72,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
name:
type: string
requeueAfterSeconds:
@ -668,6 +669,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
template:
properties:
metadata:
@ -2430,6 +2432,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
name:
type: string
requeueAfterSeconds:
@ -3026,6 +3029,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
template:
properties:
metadata:
@ -6891,6 +6895,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type: array
template:
@ -7487,6 +7492,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
name:
type: string
requeueAfterSeconds:
@ -8083,6 +8089,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
template:
properties:
metadata:
@ -11948,6 +11955,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type: array
mergeKeys:
@ -14648,6 +14656,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type: array
goTemplate:
@ -15306,11 +15315,16 @@ spec:
type: string
step:
type: string
targetRevisions:
items:
type: string
type: array
required:
- application
- message
- status
- step
- targetRevisions
type: object
type: array
conditions:
@ -15334,6 +15348,37 @@ spec:
- type
type: object
type: array
resources:
items:
properties:
group:
type: string
health:
properties:
message:
type: string
status:
type: string
type: object
hook:
type: boolean
kind:
type: string
name:
type: string
namespace:
type: string
requiresPruning:
type: boolean
status:
type: string
syncWave:
format: int64
type: integer
version:
type: string
type: object
type: array
type: object
required:
- metadata

60
charts/argo-cd/templates/crds/crd-project.yaml
View file

@ -31,22 +31,28 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what
may be deployed (repository whitelist, resource whitelist/blacklist) * who
can access these applications (roles, OIDC group claims bindings) * and
what they can do (RBAC policies) * automation access to these roles (JWT
tokens)'
description: |-
AppProject provides a logical grouping of applications, providing controls for:
* where the apps may deploy to (cluster whitelist)
* what may be deployed (repository whitelist, resource whitelist/blacklist)
* who can access these applications (roles, OIDC group claims bindings)
* and what they can do (RBAC policies)
* automation access to these roles (JWT tokens)
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@ -57,9 +63,9 @@ spec:
description: ClusterResourceBlacklist contains list of blacklisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -74,9 +80,9 @@ spec:
description: ClusterResourceWhitelist contains list of whitelisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -103,9 +109,9 @@ spec:
not set.
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
description: |-
Namespace specifies the target namespace for the application's resources.
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster's
@ -118,9 +124,9 @@ spec:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -135,9 +141,9 @@ spec:
description: NamespaceResourceWhitelist contains list of whitelisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string

2
charts/argo-cd/templates/dex/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
{{- with .Values.dex.metrics.serviceMonitor.selector }}

3
charts/argo-cd/templates/redis-secret-init/job.yaml
View file

@ -3,7 +3,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . | quote }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation
@ -13,6 +13,7 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
spec:
ttlSecondsAfterFinished: 60
template:
metadata:
labels:

2
charts/argo-cd/templates/redis-secret-init/role.yaml
View file

@ -8,7 +8,7 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . | quote }}
rules:
- apiGroups:
- ""

2
charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
View file

@ -8,7 +8,7 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
name: {{ include "argo-cd.redisSecretInit.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role

4
charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
View file

@ -1,10 +1,10 @@
{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . | quote }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation

2
charts/argo-cd/templates/redis/servicemonitor.yaml
View file

@ -4,7 +4,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.redis.fullname" . }}
namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
{{- with .Values.redis.metrics.serviceMonitor.selector }}

42
charts/argo-cd/values.yaml
View file

@ -461,6 +461,16 @@ configs:
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# mycluster4-sharded:
# shard: 1
# server: https://mycluster4.example.com
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# -- Repository credentials to be used as Templates for other repos
## Creates a secret for each key/value specified below to create repository credentials
@ -1601,7 +1611,7 @@ externalRedis:
password: ""
# -- External Redis server port
port: 6379
# -- The name of an existing secret with Redis credentials (must contain key `redis-password`).
# -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials.
# When it's set, the `externalRedis.password` parameter is ignored
existingSecret: ""
# -- External Redis Secret annotations
@ -3297,6 +3307,36 @@ notifications:
drop:
- ALL
## Probes for notifications controller Pods (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
livenessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30

6
charts/argo-events/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v1.9.2
description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events
version: 2.4.6
version: 2.4.7
home: https://github.com/argoproj/argo-helm
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Bump argo-events to v1.9.2
- kind: fixed
description: Update Jetstream versions as following upstream

46
charts/argo-events/README.md
View file

@ -65,11 +65,51 @@ done
| configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | |
| configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message |
| configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 |
| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:latest"` | |
| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:latest"` | |
| configs.jetstream.versions[0].natsImage | string | `"nats:latest"` | |
| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | |
| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | |
| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | |
| configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[0].version | string | `"latest"` | |
| configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` | |
| configs.jetstream.versions[1].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[1].version | string | `"2.8.1"` | |
| configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` | |
| configs.jetstream.versions[2].startCommand | string | `"nats-server"` | |
| configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` | |
| configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` | |
| configs.jetstream.versions[3].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[3].version | string | `"2.8.2"` | |
| configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` | |
| configs.jetstream.versions[4].startCommand | string | `"nats-server"` | |
| configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` | |
| configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` | |
| configs.jetstream.versions[5].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[5].version | string | `"2.9.1"` | |
| configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` | |
| configs.jetstream.versions[6].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[6].version | string | `"2.9.12"` | |
| configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | |
| configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | |
| configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` | |
| configs.jetstream.versions[7].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[7].version | string | `"2.9.16"` | |
| configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | |
| configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | |
| configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` | |
| configs.jetstream.versions[8].startCommand | string | `"/nats-server"` | |
| configs.jetstream.versions[8].version | string | `"2.10.10"` | |
| configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs |

48
charts/argo-events/values.yaml
View file

@ -96,10 +96,50 @@ configs:
duplicates: 300s
# Supported versions of JetStream eventbus
versions:
- version: "latest"
natsImage: nats:latest
metricsExporterImage: natsio/prometheus-nats-exporter:latest
configReloaderImage: natsio/nats-server-config-reloader:latest
- version: latest
natsImage: nats:2.10.10
metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
configReloaderImage: natsio/nats-server-config-reloader:0.14.0
startCommand: /nats-server
- version: 2.8.1
natsImage: nats:2.8.1
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.8.1-alpine
natsImage: nats:2.8.1-alpine
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: nats-server
- version: 2.8.2
natsImage: nats:2.8.2
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.8.2-alpine
natsImage: nats:2.8.2-alpine
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: nats-server
- version: 2.9.1
natsImage: nats:2.9.1
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.9.12
natsImage: nats:2.9.12
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.9.16
natsImage: nats:2.9.16
metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
configReloaderImage: natsio/nats-server-config-reloader:0.7.0
startCommand: /nats-server
- version: 2.10.10
natsImage: nats:2.10.10
metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
configReloaderImage: natsio/nats-server-config-reloader:0.14.0
startCommand: /nats-server
# -- Array of extra K8s manifests to deploy

6
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.7.0
appVersion: v1.7.2
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.36.1
version: 2.37.5
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Add annotations for notifications secret
description: Bump argo-rollouts to v1.7.2

2
charts/argo-rollouts/README.md
View file

@ -57,10 +57,12 @@ For full list of changes please check ArtifactHub [changelog].
| keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
| nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template |
| notifications.configmap.create | bool | `true` | Whether to create notifications configmap |
| notifications.notifiers | object | `{}` | Configures notification services |
| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret |
| notifications.secret.create | bool | `false` | Whether to create notifications secret |
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts |
| notifications.templates | object | `{}` | Notification templates |
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers |

308
charts/argo-rollouts/templates/_helpers.tpl
View file

@ -109,3 +109,311 @@ Return the appropriate apiVersion for pod disruption budget
{{- print "policy/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the rules for controller's Role and ClusterRole
*/}}
{{- define "argo-rollouts.controller.roleRules" -}}
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
- update
# services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- patch
- create
- delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
- traefik.io
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.contour }}
# Access needed when using the Contour provider
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- list
- watch
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- with .Values.providerRBAC.additionalRules }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- end -}}

301
charts/argo-rollouts/templates/controller/clusterrole.yaml
View file

@ -7,304 +7,5 @@ metadata:
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
# services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- patch
- create
- delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.contour }}
# Access needed when using the Contour provider
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- list
- watch
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- with .Values.providerRBAC.additionalRules }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- include "argo-rollouts.controller.roleRules" . | nindent 2 }}
{{- end }}

12
charts/argo-rollouts/templates/controller/deployment.yaml
View file

@ -80,8 +80,12 @@ spec:
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- with .Values.controller.volumeMounts }}
volumeMounts:
- name: plugin-bin
mountPath: /home/argo-rollouts/plugin-bin
- name: tmp
mountPath: /tmp
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.extraContainers }}
@ -120,7 +124,11 @@ spec:
{{- with .Values.controller.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.controller.volumes }}
volumes:
- name: plugin-bin
emptyDir: {}
- name: tmp
emptyDir: {}
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}

6
charts/argo-rollouts/templates/controller/notifcations-configmap.yaml → charts/argo-rollouts/templates/controller/notifications-configmap.yaml
View file

@ -1,3 +1,4 @@
{{ if .Values.notifications.configmap.create }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -16,3 +17,8 @@ data:
{{- with .Values.notifications.triggers }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.notifications.subscriptions }}
subscriptions: |
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

286
charts/argo-rollouts/templates/controller/role.yaml
View file

@ -8,289 +8,5 @@ metadata:
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# deployments and podtemplates read access needed for workload reference support
- apiGroups:
- ""
- apps
resources:
- deployments
- podtemplates
verbs:
- get
- list
- watch
# services patch needed to update selector of canary/stable/active/preview services
# services create needed to create and delete services for experiments
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- patch
- create
- delete
# leases create/get/update needed for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
- watch
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if .Values.providerRBAC.enabled }}
{{- if .Values.providerRBAC.providers.istio }}
# virtualservice/destinationrule access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get
- update
- patch
- list
{{- end }}
{{- if .Values.providerRBAC.providers.smi }}
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.ambassador }}
# ambassador access needed for Ambassador provider
- apiGroups:
- getambassador.io
- x.getambassador.io
resources:
- mappings
- ambassadormappings
verbs:
- create
- watch
- get
- update
- list
- delete
{{- end }}
{{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- elbv2.k8s.aws
resources:
- targetgroupbindings
verbs:
- list
- get
{{- end }}
{{- if .Values.providerRBAC.providers.awsAppMesh }}
# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualservices
verbs:
- watch
- get
- list
# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
- apiGroups:
- appmesh.k8s.aws
resources:
- virtualnodes
- virtualrouters
verbs:
- watch
- get
- list
- update
- patch
{{- end }}
{{- if .Values.providerRBAC.providers.traefik }}
# Traefik access needed when using the Traefik provider
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.apisix }}
# Access needed when using the Apisix provider
- apiGroups:
- apisix.apache.org
resources:
- apisixroutes
verbs:
- watch
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- end }}
{{- include "argo-rollouts.controller.roleRules" . | nindent 2 }}
{{- end }}

1
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -189,7 +189,6 @@ spec:
datadog:
properties:
aggregator:
default: last
enum:
- avg
- min

1
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -185,7 +185,6 @@ spec:
datadog:
properties:
aggregator:
default: last
enum:
- avg
- min

1
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -185,7 +185,6 @@ spec:
datadog:
properties:
aggregator:
default: last
enum:
- avg
- min

13
charts/argo-rollouts/values.yaml
View file

@ -120,6 +120,7 @@ controller:
# limits:
# cpu: 100m
# memory: 128Mi
# ephemeral-storage: 1Gi
# requests:
# cpu: 50m
# memory: 64Mi
@ -448,6 +449,10 @@ dashboard:
volumeMounts: []
notifications:
configmap:
# -- Whether to create notifications configmap
create: true
secret:
# -- Whether to create notifications secret
create: false
@ -479,3 +484,11 @@ notifications:
# trigger.on-purple: |
# - send: [my-purple-template]
# when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple'
# -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts
subscriptions: []
# - recipients:
# - slack:<channel>
# triggers:
# - on-rollout-completed
# - on-rollout-aborted

4
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.5.8
appVersion: v3.5.10
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.41.12
version: 0.42.1
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:

1
charts/argo-workflows/README.md
View file

@ -149,6 +149,7 @@ Fields to note:
| controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding |
| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] |
| controller.configMap.annotations | object | `{}` | ConfigMap annotations |
| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller |
| controller.configMap.name | string | `""` | ConfigMap name |
| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ |

4
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -6,6 +6,10 @@ metadata:
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
{{- with .Values.controller.configMap.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
config: |
{{- if .Values.controller.instanceID.enabled }}

4
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -17,7 +17,9 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
namespace: {{ $namespace }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}

2
charts/argo-workflows/values.yaml
View file

@ -106,6 +106,8 @@ controller:
create: true
# -- ConfigMap name
name: ""
# -- ConfigMap annotations
annotations: {}
# -- Limits the maximum number of incomplete workflows in a namespace
namespaceParallelism:

8
charts/argocd-image-updater/Chart.yaml
View file

@ -2,8 +2,8 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.10.2
appVersion: v0.13.1
version: 0.11.0
appVersion: v0.14.0
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Fixed a URL in values.yaml comments
- kind: changed
description: Bump argocd-image-updater to v0.14.0

3
charts/argocd-image-updater/README.md
View file

@ -79,6 +79,9 @@ The `config.registries` value can be used exactly as it looks in the documentati
| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. |
| config.disableKubeEvents | bool | `false` | Disable kubernetes events |
| config.gitCommitMail | string | `""` | E-Mail address to use for Git commits |
| config.gitCommitSignOff | bool | `false` | Enables sign off on commits |
| config.gitCommitSigningKey | string | `""` | Path to public SSH key mounted in container, or GPG key ID used to sign commits |
| config.gitCommitSigningMethod | string | `""` | Method used to sign Git commits. `openpgp` or `ssh` |
| config.gitCommitTemplate | string | `""` | Changing the Git commit message |
| config.gitCommitUser | string | `""` | Username to use for Git commits |
| config.logLevel | string | `"info"` | Argo CD Image Update log level |

9
charts/argocd-image-updater/templates/configmap.yaml
View file

@ -31,6 +31,15 @@ data:
git.commit-message-template: |
{{- nindent 4 . }}
{{- end }}
{{- with .Values.config.gitCommitSigningKey }}
git.commit-signing-key: {{ . | quote }}
{{- end }}
{{- with .Values.config.gitCommitSignOff }}
git.commit-sign-off: {{ . | quote }}
{{- end }}
{{- with .Values.config.gitCommitSigningMethod }}
git.commit-signing-method: {{ . | quote }}
{{- end }}
kube.events: {{ .Values.config.disableKubeEvents | quote }}
{{- with .Values.config.registries }}
registries.conf: |

26
charts/argocd-image-updater/templates/deployment.yaml
View file

@ -100,6 +100,24 @@ spec:
key: kube.events
name: argocd-image-updater-config
optional: true
- name: GIT_COMMIT_SIGNING_KEY
valueFrom:
configMapKeyRef:
key: git.commit-signing-key
name: argocd-image-updater-config
optional: true
- name: GIT_COMMIT_SIGNING_METHOD
valueFrom:
configMapKeyRef:
key: git.commit-signing-method
name: argocd-image-updater-config
optional: true
- name: GIT_COMMIT_SIGN_OFF
valueFrom:
configMapKeyRef:
key: git.commit-sign-off
name: argocd-image-updater-config
optional: true
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 10 }}
{{- end }}
@ -141,6 +159,10 @@ spec:
name: ssh-config
- mountPath: /tmp
name: tmp
- name: ssh-signing-key
mountPath: /app/ssh-keys/id_rsa
readOnly: true
subPath: sshPrivateKey
{{- if .Values.authScripts.enabled }}
- mountPath: /scripts
name: authscripts
@ -172,6 +194,10 @@ spec:
name: argocd-image-updater-ssh-config
optional: true
name: ssh-config
- name: ssh-signing-key
secret:
secretName: ssh-git-creds
optional: true
- emptyDir: {}
name: tmp
{{- with .Values.volumes }}

9
charts/argocd-image-updater/values.yaml
View file

@ -133,6 +133,15 @@ config:
# -- Changing the Git commit message
gitCommitTemplate: ""
# -- Path to public SSH key mounted in container, or GPG key ID used to sign commits
gitCommitSigningKey: ""
# -- Enables sign off on commits
gitCommitSignOff: false
# -- Method used to sign Git commits. `openpgp` or `ssh`
gitCommitSigningMethod: ""
# -- Argo CD Image Update log level
logLevel: "info"