DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update chart to 5.16.0 (#5)

Browse source 
* feat(argo-cd): Upgrade Argo CD to 2.5.0 (#1568)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* chore(github): Bump GitHub actions versions (#1575)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* fix(argo-cd): Chart NOTES nil references (#1582)

Signed-off-by: Filipe Santos <filipe@not.sh>

* docs(argo-cd): Improve documentation (#1584)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* fix(argo-workflows): serviceaccount rbac when sso is enabled (#1586)

Signed-off-by: Nick Fisher <nxf5025@gmail.com>

Signed-off-by: Nick Fisher <nxf5025@gmail.com>

* Fix incorrect applicationSet property in README (#1590)

Based on [here](55b8b34d20/charts/argo-cd/templates/argocd-applicationset/deployment.yaml (L9)), I think `replicas` should be `replicaCount` (though `replicas` would be more consistent).

Signed-off-by: Ashlin Eldridge <ashlin.eldridge@gmail.com>

Signed-off-by: Ashlin Eldridge <ashlin.eldridge@gmail.com>

* fix(argo-cd): Remove AWS volume from server (#1591)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* chore(argo-cd): Cleanup Redis manifest (#1577)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* fix(argo-cd): Fix migration path for server configs (#1585)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* fix(argo-cd): Type conversion for ConfigMaps values (#1594)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* feat(argo-cd): Add probes for ApplicationSet controller (#1532)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* chore(argo-cd): Remove liveness probe from application controller (#1581)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* chore(github): Add dependabot.yml (#1595)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* feat(argo-cd): Set container security contexts (#1579)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* feat(argo-cd): Support custom TLS certificates for Dex (#1477)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* feat(argo-cd): Support manually managed TLS certificate for Server (#1534)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* fix(argo-cd): Don't install CRDs for disabled components (#1596)

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* fix(argo-cd): update network policy port name (#1603)

Signed-off-by: Eric Cimino <ecimino@vailsys.com>

* chore(argo-workflows): Update ArgoWorkflows to v3.4.3 (#1610)

Signed-off-by: yu-croco <yu.croco@gmail.com>

* fix(argo-cd): Replace coalesce with merge for old config values (#1612)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* feat(argo-cd): Add revisionHistoryLimit (#1599)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Upgrade Argo Image to the latest (#1614)

Signed-off-by: Dong Wang <wd@wdicc.com>

Signed-off-by: Dong Wang <wd@wdicc.com>

* chore(argo-cd): Update redis-ha (#1617)

Signed-off-by: yu-croco <yu.croco@gmail.com>

* fix(argo-cd): Add /tmp voulmeMount to extensions container (#1620)

* Fixes #1619 - Add /tmp voulmeMount to extensions container

Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com>

* Bump version, add change notes

Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com>

Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com>

* fix(argo-cd): Add missing ClusterRole permissions to argo-cd-server to manage Application in all namespaces (#1621)

Signed-off-by: Elad Dolev <dolevelad@gmail.com>

* fix(argo-cd): Use Dex non-distroless image (#1626)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* chore(argo-cd): Upgrade Argo CD to 2.5.2 (#1628)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Allow to add custom artifact repository (#1453)

Signed-off-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com>

Signed-off-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com>

* fix(argo-cd): Use raw json for cluster credentials for Vault compatibility (#1634)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
Co-authored-by: Aikawa <yu.croco@gmail.com>

* fix(argo-cd): Cluster credentials config should be a string (#1636)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* fix(argo-workflows): Added missing attribute for sso (#1641)

Signed-off-by: yu-croco <yu.croco@gmail.com>

* docs(argo-cd): Improve changelog information (#1652)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* chore(argo-cd): Consolidated GnuPG configuration (#1609)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* fix(argo-cd): Invalid argocd-gpg-keys-cm template (#1656)

The template removed a little too much whitespace resulting in an invalid ConfigMap.

Error:
```
Error: YAML parse error on argocd/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml: error converting YAML to JSON: yaml: line 10: mapping values are not allowed in this context
```

Signed-off-by: Allex <allexveldman+github@gmail.com>

Signed-off-by: Allex <allexveldman+github@gmail.com>

* feat(argo-workflows): Allow controller to whitelist secrets (#1646)

* allow users to whitelist secrets

Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com>

* remove unnecessary if-statement

Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com>

* use square bracket for array

Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com>

* fix typo and update readme

Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com>

Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com>
Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com>
Co-authored-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com>

* feat(argo-workflows): Add labels for ServiceAccounts (#1665)

* Add labels for ServiceAccounts

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>

* fix workflow serviceaccount labels

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>

* fix docs

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>

Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>

* fix(argo-cd): deprecate server.extraArgs."--insecure" (#1669)

Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>

* chore(argo-workflows): Support workflow retention (#1668)

Signed-off-by: yu-croco <yu.croco@gmail.com>

* feat(argo-cd): Upgrade argocd to v2.5.3 (#1671)

Signed-off-by: smcavallo <smcavallo@hotmail.com>

* fix helm install md (#1672)

Signed-off-by: fsl <1171313930@qq.com>

Signed-off-by: fsl <1171313930@qq.com>

* feat(argo-cd): Add Repo Server strict TLS cert support (#1673)

Signed-off-by: Karl Parry <karl.parry@imbursepayments.com>

* chore(argo-workflows): Update Argo Workflows to v3.4.4 (#1674)

Signed-off-by: yu-croco <yu.croco@gmail.com>

* fix(argo-cd): Rename tls secret to include the -secret suffix (#1676)

- "[Fixed]: TLS secret name so Dex correctly generates the checksum for argocd-dex-server-tls."
- "[Fixed]: Standardise the naming convention of the TLS secret manifests."
- "[Added]: Add checksum to Repo-Server for the argocd-repo-server-tls secret."

Signed-off-by: Karl Parry <karl.parry@imbursepayments.com>

* chore(argo-cd): Remove duplicate ApplicationSet features (#1598)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* feat(argo-cd): Add ability to annotate Deployments and StatefulSets (#1608)

* feat(argo-cd): Add ability to annotate Deployments and StatefulSets

Signed-off-by: John Stewart <jstewart@rentpath.com>

* fix: Controller and AppSet controller was mixed

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

Signed-off-by: John Stewart <jstewart@rentpath.com>
Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* chart update WIP

* backport applicationset

* backport applicationset

* argocd 2.5.5

---------

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
Signed-off-by: Filipe Santos <filipe@not.sh>
Signed-off-by: Nick Fisher <nxf5025@gmail.com>
Signed-off-by: Ashlin Eldridge <ashlin.eldridge@gmail.com>
Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
Signed-off-by: Eric Cimino <ecimino@vailsys.com>
Signed-off-by: yu-croco <yu.croco@gmail.com>
Signed-off-by: Dong Wang <wd@wdicc.com>
Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com>
Signed-off-by: Elad Dolev <dolevelad@gmail.com>
Signed-off-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com>
Signed-off-by: Allex <allexveldman+github@gmail.com>
Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com>
Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com>
Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com>
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: smcavallo <smcavallo@hotmail.com>
Signed-off-by: fsl <1171313930@qq.com>
Signed-off-by: Karl Parry <karl.parry@imbursepayments.com>
Signed-off-by: John Stewart <jstewart@rentpath.com>
Co-authored-by: Petr Drastil <petr.drastil@gmail.com>
Co-authored-by: Filipe <filipe@not.sh>
Co-authored-by: Nick Fisher <nxf5025@gmail.com>
Co-authored-by: Ashlin Eldridge <ashlin.eldridge@gmail.com>
Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
Co-authored-by: Eric Cimino <58572548+cimin0@users.noreply.github.com>
Co-authored-by: Aikawa <yu.croco@gmail.com>
Co-authored-by: Dong Wang <wd@wdicc.com>
Co-authored-by: tvandewalle <1022306+tvandewalle@users.noreply.github.com>
Co-authored-by: Elad Dolev <dolevelad@gmail.com>
Co-authored-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com>
Co-authored-by: Allex <a.veldman@chain-stock.com>
Co-authored-by: emmayylu <44856279+emmayylu@users.noreply.github.com>
Co-authored-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com>
Co-authored-by: Eugene Lugovtsov <34510252+EugeneLugovtsov@users.noreply.github.com>
Co-authored-by: Zadkiel Aharonian <zadkiel.aharonian@gmail.com>
Co-authored-by: smcavallo <smcavallo@users.noreply.github.com>
Co-authored-by: fsl <1171313930@qq.com>
Co-authored-by: Karl Parry <88431088+karlparry@users.noreply.github.com>
Co-authored-by: John Stewart <32647598+jstewart612@users.noreply.github.com>
This commit is contained in:
ilia-medvedev-codefresh 2023-02-02 14:54:39 +02:00 committed by GitHub
parent 4befcd5dc5
commit 9591bf1023
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
47 changed files with 1223 additions and 493 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.github/dependabot.yml vendored Normal file
View file

@ -0,0 +1,8 @@
## Reference: https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: weekly
day: "saturday"

5
.github/workflows/lint-and-test.yml vendored
View file

@ -26,10 +26,10 @@ jobs:
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@v2.3.0
uses: helm/chart-testing-action@v2.3.1
with:
# Note: Also update in scripts/lint.sh
version: v3.7.0
version: v3.7.1
- name: List changed charts
id: list-changed
@ -41,6 +41,7 @@ jobs:
echo "::set-output name=changed::true"
echo "::set-output name=changed_charts::$charts"
fi
- name: Run chart-testing (lint)
run: ct lint --debug --config ./.github/configs/ct-lint.yaml --target-branch ${{ github.base_ref }} --lint-conf ./.github/configs/lintconf.yaml

2
.github/workflows/pr-title.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v4
- uses: amannn/action-semantic-pull-request@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

2
CONTRIBUTING.md
View file

@ -93,7 +93,7 @@ helm dependency update
Minimally:
```
helm install charts/argo-cd --namespace argocd -n argo-cd
helm install argocd argo/argo-cd -n argocd --create-namespace
kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
```

6
charts/argo-cd/Chart.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.22.2
digest: sha256:b6dc7774d0cc20a7a889d10e61f3dd653bdacd7836558f4875688b5cb5051d80
generated: "2022-09-19T12:39:19.736045+02:00"
version: 4.22.3
digest: sha256:ef6269e4e073dad10c230ccfb069fc013608111c895c5e7568450bb3967cf195
generated: "2022-11-03T12:04:33.673857+09:00"

11
charts/argo-cd/Chart.yaml
View file

@ -1,8 +1,9 @@
apiVersion: v2
appVersion: v2.4.15-cap-CR-16709-init-app-proxy
appVersion: v2.5.5-cap-CR-16950
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.7.0-2-CR-16709-init-app-proxy
version: 5.16.0-2-cap-CR-16950
kubeVersion: ">=1.22.0-0"
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -17,11 +18,9 @@ maintainers:
url: https://argoproj.github.io/
dependencies:
- name: redis-ha
version: 4.22.2
version: 4.22.3
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled
annotations:
artifacthub.io/changes: |
- "[Added]: Configuration sections configs.cm and configs.rbac"
- "[Deprecated]: Generic configuration via server.config"
- "[Deprecated]: Argo RBAC configuration via server.rbacConfig"
- "[Added]: Ability to annotate Deployment and Statefulset objects for all components"

123
charts/argo-cd/README.md
View file

@ -11,7 +11,7 @@ This is a **community maintained** chart. This chart installs [argo-cd](https://
The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative set up](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) of Argo CD.
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
## High Availability
@ -42,7 +42,7 @@ repoServer:
minReplicas: 2
applicationSet:
replicas: 2
replicaCount: 2
```
### HA mode without autoscaling
@ -61,7 +61,7 @@ repoServer:
replicas: 2
applicationSet:
replicas: 2
replicaCount: 2
```
### Synchronizing Changes from Original Repository
@ -84,8 +84,6 @@ git diff v1.8.7 v2.0.0 -- manifests/install.yaml
Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds).
## Upgrading
### Custom resource definitions
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart.
@ -101,6 +99,32 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVer
kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
```
## Changelog
For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.13.0
This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
### 5.12.0
This version deprecates the `configs.secret.argocdServerTlsConfig` option. Use `server.certificate` or `server.certificateSecret` to provide custom TLS configuration for Argo CD server.
If you terminate TLS on ingress please use `argocd-server-tls` secret instead of `argocd-secret` secret.
### 5.10.0
This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly.
The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project.
### 5.7.0
This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively.
Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`.
If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes.
### 5.5.20
This version moved API version templates into dedicated helper. If you are using these in your umbrella
@ -312,7 +336,7 @@ server:
## Prerequisites
- Kubernetes 1.7+
- Kubernetes: `>=1.22.0-0`
- Helm v3.0.0+
## Installing the Chart
@ -333,7 +357,7 @@ NAME: my-release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart |
| apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of certmanager resources rendered by this helm chart |
| apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart |
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
| apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart |
| apiVersionOverrides.pdb | string | `""` | String to override apiVersion of pod disruption budgets rendered by this helm chart |
@ -351,7 +375,8 @@ NAME: my-release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global.additionalLabels | object | `{}` | Additional labels to add to all resources |
| global.additionalLabels | object | `{}` | Common labels for the all resources |
| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
| global.image.repository | string | `"quay.io/codefresh/argocd"` | If defined, a repository applied to all Argo CD deployments |
@ -363,25 +388,28 @@ NAME: my-release
| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic |
| global.podAnnotations | object | `{}` | Annotations for the all deployed pods |
| global.podLabels | object | `{}` | Labels for the all deployed pods |
| global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] |
| global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. |
| global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. |
| global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets |
## Argo CD Configs
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
| configs.cm."admin.enabled" | string | `"true"` | Enable local admin user |
| configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."exec.enabled" | string | `"false"` | Enable exec feature in Argo UI |
| configs.cm."server.rbac.log.enforce.enable" | string | `"false"` | Enable logs RBAC enforcement |
| configs.cm."timeout.hard.reconciliation" | string | `"0"` | Timeout to refresh application data as well as target manifests cache |
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
| configs.cm."timeout.hard.reconciliation" | int | `0` | Timeout to refresh application data as well as target manifests cache |
| configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository |
| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap |
| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [Declarative setup] |
| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] |
| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO |
| configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos |
| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret |
| configs.gpgKeys | object | `{}` (See [values.yaml]) | [GnuPG](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) keys to add to the key ring |
| configs.gpgKeysAnnotations | object | `{}` | GnuPG key ring annotations |
| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap |
| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
| configs.knownHosts.data.ssh_known_hosts | string | See [values.yaml] | Known Hosts |
| configs.knownHostsAnnotations | object | `{}` | Known Hosts configmap annotations |
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
@ -408,7 +436,6 @@ NAME: my-release
| configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret |
| configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password |
| configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` |
| configs.secret.argocdServerTlsConfig | object | `{}` | Argo TLS Data |
| configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events |
| configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events |
| configs.secret.createSecret | bool | `true` | Create the argocd-secret |
@ -430,7 +457,7 @@ NAME: my-release
| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
| controller.containerPort | int | `8082` | Application controller listening port |
| controller.containerSecurityContext | object | `{}` | Application controller container-level security context |
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| controller.env | list | `[]` | Environment variables to pass to application controller |
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
@ -440,11 +467,6 @@ NAME: my-release
| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller |
| controller.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| controller.initContainers | list | `[]` | Init containers to add to the application controller pod |
| controller.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| controller.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| controller.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| controller.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| controller.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| controller.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric |
| controller.metrics.applicationLabels.labels | list | `[]` | Additional labels |
| controller.metrics.enabled | bool | `false` | Deploy metrics service |
@ -486,6 +508,7 @@ NAME: my-release
| controller.serviceAccount.create | bool | `true` | Create a service account for the application controller |
| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name |
| controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet |
| controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the application controller |
| controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container |
@ -502,11 +525,18 @@ NAME: my-release
| repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] |
| repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] |
| repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] |
| repoServer.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-repo-server-tls secret |
| repoServer.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. |
| repoServer.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) |
| repoServer.certificateSecret.enabled | bool | `false` | Create argocd-repo-server-tls secret |
| repoServer.certificateSecret.key | string | `""` | Certificate private key |
| repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret |
| repoServer.clusterAdminAccess.enabled | bool | `false` | Enable RBAC for local cluster deployments |
| repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource |
| repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource |
| repoServer.containerPort | int | `8081` | Configures the repo server port |
| repoServer.containerSecurityContext | object | `{}` | Repo server container-level security context |
| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context |
| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment |
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
@ -585,9 +615,9 @@ NAME: my-release
| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] |
| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] |
| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] |
| server.certificate.additionalHosts | list | `[]` | Certificate manager additional hosts |
| server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
| server.certificate.duration | string | `""` | The requested 'duration' (i.e. lifetime) of the Certificate. Value must be in units accepted by Go time.ParseDuration |
| server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
| server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
| server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
@ -596,13 +626,20 @@ NAME: my-release
| server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| server.certificate.renewBefore | string | `""` | How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration |
| server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret |
| server.certificateSecret.crt | string | `""` | Certificate data |
| server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret |
| server.certificateSecret.key | string | `""` | Private Key of the certificate |
| server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret |
| server.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments |
| server.containerPort | int | `8080` | Configures the server port |
| server.containerSecurityContext | object | `{}` | Servers container-level security context |
| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment |
| server.env | list | `[]` | Environment variables to pass to Argo CD server |
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
| server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions |
| server.extensions.image.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy for extensions |
| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image |
@ -733,10 +770,17 @@ server:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| dex.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
| dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret |
| dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. |
| dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) |
| dex.certificateSecret.enabled | bool | `false` | Create argocd-dex-server-tls secret |
| dex.certificateSecret.key | string | `""` | Certificate private key |
| dex.certificateSecret.labels | object | `{}` | Labels to be added to argocd-dex-server-tls secret |
| dex.containerPortGrpc | int | `5557` | Container port for gRPC access |
| dex.containerPortHttp | int | `5556` | Container port for HTTP access |
| dex.containerPortMetrics | int | `5558` | Container port for metrics access |
| dex.containerSecurityContext | object | `{}` | Dex container-level security context |
| dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context |
| dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment |
| dex.enabled | bool | `true` | Enable dex |
| dex.env | list | `[]` | Environment variables to pass to the Dex server |
| dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server |
@ -744,7 +788,7 @@ server:
| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
| dex.image.tag | string | `"v2.35.3-distroless"` | Dex image tag |
| dex.image.tag | string | `"v2.35.3"` | Dex image tag |
| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| dex.initContainers | list | `[]` | Init containers to add to the dex pod |
| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
@ -809,7 +853,8 @@ server:
|-----|------|---------|-------------|
| redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
| redis.containerPort | int | `6379` | Redis container port |
| redis.containerSecurityContext | object | `{}` | Redis container-level security context |
| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context |
| redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment |
| redis.enabled | bool | `true` | Enable redis |
| redis.env | list | `[]` | Environment variables to pass to the Redis server |
| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server |
@ -817,10 +862,11 @@ server:
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `"IfNotPresent"` | Redis imagePullPolicy |
| redis.image.repository | string | `"quay.io/codefresh/redis"` | Redis repository |
| redis.image.tag | string | `"7.0.4-alpine"` | Redis tag |
| redis.image.tag | string | `"7.0.5-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.metrics.containerPort | int | `9121` | Port to use for redis-exporter sidecar |
| redis.metrics.containerSecurityContext | object | See [values.yaml] | Redis exporter security context |
| redis.metrics.enabled | bool | `false` | Deploy metrics service and redis-exporter sidecar |
| redis.metrics.image.imagePullPolicy | string | `"IfNotPresent"` | redis-exporter image PullPolicy |
| redis.metrics.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | redis-exporter image repository |
@ -853,7 +899,7 @@ server:
| redis.podLabels | object | `{}` | Labels to be added to the Redis server pods |
| redis.priorityClassName | string | `""` | Priority class for redis |
| redis.resources | object | `{}` | Resource limits and requests for redis |
| redis.securityContext | object | `{"runAsNonRoot":true,"runAsUser":999}` | Redis pod-level security context |
| redis.securityContext | object | See [values.yaml] | Redis pod-level security context |
| redis.service.annotations | object | `{}` | Redis service annotations |
| redis.service.labels | object | `{}` | Additional redis service labels |
| redis.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
@ -985,7 +1031,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.affinity | object | `{}` | Assign custom [affinity] rules |
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
| notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules |
| notifications.bots.slack.containerSecurityContext | object | `{}` | Container Security Context |
| notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context |
| notifications.bots.slack.enabled | bool | `false` | Enable slack bot |
| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot |
| notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot |
@ -998,7 +1044,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.bots.slack.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
| notifications.bots.slack.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| notifications.bots.slack.resources | object | `{}` | Resource limits and requests for the Slack bot |
| notifications.bots.slack.securityContext | object | `{"runAsNonRoot":true}` | Pod Security Context |
| notifications.bots.slack.service.annotations | object | `{}` | Service annotations for Slack bot |
| notifications.bots.slack.service.port | int | `80` | Service port for Slack bot |
| notifications.bots.slack.service.type | string | `"LoadBalancer"` | Service type for Slack bot |
@ -1006,10 +1051,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.bots.slack.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. |
| notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints |
| notifications.bots.slack.updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones |
| notifications.cm.create | bool | `true` | Whether helm chart creates controller config map |
| notifications.containerSecurityContext | object | `{}` | Container Security Context |
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
| notifications.context | object | `{}` | Define user-defined context |
| notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment |
| notifications.enabled | bool | `false` | Enable notifications controller |
| notifications.extraArgs | list | `[]` | Extra arguments to provide to the controller |
| notifications.extraEnv | list | `[]` | Additional container environment variables |
@ -1064,10 +1109,12 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[Declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/

40
charts/argo-cd/README.md.gotmpl
View file

@ -10,7 +10,7 @@ This is a **community maintained** chart. This chart installs [argo-cd](https://
The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative set up](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) of Argo CD.
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
## High Availability
@ -41,7 +41,7 @@ repoServer:
minReplicas: 2
applicationSet:
replicas: 2
replicaCount: 2
```
### HA mode without autoscaling
@ -60,7 +60,7 @@ repoServer:
replicas: 2
applicationSet:
replicas: 2
replicaCount: 2
```
### Synchronizing Changes from Original Repository
@ -83,8 +83,6 @@ git diff v1.8.7 v2.0.0 -- manifests/install.yaml
Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds).
## Upgrading
### Custom resource definitions
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart.
@ -100,6 +98,32 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVer
kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
```
## Changelog
For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.13.0
This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
### 5.12.0
This version deprecates the `configs.secret.argocdServerTlsConfig` option. Use `server.certificate` or `server.certificateSecret` to provide custom TLS configuration for Argo CD server.
If you terminate TLS on ingress please use `argocd-server-tls` secret instead of `argocd-secret` secret.
### 5.10.0
This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly.
The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project.
### 5.7.0
This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively.
Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`.
If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes.
### 5.5.20
This version moved API version templates into dedicated helper. If you are using these in your umbrella
@ -312,7 +336,7 @@ server:
## Prerequisites
- Kubernetes 1.7+
- {{ template "chart.kubeVersionLine" . }}
- Helm v3.0.0+
## Installing the Chart
@ -490,10 +514,12 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[Declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/

28
charts/argo-cd/templates/NOTES.txt
View file

@ -28,24 +28,42 @@ DEPRECATED option server.logFormat - Use configs.params.server.log.format
{{- if .Values.server.logLevel }}
DEPRECATED option server.logLevel - Use configs.params.server.log.level
{{- end }}
{{- if has "--insecure" .Values.server.extraArgs }}
DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure
{{- end }}
{{- if .Values.repoServer.logFormat }}
DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format
{{- end }}
{{- if .Values.repoServer.logLevel }}
DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level
{{- end }}
{{- if or .Values.server.config .Values.server.configEnabled .Values.server.configAnnotations }}
{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }}
DEPRECATED option server.config - Use configs.cm
{{- end }}
{{- if or .Values.server.rbacConfig .Values.server.rbacConfigCreate .Values.server.rbacConfigAnnotations }}
{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
DEPRECATED option server.rbacConfig - Use configs.rbac
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
{{- end }}
{{- if .Values.configs.gpgKeys }}
DEPRECATED option configs.gpgKeys - Use config.gpg.keys
{{- end }}
{{- if .Values.configs.gpgKeysAnnotations }}
DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
{{- end }}
{{- if .Values.controller.service }}
REMOVED option controller.service - Use controller.metrics
{{- end }}
{{- if .Values.repoServer.copyutil }}
REMOVED option repoSever.copyutil.resources - Use repoServer.resources
{{- end }}
{{- if .Values.applicationSet.args.debug }}
REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
{{- end }}
{{- if .Values.applicationSet.args.enableLeaderElection }}
REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
{{- end }}
In order to access the server UI you have the following options:
@ -58,14 +76,14 @@ In order to access the server UI you have the following options:
- Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
{{ if eq (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled") "true" -}}
{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}}
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
{{ else if or (index .Values.server.config "dex.config") (index .Values.server.config "oidc.config") -}}
{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
After reaching the UI the first time you can login using Dex or OIDC.
{{ else -}}
After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `server.config.dex.config` or OIDC via `server.config.oidc.config`.
After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`.
{{ end -}}

25
charts/argo-cd/templates/_helpers.tpl
View file

@ -15,6 +15,17 @@ Create dex name and version as used by the chart label.
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create Dex server endpoint
*/}}
{{- define "argo-cd.dex.server" -}}
{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}}
{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}}
{{- $host := include "argo-cd.dex.fullname" . -}}
{{- $port := int .Values.dex.servicePortHttp -}}
{{- printf "%s://%s:%d" $scheme $host $port }}
{{- end }}
{{/*
Create redis name and version as used by the chart label.
*/}}
@ -171,9 +182,11 @@ ui.cssurl: "./custom/custom.styles.css"
Merge Argo Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config.cm" -}}
{{- $config := coalesce .Values.server.config (omit .Values.configs.cm "create" "annotations") -}}
{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}}
{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
{{- mergeOverwrite $preset $config | toYaml }}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{ $key }}: {{ toString $value | toYaml }}
{{- end }}
{{- end -}}
{{/*
@ -181,11 +194,13 @@ Argo Params Default Configuration Presets
*/}}
{{- define "argo-cd.config.params.presets" -}}
repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}"
server.repo.server.strict.tls: {{ .Values.repoServer.certificateSecret.enabled | toString }}
{{- with include "argo-cd.redis.server" . }}
redis.server: {{ . | quote }}
{{- end }}
{{- if .Values.dex.enabled }}
server.dex.server: "http://{{ include "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }}"
server.dex.server: {{ include "argo-cd.dex.server" . | quote }}
server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }}
{{- end }}
{{- range $component := tuple "controller" "server" "reposerver" }}
{{ $component }}.log.format: {{ $.Values.global.logging.format | quote }}
@ -198,8 +213,8 @@ Merge Argo Params Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config.params" -}}
{{- $config := omit .Values.configs.params "annotations" }}
{{- $preset := include "argo-cd.config.params.presets" $ | fromYaml | default dict -}}
{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{ $key }}: {{ $value | quote }}
{{ $key }}: {{ toString $value | toYaml }}
{{- end }}
{{- end -}}

2
charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
View file

@ -10,7 +10,7 @@ spec:
- from:
- namespaceSelector: {}
ports:
- port: controller
- port: metrics
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}

81
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml Executable file → Normal file
View file

@ -1,16 +1,23 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.controller.statefulsetAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicas }}
# TODO: Remove for breaking release as history limit cannot be patched
revisionHistoryLimit: 5
serviceName: {{ include "argo-cd.controller.fullname" . }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
serviceName: {{ template "argo-cd.controller.fullname" . }}
revisionHistoryLimit: 5
replicas: {{ .Values.controller.replicas }}
template:
metadata:
annotations:
@ -81,10 +88,6 @@ spec:
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
{{- with .Values.controller.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
env:
{{- with .Values.controller.env }}
{{- toYaml . | nindent 10 }}
@ -163,6 +166,12 @@ spec:
name: argocd-cmd-params-cm
key: controller.repo.server.strict.tls
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.resource.health.persist
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
@ -175,6 +184,12 @@ spec:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
@ -205,6 +220,12 @@ spec:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
@ -213,34 +234,28 @@ spec:
- name: metrics
containerPort: {{ .Values.controller.containerPort }}
protocol: TCP
livenessProbe:
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.containerPort }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.controller.containerPort }}
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
workingDir: /home/argocd
volumeMounts:
- name: argocd-home
mountPath: /home/argocd
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
workingDir: /home/argocd
volumeMounts:
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
{{- with .Values.controller.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
@ -273,10 +288,15 @@ spec:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- emptyDir: {}
name: argocd-home
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: argocd-home
emptyDir: {}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
@ -284,11 +304,6 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.initContainers }}
initContainers:
{{- toYaml . | nindent 6 }}

2
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View file

@ -130,4 +130,4 @@ spec:
emptyDir: {}
- name: tmp
emptyDir: {}
{{- end }}
{{- end }}

23
charts/argo-cd/templates/argocd-applicationset/role.yaml
View file

@ -47,9 +47,20 @@ rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
@ -62,16 +73,6 @@ rules:
- get
- list
- watch
# Leader election
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- patch
- apiGroups:
- coordination.k8s.io
resources:

6
charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
View file

@ -1,16 +1,16 @@
{{- if (coalesce .Values.server.configEnabled .Values.configs.cm.create) }}
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
{{- with (coalesce .Values.server.configAnnotations .Values.configs.cm.annotations) }}
{{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- include "argo-cd.config.cm" . | nindent 2 }}
{{- include "argo-cd.config.cm" . | trim | nindent 2 }}
{{- end }}

24
charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if and .Values.dex.enabled .Values.dex.certificateSecret.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-dex-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }}
{{- with .Values.dex.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.dex.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
{{- with .Values.dex.certificateSecret.ca }}
ca.crt: {{ . | b64enc | quote }}
{{- end }}
tls.crt: {{ .Values.dex.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.dex.certificateSecret.key | b64enc | quote }}
{{- end }}

4
charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
View file

@ -4,13 +4,13 @@ metadata:
name: argocd-gpg-keys-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
{{- with .Values.configs.gpgKeysAnnotations }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with .Values.configs.gpgKeys }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}}
data:
{{- toYaml . | nindent 2 }}
{{- end }}

6
charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
View file

@ -1,17 +1,17 @@
{{- if (coalesce .Values.server.rbacConfigCreate .Values.configs.rbac.create) }}
{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }}
{{- with (coalesce .Values.server.rbacConfigAnnotations .Values.configs.rbac.annotations) }}
{{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with (coalesce .Values.server.rbacConfig (omit .Values.configs.rbac "create" "annotations")) }}
{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}

24
charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if and .Values.repoServer.enabled .Values.repoServer.certificateSecret.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }}
{{- with .Values.repoServer.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
{{- with .Values.repoServer.certificateSecret.ca }}
ca.crt: {{ . | b64enc | quote }}
{{- end }}
tls.crt: {{ .Values.repoServer.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.repoServer.certificateSecret.key | b64enc | quote }}
{{- end }}

21
charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml Normal file
View file

@ -0,0 +1,21 @@
{{- if and .Values.server.certificateSecret.enabled (not .Values.server.certificate.enabled) }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }}
{{- with .Values.server.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.server.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.server.certificateSecret.key | b64enc | quote }}
{{- end }}

4
charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
View file

@ -2,10 +2,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-custom-styles
name: argocd-styles-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
data:
custom.styles.css: |
{{- .Values.configs.styles | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
View file

@ -27,5 +27,5 @@ stringData:
{{- end }}
{{- end }}
config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }}
{{- end }}

36
charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml
View file

@ -2,12 +2,20 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.notifications.fullname" . }}-bot
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
strategy:
{{- .Values.notifications.bots.slack.updateStrategy | toYaml | nindent 4 }}
type: Recreate
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }}
@ -20,14 +28,15 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }}
securityContext: {{- toYaml (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.notifications.securityContext) | nindent 8 }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsBotsSlackServiceAccountName" . }}
containers:
- name: {{ template "argo-cd.notifications.fullname" . }}-bot
- name: {{ include "argo-cd.notifications.fullname" . }}-bot
image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }}
resources:
{{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
command:
- argocd-notifications
- bot
@ -35,19 +44,20 @@ spec:
ports:
- containerPort: 8080
name: http
{{- with .Values.notifications.bots.slack.containerSecurityContext }}
securityContext: {{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }}
{{- with .Values.notifications.bots.slack.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.affinity }}
{{- with .Values.notifications.bots.slack.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.tolerations }}
{{- end }}
{{- with .Values.notifications.bots.slack.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{ end }}

31
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -2,10 +2,18 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
strategy:
type: Recreate
selector:
@ -38,30 +46,16 @@ spec:
- name: {{ .Values.notifications.name }}
image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }}
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
command:
- argocd-notifications
- --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
{{- if .Values.notifications.metrics.enabled }}
- --metrics-port={{ .Values.notifications.metrics.port }}
{{- end }}
- --namespace={{ .Release.Namespace }}
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
{{- range .Values.notifications.extraArgs }}
- {{ . | squote }}
{{- end }}
workingDir: /app
ports:
{{- if .Values.notifications.metrics.enabled }}
- containerPort: {{ .Values.notifications.metrics.port }}
name: metrics
protocol: TCP
{{- end }}
{{- if .Values.notifications.containerSecurityContext }}
securityContext: {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
{{- end }}
{{- with .Values.notifications.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
@ -70,6 +64,15 @@ spec:
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.notifications.metrics.port }}
protocol: TCP
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
workingDir: /app
volumeMounts:
- name: tls-certs
mountPath: /app/config/tls

119
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -1,21 +1,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.repoServer.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
spec:
{{- if not .Values.repoServer.autoscaling.enabled }}
replicas: {{ .Values.repoServer.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
revisionHistoryLimit: 5
{{- if (ne .Values.repoServer.autoscaling.enabled true) }}
replicas: {{ .Values.repoServer.replicas }}
{{- end }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if .Values.repoServer.certificateSecret.enabled }}
checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
@ -55,10 +64,6 @@ spec:
{{- with .Values.repoServer.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
env:
{{- with .Values.repoServer.env }}
{{- toYaml . | nindent 10 }}
@ -127,6 +132,12 @@ spec:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
@ -169,6 +180,30 @@ spec:
name: argocd-cmd-params-cm
key: reposerver.plugin.tar.exclusions
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
@ -183,53 +218,51 @@ spec:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8 }}
{{- end }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp-dir
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: tmp
ports:
- name: repo-server
containerPort: {{ .Values.repoServer.containerPort }}
protocol: TCP
{{ if .Values.repoServer.metrics.enabled }}
- name: metrics
containerPort: 8084
protocol: TCP
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
httpGet:
path: /healthz?full=true
port: metrics
initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
{{- with .Values.repoServer.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- toYaml .Values.repoServer.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- with .Values.repoServer.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
@ -265,23 +298,29 @@ spec:
{{- with .Values.repoServer.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: helm-working-dir
emptyDir: {}
- name: plugins
emptyDir: {}
- name: var-files
emptyDir: {}
- name: tmp
emptyDir: {}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- emptyDir: {}
name: gpg-keyring
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: helm-working-dir
- name: gpg-keyring
emptyDir: {}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
@ -289,14 +328,6 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: tmp-dir
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins
initContainers:
- command:
- cp

10
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -2,10 +2,11 @@
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
kind: Certificate
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
secretName: {{ .Values.server.certificate.secretName }}
commonName: {{ .Values.server.certificate.domain | quote }}
dnsNames:
- {{ .Values.server.certificate.domain | quote }}
@ -15,6 +16,9 @@ spec:
{{- with .Values.server.certificate.duration }}
duration: {{ . | quote }}
{{- end }}
{{- with .Values.server.certificate.renewBefore }}
renewBefore: {{ . | quote }}
{{- end }}
issuerRef:
{{- with .Values.server.certificate.issuer.group }}
group: {{ . | quote }}
@ -25,8 +29,4 @@ spec:
privateKey:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.certificate.renewBefore }}
renewBefore: {{ . | quote }}
{{- end }}
secretName: {{ .Values.server.certificate.secretName | quote }}
{{- end }}

19
charts/argo-cd/templates/argocd-server/clusterrole.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
@ -27,12 +27,21 @@ rules:
- pods/log
verbs:
- get
{{- if eq (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled") "true" }}
{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
- apiGroups:
- ""
- ""
resources:
- pods/exec
- pods/exec
verbs:
- create
- create
{{- end }}
- apiGroups:
- argoproj.io
resources:
- applications
verbs:
- get
- list
- update
- watch
{{- end }}

131
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -1,17 +1,23 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- if not .Values.server.autoscaling.enabled }}
replicas: {{ .Values.server.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
revisionHistoryLimit: 5
{{- if (ne .Values.server.autoscaling.enabled true) }}
replicas: {{ .Values.server.replicas }}
{{- end }}
template:
metadata:
annotations:
@ -52,10 +58,6 @@ spec:
{{- with .Values.server.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
env:
{{- with .Values.server.env }}
{{- toYaml . | nindent 10 }}
@ -84,7 +86,7 @@ spec:
name: argocd-cmd-params-cm
key: server.log.format
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
- name: ARGOCD_SERVER_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
@ -144,6 +146,18 @@ spec:
name: argocd-cmd-params-cm
key: server.repo.server.strict.tls
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server.plaintext
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server.strict.tls
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
@ -198,6 +212,12 @@ spec:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
@ -234,51 +254,48 @@ spec:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
{{- with .Values.server.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- with .Values.server.volumeMounts }}
{{- toYaml . | nindent 8}}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: extensions
mountPath: /tmp/extensions/
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
{{- if .Values.configs.styles }}
- mountPath: "/shared/app/custom/custom.styles.css"
subPath: "custom.styles.css"
name: custom-styles
{{- end }}
{{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }}
- mountPath: /home/argocd/.aws
name: aws-config
{{- end }}
- mountPath: /app/config/dex/tls
name: argocd-dex-server-tls
- mountPath: /home/argocd
name: plugins-home
- mountPath: /shared/app/custom
name: styles
- mountPath: /tmp
name: tmp-dir
name: tmp
{{- if .Values.server.extensions.enabled }}
- mountPath: /tmp/extensions
name: extensions
{{- end }}
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
protocol: TCP
{{ if .Values.server.metrics.enabled }}
- name: metrics
containerPort: 8083
protocol: TCP
{{- end }}
livenessProbe:
httpGet:
path: /healthz
path: /healthz?full=true
port: {{ .Values.server.containerPort }}
initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
@ -294,10 +311,10 @@ spec:
timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
{{- with .Values.server.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- toYaml .Values.server.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
{{- with .Values.server.lifecycle }}
lifecycle:
{{- toYaml . | nindent 10 }}
@ -309,11 +326,15 @@ spec:
- name: argocd-extensions
image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }}
imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.server.extensions.containerSecurityContext | nindent 10 }}
volumeMounts:
- name: extensions
mountPath: /tmp/extensions/
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
- name: tmp
mountPath: /tmp
{{- end }}
{{- with .Values.server.nodeSelector }}
nodeSelector:
@ -351,27 +372,24 @@ spec:
- name: extensions
emptyDir: {}
{{- end }}
- emptyDir: {}
name: tmp-dir
{{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }}
- emptyDir: {}
name: aws-config
{{- end }}
{{- if .Values.configs.styles }}
- configMap:
name: argocd-custom-styles
name: custom-styles
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
- name: plugins-home
emptyDir: {}
- name: tmp
emptyDir: {}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
- configMap:
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: styles
configMap:
name: argocd-styles-cm
optional: true
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
@ -379,10 +397,15 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
- name: argocd-dex-server-tls
secret:
secretName: argocd-dex-server-tls
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: plugins-home
items:
- key: tls.crt
path: tls.crt
- key: ca.crt
path: ca.crt
{{- with .Values.server.initContainers }}
initContainers:
{{- toYaml . | nindent 6 }}

3
charts/argo-cd/templates/argocd-server/role.yaml
View file

@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
@ -22,6 +22,7 @@ rules:
- argoproj.io
resources:
- applications
- applicationsets
- appprojects
{{- if .Values.server.extensions.enabled }}
- argocdextensions

30
charts/argo-cd/templates/crds/crd-application.yaml
View file

@ -343,8 +343,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@ -689,8 +689,7 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management plugin
specific options
description: Plugin holds config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
@ -1045,8 +1044,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@ -1417,8 +1416,8 @@ spec:
from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin
specific options
properties:
env:
description: Env is a list of environment variable
@ -1761,8 +1760,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@ -1813,6 +1812,10 @@ spec:
reconciled using the latest git version
format: date-time
type: string
resourceHealthSource:
description: 'ResourceHealthSource indicates where the resource health
status is stored: inline if not set or appTree'
type: string
resources:
description: Resources is a list of Kubernetes resources managed by
this application
@ -1849,6 +1852,9 @@ spec:
description: SyncStatusCode is a type which represents possible
comparison results
type: string
syncWave:
format: int64
type: integer
version:
type: string
type: object
@ -2095,8 +2101,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable

236
charts/argo-cd/templates/crds/crd-applicationset.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.crds.install }}
{{- if and .Values.crds.install .Values.applicationSet.enabled }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,7 +9,6 @@ metadata:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
controller-gen.kubebuilder.io/version: v0.3.0
labels:
app.kubernetes.io/name: applicationsets.argoproj.io
app.kubernetes.io/part-of: argocd
@ -2381,6 +2380,8 @@ spec:
properties:
api:
type: string
appSecretName:
type: string
labels:
items:
type: string
@ -2403,6 +2404,31 @@ spec:
- owner
- repo
type: object
gitlab:
properties:
api:
type: string
labels:
items:
type: string
type: array
project:
type: string
pullRequestState:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- project
type: object
requeueAfterSeconds:
format: int64
type: integer
@ -2664,6 +2690,31 @@ spec:
type: object
scmProvider:
properties:
azureDevOps:
properties:
accessTokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
allBranches:
type: boolean
api:
type: string
organization:
type: string
teamProject:
type: string
required:
- accessTokenRef
- organization
- teamProject
type: object
bitbucket:
properties:
allBranches:
@ -2768,6 +2819,8 @@ spec:
type: boolean
api:
type: string
appSecretName:
type: string
organization:
type: string
tokenRef:
@ -3065,6 +3118,29 @@ spec:
- spec
type: object
type: object
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
type: object
type: array
template:
@ -4534,6 +4610,8 @@ spec:
properties:
api:
type: string
appSecretName:
type: string
labels:
items:
type: string
@ -4556,6 +4634,31 @@ spec:
- owner
- repo
type: object
gitlab:
properties:
api:
type: string
labels:
items:
type: string
type: array
project:
type: string
pullRequestState:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- project
type: object
requeueAfterSeconds:
format: int64
type: integer
@ -4817,6 +4920,31 @@ spec:
type: object
scmProvider:
properties:
azureDevOps:
properties:
accessTokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
allBranches:
type: boolean
api:
type: string
organization:
type: string
teamProject:
type: string
required:
- accessTokenRef
- organization
- teamProject
type: object
bitbucket:
properties:
allBranches:
@ -4921,6 +5049,8 @@ spec:
type: boolean
api:
type: string
appSecretName:
type: string
organization:
type: string
tokenRef:
@ -5218,6 +5348,29 @@ spec:
- spec
type: object
type: object
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
type: object
type: array
mergeKeys:
@ -5552,6 +5705,8 @@ spec:
properties:
api:
type: string
appSecretName:
type: string
labels:
items:
type: string
@ -5574,6 +5729,31 @@ spec:
- owner
- repo
type: object
gitlab:
properties:
api:
type: string
labels:
items:
type: string
type: array
project:
type: string
pullRequestState:
type: string
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- project
type: object
requeueAfterSeconds:
format: int64
type: integer
@ -5835,6 +6015,31 @@ spec:
type: object
scmProvider:
properties:
azureDevOps:
properties:
accessTokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
allBranches:
type: boolean
api:
type: string
organization:
type: string
teamProject:
type: string
required:
- accessTokenRef
- organization
- teamProject
type: object
bitbucket:
properties:
allBranches:
@ -5939,6 +6144,8 @@ spec:
type: boolean
api:
type: string
appSecretName:
type: string
organization:
type: string
tokenRef:
@ -6236,8 +6443,33 @@ spec:
- spec
type: object
type: object
selector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
type: object
type: array
goTemplate:
type: boolean
syncPolicy:
properties:
preserveResourcesOnDeletion:

2
charts/argo-cd/templates/crds/crd-extension.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.crds.install }}
{{- if and .Values.crds.install .Values.server.extensions.enabled }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

10
charts/argo-cd/templates/crds/crd-project.yaml
View file

@ -167,6 +167,10 @@ spec:
for apps which have orphaned resources
type: boolean
type: object
permitOnlyProjectScopedClusters:
description: PermitOnlyProjectScopedClusters determines whether destinations
can only reference clusters which are project-scoped
type: boolean
roles:
description: Roles are user defined RBAC roles associated with this
project
@ -229,6 +233,12 @@ spec:
- keyID
type: object
type: array
sourceNamespaces:
description: SourceNamespaces defines the namespaces application resources
are allowed to be created in
items:
type: string
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can
be used for deployment

54
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -2,10 +2,18 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dex.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.dex.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }}
@ -13,6 +21,9 @@ spec:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if .Values.dex.certificateSecret.enabled }}
checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
@ -36,12 +47,6 @@ spec:
- name: copyutil
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- with .Values.dex.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
command:
- cp
- -n
@ -52,6 +57,10 @@ spec:
name: static-files
- mountPath: /tmp
name: dexconfig
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- with .Values.dex.initContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
@ -64,10 +73,7 @@ spec:
args:
- rundex
{{- with .Values.dex.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- with .Values.dex.env }}
@ -98,31 +104,37 @@ spec:
httpGet:
path: /healthz/live
port: metrics
{{- with .Values.dex.livenessProbe }}
{{- omit . "enabled" | toYaml | nindent 10 }}
{{- end }}
initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.dex.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.dex.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.dex.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz/ready
port: metrics
{{- with .Values.dex.readinessProbe }}
{{- omit . "enabled" | toYaml | nindent 10 }}
{{- end }}
initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.dex.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.dex.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
volumeMounts:
{{- with .Values.dex.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: static-files
mountPath: /shared
- name: dexconfig
mountPath: /tmp
- name: argocd-dex-server-tls
mountPath: /tls
{{- with .Values.dex.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- with .Values.dex.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}

129
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -1,122 +1,131 @@
{{- $redisHa := (index .Values "redis-ha") -}}
{{- $redisHa := index .Values "redis-ha" -}}
{{- if and .Values.redis.enabled (not $redisHa.enabled) -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.redis.fullname" . }}
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.redis.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.redis.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
template:
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redis.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redis.podAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redis.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }}
{{- if .Values.redis.securityContext }}
securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }}
{{- with .Values.redis.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }}
{{- with .Values.redis.initContainers }}
initContainers:
{{- toYaml . | nindent 6 }}
{{- end }}
containers:
- name: {{ template "argo-cd.redis.fullname" . }}
- name: {{ .Values.redis.name }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.image.imagePullPolicy }}
args:
- --save
- ""
- --appendonly
- "no"
{{- with .Values.redis.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
{{- if .Values.redis.containerSecurityContext }}
securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.redis.env }}
{{- with .Values.redis.env }}
env:
{{- toYaml .Values.redis.env | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
envFrom:
{{- toYaml . | nindent 8 }}
{{- end }}
ports:
- containerPort: {{ .Values.redis.containerPort }}
name: redis
{{- if .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml .Values.redis.volumeMounts | nindent 10 }}
{{- end }}
- name: redis
containerPort: {{ .Values.redis.containerPort }}
protocol: TCP
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
{{- toYaml .Values.redis.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- with .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.redis.metrics.enabled }}
- name: metrics
image: {{ .Values.redis.metrics.image.repository }}:{{ .Values.redis.metrics.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.metrics.image.imagePullPolicy }}
env:
- name: REDIS_ADDR
value: {{ printf "redis://localhost:%v" .Values.redis.containerPort }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf "0.0.0.0:%v" .Values.redis.metrics.containerPort }}
image: {{ .Values.redis.metrics.image.repository }}:{{ .Values.redis.metrics.image.tag }}
imagePullPolicy: {{ .Values.redis.metrics.image.imagePullPolicy}}
ports:
- containerPort: {{ .Values.redis.metrics.containerPort }}
name: metrics
- name: metrics
containerPort: {{ .Values.redis.metrics.containerPort }}
protocol: TCP
resources: {{- toYaml .Values.redis.metrics.resources | nindent 10 }}
{{- with .Values.redis.containerSecurityContext }}
securityContext: {{- toYaml . | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.redis.metrics.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.redis.metrics.containerSecurityContext | nindent 10 }}
{{- end }}
{{- with .Values.redis.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.redis.nodeSelector }}
{{- with .Values.redis.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.redis.nodeSelector }}
nodeSelector:
{{- toYaml .Values.redis.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.redis.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.tolerations }}
tolerations:
{{- toYaml .Values.redis.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.redis.affinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.affinity }}
affinity:
{{- toYaml .Values.redis.affinity | nindent 8 }}
{{- end }}
{{- with .Values.redis.topologySpreadConstraints }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.redis.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" $ }}-{{ $.Values.redis.name }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.redis.volumes }}
{{- with .Values.redis.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.redis.volumes }}
volumes:
{{- toYaml .Values.redis.volumes | nindent 8}}
{{- end }}
{{- if .Values.redis.initContainers }}
initContainers:
{{- toYaml .Values.redis.initContainers | nindent 6 }}
{{- toYaml . | nindent 8}}
{{- end }}
{{- if .Values.redis.priorityClassName }}
priorityClassName: {{ .Values.redis.priorityClassName }}
{{- end }}
{{- end }}

378
charts/argo-cd/values.yaml
View file

@ -12,7 +12,7 @@ kubeVersionOverride: ""
# If you want to template helm charts but cannot access k8s API server
# you can set api versions here
apiVersionOverrides:
# -- String to override apiVersion of certmanager resources rendered by this helm chart
# -- String to override apiVersion of cert-manager resources rendered by this helm chart
certmanager: "" # cert-manager.io/v1
# -- String to override apiVersion of GKE resources rendered by this helm chart
cloudgoogle: "" # cloud.google.com/v1
@ -40,7 +40,16 @@ crds:
# -- Annotations to be added to all CRDs
annotations: {}
## Globally shared configuration
global:
# -- Common labels for the all resources
additionalLabels: {}
# app: argo-cd
# -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
revisionHistoryLimit: 3
# Default image used by all components
image:
# -- If defined, a repository applied to all Argo CD deployments
repository: quay.io/codefresh/argocd
@ -52,16 +61,27 @@ global:
# -- Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# Default logging options used by all components
logging:
# -- Set the global logging format. Either: `text` or `json`
format: text
# -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
level: info
# -- Annotations for the all deployed Statefulsets
statefulsetAnnotations: {}
# -- Annotations for the all deployed Deployments
deploymentAnnotations: {}
# -- Annotations for the all deployed pods
podAnnotations: {}
# -- Labels for the all deployed pods
podLabels: {}
# -- Toggle and define securityContext. See [values.yaml]
# -- Toggle and define pod-level security context.
# @default -- `{}` (See [values.yaml])
securityContext: {}
# runAsUser: 999
# runAsGroup: 999
@ -73,10 +93,6 @@ global:
# hostnames:
# - git.myhostname
# -- Additional labels to add to all resources
additionalLabels: {}
# app: argo-cd
networkPolicy:
# -- Create NetworkPolicy objects for all components
create: false
@ -88,33 +104,36 @@ configs:
# General Argo CD configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
cm:
# -- Create the argocd-cm configmap for [Declarative setup]
# -- Create the argocd-cm configmap for [declarative setup]
create: true
# -- Annotations to be added to argocd-cm configmap
annotations: {}
# -- Argo CD's externally facing base URL (optional). Required when configuring SSO
url: ""
# -- The name of tracking label used by Argo CD for resource pruning
# @default -- Defaults to app.kubernetes.io/instance
application.instanceLabelKey: argocd.argoproj.io/instance
# -- Enable logs RBAC enforcement
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement
server.rbac.log.enforce.enable: "false"
server.rbac.log.enforce.enable: false
# -- Enable exec feature in Argo UI
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource
exec.enabled: "false"
exec.enabled: false
# -- Enable local admin user
## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
admin.enabled: "true"
admin.enabled: true
# -- Timeout to discover if a new manifests version got published to the repository
timeout.reconciliation: 180s
# -- Timeout to refresh application data as well as target manifests cache
timeout.hard.reconciliation: "0"
timeout.hard.reconciliation: 0
# Dex configuration
# dex.config: |
@ -135,6 +154,10 @@ configs:
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
# clientID: CLIENT_ID
# clientSecret: $oidc.azuread.clientSecret
# rootCA: |
# -----BEGIN CERTIFICATE-----
# ... encoded certificate data here ...
# -----END CERTIFICATE-----
# requestedIDTokenClaims:
# groups:
# essential: true
@ -217,6 +240,22 @@ configs:
# The scope value can be a string, or a list of strings.
scopes: "[groups]"
# GnuPG public keys for commit verification
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
gpg:
# -- Annotations to be added to argocd-gpg-keys-cm configmap
annotations: {}
# -- [GnuPG] public keys to add to the keyring
# @default -- `{}` (See [values.yaml])
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
keys: {}
# 4AEE18F83AFDEB23: |
# -----BEGIN PGP PUBLIC KEY BLOCK-----
# ...
# -----END PGP PUBLIC KEY BLOCK-----
# -- Provide one or multiple [external cluster credentials]
# @default -- `[]` (See [values.yaml])
## Ref:
@ -244,30 +283,6 @@ configs:
# insecure: false
# caData: "<base64 encoded certificate>"
# -- GnuPG key ring annotations
gpgKeysAnnotations: {}
# -- [GnuPG](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) keys to add to the key ring
# @default -- `{}` (See [values.yaml])
gpgKeys: {}
# 4AEE18F83AFDEB23: |
# -----BEGIN PGP PUBLIC KEY BLOCK-----
#
# mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta
# x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT
# SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ
# 7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa
# buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v
# yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs
# b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW
# BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf
# DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6
# 9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws
# +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5
# 4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O
# j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48=
# =Bvzs
# -----END PGP PUBLIC KEY BLOCK-----
# -- Known Hosts configmap annotations
knownHostsAnnotations: {}
knownHosts:
@ -373,6 +388,8 @@ configs:
# -- Annotations to be added to `configs.repositories` Secret
repositoriesAnnotations: {}
# Argo CD sensitive data
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
secret:
# -- Create the argocd-secret
createSecret: true
@ -399,16 +416,10 @@ configs:
# LDAP_PASSWORD: "mypassword"
# -- Argo TLS Data
argocdServerTlsConfig:
{}
# key:
# crt: |
# -----BEGIN CERTIFICATE-----
# <cert data>
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# <ca cert data>
# -----END CERTIFICATE-----
# DEPRECATED - Use server.certificate or server.certificateSecret
# argocdServerTlsConfig:
# key: ''
# crt: ''
# -- Bcrypt hashed admin password
## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
@ -535,6 +546,9 @@ controller:
# - secretRef:
# name: secret-name
# -- Annotations for the application controller StatefulSet
statefulsetAnnotations: {}
# -- Annotations to be added to application controller pods
podAnnotations: {}
@ -542,20 +556,22 @@ controller:
podLabels: {}
# -- Application controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
{}
# capabilities:
# drop:
# - all
# readOnlyRootFilesystem: true
# runAsNonRoot: true
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Application controller listening port
containerPort: 8082
## Readiness and liveness probes for default backend
# Rediness probe for application controller
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -567,17 +583,6 @@ controller:
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
livenessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Additional volumeMounts to the application controller main container
volumeMounts: []
@ -801,7 +806,7 @@ dex:
# -- Dex image repository
repository: ghcr.io/dexidp/dex
# -- Dex image tag
tag: v2.35.3-distroless
tag: v2.35.3
# -- Dex imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -810,6 +815,7 @@ dex:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# Argo CD init image that creates Dex config
initImage:
# -- Argo CD init image repository
# @default -- `""` (defaults to global.image.repository)
@ -832,12 +838,44 @@ dex:
# - secretRef:
# name: secret-name
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers.
certificateSecret:
# -- Create argocd-dex-server-tls secret
enabled: false
# -- Labels to be added to argocd-dex-server-tls secret
labels: {}
# -- Annotations to be added to argocd-dex-server-tls secret
annotations: {}
# -- Certificate authority. Required for self-signed certificates.
ca: ''
# -- Certificate private key
key: ''
# -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc)
crt: ''
# -- Annotations to be added to the Dex server Deployment
deploymentAnnotations: {}
# -- Annotations to be added to the Dex server pods
podAnnotations: {}
# -- Labels to be added to the Dex server pods
podLabels: {}
# -- Dex container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Probes for Dex server
## Supported from Dex >= 2.28.0
livenessProbe:
@ -918,14 +956,6 @@ dex:
# -- Priority class for dex
priorityClassName: ""
# -- Dex container-level security context
containerSecurityContext:
{}
# capabilities:
# drop:
# - all
# readOnlyRootFilesystem: true
# -- Resource limits and requests for dex
resources: {}
# limits:
@ -982,7 +1012,7 @@ redis:
# -- Redis repository
repository: quay.io/codefresh/redis
# -- Redis tag
tag: 7.0.4-alpine
tag: 7.0.5-alpine
# -- Redis imagePullPolicy
imagePullPolicy: IfNotPresent
@ -1011,12 +1041,31 @@ redis:
# - secretRef:
# name: secret-name
# -- Annotations to be added to the Redis server Deployment
deploymentAnnotations: {}
# -- Annotations to be added to the Redis server pods
podAnnotations: {}
# -- Labels to be added to the Redis server pods
podLabels: {}
# -- Redis pod-level security context
# @default -- See [values.yaml]
securityContext:
runAsNonRoot: true
runAsUser: 999
seccompProfile:
type: RuntimeDefault
# -- Redis container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
# -- [Node selector]
nodeSelector: {}
# -- [Tolerations] for use with node taints
@ -1035,19 +1084,6 @@ redis:
# -- Priority class for redis
priorityClassName: ""
# -- Redis container-level security context
containerSecurityContext:
{}
# capabilities:
# drop:
# - all
# readOnlyRootFilesystem: true
# -- Redis pod-level security context
securityContext:
runAsNonRoot: true
runAsUser: 999
serviceAccount:
# -- Create a service account for the redis pod
create: false
@ -1109,6 +1145,19 @@ redis:
imagePullPolicy: IfNotPresent
# -- Port to use for redis-exporter sidecar
containerPort: 9121
# -- Redis exporter security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for redis-exporter sidecar
resources: {}
# limits:
@ -1309,6 +1358,9 @@ server:
# @default -- `""` (defaults to global.logging.level)
# logLevel: ""
# -- Annotations to be added to server Deployment
deploymentAnnotations: {}
# -- Annotations to be added to server pods
podAnnotations: {}
@ -1320,7 +1372,6 @@ server:
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -1368,13 +1419,17 @@ server:
# -- Priority class for the Argo CD server
priorityClassName: ""
# -- Servers container-level security context
# -- Server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
{}
# capabilities:
# drop:
# - all
# readOnlyRootFilesystem: true
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for the Argo CD server
resources: {}
@ -1385,16 +1440,34 @@ server:
# cpu: 50m
# memory: 64Mi
## Certificate configuration
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificate:
# -- Deploy a Certificate resource (requires cert-manager)
enabled: false
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-server-tls
# -- Certificate primary domain (commonName)
domain: argocd.example.com
# -- The requested 'duration' (i.e. lifetime) of the Certificate. Value must be in units accepted by Go time.ParseDuration
# -- Certificate Subject Alternate Names (SANs)
additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate.
# @default -- `""` (defaults to 2160h = 90d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
duration: ""
# -- How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration
# -- How long before the expiry a certificate should be renewed.
# @default -- `""` (defaults to 360h = 15d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
renewBefore: ""
# Certificate issuer
## Ref: https://cert-manager.io/docs/concepts/issuer
issuer:
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group: ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: ""
# -- Certificate isser name. Eg. `letsencrypt`
name: ""
# Private key of the certificate
privateKey:
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
@ -1405,17 +1478,20 @@ server:
algorithm: RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size: 2048
issuer:
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group: ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: ""
# -- Certificate isser name. Eg. `letsencrypt`
name: ""
# -- Certificate manager additional hosts
additionalHosts: []
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-server-tls
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificateSecret:
# -- Create argocd-server-tls secret
enabled: false
# -- Annotations to be added to argocd-server-tls secret
annotations: {}
# -- Labels to be added to argocd-server-tls secret
labels: {}
# -- Private Key of the certificate
key: ''
# -- Certificate data
crt: ''
## Server service configuration
service:
@ -1543,7 +1619,7 @@ server:
# -- Ingress TLS configuration
tls:
[]
# - secretName: argocd-tls-certificate
# - secretName: your-certificate-name
# hosts:
# - argocd.example.com
@ -1609,7 +1685,7 @@ server:
# -- Ingress TLS configuration for dedicated [gRPC-ingress]
tls:
[]
# - secretName: argocd-tls-certificate
# - secretName: your-certificate-name
# hosts:
# - argocd.example.com
@ -1729,6 +1805,18 @@ server:
# -- Image pull policy for extensions
imagePullPolicy: IfNotPresent
# -- Server UI extensions container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for the argocd-extensions container
resources: {}
# limits:
@ -1828,6 +1916,9 @@ repoServer:
# @default -- `""` (defaults to global.logging.format)
# logLevel: ""
# -- Annotations to be added to repo server Deployment
deploymentAnnotations: {}
# -- Annotations to be added to repo server pods
podAnnotations: {}
@ -1839,7 +1930,6 @@ repoServer:
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -1893,12 +1983,16 @@ repoServer:
priorityClassName: ""
# -- Repo server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
{}
# capabilities:
# drop:
# - all
# readOnlyRootFilesystem: true
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for the repo server pods
resources: {}
@ -1909,6 +2003,23 @@ repoServer:
# cpu: 10m
# memory: 64Mi
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers.
certificateSecret:
# -- Create argocd-repo-server-tls secret
enabled: false
# -- Annotations to be added to argocd-repo-server-tls secret
annotations: {}
# -- Labels to be added to argocd-repo-server-tls secret
labels: {}
# -- Certificate authority. Required for self-signed certificates.
ca: ''
# -- Certificate private key
key: ''
# -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc)
crt: ''
## Repo server service configuration
service:
# -- Repo server service annotations
@ -2402,14 +2513,26 @@ notifications:
# service.slack: |
# token: $slack-token
# -- Annotations to be applied to the notifications controller Deployment
deploymentAnnotations: {}
# -- Annotations to be applied to the controller Pods
podAnnotations: {}
# -- Labels to be applied to the controller Pods
podLabels: {}
# -- Container Security Context
containerSecurityContext: {}
# -- Notification controller container-level security Context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Priority class for the controller pods
priorityClassName: ""
@ -2723,10 +2846,6 @@ notifications:
## You have to set secret.notifiers.slack.signingSecret
enabled: false
# -- The deployment strategy to use to replace existing pods with new ones
updateStrategy:
type: Recreate
## Slack bot Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
@ -2778,12 +2897,17 @@ notifications:
# -- Annotations applied to created service account
annotations: {}
# -- Pod Security Context
securityContext:
# -- Slack bot container-level security Context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
# -- Container Security Context
containerSecurityContext: {}
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for the Slack bot
resources: {}

6
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.4.2
appVersion: v3.4.4
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.20.4
version: 0.20.12
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -13,4 +13,4 @@ maintainers:
url: https://argoproj.github.io/
annotations:
artifacthub.io/changes: |
- "[Changed]: Enable to set different imagePullPolicy for mainContainer and executor"
- "[Changed]: Update Argo Workflows to v3.4.4"

6
charts/argo-workflows/README.md
View file

@ -62,6 +62,7 @@ Fields to note:
| workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
| workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
| workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows |
### Workflow Controller
@ -107,12 +108,15 @@ Fields to note:
| controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods |
| controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. |
| controller.rbac.create | bool | `true` | Adds Role and RoleBinding for the controller. |
| controller.rbac.secretWhitelist | list | `[]` | Allows controller to get, list, and watch certain k8s secrets |
| controller.replicas | int | `1` | The number of controller pods to run |
| controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. |
| controller.resources | object | `{}` | Resource limits and requests for the controller |
| controller.retentionPolicy | object | `{}` | Workflow retention by number of workflows |
| controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext |
| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| controller.serviceAccount.create | bool | `true` | Create a service account for the controller |
| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| controller.serviceAccount.name | string | `""` | Service account name |
| controller.serviceAnnotations | object | `{}` | Annotations to be applied to the controller Service |
| controller.serviceLabels | object | `{}` | Optional labels to add to the controller Service |
@ -199,6 +203,7 @@ Fields to note:
| server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context |
| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| server.serviceAccount.create | bool | `true` | Create a service account for the server |
| server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| server.serviceAccount.name | string | `""` | Service account name |
| server.serviceAnnotations | object | `{}` | Annotations to be applied to the UI Service |
| server.serviceLabels | object | `{}` | Optional labels to add to the UI Service |
@ -220,6 +225,7 @@ Fields to note:
| artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage |
| artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store |
| artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store |
| customArtifactRepository | object | `{}` | The section of custom artifact repository. Will be added to the config in case useDefaultArtifactRepo is set to false |
| useDefaultArtifactRepo | bool | `false` | Influences the creation of the ConfigMap for the workflow-controller itself. |
| useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) |

4
charts/argo-workflows/README.md.gotmpl
View file

@ -42,7 +42,7 @@ Fields to note:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if not (or (hasPrefix "workflow" .Key) (hasPrefix "controller" .Key) (hasPrefix "executor" .Key) (hasPrefix "server" .Key) (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) (hasPrefix "mainContainer" .Key) ) }}
{{- if not (or (hasPrefix "workflow" .Key) (hasPrefix "controller" .Key) (hasPrefix "executor" .Key) (hasPrefix "server" .Key) (hasPrefix "artifactRepository" .Key) (hasPrefix "customArtifact" .Key) (hasPrefix "use" .Key) (hasPrefix "mainContainer" .Key) ) }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
@ -102,7 +102,7 @@ Fields to note:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if or (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) }}
{{- if or (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) (hasPrefix "customArtifact" .Key) }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}

11
charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View file

@ -164,6 +164,17 @@ rules:
resourceNames:
{{/* for HTTP templates */}}
- argo-workflows-agent-ca-certificates
{{- with .Values.controller.rbac.secretWhitelist }}
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
resourceNames: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
---

7
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -92,6 +92,10 @@ data:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- else }}
{{- if .Values.customArtifactRepository }}
artifactRepository: {{- toYaml .Values.customArtifactRepository | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.controller.metricsConfig.enabled }}
metricsConfig:
@ -163,3 +167,6 @@ data:
{{- with .Values.controller.navColor }}
navColor: {{ . }}
{{- end }}
{{- with .Values.controller.retentionPolicy }}
retentionPolicy: {{- toYaml . | nindent 6 }}
{{- end }}

3
charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
View file

@ -5,6 +5,9 @@ metadata:
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{ with .Values.controller.serviceAccount.annotations }}
annotations:
{{- toYaml .| nindent 4 }}

3
charts/argo-workflows/templates/controller/workflow-sa.yaml
View file

@ -7,6 +7,9 @@ metadata:
name: {{ $.Values.workflow.serviceAccount.name }}
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $.Values.workflow.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}

6
charts/argo-workflows/templates/server/server-cluster-roles.yaml
View file

@ -30,7 +30,7 @@ rules:
- list
- watch
- delete
{{- if .Values.server.sso }}
{{- if .Values.server.sso }}
- apiGroups:
- ""
resources:
@ -46,7 +46,7 @@ rules:
- secrets
verbs:
- create
{{- if .Values.server.sso.rbac }}
{{- if .Values.server.sso.rbac }}
- apiGroups:
- ""
resources:
@ -55,8 +55,8 @@ rules:
- get
- list
- watch
{{- end }}
{{- end }}
{{- end }}
- apiGroups:
- ""
resources:

3
charts/argo-workflows/templates/server/server-sa.yaml
View file

@ -5,6 +5,9 @@ metadata:
name: {{ template "argo-workflows.serverServiceAccountName" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}

28
charts/argo-workflows/values.yaml
View file

@ -41,6 +41,8 @@ workflow:
serviceAccount:
# -- Specifies whether a service account should be created
create: false
# -- Labels applied to created service account
labels: {}
# -- Annotations applied to created service account
annotations: {}
# -- Service account which is used to run workflows
@ -70,6 +72,8 @@ controller:
rbac:
# -- Adds Role and RoleBinding for the controller.
create: true
# -- Allows controller to get, list, and watch certain k8s secrets
secretWhitelist: []
# -- Limits the maximum number of incomplete workflows in a namespace
namespaceParallelism:
@ -179,6 +183,8 @@ controller:
create: true
# -- Service account name
name: ""
# -- Labels applied to created service account
labels: {}
# -- Annotations applied to created service account
annotations: {}
@ -285,6 +291,12 @@ controller:
# -- Extra containers to be added to the controller deployment
extraContainers: []
# -- Workflow retention by number of workflows
retentionPolicy: {}
# completed: 10
# failed: 3
# errored: 3
# mainContainer adds default config for main container that could be overriden in workflows template
mainContainer:
# -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`.
@ -364,6 +376,8 @@ server:
create: true
# -- Service account name
name: ""
# -- Labels applied to created service account
labels: {}
# -- Annotations applied to created service account
annotations: {}
@ -602,3 +616,17 @@ artifactRepository:
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# -- The section of custom artifact repository.
# Will be added to the config in case useDefaultArtifactRepo is set to false
customArtifactRepository: {}
# customArtifactRepository:
# archiveLogs: true
# artifactory:
# repoUrl: https://artifactory.example.com/raw
# usernameSecret:
# name: artifactory-creds
# key: username
# passwordSecret:
# name: artifactory-creds
# key: password

2
scripts/lint.sh
View file

@ -9,7 +9,7 @@ echo -e "\n-- Linting all Helm Charts --\n"
docker run \
-v "$SRCROOT:/workdir" \
--entrypoint /bin/sh \
quay.io/helmpack/chart-testing:v3.7.0 \
quay.io/helmpack/chart-testing:v3.7.1 \
-c cd /workdir \
ct lint \
--config .github/configs/ct-lint.yaml \