diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 227c6a55..1867cece 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.3.6" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 1.5.3 +version: 1.6.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d4a29a3f..614f2eb9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -46,6 +46,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | configs.secret.githubSecret | GitHub incoming webhook secret | `""` | | configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | +| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | ## ArgoCD Controller diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml old mode 100644 new mode 100755 index 8fec2fdb..286fb981 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -1,3 +1,4 @@ + apiVersion: apps/v1 kind: Deployment metadata: @@ -9,6 +10,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.controller.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} spec: selector: matchLabels: @@ -31,6 +33,7 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.controller.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} @@ -63,6 +66,9 @@ spec: image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} name: {{ .Values.controller.name }} + {{- if .Values.controller.containerSecurityContext }} + securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} + {{- end }} {{- if .Values.controller.env }} env: {{- toYaml .Values.controller.env | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index ba9e6627..f9036347 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.server.name }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: {{- if .Values.configs.secret.githubSecret }} @@ -37,5 +37,8 @@ data: admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} admin.passwordMtime: {{ date "2006-01-02T15:04:05Z" now | b64enc }} {{- end }} + {{- range $key, $value := .Values.configs.secret.extra }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml old mode 100644 new mode 100755 index 458a7ee3..25a88aba --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.repoServer.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} spec: selector: matchLabels: @@ -31,6 +32,7 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.repoServer.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} @@ -57,6 +59,9 @@ spec: - --{{ $key }} {{- end }} {{- end }} + {{- if .Values.repoServer.containerSecurityContext }} + securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- end }} {{- if .Values.repoServer.env }} env: {{- toYaml .Values.repoServer.env | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml old mode 100644 new mode 100755 index 6b84c4ad..7f85bbec --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.server.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} spec: selector: matchLabels: @@ -31,6 +32,7 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.server.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} @@ -65,6 +67,9 @@ spec: - --{{ $key }} {{- end }} {{- end }} + {{- if .Values.server.containerSecurityContext }} + securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} + {{- end }} {{- if .Values.server.env }} env: {{- toYaml .Values.server.env | nindent 8 }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml old mode 100644 new mode 100755 index e46018c8..21b2d26d --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.dex.name }} + app.kubernetes.io/version: {{ .Values.dex.image.tag }} spec: selector: matchLabels: @@ -24,11 +25,17 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.dex.name }} + app.kubernetes.io/version: {{ .Values.dex.image.tag }} spec: initContainers: - name: copyutil image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} + resources: +{{- toYaml .Values.dex.resources | nindent 10 }} + {{- if .Values.dex.containerSecurityContext }} + securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- end }} command: - cp - /usr/local/bin/argocd-util @@ -43,6 +50,9 @@ spec: command: - /shared/argocd-util - rundex + {{- if .Values.dex.containerSecurityContext }} + securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- end }} {{- if .Values.dex.env }} env: {{- toYaml .Values.dex.env | nindent 8 }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml old mode 100644 new mode 100755 index ada5dc9a..9358166e --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -10,6 +10,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.redis.name }} + app.kubernetes.io/version: {{ .Values.redis.image.tag }} spec: selector: matchLabels: @@ -23,6 +24,7 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.redis.name }} + app.kubernetes.io/version: {{ .Values.redis.image.tag }} spec: automountServiceAccountToken: false {{- if .Values.global.securityContext }} @@ -37,6 +39,9 @@ spec: - "no" image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} + {{- if .Values.redis.containerSecurityContext }} + securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} + {{- end }} {{- if .Values.redis.env }} env: {{- toYaml .Values.redis.env | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml old mode 100644 new mode 100755 index 47411af6..0d4ae2de --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -50,6 +50,12 @@ controller: ## podLabels: {} + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + ## Configures the controller port containerPort: 8082 @@ -199,6 +205,13 @@ dex: priorityClassName: "" + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + + resources: {} # limits: # cpu: 50m @@ -233,6 +246,13 @@ redis: priorityClassName: "" + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + + resources: {} # limits: # cpu: 200m @@ -307,6 +327,12 @@ server: priorityClassName: "" + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + resources: {} # limits: # cpu: 100m @@ -541,6 +567,12 @@ repoServer: priorityClassName: "" + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + resources: {} # limits: # cpu: 50m @@ -689,6 +721,12 @@ configs: bitbucketUUÌD: "" gogsSecret: "" + # Custom secrets. Useful for injecting SSO secrets into environment variables. + # Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/ + # Note that all values must be non-empty. + extra: {} + # LDAP_PASSWORD: "mypassword" + # Argo TLS Data. argocdServerTlsConfig: {}