feat(argo-cd): Use new Argo CD extension mechanism (#2406)

charts/argo-cd/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v2.9.3
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.51.6
+version: 5.52.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -27,4 +27,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: changed
-      description: Upgrade Argo CD to v2.9.3
+      description: Use new Argo CD extension mechanism

charts/argo-cd/README.md

@@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog].
 
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 
+### 5.52.0
+Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
+If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
+
 ### 5.35.0
 This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
 
@@ -718,10 +722,11 @@ NAME: my-release
 | server.env | list | `[]` | Environment variables to pass to Argo CD server |
 | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
 | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
-| server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions |
+| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions |
+| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD |
 | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions |
-| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image |
+| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image |
-| server.extensions.image.tag | string | `"v0.2.1"` | Tag to use for extensions image |
+| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image |
 | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
 | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
 | server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
@@ -1263,3 +1268,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [EKS EoL]: https://endoflife.date/amazon-eks
 [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
 [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
+[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
+[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer

charts/argo-cd/README.md.gotmpl

@@ -104,6 +104,10 @@ For full list of changes please check ArtifactHub [changelog].
 
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 
+### 5.52.0
+Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
+If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
+
 ### 5.35.0
 This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
 
@@ -571,3 +575,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [EKS EoL]: https://endoflife.date/amazon-eks
 [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
 [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
+[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
+[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer

charts/argo-cd/ci/extension-values.yaml

@@ -0,0 +1,14 @@
+# Test Argo CD extension
+crds:
+  keep: false
+# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension
+server:
+  extensions:
+    enabled: true
+    extensionList:
+      - name: extension-metrics
+        env:
+          - name: EXTENSION_URL
+            value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
+          - name: EXTENSION_CHECKSUM_URL
+            value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt

charts/argo-cd/templates/aggregate-roles.yaml

@@ -14,9 +14,6 @@ rules:
   {{- if .Values.applicationSet.enabled }}
   - applicationsets
   {{- end }}
-  {{- if .Values.server.extensions.enabled }}
-  - argocdextensions
-  {{- end }}
   - appprojects
   verbs:
   - get
@@ -39,9 +36,6 @@ rules:
   {{- if .Values.applicationSet.enabled }}
   - applicationsets
   {{- end }}
-  {{- if .Values.server.extensions.enabled }}
-  - argocdextensions
-  {{- end }}
   - appprojects
   verbs:
   - create
@@ -69,9 +63,6 @@ rules:
   {{- if .Values.applicationSet.enabled }}
   - applicationsets
   {{- end }}
-  {{- if .Values.server.extensions.enabled }}
-  - argocdextensions
-  {{- end }}
   - appprojects
   verbs:
   - create

charts/argo-cd/templates/argocd-server/deployment.yaml

@@ -357,13 +357,22 @@ spec:
         lifecycle:
           {{- toYaml . | nindent 10 }}
         {{- end }}
+      {{- with .Values.server.extraContainers }}
+        {{- tpl (toYaml .) $ | nindent 6 }}
+      {{- end }}
+      {{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }}
+      initContainers:
+      {{- with .Values.server.initContainers }}
+        {{- tpl (toYaml .) $ | nindent 6 }}
+      {{- end }}
       {{- if .Values.server.extensions.enabled }}
-      - name: argocd-extensions
+      {{- range .Values.server.extensions.extensionList }}
-        image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }}
+      - name: {{ .name }}
-        imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
+        image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }}
+        imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }}
         resources:
-          {{- toYaml .Values.server.extensions.resources | nindent 10 }}
+          {{- toYaml $.Values.server.extensions.resources | nindent 10 }}
-        {{- with .Values.server.extensions.containerSecurityContext }}
+        {{- with $.Values.server.extensions.containerSecurityContext }}
         securityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}
@@ -372,13 +381,10 @@ spec:
             mountPath: /tmp/extensions/
           - name: tmp
             mountPath: /tmp
+        env:
+          {{- toYaml .env | nindent 10 }}
       {{- end }}
-      {{- with .Values.server.extraContainers }}
-        {{- tpl (toYaml .) $ | nindent 6 }}
       {{- end }}
-      {{- with .Values.server.initContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 6 }}
       {{- end }}
       {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }}
       affinity:

charts/argo-cd/templates/argocd-server/role.yaml

@@ -27,9 +27,6 @@ rules:
   - applicationsets
   {{- end }}
   - appprojects
-  {{- if .Values.server.extensions.enabled }}
-  - argocdextensions
-  {{- end }}
   verbs:
   - create
   - get

charts/argo-cd/templates/crds/crd-extension.yaml

@@ -1,107 +0,0 @@
-{{- if and .Values.crds.install .Values.server.extensions.enabled }}
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    {{- if .Values.crds.keep }}
-    "helm.sh/resource-policy": keep
-    {{- end }}
-    {{- with .Values.crds.annotations }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-    controller-gen.kubebuilder.io/version: v0.4.1
-  labels:
-    app.kubernetes.io/name: argocdextensions.argoproj.io
-    app.kubernetes.io/part-of: argocd
-    {{- with .Values.crds.additionalLabels }}
-      {{- toYaml . | nindent 4}}
-    {{- end }} 
-  name: argocdextensions.argoproj.io
-spec:
-  group: argoproj.io
-  names:
-    kind: ArgoCDExtension
-    listKind: ArgoCDExtensionList
-    plural: argocdextensions
-    singular: argocdextension
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: ArgoCDExtension is the Schema for the argocdextensions API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension
-            properties:
-              sources:
-                description: Sources specifies where the extension should come from
-                items:
-                  description: ExtensionSource specifies where the extension should
-                    be sourced from
-                  properties:
-                    git:
-                      description: Git is specified if the extension should be sourced
-                        from a git repository
-                      properties:
-                        revision:
-                          description: Revision specifies the revision of the Repository
-                            to fetch
-                          type: string
-                        url:
-                          description: URL specifies the Git repository URL to fetch
-                          type: string
-                      type: object
-                    web:
-                      description: Web is specified if the extension should be sourced
-                        from a web file
-                      properties:
-                        url:
-                          description: URK specifies the remote file URL
-                          type: string
-                      type: object
-                  type: object
-                type: array
-            required:
-            - sources
-            type: object
-          status:
-            description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension
-            properties:
-              conditions:
-                items:
-                  properties:
-                    message:
-                      description: Message contains human-readable message indicating
-                        details about condition
-                      type: string
-                    status:
-                      description: Boolean status describing if the condition is currently
-                        true
-                      type: string
-                    type:
-                      description: Type is an ArgoCDExtension condition type
-                      type: string
-                  required:
-                  - message
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-{{- end }}

charts/argo-cd/values.yaml

@@ -1574,29 +1574,41 @@ server:
   # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
   lifecycle: {}
 
-  ## Argo UI extensions
+  ## Argo CD extensions
   ## This function in tech preview stage, do expect instability or breaking changes in newer versions.
-  ## Ref: https://github.com/argoproj-labs/argocd-extensions
+  ## Ref: https://github.com/argoproj-labs/argocd-extension-installer
   extensions:
-    # -- Enable support for Argo UI extensions
+    # -- Enable support for Argo CD extensions
     enabled: false
 
-    ## Argo UI extensions image
+    ## Argo CD extension installer image
     image:
-      # -- Repository to use for extensions image
+      # -- Repository to use for extension installer image
-      repository: "ghcr.io/argoproj-labs/argocd-extensions"
+      repository: "quay.io/argoprojlabs/argocd-extension-installer"
-      # -- Tag to use for extensions image
+      # -- Tag to use for extension installer image
-      tag: "v0.2.1"
+      tag: "v0.0.1"
       # -- Image pull policy for extensions
       # @default -- `""` (defaults to global.image.imagePullPolicy)
       imagePullPolicy: ""
 
+    # -- Extensions for Argo CD
+    # @default -- `[]` (See [values.yaml])
+    ## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
+    extensionList: []
+    #  - name: extension-metrics
+    #    env:
+    #      - name: EXTENSION_URL
+    #        value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
+    #      - name: EXTENSION_CHECKSUM_URL
+    #        value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
+
     # -- Server UI extensions container-level security context
     # @default -- See [values.yaml]
     containerSecurityContext:
       runAsNonRoot: true
       readOnlyRootFilesystem: true
       allowPrivilegeEscalation: false
+      runAsUser: 1000
       seccompProfile:
         type: RuntimeDefault
       capabilities: