DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into events1.1

Browse source
This commit is contained in:
David J. M. Karlsen 2021-01-22 13:05:22 +01:00 committed by GitHub
commit a0de22f30a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
35 changed files with 1914 additions and 1649 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.circleci/chart-testing.yaml
View file

@ -1,2 +1,3 @@
chart-repos:
- argo=https://argoproj.github.io/argo-helm
- minio=https://helm.min.io/

10
.circleci/config.yml
View file

@ -2,23 +2,25 @@ version: 2.1
jobs:
lint:
docker:
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
- image: quay.io/helmpack/chart-testing:v3.3.1
steps:
- checkout
- run: helm repo add stable https://charts.helm.sh/stable
- run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
# Technically this only needs to be run on master, but it's good to have it run on every PR
# so that it is regularly tested.
publish:
docker:
# We just need an image with `helm` on it. Handily we know of one already.
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
- image: quay.io/helmpack/chart-testing:v3.3.1
steps:
# install the additional keys needed to push to Github. Alex Collins owns these keys.
- add_ssh_keys
- run: git config --global user.email "nobody@circleci.com"
- run: git config --global user.name "Circle CI Build"
- checkout
- run: helm init --client-only
- run: helm repo add stable https://charts.helm.sh/stable
- run: helm repo add minio https://helm.min.io/
# Only actually publish charts on master.
- run: |
set -x
@ -35,4 +37,4 @@ workflows:
- lint
- publish:
requires:
- lint
- lint

17
.github/stale.yaml vendored Normal file
View file

@ -0,0 +1,17 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 60
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Issues with these labels will never be considered stale
exemptLabels:
- pinned
- security
# Label to use when marking an issue as stale
staleLabel: wontfix
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false

6
CODEOWNERS
View file

@ -1,13 +1,13 @@
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
# Argo Workflows
/charts/argo @benjaminws @stefansedich @paguos
/charts/argo @benjaminws @stefansedich @paguos @vladlosev @yann-soubeyrand
# Argo CD
/charts/argo-cd @seanson @spencergilbert
/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand
# Argo Events
/charts/argo-events @jbehling
/charts/argo-events @jbehling @VaibhavPage
# Argo Rollouts
/charts/argo-rollouts @cabrinha

2
charts/argo-cd/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: 1.7.6
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 2.11.0
version: 2.11.3
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:

2497
charts/argo-cd/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

417
charts/argo-cd/crds/crd-project.yaml
View file

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
@ -18,214 +18,213 @@ spec:
- appprojs
singular: appproject
scope: Namespaced
validation:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available for deployment
items:
description: ApplicationDestination contains deployment destination information
properties:
name:
description: Name of the destination cluster which can be used instead of server (url) field
type: string
namespace:
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
type: string
server:
description: Server overrides the environment server value in the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
properties:
ignore:
items:
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this project
items:
description: ProjectRole represents a role that has access to a project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound to this role
items:
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
signatureKeys:
description: List of PGP key IDs that commits to be synced to must be signed with
items:
description: SignatureKey is the specification of a key required to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in this project
items:
description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified in cron format
type: string
type: object
type: array
type: object
required:
- metadata
- spec
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
storage: true
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available for deployment
items:
description: ApplicationDestination contains deployment destination information
properties:
name:
description: Name of the destination cluster which can be used instead of server (url) field
type: string
namespace:
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
type: string
server:
description: Server overrides the environment server value in the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
properties:
ignore:
items:
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this project
items:
description: ProjectRole represents a role that has access to a project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound to this role
items:
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
signatureKeys:
description: List of PGP key IDs that commits to be synced to must be signed with
items:
description: SignatureKey is the specification of a key required to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in this project
items:
description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified in cron format
type: string
type: object
type: array
type: object
required:
- metadata
- spec
type: object

6
charts/argo-cd/requirements.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://kubernetes-charts.storage.googleapis.com
repository: https://charts.helm.sh/stable
version: 4.4.2
digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96
generated: "2020-03-29T14:37:59.349371452+01:00"
digest: sha256:21780522f7047d49ccad6d79f79ee3e28b4839df044beea293e2e4fd69610f52
generated: "2021-01-11T16:15:21.274802-08:00"

4
charts/argo-cd/requirements.yaml
View file

@ -1,5 +1,5 @@
dependencies:
- name: redis-ha
version: 4.4.2
repository: https://kubernetes-charts.storage.googleapis.com
condition: redis-ha.enabled
repository: https://charts.helm.sh/stable
condition: redis-ha.enabled

4
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -10,7 +10,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
spec:
selector:
matchLabels:
@ -31,7 +31,7 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
{{- if .Values.dex.podLabels }}
{{- toYaml .Values.dex.podLabels | nindent 8 }}
{{- end }}

4
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -11,7 +11,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
spec:
selector:
matchLabels:
@ -31,7 +31,7 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
{{- if .Values.redis.podLabels }}
{{- toYaml .Values.redis.podLabels | nindent 8 }}
{{- end }}

4
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "0.9.1"
appVersion: "0.10.2"
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 0.3.10
version: 0.4.1
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

4
charts/argo-rollouts/README.md
View file

@ -2,7 +2,7 @@ Argo Rollouts Chart
=============
A Helm chart for Argo Rollouts, progressive delivery for Kubernetes.
Current chart version is `0.3.7`
Current chart version is `0.4.0`
Source code can be found [here](https://github.com/argoproj/argo-rollouts)
@ -33,7 +33,7 @@ $ helm install --name my-release argo/argo-rollouts
| controller.component | string | `"rollouts-controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.repository | string | `"argoproj/argo-rollouts"` | |
| controller.image.tag | string | `"v0.8.0"` | |
| controller.image.tag | string | `"v0.10.2"` | |
| controller.name | string | `"argo-rollouts"` | |
| controller.resources | Resource limits and requests for the controller pods. | `{}` |
| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |

8
charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml
View file

@ -13,8 +13,10 @@ rules:
- argoproj.io
resources:
- rollouts
- rollouts/scale
- experiments
- analysistemplates
- clusteranalysistemplates
- analysisruns
verbs:
- get
@ -36,8 +38,11 @@ rules:
- argoproj.io
resources:
- rollouts
- rollouts/scale
- rollouts/status
- experiments
- analysistemplates
- clusteranalysistemplates
- analysisruns
verbs:
- create
@ -64,8 +69,11 @@ rules:
- argoproj.io
resources:
- rollouts
- rollouts/scale
- rollouts/status
- experiments
- analysistemplates
- clusteranalysistemplates
- analysisruns
verbs:
- create

138
charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml
View file

@ -8,6 +8,43 @@ metadata:
app.kubernetes.io/name: {{ .Release.Name }}-clusterrole
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
@ -20,6 +57,7 @@ rules:
- update
- patch
- delete
# services patch needed to update selector of canary/stable/active/preview services
- apiGroups:
- ""
resources:
@ -29,59 +67,52 @@ rules:
- list
- watch
- patch
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- rollouts
- secrets
verbs:
- get
- list
- watch
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- argoproj.io
- networking.k8s.io
- extensions
resources:
- rollouts/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
- analysisruns
- experiments
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysisruns/finalizers
- experiments/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
@ -94,24 +125,7 @@ rules:
- update
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# virtualservice access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
@ -121,6 +135,7 @@ rules:
- get
- update
- list
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
@ -131,17 +146,4 @@ rules:
- get
- update
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- "*"
resources:
- "*/finalizers"
verbs:
- "*"
{{- end }}

14
charts/argo-rollouts/templates/argo-rollouts-deployment.yaml
View file

@ -30,14 +30,13 @@ spec:
{{- end }}
serviceAccountName: {{ .Values.serviceAccount.name }}
containers:
- command:
- "/bin/rollouts-controller"
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
- image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
{{- if not .Values.clusterInstall }}
args:
- --namespaced
{{- end }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
name: {{ .Values.controller.name }}
volumeMounts:
- name: tmp
mountPath: /tmp
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- if .Values.controller.nodeSelector }}
@ -52,8 +51,5 @@ spec:
affinity:
{{- toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
strategy:
type: Recreate

131
charts/argo-rollouts/templates/argo-rollouts-role.yaml
View file

@ -7,6 +7,43 @@ metadata:
app.kubernetes.io/name: {{ .Release.Name }}-role
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
@ -19,6 +56,7 @@ rules:
- update
- patch
- delete
# services patch needed to update selector of canary/stable/active/preview services
- apiGroups:
- ""
resources:
@ -28,59 +66,52 @@ rules:
- list
- watch
- patch
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- rollouts
- secrets
verbs:
- get
- list
- watch
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- argoproj.io
- networking.k8s.io
- extensions
resources:
- rollouts/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
- analysisruns
- experiments
- ingresses
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysisruns/finalizers
- experiments/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
@ -93,28 +124,24 @@ rules:
- update
- patch
- delete
# virtualservice access needed for using the Istio provider
- apiGroups:
- extensions
- networking.istio.io
resources:
- ingresses
- virtualservices
verbs:
- create
- get
- list
- watch
- patch
- get
- update
- list
# trafficsplit access needed for using the SMI provider
- apiGroups:
- ""
- split.smi-spec.io
resources:
- events
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete

31
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -1,9 +1,9 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
controller-gen.kubebuilder.io/version: v0.4.0
name: analysisruns.argoproj.io
spec:
additionalPrinterColumns:
@ -41,6 +41,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
secretKeyRef:
properties:
key:
@ -81,6 +88,15 @@ spec:
type: string
provider:
properties:
datadog:
properties:
interval:
type: string
query:
type: string
required:
- query
type: object
job:
properties:
metadata:
@ -2053,6 +2069,8 @@ spec:
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
type: string
runAsGroup:
format: int64
type: integer
@ -2679,6 +2697,15 @@ spec:
- storageAccountName
- threshold
type: object
newRelic:
properties:
profile:
type: string
query:
type: string
required:
- query
type: object
prometheus:
properties:
address:

31
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -1,9 +1,9 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
controller-gen.kubebuilder.io/version: v0.4.0
name: analysistemplates.argoproj.io
spec:
group: argoproj.io
@ -35,6 +35,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
secretKeyRef:
properties:
key:
@ -75,6 +82,15 @@ spec:
type: string
provider:
properties:
datadog:
properties:
interval:
type: string
query:
type: string
required:
- query
type: object
job:
properties:
metadata:
@ -2047,6 +2063,8 @@ spec:
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
type: string
runAsGroup:
format: int64
type: integer
@ -2673,6 +2691,15 @@ spec:
- storageAccountName
- threshold
type: object
newRelic:
properties:
profile:
type: string
query:
type: string
required:
- query
type: object
prometheus:
properties:
address:

31
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -1,9 +1,9 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
controller-gen.kubebuilder.io/version: v0.4.0
name: clusteranalysistemplates.argoproj.io
spec:
group: argoproj.io
@ -35,6 +35,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
secretKeyRef:
properties:
key:
@ -75,6 +82,15 @@ spec:
type: string
provider:
properties:
datadog:
properties:
interval:
type: string
query:
type: string
required:
- query
type: object
job:
properties:
metadata:
@ -2047,6 +2063,8 @@ spec:
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
type: string
runAsGroup:
format: int64
type: integer
@ -2673,6 +2691,15 @@ spec:
- storageAccountName
- threshold
type: object
newRelic:
properties:
profile:
type: string
query:
type: string
required:
- query
type: object
prometheus:
properties:
address:

13
charts/argo-rollouts/templates/crds/experiment-crd.yaml
View file

@ -1,9 +1,9 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
controller-gen.kubebuilder.io/version: v0.4.0
name: experiments.argoproj.io
spec:
additionalPrinterColumns:
@ -44,6 +44,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
secretKeyRef:
properties:
key:
@ -2031,6 +2038,8 @@ spec:
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
type: string
runAsGroup:
format: int64
type: integer

87
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -1,9 +1,9 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
controller-gen.kubebuilder.io/version: v0.4.0
name: rollouts.argoproj.io
spec:
additionalPrinterColumns:
@ -16,13 +16,11 @@ spec:
name: Current
type: integer
- JSONPath: .status.updatedReplicas
description: Total number of non-terminated pods targeted by this rollout that
have the desired template spec
description: Total number of non-terminated pods targeted by this rollout that have the desired template spec
name: Up-to-date
type: integer
- JSONPath: .status.availableReplicas
description: Total number of available pods (ready for at least minReadySeconds)
targeted by this rollout
description: Total number of available pods (ready for at least minReadySeconds) targeted by this rollout
name: Available
type: integer
group: argoproj.io
@ -39,6 +37,7 @@ spec:
labelSelectorPath: .status.selector
specReplicasPath: .spec.replicas
statusReplicasPath: .status.HPAReplicas
status: {}
validation:
openAPIV3Schema:
properties:
@ -125,6 +124,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
podTemplateHashValue:
type: string
type: object
@ -157,6 +163,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
podTemplateHashValue:
type: string
type: object
@ -205,6 +218,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
podTemplateHashValue:
type: string
type: object
@ -242,6 +262,17 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution:
type: object
type: object
canaryMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
canaryService:
type: string
maxSurge:
@ -254,6 +285,17 @@ spec:
- type: integer
- type: string
x-kubernetes-int-or-string: true
stableMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
stableService:
type: string
steps:
@ -270,6 +312,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
podTemplateHashValue:
type: string
type: object
@ -305,6 +354,13 @@ spec:
type: string
valueFrom:
properties:
fieldRef:
properties:
fieldPath:
type: string
required:
- fieldPath
type: object
podTemplateHashValue:
type: string
type: object
@ -316,6 +372,8 @@ spec:
type: boolean
name:
type: string
requiredForCompletion:
type: boolean
templateName:
type: string
required:
@ -385,6 +443,17 @@ spec:
- type: string
x-kubernetes-int-or-string: true
type: object
setCanaryScale:
properties:
matchTrafficWeight:
type: boolean
replicas:
format: int32
type: integer
weight:
format: int32
type: integer
type: object
setWeight:
format: int32
type: integer
@ -2367,6 +2436,8 @@ spec:
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
type: string
runAsGroup:
format: int64
type: integer
@ -2992,8 +3063,6 @@ spec:
- name
- status
type: object
stableRS:
type: string
type: object
collisionCount:
format: int32
@ -3048,6 +3117,8 @@ spec:
- startTime
type: object
type: array
promoteFull:
type: boolean
readyReplicas:
format: int32
type: integer

2
charts/argo-rollouts/values.yaml
View file

@ -13,7 +13,7 @@ controller:
affinity: {}
image:
repository: argoproj/argo-rollouts
tag: v0.9.1
tag: v0.10.2
pullPolicy: IfNotPresent
resources: {}

6
charts/argo/Chart.lock Normal file
View file

@ -0,0 +1,6 @@
dependencies:
- name: minio
repository: https://helm.min.io/
version: 8.0.9
digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
generated: "2021-01-13T15:31:40.823086-08:00"

9
charts/argo/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v2.11.7
appVersion: v2.12.3
description: A Helm chart for Argo Workflows
name: argo
version: 0.14.0
version: 0.15.2
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:
@ -10,3 +10,8 @@ maintainers:
- name: alexmt
- name: jessesuen
- name: benjaminws
dependencies:
- name: minio
version: 8.0.9
repository: https://helm.min.io/
condition: minio.install

6
charts/argo/requirements.lock
View file

@ -1,6 +0,0 @@
dependencies:
- name: minio
repository: https://kubernetes-charts.storage.googleapis.com/
version: 5.0.6
digest: sha256:373b459c6232e9fd4dd86fa0af01e024372f686a0cdfbfed69d3cd41859e8ad4
generated: "2020-02-06T00:16:52.211425292Z"

5
charts/argo/requirements.yaml
View file

@ -1,5 +0,0 @@
dependencies:
- name: minio
version: 5.0.6
repository: https://kubernetes-charts.storage.googleapis.com/
condition: minio.install

2
charts/argo/templates/cluster-workflow-template-crd.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io

4
charts/argo/templates/cron-workflow-crd.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
@ -16,4 +16,4 @@ spec:
- cwf
scope: Namespaced
version: v1alpha1
{{- end }}
{{- end }}

28
charts/argo/templates/server-cluster-roles.yaml
View file

@ -24,20 +24,46 @@ rules:
- list
- watch
- delete
{{- if .Values.server.sso }}
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- sso
verbs:
- get
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
{{- end}}
{{- if .Values.server.sso }}
{{- if .Values.server.sso.rbac }}
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
{{- end }}
{{- end }}
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
{{- with .Values.server.rbac.secretWhitelist }}
{{- if .Values.server.sso }}
{{- if .Values.server.sso.rbac }}
{{- with .Values.server.sso.rbac.secretWhitelist }}
resourceNames: {{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
- apiGroups:
- ""

19
charts/argo/templates/workflow-controller-cluster-roles.yaml
View file

@ -106,6 +106,25 @@ rules:
verbs:
- get
{{- end}}
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- workflow-controller
- workflow-controller-lease
verbs:
- get
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

2
charts/argo/templates/workflow-crd.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io

2
charts/argo/templates/workflow-template-crd.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io

17
charts/argo/values.yaml
View file

@ -7,7 +7,7 @@ images:
# Secrets with credentials to pull images from a private registry
pullSecrets: []
# - name: argo-pull-secret
tag: v2.11.7
tag: v2.12.3
crdVersion: v1alpha1
installCRD: true
@ -167,9 +167,6 @@ server:
serviceType: ClusterIP
servicePort: 2746
# servicePortName: http
rbac:
# When present, restricts secrets the server can read to a given list.
secretWhitelist: []
serviceAccount: argo-server
# Whether to create the service account with the name specified in
# server.serviceAccount and bind it to the server role.
@ -267,6 +264,18 @@ server:
# key: client-secret
## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
# redirectUrl: https://argo/oauth2/callback
# rbac:
# enabled: true
## When present, restricts secrets the server can read to a given list.
## You can use it to restrict the server to only be able to access the
## service account token secrets that are associated with service accounts
## used for authorization.
# secretWhitelist: []
## Scopes requested from the SSO ID provider. The 'groups' scope requests
## group membership information, which is usually used for authorization
## decisions.
# scopes:
# - groups
# Influences the creation of the ConfigMap for the workflow-controller itself.
useDefaultArtifactRepo: false

1
scripts/publish.sh
View file

@ -6,7 +6,6 @@ GIT_PUSH=${GIT_PUSH:-false}
rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output
helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add argoproj https://argoproj.github.io/argo-helm
for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);