From 7a06415d83bd4c81b8477be6d1407f587a9c9b9b Mon Sep 17 00:00:00 2001 From: g-linville <53102776+g-linville@users.noreply.github.com> Date: Tue, 25 May 2021 02:06:31 -0400 Subject: [PATCH 1/7] feat(argo-workflows): add value to avoid creating RBAC related to ClusterWorkflowTemplates (#657) * Argo Workflows: avoid creating ClusterRoles and CRBs if singleNamespace is true Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * Argo Workflows: bumped chart version Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * Argo: remove clusterworkflowtemplates from WorkflowController role Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * feat(argo-workflows): add value to disable creation of RBAC relating to ClusterWorkflowTemplates Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> * Bumped chart version Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 2 +- .../controller/workflow-controller-cluster-roles.yaml | 5 +++-- .../templates/controller/workflow-controller-crb.yaml | 3 +++ .../templates/server/server-cluster-roles.yaml | 3 +++ charts/argo-workflows/templates/server/server-crb.yaml | 3 +++ charts/argo-workflows/values.yaml | 5 +++++ 6 files changed, 18 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 13b1ea78..2bdcf2aa 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.2 +version: 0.1.3 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index de5e88a3..756e1f0f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -55,8 +55,6 @@ rules: resources: - workflowtemplates - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers verbs: - get - list @@ -131,6 +129,8 @@ rules: - update - patch - delete + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -146,3 +146,4 @@ rules: - get - list - watch +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 6879d282..1235e325 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -31,6 +31,8 @@ subjects: {{- end }} {{- end }} {{- end }} + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -46,3 +48,4 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 5901bbd1..6403bf96 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -111,6 +111,8 @@ rules: - update - patch - delete + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -134,3 +136,4 @@ rules: - delete {{- end }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index fd9450d5..16d55902 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -21,6 +21,8 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} namespace: {{ .Release.Namespace }} + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -37,3 +39,4 @@ subjects: name: {{ template "argo-workflows.serverServiceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 375c5eb1..d2899516 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -143,6 +143,9 @@ controller: priorityClassName: "" # https://argoproj.github.io/argo-workflows/links/ links: [] + clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. + enabled: true # executor controls how the init and wait container should be customized executor: @@ -262,6 +265,8 @@ server: https: false clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. + enabled: true # Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true sso: From cae5f1d8112a8df5bb467b0a6063c9fa977292cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Lemos?= Date: Wed, 26 May 2021 10:44:21 +0100 Subject: [PATCH 2/7] fix(argo-rollouts): Removed duplicated resources declaration (#757) Signed-off-by: flavio.lemos --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/templates/argo-rollouts-deployment.yaml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 8005b1e9..d7fd46ac 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.4 +version: 0.5.5 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index 1c4342bf..87c84929 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -37,8 +37,6 @@ spec: {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: {{ .Values.controller.name }} - resources: -{{- toYaml .Values.controller.resources | nindent 10 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} resources: From 44c15c834e885f5db23b655f18df8aae9f54010f Mon Sep 17 00:00:00 2001 From: Tadayuki Onishi Date: Wed, 26 May 2021 19:00:10 +0900 Subject: [PATCH 3/7] fix(argo-workflows): fix server.podAnnotations template (#758) Signed-off-by: kenchan0130 --- charts/argo-workflows/Chart.yaml | 2 +- charts/argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 2bdcf2aa..a9bf7b20 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.1.3 +version: 0.1.4 appVersion: "v3.0.2" icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 9d1696dd..3a97a7fb 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -21,7 +21,7 @@ spec: {{- end }} {{- with .Values.server.podAnnotations }} annotations: - {{- toYaml .Values.server.podAnnotations | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} spec: serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }} From f6069848f53cddb33f5be6e04b1eaebe824a3a5f Mon Sep 17 00:00:00 2001 From: Atze de Vries Date: Wed, 26 May 2021 12:35:19 +0200 Subject: [PATCH 4/7] fix(argo-cd): Fix duplicate secret name (#755) Signed-off-by: Atze de Vries --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/argocd-server/certificate.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bbe33978..3dfdf5ed 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.1 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.1 +version: 3.6.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 7212922c..edaea3b5 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -23,5 +23,5 @@ spec: issuerRef: kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-secret + secretName: argocd-tls-certificate {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 938f258d..bdcfe854 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -561,7 +561,7 @@ server: # servicePort: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false @@ -590,7 +590,7 @@ server: # servicePort: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false From 6acfdc62ef05211a3dec32d24ebbafe21079ac3a Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Wed, 26 May 2021 16:13:14 -0500 Subject: [PATCH 5/7] feat(argo-events): add support for resource requests/limits (#761) * feat(argo-events): add support for resource requests/limits Signed-off-by: Chris St. Pierre * Fix `resources` scope Signed-off-by: Chris St. Pierre * Apply suggestions from code review Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 2 +- .../argo-events/templates/eventbus-controller-deployment.yaml | 1 + .../templates/eventsource-controller-deployment.yaml | 1 + charts/argo-events/templates/sensor-controller-deployment.yaml | 1 + charts/argo-events/values.yaml | 3 +++ 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index b0770954..c8463ad9 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.2 +version: 1.4.3 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml index e3631828..45d54c88 100644 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml @@ -55,6 +55,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} {{- with .Values.eventbusController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml index a6522da6..18fdcb87 100644 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml @@ -53,6 +53,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} {{- with .Values.eventsourceController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml index e6a1c104..8eb73185 100644 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ b/charts/argo-events/templates/sensor-controller-deployment.yaml @@ -53,6 +53,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} {{- with .Values.sensorController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index a54ec010..518cec4c 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -54,6 +54,7 @@ sensorController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventsourceController: name: eventsource-controller @@ -67,6 +68,7 @@ eventsourceController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventbusController: name: eventbus-controller @@ -79,6 +81,7 @@ eventbusController: priorityClassName: "" tolerations: [] affinity: {} + resources: {} natsStreamingImage: nats-streaming:0.17.0 natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2 From be7c6c572121880f9f7a5561d6a552a331737b3a Mon Sep 17 00:00:00 2001 From: kostas-theo <43744618+kostas-theo@users.noreply.github.com> Date: Wed, 26 May 2021 23:27:12 +0200 Subject: [PATCH 6/7] feat(argo-events): Add annotations to argo-events-sa. (#708) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: sa annotations Signed-off-by: kostas-theo * fix: review recommendations Signed-off-by: kostas-theo * fix: Apply review changes Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler Co-authored-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 2 +- charts/argo-events/templates/argo-events-sa.yaml | 7 +++++++ charts/argo-events/values.yaml | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index c8463ad9..8a5a85b5 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.3 +version: 1.5.0 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml index f13b8a1d..fec88b4d 100644 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ b/charts/argo-events/templates/argo-events-sa.yaml @@ -5,7 +5,11 @@ kind: ServiceAccount metadata: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccountAnnotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.additionalSaNamespaces }} +{{ $annotations := .Values.serviceAccountAnnotations }} {{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} --- @@ -14,5 +18,8 @@ kind: ServiceAccount metadata: name: {{ $sa }} namespace: {{ $namespace }} + {{- with $annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 518cec4c..df7d4a1a 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -14,6 +14,9 @@ installCRD: true # ServiceAccount to use for running controller. serviceAccount: argo-events-sa +# serviceAccountAnnotations can be used to enable GKE workload identity, or other use-cases +serviceAccountAnnotations: {} + # Create service accounts in additional namespaces specified # The SA will always be created in the release namespaces additionalSaNamespaces: [] From e2975df4c0d27d738ea543a97aec480b026ef86e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9sar=20Yuji=20Okuti?= Date: Wed, 26 May 2021 18:41:33 -0300 Subject: [PATCH 7/7] feat(argocd-notifications): add service account annotations (#673) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add service account to argocd notifications Signed-off-by: Cesar Okuti * change chart.yaml Signed-off-by: Cesar Okuti * remove dots and quotes from toYaml serviceaccount Signed-off-by: Cesar Okuti * chore: Apply suggestions from code review Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler * fix: bump chart version Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler Co-authored-by: Marco Kilchhofer --- charts/argocd-notifications/Chart.yaml | 2 +- .../templates/bots/slack/serviceaccount.yaml | 4 ++++ charts/argocd-notifications/templates/serviceaccount.yaml | 4 ++++ charts/argocd-notifications/values.yaml | 4 ++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 714b0474..9be1b26b 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.3.1 +version: 1.3.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml index badee60f..f888811c 100644 --- a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} labels: {{- include "argocd-notifications.bots.slack.labels" . | nindent 4 }} + {{- with .Values.bots.slack.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} {{ end }} diff --git a/charts/argocd-notifications/templates/serviceaccount.yaml b/charts/argocd-notifications/templates/serviceaccount.yaml index 591d13bd..418b6800 100644 --- a/charts/argocd-notifications/templates/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.serviceAccountName" . }} labels: {{- include "argocd-notifications.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index bfe746c3..f258401f 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -93,6 +93,8 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-controller + annotations: {} + cm: # Whether helm chart creates controller config map create: true @@ -371,6 +373,8 @@ bots: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-bot + annotations: {} + resources: {} # limits: # cpu: 100m