DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into app-controller-role-update

Browse source 
Signed-off-by: Laurent Lavaud <llavaud@users.noreply.github.com>
This commit is contained in:
Laurent Lavaud 2024-01-19 22:06:26 +01:00 committed by GitHub
commit aa7036bc4d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
73 changed files with 765 additions and 335 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/CODEOWNERS vendored
View file

@ -2,5 +2,5 @@
/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24
/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24
/charts/argo-events/ @pdrastil @jmeridth @tico24
/charts/argo-rollouts/ @jmeridth
/charts/argo-events/ @pdrastil @jmeridth @tico24 @yu-croco
/charts/argo-rollouts/ @jmeridth @yu-croco

18
.github/configs/labeler.yaml vendored
View file

@ -1,17 +1,23 @@
argo-cd:
- charts/argo-cd/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-cd/**
argo-events:
- charts/argo-events/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-events/**
argo-rollouts:
- charts/argo-rollouts/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-rollouts/**
argo-workflows:
- charts/argo-workflows/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-workflows/**
argocd-image-updater:
- charts/argocd-image-updater/**/*
- changed-files:
- any-glob-to-any-file: charts/argocd-image-updater/**
argocd-apps:
- charts/argocd-apps/**/*
- changed-files:
- any-glob-to-any-file: charts/argocd-apps/**

57
.github/workflows/chart-version-bump.yml vendored Normal file
View file

@ -0,0 +1,57 @@
## Used on Renovate PRs to bump the chart version and add a changelog entry
## Reference: https://github.com/stefanzweifel/git-auto-commit-action
## Reference: https://github.com/marketplace/actions/changed-files
name: 'Chart Version Bump and Changelog'
on:
pull_request:
types:
- labeled
permissions:
contents: write
jobs:
helm-bumper:
if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
token: ${{ secrets.PAT }}
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # v41.0.1
with:
files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml
- name: "Bump Version and Changelog"
run: |
chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)"
echo "Changed chart name is: $chartName"
echo "----------------------------------------"
parentDir="charts/${chartName}"
# Bump the chart version by one patch version
version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}')
major=$(echo $version | cut -d. -f1)
minor=$(echo $version | cut -d. -f2)
patch=$(echo $version | cut -d. -f3)
patch=$(expr $patch + 1)
sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml
# Add a changelog entry
appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}')
sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml
echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml
echo " - kind: changed" >> ${parentDir}/Chart.yaml
echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml
cat ${parentDir}/Chart.yaml
- name: "Commit and push changes"
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
with:
commit_options: '--signoff'

2
.github/workflows/lint-and-test.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.9

2
.github/workflows/pr-sizing.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
with:
configuration-path: ".github/configs/labeler.yaml"
repo-token: "${{ secrets.GITHUB_TOKEN }}"

2
.github/workflows/scorecard.yml vendored
View file

@ -60,7 +60,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
with:
name: SARIF file
path: results.sarif

2
.github/workflows/stale.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
pull-requests: write # for actions/stale to close stale PRs
runs-on: ubuntu-latest
steps:
- uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
- uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Number of days of inactivity before an issue becomes stale

2
README.md
View file

@ -24,7 +24,7 @@ Some users would prefer to install the CRDs _outside_ of the chart. You can disa
Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `<chart>/templates` to address this design decision.
If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
Example:

19
SECURITY-INSIGHTS.yml
View file

@ -11,13 +11,28 @@ project-lifecycle:
contribution-policy:
accepts-pull-requests: true
accepts-automated-pull-requests: true
automated-tools-list:
- automated-tool: dependabot
action: allowed
path:
- /
contributing-policy: https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md
code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
distribution-points:
- https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
- https://argoproj.github.io/argo-helm
- https://artifacthub.io/packages/search?org=argoproj&repo=argo
security-contacts:
- type: website
value: https://github.com/argoproj/argo-helm/security/advisories/new
primary: true
vulnerability-reporting:
accepts-vulnerability-reports: true
email-contact: cncf-argo-maintainers@lists.cncf.io
security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
comment: Please refer to the security policy for reporting information prior to using the email contact.
comment: |
Our preferred contact method related to vulnerabilities is the Security tab on GitHub.
Click the button "Report a vulnerability" to open the advisory form.
Please refer to the security policy for reporting information prior to using the email contact.
dependencies:
env-dependencies-policy:
policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions

2
SECURITY.md
View file

@ -2,7 +2,7 @@
## Supported Versions and Upstream Reporting
Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy docueent to find out how to report the security issue.
Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy document to find out how to report the security issue.
* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)

4
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.9.1
appVersion: v2.9.5
kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.52.0
version: 5.54.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:

30
charts/argo-cd/README.md
View file

@ -105,6 +105,14 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
### 5.35.0
This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
@ -115,14 +123,22 @@ The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint
This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later.
In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start.
### 5.26.0
This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`.
Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics.
To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`.
You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also.
### 5.24.0
This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
Default `global.affinity` rules can be disabled when `none` value is used for the preset.
### 5.22.0
This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
### 5.19.0
@ -597,6 +613,7 @@ NAME: my-release
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes |
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod |
| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods |
@ -710,10 +727,11 @@ NAME: my-release
| server.env | list | `[]` | Environment variables to pass to Argo CD server |
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
| server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions |
| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions |
| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD |
| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions |
| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image |
| server.extensions.image.tag | string | `"v0.2.1"` | Tag to use for extensions image |
| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image |
| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image |
| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
| server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
@ -1255,3 +1273,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[EKS EoL]: https://endoflife.date/amazon-eks
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer

22
charts/argo-cd/README.md.gotmpl
View file

@ -104,6 +104,14 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
### 5.35.0
This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
@ -115,14 +123,22 @@ The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint
This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later.
In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start.
### 5.26.0
This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`.
Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics.
To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`.
You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also.
### 5.24.0
This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
Default `global.affinity` rules can be disabled when `none` value is used for the preset.
### 5.22.0
This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
### 5.19.0
@ -563,3 +579,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[EKS EoL]: https://endoflife.date/amazon-eks
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer

14
charts/argo-cd/ci/extension-values.yaml Normal file
View file

@ -0,0 +1,14 @@
# Test Argo CD extension
crds:
keep: false
# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension
server:
extensions:
enabled: true
extensionList:
- name: extension-metrics
env:
- name: EXTENSION_URL
value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt

14
charts/argo-cd/templates/_helpers.tpl
View file

@ -11,7 +11,7 @@ to 63 chars and it includes 10 chars of hash and a separating '-'.
{{/*
Create the name of the controller service account to use
*/}}
{{- define "argo-cd.controllerServiceAccountName" -}}
{{- define "argo-cd.controller.serviceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
@ -40,7 +40,7 @@ Create Dex server endpoint
{{/*
Create the name of the dex service account to use
*/}}
{{- define "argo-cd.dexServiceAccountName" -}}
{{- define "argo-cd.dex.serviceAccountName" -}}
{{- if .Values.dex.serviceAccount.create -}}
{{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
{{- else -}}
@ -78,7 +78,7 @@ Return Redis server endpoint
{{/*
Create the name of the redis service account to use
*/}}
{{- define "argo-cd.redisServiceAccountName" -}}
{{- define "argo-cd.redis.serviceAccountName" -}}
{{- if .Values.redis.serviceAccount.create -}}
{{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
{{- else -}}
@ -96,7 +96,7 @@ Create argocd server name and version as used by the chart label.
{{/*
Create the name of the Argo CD server service account to use
*/}}
{{- define "argo-cd.serverServiceAccountName" -}}
{{- define "argo-cd.server.serviceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
@ -114,7 +114,7 @@ Create argocd repo-server name and version as used by the chart label.
{{/*
Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- define "argo-cd.repoServer.serviceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
@ -132,7 +132,7 @@ Create argocd application set name and version as used by the chart label.
{{/*
Create the name of the application set service account to use
*/}}
{{- define "argo-cd.applicationSetServiceAccountName" -}}
{{- define "argo-cd.applicationSet.serviceAccountName" -}}
{{- if .Values.applicationSet.serviceAccount.create -}}
{{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }}
{{- else -}}
@ -150,7 +150,7 @@ Create argocd notifications name and version as used by the chart label.
{{/*
Create the name of the notifications service account to use
*/}}
{{- define "argo-cd.notificationsServiceAccountName" -}}
{{- define "argo-cd.notifications.serviceAccountName" -}}
{{- if .Values.notifications.serviceAccount.create -}}
{{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }}
{{- else -}}

9
charts/argo-cd/templates/aggregate-roles.yaml
View file

@ -14,9 +14,6 @@ rules:
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- get
@ -39,9 +36,6 @@ rules:
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create
@ -69,9 +63,6 @@ rules:
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create

2
charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
View file

@ -12,6 +12,6 @@ roleRef:
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.controllerServiceAccountName" . }}
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

8
charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
View file

@ -1,15 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

14
charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.controllerServiceAccountName" . }}
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.controller.serviceAccount.annotations }}
{{- with .Values.controller.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.controller.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- range $key, $value := .Values.controller.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.controller.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -55,7 +55,7 @@ spec:
{{- if .Values.controller.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
containers:
- args:
- /usr/local/bin/argocd-application-controller

2
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View file

@ -55,7 +55,7 @@ spec:
{{- if .Values.applicationSet.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
containers:
- name: {{ .Values.applicationSet.name }}
image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}

6
charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
name: {{ include "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.applicationSet.fullname" . }}
name: {{ include "argo-cd.applicationSet.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

14
charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.applicationSet.serviceAccount.annotations }}
{{- with .Values.applicationSet.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- range $key, $value := .Values.applicationSet.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.applicationSet.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
View file

@ -11,6 +11,6 @@ roleRef:
name: {{ include "argo-cd.notifications.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.notificationsServiceAccountName" . }}
name: {{ include "argo-cd.notifications.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

2
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -54,7 +54,7 @@ spec:
{{- if .Values.notifications.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }}
containers:
- name: {{ .Values.notifications.name }}
image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}

6
charts/argo-cd/templates/argocd-notifications/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
name: {{ include "argo-cd.notifications.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.notifications.fullname" . }}
name: {{ include "argo-cd.notifications.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.notificationsServiceAccountName" . }}
name: {{ include "argo-cd.notifications.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

14
charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.notificationsServiceAccountName" . }}
name: {{ include "argo-cd.notifications.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.notifications.serviceAccount.annotations }}
{{- with .Values.notifications.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.notifications.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- range $key, $value := .Values.notifications.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.notifications.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
View file

@ -12,6 +12,6 @@ roleRef:
name: {{ include "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.repoServerServiceAccountName" . }}
name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

22
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -65,7 +65,7 @@ spec:
{{- if .Values.repoServer.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }}
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
@ -373,14 +373,30 @@ spec:
{{- end }}
{{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
- name: helm-working-dir
{{- if .Values.repoServer.existingVolumes.helmWorkingDir -}}
{{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: plugins
{{- if .Values.repoServer.existingVolumes.plugins -}}
{{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: var-files
{{- if .Values.repoServer.existingVolumes.varFiles -}}
{{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if .Values.repoServer.existingVolumes.tmp -}}
{{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
@ -391,7 +407,11 @@ spec:
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
{{- if .Values.repoServer.existingVolumes.gpgKeyring -}}
{{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls

8
charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

14
charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.repoServer.serviceAccount.annotations }}
{{- with .Values.repoServer.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
View file

@ -12,6 +12,6 @@ roleRef:
name: {{ include "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.serverServiceAccountName" . }}
name: {{ include "argo-cd.server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

28
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -56,7 +56,7 @@ spec:
{{- if .Values.server.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }}
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
@ -357,13 +357,22 @@ spec:
lifecycle:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.server.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }}
initContainers:
{{- with .Values.server.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: argocd-extensions
image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }}
imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
{{- range .Values.server.extensions.extensionList }}
- name: {{ .name }}
image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }}
imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }}
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
{{- with .Values.server.extensions.containerSecurityContext }}
{{- toYaml $.Values.server.extensions.resources | nindent 10 }}
{{- with $.Values.server.extensions.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
@ -372,13 +381,10 @@ spec:
mountPath: /tmp/extensions/
- name: tmp
mountPath: /tmp
env:
{{- toYaml .env | nindent 10 }}
{{- end }}
{{- with .Values.server.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.server.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }}
affinity:

3
charts/argo-cd/templates/argocd-server/role.yaml
View file

@ -27,9 +27,6 @@ rules:
- applicationsets
{{- end }}
- appprojects
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
verbs:
- create
- get

6
charts/argo-cd/templates/argocd-server/rolebinding.yaml
View file

@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
@ -11,5 +11,5 @@ roleRef:
name: {{ template "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
name: {{ include "argo-cd.server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

14
charts/argo-cd/templates/argocd-server/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.serverServiceAccountName" . }}
name: {{ include "argo-cd.server.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.server.serviceAccount.annotations }}
{{- with .Values.server.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.server.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- range $key, $value := .Values.server.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.server.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

107
charts/argo-cd/templates/crds/crd-extension.yaml
View file

@ -1,107 +0,0 @@
{{- if and .Values.crds.install .Values.server.extensions.enabled }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
controller-gen.kubebuilder.io/version: v0.4.1
labels:
app.kubernetes.io/name: argocdextensions.argoproj.io
app.kubernetes.io/part-of: argocd
{{- with .Values.crds.additionalLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
name: argocdextensions.argoproj.io
spec:
group: argoproj.io
names:
kind: ArgoCDExtension
listKind: ArgoCDExtensionList
plural: argocdextensions
singular: argocdextension
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ArgoCDExtension is the Schema for the argocdextensions API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension
properties:
sources:
description: Sources specifies where the extension should come from
items:
description: ExtensionSource specifies where the extension should
be sourced from
properties:
git:
description: Git is specified if the extension should be sourced
from a git repository
properties:
revision:
description: Revision specifies the revision of the Repository
to fetch
type: string
url:
description: URL specifies the Git repository URL to fetch
type: string
type: object
web:
description: Web is specified if the extension should be sourced
from a web file
properties:
url:
description: URK specifies the remote file URL
type: string
type: object
type: object
type: array
required:
- sources
type: object
status:
description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension
properties:
conditions:
items:
properties:
message:
description: Message contains human-readable message indicating
details about condition
type: string
status:
description: Boolean status describing if the condition is currently
true
type: string
type:
description: Type is an ArgoCDExtension condition type
type: string
required:
- message
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
{{- end }}

2
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -58,7 +58,7 @@ spec:
{{- if .Values.dex.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }}
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}

8
charts/argo-cd/templates/dex/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
name: {{ include "argo-cd.dex.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.dex.fullname" . }}
name: {{ include "argo-cd.dex.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.dexServiceAccountName" . }}
name: {{ include "argo-cd.dex.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

8
charts/argo-cd/templates/dex/serviceaccount.yaml
View file

@ -3,14 +3,14 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.dexServiceAccountName" . }}
name: {{ include "argo-cd.dex.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.dex.serviceAccount.annotations }}
{{- with .Values.dex.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.dex.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
{{- end }}

2
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -51,7 +51,7 @@ spec:
{{- if .Values.redis.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }}
containers:
- name: {{ .Values.redis.name }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}

8
charts/argo-cd/templates/redis/serviceaccount.yaml
View file

@ -3,14 +3,14 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.redisServiceAccountName" . }}
name: {{ include "argo-cd.redis.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.redis.serviceAccount.annotations }}
{{- with .Values.redis.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.redis.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
{{- end }}

54
charts/argo-cd/values.yaml
View file

@ -291,7 +291,7 @@ configs:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# policy.csv |
# policy.csv: |
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow
@ -410,7 +410,7 @@ configs:
## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
clusterCredentials: []
# - name: mycluster
# server: https://mycluster.com
# server: https://mycluster.example.com
# labels: {}
# annotations: {}
# config:
@ -419,7 +419,7 @@ configs:
# insecure: false
# caData: "<base64 encoded certificate>"
# - name: mycluster2
# server: https://mycluster2.com
# server: https://mycluster2.example.com
# labels: {}
# annotations: {}
# namespaces: namespace1,namespace2
@ -430,7 +430,7 @@ configs:
# insecure: false
# caData: "<base64 encoded certificate>"
# - name: mycluster3-project-scoped
# server: https://mycluster3.com
# server: https://mycluster3.example.com
# labels: {}
# annotations: {}
# project: my-project1
@ -1574,29 +1574,41 @@ server:
# -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
lifecycle: {}
## Argo UI extensions
## Argo CD extensions
## This function in tech preview stage, do expect instability or breaking changes in newer versions.
## Ref: https://github.com/argoproj-labs/argocd-extensions
## Ref: https://github.com/argoproj-labs/argocd-extension-installer
extensions:
# -- Enable support for Argo UI extensions
# -- Enable support for Argo CD extensions
enabled: false
## Argo UI extensions image
## Argo CD extension installer image
image:
# -- Repository to use for extensions image
repository: "ghcr.io/argoproj-labs/argocd-extensions"
# -- Tag to use for extensions image
tag: "v0.2.1"
# -- Repository to use for extension installer image
repository: "quay.io/argoprojlabs/argocd-extension-installer"
# -- Tag to use for extension installer image
tag: "v0.0.1"
# -- Image pull policy for extensions
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Extensions for Argo CD
# @default -- `[]` (See [values.yaml])
## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
extensionList: []
# - name: extension-metrics
# env:
# - name: EXTENSION_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
# - name: EXTENSION_CHECKSUM_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
# -- Server UI extensions container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
@ -2205,6 +2217,24 @@ repoServer:
# - name: cmp-tmp
# emptyDir: {}
# -- Volumes to be used in replacement of emptydir on default volumes
existingVolumes: {}
# gpgKeyring:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-keyring
# helmWorkingDir:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-workdir
# tmp:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-tmp
# varFiles:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-varfiles
# plugins:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-plugins
# -- Toggle the usage of a ephemeral Helm working directory
useEphemeralHelmWorkingDir: true

6
charts/argo-events/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.8.1
appVersion: v1.9.0
description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events
version: 2.4.1
version: 2.4.2
home: https://github.com/argoproj/argo-helm
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords:
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Upgrade Argo Events to v1.8.1
description: Bump argo-events to v1.9.0

8
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.6.1
appVersion: v1.6.4
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.32.3
version: 2.34.1
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Upgrade Argo Rollouts to v1.6.1
- kind: added
description: Added Gloo Platform provider RBAC rules

7
charts/argo-rollouts/README.md
View file

@ -65,6 +65,8 @@ For full list of changes please check ArtifactHub [changelog].
| providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider |
| providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider |
| providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider |
| providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` |
| providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` |
| providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider |
| providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider |
| providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider |
@ -89,6 +91,9 @@ For full list of changes please check ArtifactHub [changelog].
| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod |
| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
| controller.logging.kloglevel | string | `"0"` | Set the klog logging level |
| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller |
| controller.metrics.enabled | bool | `false` | Deploy metrics service |
| controller.metrics.service.annotations | object | `{}` | Service annotations |
@ -149,6 +154,8 @@ For full list of changes please check ArtifactHub [changelog].
| dashboard.ingress.pathType | string | `"Prefix"` | Dashboard ingress path type |
| dashboard.ingress.paths | list | `["/"]` | Dashboard ingress paths |
| dashboard.ingress.tls | list | `[]` | Dashboard ingress tls |
| dashboard.logging.kloglevel | string | `"0"` | Set the klog logging level |
| dashboard.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| dashboard.nodeSelector | object | `{}` | [Node selector] |
| dashboard.pdb.annotations | object | `{}` | Annotations to be added to dashboard [Pod Disruption Budget] |
| dashboard.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the dashboard |

21
charts/argo-rollouts/templates/controller/clusterrole.yaml
View file

@ -255,5 +255,26 @@ rules:
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.contour }}
# Access needed when using the Contour provider
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- list
- watch
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- end }}
{{- end }}

3
charts/argo-rollouts/templates/controller/deployment.yaml
View file

@ -45,6 +45,9 @@ spec:
args:
- --healthzPort={{ .Values.controller.containerPorts.healthz }}
- --metricsport={{ .Values.controller.containerPorts.metrics }}
- "--loglevel={{ .Values.controller.logging.level }}"
- "--logformat={{ .Values.controller.logging.format }}"
- "--kloglevel={{ .Values.controller.logging.kloglevel }}"
{{- if not .Values.clusterInstall }}
- --namespaced
{{- end }}

9
charts/argo-rollouts/templates/controller/role.yaml
View file

@ -256,5 +256,14 @@ rules:
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- end }}
{{- end }}

51
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -185,13 +185,22 @@ spec:
datadog:
properties:
apiVersion:
default: v1
enum:
- v1
- v2
type: string
formula:
type: string
interval:
default: 5m
type: string
queries:
additionalProperties:
type: string
type: object
query:
type: string
required:
- query
type: object
graphite:
properties:
@ -2805,6 +2814,19 @@ spec:
type: string
authentication:
properties:
oauth2:
properties:
clientId:
type: string
clientSecret:
type: string
scopes:
items:
type: string
type: array
tokenUrl:
type: string
type: object
sigv4:
properties:
profile:
@ -2853,6 +2875,31 @@ spec:
type: object
web:
properties:
authentication:
properties:
oauth2:
properties:
clientId:
type: string
clientSecret:
type: string
scopes:
items:
type: string
type: array
tokenUrl:
type: string
type: object
sigv4:
properties:
profile:
type: string
region:
type: string
roleArn:
type: string
type: object
type: object
body:
type: string
headers:

51
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -185,13 +185,22 @@ spec:
datadog:
properties:
apiVersion:
default: v1
enum:
- v1
- v2
type: string
formula:
type: string
interval:
default: 5m
type: string
queries:
additionalProperties:
type: string
type: object
query:
type: string
required:
- query
type: object
graphite:
properties:
@ -2805,6 +2814,19 @@ spec:
type: string
authentication:
properties:
oauth2:
properties:
clientId:
type: string
clientSecret:
type: string
scopes:
items:
type: string
type: array
tokenUrl:
type: string
type: object
sigv4:
properties:
profile:
@ -2853,6 +2875,31 @@ spec:
type: object
web:
properties:
authentication:
properties:
oauth2:
properties:
clientId:
type: string
clientSecret:
type: string
scopes:
items:
type: string
type: array
tokenUrl:
type: string
type: object
sigv4:
properties:
profile:
type: string
region:
type: string
roleArn:
type: string
type: object
type: object
body:
type: string
headers:

3
charts/argo-rollouts/templates/dashboard/deployment.yaml
View file

@ -45,6 +45,9 @@ spec:
- image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}"
imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }}
args:
- dashboard
- "--loglevel={{ .Values.dashboard.logging.level }}"
- "--kloglevel={{ .Values.dashboard.logging.kloglevel }}"
{{- with .Values.dashboard.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}

16
charts/argo-rollouts/values.yaml
View file

@ -55,6 +55,13 @@ controller:
tolerations: []
# -- Assign custom [affinity] rules to the deployment
affinity: {}
logging:
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
level: info
# -- Set the klog logging level
kloglevel: "0"
# -- Set the logging format (one of: `text`, `json`)
format: "text"
# -- Assign custom [TopologySpreadConstraints] rules to the controller
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
@ -262,6 +269,10 @@ providerRBAC:
traefik: true
# -- Adds RBAC rules for the Apisix provider
apisix: true
# -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md`
contour: true
# -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md`
glooPlatform: true
dashboard:
# -- Deploy dashboard server
@ -280,6 +291,11 @@ dashboard:
tolerations: []
# -- Assign custom [affinity] rules to the deployment
affinity: {}
logging:
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
level: info
# -- Set the klog logging level
kloglevel: "0"
# -- Assign custom [TopologySpreadConstraints] rules to the dashboard server
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

6
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.5.1
appVersion: v3.5.4
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.39.0
version: 0.40.7
icon: https://argoproj.github.io/argo-workflows/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -17,4 +17,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Accept multi auth mode for server.
description: Wrong identation in artifactRepository block

18
charts/argo-workflows/README.md
View file

@ -84,9 +84,12 @@ Please see the upstream [Operator Manual's High Availability page](https://argop
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
### Workflow server authentication
### Argo Workflows server authentication
By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting.
Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means.
Please refer to [Argo Server Auth Mode] for more details.
Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details.
## Values
@ -142,6 +145,8 @@ Fields to note:
| controller.affinity | object | `{}` | Assign custom [affinity] rules |
| controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] |
| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller |
| controller.configMap.name | string | `""` | ConfigMap name |
| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ |
| controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment |
| controller.extraArgs | list | `[]` | Extra arguments to be added to the controller |
@ -197,6 +202,7 @@ Fields to note:
| controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. |
| controller.resources | object | `{}` | Resource limits and requests for the controller |
| controller.retentionPolicy | object | `{}` | Workflow retention by number of workflows |
| controller.revisionHistoryLimit | int | `10` | The number of revisions to keep. |
| controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext |
| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| controller.serviceAccount.create | bool | `true` | Create a service account for the controller |
@ -277,6 +283,7 @@ Fields to note:
| server.extraContainers | list | `[]` | Extra containers to be added to the server deployment |
| server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container |
| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment |
| server.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| server.image.registry | string | `"quay.io"` | Registry to use for the server |
| server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server |
| server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. |
@ -304,6 +311,7 @@ Fields to note:
| server.rbac.create | bool | `true` | Adds Role and RoleBinding for the server. |
| server.replicas | int | `1` | The number of server pods to run |
| server.resources | object | `{}` | Resource limits and requests for the server |
| server.revisionHistoryLimit | int | `10` | The number of revisions to keep. |
| server.secure | bool | `false` | Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. |
| server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context |
| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
@ -322,15 +330,17 @@ Fields to note:
| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret |
| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups |
| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. |
| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider |
| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client |
| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider |
| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers |
| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. |
| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets |
| server.sso.redirectUrl | string | `"https://argo/oauth2/callback"` | |
| server.sso.redirectUrl | string | `""` | |
| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider |
| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) |
| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim |
| server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. |
| server.tolerations | list | `[]` | [Tolerations] for use with node taints |
| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server |
| server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. |
@ -380,3 +390,5 @@ Fields to note:
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog
[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/
[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/

10
charts/argo-workflows/README.md.gotmpl
View file

@ -84,9 +84,13 @@ Please see the upstream [Operator Manual's High Availability page](https://argop
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
### Workflow server authentication
### Argo Workflows server authentication
Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means.
Please refer to [Argo Server Auth Mode] for more details.
Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details.
By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting.
## Values
@ -204,3 +208,5 @@ Fields to note:
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog
[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/
[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/

2
charts/argo-workflows/ci/enable-ingress-values.yaml
View file

@ -5,4 +5,4 @@ server:
ingress:
enabled: true
hosts:
- argo-workflows.127.0.0.1.xip.io
- argo-workflows.example.com

7
charts/argo-workflows/templates/_helpers.tpl
View file

@ -97,6 +97,13 @@ app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}
{{/*
Create the name of the controller configMap
*/}}
{{- define "argo-workflows.controller.config-map.name" -}}
{{- .Values.controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the server service account to use
*/}}

2
charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml
View file

@ -83,8 +83,6 @@ rules:
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows

9
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -1,7 +1,8 @@
{{- if .Values.controller.configMap.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}-configmap
name: {{ template "argo-workflows.controller.config-map.name" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
@ -144,7 +145,7 @@ data:
rbac:
enabled: {{ .Values.server.sso.rbac.enabled }}
{{- with .Values.server.sso.scopes }}
scopes: {{ toYaml . | nindent 8 }}
scopes: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.sso.issuerAlias }}
issuerAlias: {{ toYaml . }}
@ -161,6 +162,9 @@ data:
{{- with .Values.server.sso.insecureSkipVerify }}
insecureSkipVerify: {{ toYaml . }}
{{- end }}
{{- with .Values.server.sso.filterGroupsRegex }}
filterGroupsRegex: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.workflowRestrictions }}
workflowRestrictions: {{- toYaml . | nindent 6 }}
@ -191,3 +195,4 @@ data:
{{- with .Values.controller.podGCDeleteDelayDuration }}
podGCDeleteDelayDuration: {{ . }}
{{- end }}
{{- end }}

3
charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
View file

@ -12,6 +12,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.controller.replicas }}
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
@ -44,7 +45,7 @@ spec:
command: [ "workflow-controller" ]
args:
- "--configmap"
- "{{ template "argo-workflows.controller.fullname" . }}-configmap"
- "{{ template "argo-workflows.controller.config-map.name" . }}"
- "--executor-image"
- "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
- "--loglevel"

2
charts/argo-workflows/templates/controller/workflow-controller-service.yaml
View file

@ -6,7 +6,7 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag | trunc 63 | quote }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
{{- with .Values.controller.serviceLabels }}
{{ toYaml . | nindent 4 }}
{{- end }}

1
charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -38,6 +38,7 @@ rules:
- workflowtaskresults
verbs:
- create
- patch
- apiGroups:
- argoproj.io
resources:

2
charts/argo-workflows/templates/extra-manifests.yaml
View file

@ -1,6 +1,6 @@
{{ range .Values.extraObjects }}
---
{{- if typeIs "string" . }}
{{ if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}

9
charts/argo-workflows/templates/server/server-deployment.yaml
View file

@ -15,6 +15,7 @@ spec:
{{- if not .Values.server.autoscaling.enabled }}
replicas: {{ .Values.server.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.server.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
@ -36,6 +37,10 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.extraInitContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 8 }}
@ -48,7 +53,7 @@ spec:
{{- toYaml .Values.server.securityContext | nindent 12 }}
args:
- server
- --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap
- --configmap={{ template "argo-workflows.controller.config-map.name" . }}
{{- with .Values.server.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
@ -112,7 +117,7 @@ spec:
{{- end }}
volumes:
- name: tmp
emptyDir: {}
{{- toYaml .Values.server.tmpVolume | nindent 8 }}
{{- with .Values.server.volumes }}
{{- toYaml . | nindent 6}}
{{- end }}

84
charts/argo-workflows/values.yaml
View file

@ -91,6 +91,12 @@ controller:
# -- Allows controller to create and update ConfigMaps. Enables memoization feature
writeConfigMaps: false
configMap:
# -- Create a ConfigMap for the controller
create: true
# -- ConfigMap name
name: ""
# -- Limits the maximum number of incomplete workflows in a namespace
namespaceParallelism:
# -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
@ -295,6 +301,8 @@ controller:
volumes: []
# -- The number of controller pods to run
replicas: 1
# -- The number of revisions to keep.
revisionHistoryLimit: 10
pdb:
# -- Configure [Pod Disruption Budget] for the controller pods
@ -450,6 +458,12 @@ server:
# -- Service port name
servicePortName: "" # http
# -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
hostAliases: []
# - ip: 10.20.30.40
# hostnames:
# - git.myhostname
serviceAccount:
# -- Create a service account for the server
create: true
@ -472,6 +486,8 @@ server:
resources: {}
# -- The number of server pods to run
replicas: 1
# -- The number of revisions to keep.
revisionHistoryLimit: 10
## Argo Server Horizontal Pod Autoscaler
autoscaling:
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server
@ -555,6 +571,9 @@ server:
# -- Set the logging format (one of: `text`, `json`)
format: "text"
# -- Volume to be mounted in Pods for temporary files.
tmpVolume:
emptyDir: {}
# -- Additional volume mounts to the server main container.
volumeMounts: []
# -- Additional volumes to the server pod.
@ -662,7 +681,7 @@ server:
# -- Key of a secret to retrieve the app OIDC client secret
key: client-secret
# - The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
redirectUrl: https://argo/oauth2/callback
redirectUrl: ""
rbac:
# -- Adds ServiceAccount Policy to server (Cluster)Role.
enabled: true
@ -688,6 +707,11 @@ server:
userInfoPath: ""
# -- Skip TLS verification for the HTTP client
insecureSkipVerify: false
# -- Filter the groups returned by the OIDC provider
## A logical "OR" is used between each regex in the list
filterGroupsRegex: []
# - ".*argo-wf.*"
# - ".*argo-workflow.*"
# -- Extra containers to be added to the server deployment
extraContainers: []
@ -745,41 +769,41 @@ artifactRepository:
# roleARN:
# useSDKCreds: true
# encryptionOptions:
# enableEncryption: true
# enableEncryption: true
# -- Store artifact in a GCS object store
# @default -- `{}` (See [values.yaml])
gcs: {}
# bucket: <project>-argo
# keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
#
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# bucket: <project>-argo
# keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
# # serviceAccountKeySecret is a secret selector.
# # It references the k8s secret named 'my-gcs-credentials'.
# # This secret is expected to have have the key 'serviceAccountKey',
# # containing the base64 encoded credentials
# # to the bucket.
# #
# # If it's running on GKE and Workload Identity is used,
# # serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# -- Store artifact in Azure Blob Storage
# @default -- `{}` (See [values.yaml])
azure: {}
# endpoint: https://mystorageaccountname.blob.core.windows.net
# container: my-container-name
# blobNameFormat: path/in/container
## accountKeySecret is a secret selector.
## It references the k8s secret named 'my-azure-storage-credentials'.
## This secret is expected to have have the key 'account-access-key',
## containing the base64 encoded credentials to the storage account.
## If a managed identity has been assigned to the machines running the
## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
## then accountKeySecret is not needed, and useSDKCreds should be
## set to true instead:
# useSDKCreds: true
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# endpoint: https://mystorageaccountname.blob.core.windows.net
# container: my-container-name
# blobNameFormat: path/in/container
# # accountKeySecret is a secret selector.
# # It references the k8s secret named 'my-azure-storage-credentials'.
# # This secret is expected to have have the key 'account-access-key',
# # containing the base64 encoded credentials to the storage account.
# # If a managed identity has been assigned to the machines running the
# # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
# # then accountKeySecret is not needed, and useSDKCreds should be
# # set to true instead:
# useSDKCreds: true
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# -- The section of custom artifact repository.
# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)

4
charts/argocd-image-updater/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.9.1
version: 0.9.3
appVersion: v0.12.2
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Introduce chart signing
description: Support extra K8s manifests

31
charts/argocd-image-updater/README.md
View file

@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd-image-updater argo/argocd-image-updater
```
You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart).
## Prerequisites
@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc
## Configuration options
In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags).
In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page].
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance:
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance:
```yaml
config:
@ -35,12 +35,12 @@ config:
plaintext: true
```
Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so.
### ArgoCD API key
### Argo CD API key
If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
Please also read [Configuration of Container Registries].
```yaml
config:
@ -52,7 +52,7 @@ If you specify a token value the secret will be created.
### Registries
ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]):
- Docker Hub
- Google Container Registry
@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in
- GitHub Container Registry
- GitHub Docker Packages
If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.
@ -74,18 +74,19 @@ The `config.registries` value can be used exactly as it looks in the documentati
| config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) |
| config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API |
| config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. |
| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. |
| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. |
| config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address |
| config.argocd.token | string | `""` | If specified, the secret with ArgoCD API key will be created. |
| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. |
| config.disableKubeEvents | bool | `false` | Disable kubernetes events |
| config.gitCommitMail | string | `""` | E-Mail address to use for Git commits |
| config.gitCommitTemplate | string | `""` | Changing the Git commit message |
| config.gitCommitUser | string | `""` | Username to use for Git commits |
| config.logLevel | string | `"info"` | ArgoCD Image Update log level |
| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
| config.sshConfig | object | `{}` | ArgoCD Image Updater ssh client parameter configuration. |
| config.logLevel | string | `"info"` | Argo CD Image Update log level |
| config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. |
| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry |
| extraEnv | list | `[]` | Extra environment variables for argocd-image-updater |
| extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater |
| fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override |
| image.pullPolicy | string | `"Always"` | Default image pull policy |
| image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository |
@ -125,3 +126,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server
[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags
[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/
[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112

20
charts/argocd-image-updater/README.md.gotmpl
View file

@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd-image-updater argo/argocd-image-updater
```
You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart).
## Prerequisites
@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc
## Configuration options
In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags).
In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page].
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance:
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance:
```yaml
config:
@ -35,12 +35,12 @@ config:
plaintext: true
```
Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so.
### ArgoCD API key
### Argo CD API key
If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
Please also read [Configuration of Container Registries].
```yaml
config:
@ -52,7 +52,7 @@ If you specify a token value the secret will be created.
### Registries
ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]):
- Docker Hub
- Google Container Registry
@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in
- GitHub Container Registry
- GitHub Docker Packages
If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.
@ -71,3 +71,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server
[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags
[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/
[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112

14
charts/argocd-image-updater/ci/enable-extra-objects-values.yaml Normal file
View file

@ -0,0 +1,14 @@
# Test with extraObjects enabled
# Do not deploy the CRDs as they are already present from the previous test
installCRDs: false
extraObjects:
- apiVersion: v1
kind: Secret
metadata:
name: datadog
type: Opaque
data:
address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com
api-key: dGVzdC1hcGkta2V5Cg== # test-api-key
app-key: dGVzdC1hcHAta2V5Cg== # test-app-key

8
charts/argocd-image-updater/templates/extra-manifests.yaml Normal file
View file

@ -0,0 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

39
charts/argocd-image-updater/values.yaml
View file

@ -42,6 +42,35 @@ extraEnv: []
# - name: AWS_REGION
# value: "us-west-1"
# -- Extra K8s manifests to deploy for argocd-image-updater
## Note: Supports use of custom Helm templates
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argocd-image-updater-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argocd-image-updater"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argocd-image-updater-secrets-store
# type: Opaque
# labels:
# app.kubernetes.io/part-of: argocd
# -- Init containers to add to the image updater pod
initContainers: []
# - name: download-tools
@ -77,9 +106,9 @@ config:
serverAddress: ""
# -- If specified, the certificate of the Argo CD API server is not verified.
insecure: false
# -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.
# -- If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS.
plaintext: false
# -- If specified, the secret with ArgoCD API key will be created.
# -- If specified, the secret with Argo CD API key will be created.
token: ""
# -- Disable kubernetes events
@ -94,10 +123,10 @@ config:
# -- Changing the Git commit message
gitCommitTemplate: ""
# -- ArgoCD Image Update log level
# -- Argo CD Image Update log level
logLevel: "info"
# -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)
# -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)
registries: []
# - name: Docker Hub
# api_url: https://registry-1.docker.io
@ -122,7 +151,7 @@ config:
# credentials: ext:/scripts/auth1.sh
# credsexpire: 10h
# -- ArgoCD Image Updater ssh client parameter configuration.
# -- Argo CD Image Updater ssh client parameter configuration.
sshConfig:
{}
# config: |

91
renovate.json Normal file
View file

@ -0,0 +1,91 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"kubernetes": {
"fileMatch": ["\\.yaml$", "\\.yml$"]
},
"extends": [
"config:base",
"docker:enableMajor"
],
"labels": ["renovate"],
"includePaths": [
"**/charts/argo-workflows/Chart.yaml",
"**/charts/argo-cd/Chart.yaml",
"**/charts/argo-events/Chart.yaml",
"**/charts/argo-rollouts/Chart.yaml",
"**/charts/argocd-image-updater/Chart.yaml"
],
"regexManagers": [
{
"fileMatch": ["charts/argo-workflows/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-workflows",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argo-cd/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-cd",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argo-events/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-events",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argo-rollouts/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-rollouts",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argocd-image-updater/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj-labs/argocd-image-updater",
"datasourceTemplate": "github-releases"
}
],
"packageRules": [
{
"matchPackagePatterns": ["argoproj/argo-workflows"],
"commitMessagePrefix": "chore(argo-workflows):"
},
{
"matchPackagePatterns": ["argoproj/argo-cd"],
"commitMessagePrefix": "chore(argo-cd):"
},
{
"matchPackagePatterns": ["argoproj/argo-events"],
"commitMessagePrefix": "chore(argo-events):"
},
{
"matchPackagePatterns": ["argoproj/argo-rollouts"],
"commitMessagePrefix": "chore(argo-rollouts):"
},
{
"matchPackagePatterns": ["argoproj-labs/argocd-image-updater"],
"commitMessagePrefix": "chore(argocd-image-updater):"
},
{
"matchPackagePatterns": ["redis-ha"],
"enabled": false
}
]
}