From 4f7fe688cf80b5e76e87ee1384da1f7a1fda8d67 Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Wed, 13 Jan 2021 10:07:56 -0800 Subject: [PATCH 01/18] fix(Argo): Unify settings for activating rbac. (#544) Signed-off-by: Vlad Losev --- charts/argo/Chart.yaml | 2 +- charts/argo/templates/server-cluster-roles.yaml | 10 ++++++++-- charts/argo/values.yaml | 15 ++++++++++++--- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 504be025..340dc1d4 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v2.12.3 description: A Helm chart for Argo Workflows name: argo -version: 0.15.0 +version: 0.15.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/server-cluster-roles.yaml b/charts/argo/templates/server-cluster-roles.yaml index e946dcc7..10c730c1 100644 --- a/charts/argo/templates/server-cluster-roles.yaml +++ b/charts/argo/templates/server-cluster-roles.yaml @@ -41,7 +41,8 @@ rules: verbs: - create {{- end}} -{{- if .Values.server.rbac }} +{{- if .Values.server.sso }} + {{- if .Values.server.sso.rbac }} - apiGroups: - "" resources: @@ -49,6 +50,7 @@ rules: verbs: - get - list + {{- end }} {{- end }} - apiGroups: - "" @@ -56,8 +58,12 @@ rules: - secrets verbs: - get -{{- with .Values.server.rbac.secretWhitelist }} +{{- if .Values.server.sso }} + {{- if .Values.server.sso.rbac }} + {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} {{- end }} - apiGroups: - "" diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 084e92c4..b1491b14 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -167,9 +167,6 @@ server: serviceType: ClusterIP servicePort: 2746 # servicePortName: http - rbac: - # When present, restricts secrets the server can read to a given list. - secretWhitelist: [] serviceAccount: argo-server # Whether to create the service account with the name specified in # server.serviceAccount and bind it to the server role. @@ -267,6 +264,18 @@ server: # key: client-secret ## The OIDC redirect URL. Should be in the form /oauth2/callback. # redirectUrl: https://argo/oauth2/callback + # rbac: + # enabled: true + ## When present, restricts secrets the server can read to a given list. + ## You can use it to restrict the server to only be able to access the + ## service account token secrets that are associated with service accounts + ## used for authorization. + # secretWhitelist: [] + ## Scopes requested from the SSO ID provider. The 'groups' scope requests + ## group membership information, which is usually used for authorization + ## decisions. + # scopes: + # - groups # Influences the creation of the ConfigMap for the workflow-controller itself. useDefaultArtifactRepo: false From e8ca7ce63b59b0e2677e5dfe7c6b7436566d92dc Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Thu, 14 Jan 2021 10:52:52 -0800 Subject: [PATCH 02/18] fix(argo): Move dependencies into Chart.yaml. (#546) Signed-off-by: Vlad Losev --- charts/argo/{requirements.lock => Chart.lock} | 2 +- charts/argo/Chart.yaml | 7 ++++++- charts/argo/requirements.yaml | 5 ----- 3 files changed, 7 insertions(+), 7 deletions(-) rename charts/argo/{requirements.lock => Chart.lock} (77%) delete mode 100644 charts/argo/requirements.yaml diff --git a/charts/argo/requirements.lock b/charts/argo/Chart.lock similarity index 77% rename from charts/argo/requirements.lock rename to charts/argo/Chart.lock index 37a55e66..4b57ae05 100644 --- a/charts/argo/requirements.lock +++ b/charts/argo/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://helm.min.io/ version: 8.0.9 digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260 -generated: "2021-01-11T15:01:01.169105-08:00" +generated: "2021-01-13T15:31:40.823086-08:00" diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 340dc1d4..44c812c7 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v2.12.3 description: A Helm chart for Argo Workflows name: argo -version: 0.15.1 +version: 0.15.2 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: @@ -10,3 +10,8 @@ maintainers: - name: alexmt - name: jessesuen - name: benjaminws +dependencies: +- name: minio + version: 8.0.9 + repository: https://helm.min.io/ + condition: minio.install diff --git a/charts/argo/requirements.yaml b/charts/argo/requirements.yaml deleted file mode 100644 index bd643139..00000000 --- a/charts/argo/requirements.yaml +++ /dev/null @@ -1,5 +0,0 @@ -dependencies: -- name: minio - version: 8.0.9 - repository: https://helm.min.io/ - condition: minio.install From b7679a89680d8161834d337ec3327d44bb1c78a0 Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Fri, 15 Jan 2021 11:44:31 -0800 Subject: [PATCH 03/18] fix(argo-cd): Fixes CRD schema. (#545) * fix(argo-cd): Fixes CRD schema. Signed-off-by: Vlad Losev * Bumps chart version. Signed-off-by: Vlad Losev --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/crds/crd-application.yaml | 2495 +++++++++++----------- charts/argo-cd/crds/crd-project.yaml | 413 ++-- 3 files changed, 1454 insertions(+), 1456 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b280627d..761255f0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 1.7.6 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.11.1 +version: 2.11.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index 9a708978..4884f714 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -8,17 +8,6 @@ metadata: annotations: helm.sh/hook: crd-install spec: - additionalPrinterColumns: - - JSONPath: .status.sync.status - name: Sync Status - type: string - - JSONPath: .status.health.status - name: Health Status - type: string - - JSONPath: .status.sync.revision - name: Revision - priority: 10 - type: string group: argoproj.io names: kind: Application @@ -29,641 +18,118 @@ spec: - apps singular: application scope: Namespaced - subresources: {} - validation: - openAPIV3Schema: - description: Application is a definition of Application resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - operation: - description: Operation contains requested operation parameters. - properties: - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - initiatedBy: - description: OperationInitiator holds information about the operation initiator - properties: - automated: - description: Automated is set to true if operation was initiated automatically by the application controller. - type: boolean - username: - description: Name of a user who started operation. - type: string - type: object - retry: - description: Retry controls failed sync retry behavior - properties: - backoff: - description: Backoff is a backoff strategy + versions: + - name: v1alpha1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + subresources: {} + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + operation: + description: Operation contains requested operation parameters. + properties: + info: + items: properties: - duration: - description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + name: type: string - factor: - description: Factor is a factor to multiply the base duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts when retrying a container - format: int64 - type: integer - type: object - sync: - description: SyncOperation contains sync operation details. - properties: - dryRun: - description: DryRun will perform a `kubectl apply --dry-run` without actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides sync source with a local directory for development - items: - type: string - type: array - prune: - description: Prune deletes resources that are no longer tracked in git - type: boolean - resources: - description: Resources describes which resources to sync - items: - description: SyncOperationResource contains resources to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. - type: string - source: - description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter to a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm template - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps - type: string - version: - description: Version contains optional Kustomize version - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + value: type: string required: - - repoURL + - name + - value type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the sync - properties: - apply: - description: Apply will perform a `kubectl apply` to perform the sync. - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources to perform the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - type: object - type: object - type: object - spec: - description: ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision. - properties: - destination: - description: Destination overrides the kubernetes server and namespace defined in the environment ksonnet app.yaml - properties: - name: - description: Name of the destination cluster which can be used instead of server (url) field - type: string - namespace: - description: Namespace overrides the environment namespace value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment server value in the ksonnet app.yaml - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences controls resources fields which should be ignored during comparison - items: - description: ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state. + type: array + initiatedBy: + description: OperationInitiator holds information about the operation initiator properties: - group: + automated: + description: Automated is set to true if operation was initiated automatically by the application controller. + type: boolean + username: + description: Name of a user who started operation. type: string - jsonPointers: + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff is a backoff strategy + properties: + duration: + description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts when retrying a container + format: int64 + type: integer + type: object + sync: + description: SyncOperation contains sync operation details. + properties: + dryRun: + description: DryRun will perform a `kubectl apply --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync source with a local directory for development items: type: string type: array - kind: - type: string - name: - type: string - namespace: - type: string - required: - - jsonPointers - - kind - type: object - type: array - info: - description: Infos contains a list of useful information (URLs, email addresses, and plain text) that relates to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a application project name. Empty name means that application belongs to 'default' project. - type: string - revisionHistoryLimit: - description: This limits this number of items kept in the apps revision history. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location ksonnet application definition - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options + prune: + description: Prune deletes resources that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources to sync + items: + description: SyncOperationResource contains resources to sync. properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter to a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm template - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps - type: string - version: - description: Version contains optional Kustomize version - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when a sync will be performed - properties: - automated: - description: Automated will keep an application synced to the target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have zero live resources (default: false)' - type: boolean - prune: - description: 'Prune will prune resources automatically as part of automated sync (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal enables auto-syncing if (default: false)' - type: boolean - type: object - retry: - description: Retry controls failed sync retry behavior - properties: - backoff: - description: Backoff is a backoff strategy - properties: - duration: - description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + group: type: string - factor: - description: Factor is a factor to multiply the base duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time allowed for the backoff strategy + kind: type: string + name: + type: string + namespace: + type: string + required: + - kind + - name type: object - limit: - description: Limit is the maximum number of attempts when retrying a container - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - status: - description: ApplicationStatus contains information about application sync, health status - properties: - conditions: - items: - description: ApplicationCondition contains details about current application condition - properties: - lastTransitionTime: - description: LastTransitionTime is the time the condition was first observed. - format: date-time - type: string - message: - description: Message contains human-readable message indicating details about condition - type: string - type: - description: Type is an application condition type - type: string - required: - - message - - type - type: object - type: array - health: - properties: - message: - type: string - status: - description: Represents resource health status - type: string - type: object - history: - description: RevisionHistories is a array of history, oldest first and newest last - items: - description: RevisionHistory contains information relevant to an application deployment - properties: - deployStartedAt: - description: DeployStartedAt holds the time the deployment started - format: date-time - type: string - deployedAt: - description: DeployedAt holds the time the deployment completed - format: date-time - type: string - id: - description: ID is an auto incrementing identifier of the RevisionHistory - format: int64 - type: integer + type: array revision: - description: Revision holds the revision of the sync + description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. type: string source: - description: ApplicationSource contains information about github repository, path within repository and target application environment. + description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation properties: chart: description: Chart is a Helm chart name @@ -840,621 +306,366 @@ spec: required: - repoURL type: object - required: - - deployedAt - - id - - revision - type: object - type: array - observedAt: - description: 'ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field' - format: date-time - type: string - operationState: - description: OperationState contains information about state of currently performing operation on application. - properties: - finishedAt: - description: FinishedAt contains time of operation completion - format: date-time - type: string - message: - description: Message hold any pertinent messages when attempting to perform operation (typically errors). - type: string - operation: - description: Operation is the original requested operation - properties: - info: - items: + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform the sync. properties: - name: - type: string - value: - type: string - required: - - name - - value + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean type: object + hook: + description: Hook will submit any referenced resources to perform the sync. This is the default strategy + properties: + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision. + properties: + destination: + description: Destination overrides the kubernetes server and namespace defined in the environment ksonnet app.yaml + properties: + name: + description: Name of the destination cluster which can be used instead of server (url) field + type: string + namespace: + description: Namespace overrides the environment namespace value in the ksonnet app.yaml + type: string + server: + description: Server overrides the environment server value in the ksonnet app.yaml + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences controls resources fields which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state. + properties: + group: + type: string + jsonPointers: + items: + type: string type: array - initiatedBy: - description: OperationInitiator holds information about the operation initiator - properties: - automated: - description: Automated is set to true if operation was initiated automatically by the application controller. - type: boolean - username: - description: Name of a user who started operation. - type: string - type: object - retry: - description: Retry controls failed sync retry behavior - properties: - backoff: - description: Backoff is a backoff strategy - properties: - duration: - description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts when retrying a container - format: int64 - type: integer - type: object - sync: - description: SyncOperation contains sync operation details. - properties: - dryRun: - description: DryRun will perform a `kubectl apply --dry-run` without actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides sync source with a local directory for development - items: - type: string - type: array - prune: - description: Prune deletes resources that are no longer tracked in git - type: boolean - resources: - description: Resources describes which resources to sync - items: - description: SyncOperationResource contains resources to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. - type: string - source: - description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options + kind: + type: string + name: + type: string + namespace: + type: string + required: + - jsonPointers + - kind + type: object + type: array + info: + description: Infos contains a list of useful information (URLs, email addresses, and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a application project name. Empty name means that application belongs to 'default' project. + type: string + revisionHistoryLimit: + description: This limits this number of items kept in the apps revision history. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location ksonnet application definition + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet specific options + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar is a jsonnet variable properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: + code: type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter to a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm template - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps - type: string - version: - description: Version contains optional Kustomize version - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array name: type: string + value: + type: string + required: + - name + - value type: object - repoURL: - description: RepoURL is the repository URL of the application manifests + type: array + libs: + description: Additional library search dirs + items: type: string - targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter to a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm template + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating with + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment name + type: string + parameters: + description: Parameters are a list of ksonnet component parameter override values + items: + description: KsonnetParameter is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: type: string required: - - repoURL + - name + - value type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the sync - properties: - apply: - description: Apply will perform a `kubectl apply` to perform the sync. - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources to perform the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - type: object - type: object - type: object - phase: - description: Phase is the current phase of the operation - type: string - retryCount: - description: RetryCount contains time of operation retries - format: int64 - type: integer - startedAt: - description: StartedAt contains time of operation start - format: date-time - type: string - syncResult: - description: SyncResult is the result of a Sync operation - properties: - resources: - description: Resources holds the sync result of each individual resource - items: - description: ResourceResult holds the operation result details of a specific resource - properties: - group: - type: string - hookPhase: - description: 'the state of any operation associated with this resource OR hook note: can contain values for non-hook resources' - type: string - hookType: - description: the type of the hook, empty for non-hook resources - type: string - kind: - type: string - message: - description: message for the last sync OR operation - type: string - name: - type: string - namespace: - type: string - status: - description: the final result of the sync, this is be empty if the resources is yet to be applied/pruned and is always zero-value for hooks - type: string - syncPhase: - description: indicates the particular phase of the sync that this is for - type: string - version: - type: string - required: - - group - - kind - - name - - namespace - - version + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize commonLabels type: object - type: array + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for kustomize apps + type: string + version: + description: Version contains optional Kustomize version + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have zero live resources (default: false)' + type: boolean + prune: + description: 'Prune will prune resources automatically as part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal enables auto-syncing if (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff is a backoff strategy + properties: + duration: + description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts when retrying a container + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + status: + description: ApplicationStatus contains information about application sync, health status + properties: + conditions: + items: + description: ApplicationCondition contains details about current application condition + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was first observed. + format: date-time + type: string + message: + description: Message contains human-readable message indicating details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + health: + properties: + message: + type: string + status: + description: Represents resource health status + type: string + type: object + history: + description: RevisionHistories is a array of history, oldest first and newest last + items: + description: RevisionHistory contains information relevant to an application deployment + properties: + deployStartedAt: + description: DeployStartedAt holds the time the deployment started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the deployment completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer revision: description: Revision holds the revision of the sync type: string - source: - description: Source records the application source information of the sync, used for comparing auto-sync - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter to a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm template - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for kustomize apps - type: string - version: - description: Version contains optional Kustomize version - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD - type: string - required: - - repoURL - type: object - required: - - revision - type: object - required: - - operation - - phase - - startedAt - type: object - reconciledAt: - description: ReconciledAt indicates when the application state was reconciled using the latest git version - format: date-time - type: string - resources: - items: - description: ResourceStatus holds the current sync and health status of a resource - properties: - group: - type: string - health: - properties: - message: - type: string - status: - description: Represents resource health status - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - description: SyncStatusCode is a type which represents possible comparison results - type: string - version: - type: string - type: object - type: array - sourceType: - type: string - summary: - properties: - externalURLs: - description: ExternalURLs holds all external URLs of application child resources. - items: - type: string - type: array - images: - description: Images holds all images of application child resources. - items: - type: string - type: array - type: object - sync: - description: SyncStatus is a comparison result of application spec and deployed application. - properties: - comparedTo: - description: ComparedTo contains application source and target which was used for resources comparison - properties: - destination: - description: ApplicationDestination contains deployment destination information - properties: - name: - description: Name of the destination cluster which can be used instead of server (url) field - type: string - namespace: - description: Namespace overrides the environment namespace value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment server value in the ksonnet app.yaml - type: string - type: object source: description: ApplicationSource contains information about github repository, path within repository and target application environment. properties: @@ -1634,24 +845,812 @@ spec: - repoURL type: object required: - - destination - - source + - deployedAt + - id + - revision type: object - revision: - type: string - status: - description: SyncStatusCode is a type which represents possible comparison results - type: string - required: - - status - type: object - type: object - required: - - metadata - - spec - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true + type: array + observedAt: + description: 'ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field' + format: date-time + type: string + operationState: + description: OperationState contains information about state of currently performing operation on application. + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message hold any pertinent messages when attempting to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: OperationInitiator holds information about the operation initiator + properties: + automated: + description: Automated is set to true if operation was initiated automatically by the application controller. + type: boolean + username: + description: Name of a user who started operation. + type: string + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff is a backoff strategy + properties: + duration: + description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts when retrying a container + format: int64 + type: integer + type: object + sync: + description: SyncOperation contains sync operation details. + properties: + dryRun: + description: DryRun will perform a `kubectl apply --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune deletes resources that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources to sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: Revision is the revision in which to sync the application to. If omitted, will use the revision specified in app spec. + type: string + source: + description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet specific options + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter to a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm template + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating with + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment name + type: string + parameters: + description: Parameters are a list of ksonnet component parameter override values + items: + description: KsonnetParameter is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for kustomize apps + type: string + version: + description: Version contains optional Kustomize version + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + type: string + required: + - repoURL + type: object + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform the sync. + properties: + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to perform the sync. This is the default strategy + properties: + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + resources: + description: Resources holds the sync result of each individual resource + items: + description: ResourceResult holds the operation result details of a specific resource + properties: + group: + type: string + hookPhase: + description: 'the state of any operation associated with this resource OR hook note: can contain values for non-hook resources' + type: string + hookType: + description: the type of the hook, empty for non-hook resources + type: string + kind: + type: string + message: + description: message for the last sync OR operation + type: string + name: + type: string + namespace: + type: string + status: + description: the final result of the sync, this is be empty if the resources is yet to be applied/pruned and is always zero-value for hooks + type: string + syncPhase: + description: indicates the particular phase of the sync that this is for + type: string + version: + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision of the sync + type: string + source: + description: Source records the application source information of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet specific options + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter to a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm template + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating with + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment name + type: string + parameters: + description: Parameters are a list of ksonnet component parameter override values + items: + description: KsonnetParameter is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for kustomize apps + type: string + version: + description: Version contains optional Kustomize version + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + type: string + required: + - repoURL + type: object + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was reconciled using the latest git version + format: date-time + type: string + resources: + items: + description: ResourceStatus holds the current sync and health status of a resource + properties: + group: + type: string + health: + properties: + message: + type: string + status: + description: Represents resource health status + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible comparison results + type: string + version: + type: string + type: object + type: array + sourceType: + type: string + summary: + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: SyncStatus is a comparison result of application spec and deployed application. + properties: + comparedTo: + description: ComparedTo contains application source and target which was used for resources comparison + properties: + destination: + description: ApplicationDestination contains deployment destination information + properties: + name: + description: Name of the destination cluster which can be used instead of server (url) field + type: string + namespace: + description: Namespace overrides the environment namespace value in the ksonnet app.yaml + type: string + server: + description: Server overrides the environment server value in the ksonnet app.yaml + type: string + type: object + source: + description: ApplicationSource contains information about github repository, path within repository and target application environment. + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet specific options + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter to a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm template + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating with + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment name + type: string + parameters: + description: Parameters are a list of ksonnet component parameter override values + items: + description: KsonnetParameter is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for kustomize apps + type: string + version: + description: Version contains optional Kustomize version + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or branch in which to sync the application to. If omitted, will sync to HEAD + type: string + required: + - repoURL + type: object + required: + - destination + - source + type: object + revision: + type: string + status: + description: SyncStatusCode is a type which represents possible comparison results + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/crds/crd-project.yaml index a911370c..370ab873 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/crds/crd-project.yaml @@ -18,214 +18,213 @@ spec: - appprojs singular: appproject scope: Namespaced - validation: - openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppProjectSpec is the specification of an AppProject - properties: - clusterResourceBlacklist: - description: ClusterResourceBlacklist contains list of blacklisted cluster level resources - items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - clusterResourceWhitelist: - description: ClusterResourceWhitelist contains list of whitelisted cluster level resources - items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - description: - description: Description contains optional project description - type: string - destinations: - description: Destinations contains list of destinations available for deployment - items: - description: ApplicationDestination contains deployment destination information - properties: - name: - description: Name of the destination cluster which can be used instead of server (url) field - type: string - namespace: - description: Namespace overrides the environment namespace value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment server value in the ksonnet app.yaml - type: string - type: object - type: array - namespaceResourceBlacklist: - description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources - items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - namespaceResourceWhitelist: - description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources - items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - orphanedResources: - description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project - properties: - ignore: - items: - properties: - group: - type: string - kind: - type: string - name: - type: string - type: object - type: array - warn: - description: Warn indicates if warning condition should be created for apps which have orphaned resources - type: boolean - type: object - roles: - description: Roles are user defined RBAC roles associated with this project - items: - description: ProjectRole represents a role that has access to a project - properties: - description: - description: Description is a description of the role - type: string - groups: - description: Groups are a list of OIDC group claims bound to this role - items: - type: string - type: array - jwtTokens: - description: JWTTokens are a list of generated JWT tokens bound to this role - items: - description: JWTToken holds the issuedAt and expiresAt values of a token - properties: - exp: - format: int64 - type: integer - iat: - format: int64 - type: integer - id: - type: string - required: - - iat - type: object - type: array - name: - description: Name is a name for this role - type: string - policies: - description: Policies Stores a list of casbin formated strings that define access policies for the role in the project - items: - type: string - type: array - required: - - name - type: object - type: array - signatureKeys: - description: List of PGP key IDs that commits to be synced to must be signed with - items: - description: SignatureKey is the specification of a key required to verify commit signatures with - properties: - keyID: - description: The ID of the key in hexadecimal notation - type: string - required: - - keyID - type: object - type: array - sourceRepos: - description: SourceRepos contains list of repository URLs which can be used for deployment - items: - type: string - type: array - syncWindows: - description: SyncWindows controls when syncs can be run for apps in this project - items: - description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps - properties: - applications: - description: Applications contains a list of applications that the window will apply to - items: - type: string - type: array - clusters: - description: Clusters contains a list of clusters that the window will apply to - items: - type: string - type: array - duration: - description: Duration is the amount of time the sync window will be open - type: string - kind: - description: Kind defines if the window allows or blocks syncs - type: string - manualSync: - description: ManualSync enables manual syncs when they would otherwise be blocked - type: boolean - namespaces: - description: Namespaces contains a list of namespaces that the window will apply to - items: - type: string - type: array - schedule: - description: Schedule is the time the window will begin, specified in cron format - type: string - type: object - type: array - type: object - required: - - metadata - - spec - type: object - version: v1alpha1 versions: - name: v1alpha1 served: true storage: true + schema: + openAPIV3Schema: + description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AppProjectSpec is the specification of an AppProject + properties: + clusterResourceBlacklist: + description: ClusterResourceBlacklist contains list of blacklisted cluster level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + clusterResourceWhitelist: + description: ClusterResourceWhitelist contains list of whitelisted cluster level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + description: + description: Description contains optional project description + type: string + destinations: + description: Destinations contains list of destinations available for deployment + items: + description: ApplicationDestination contains deployment destination information + properties: + name: + description: Name of the destination cluster which can be used instead of server (url) field + type: string + namespace: + description: Namespace overrides the environment namespace value in the ksonnet app.yaml + type: string + server: + description: Server overrides the environment server value in the ksonnet app.yaml + type: string + type: object + type: array + namespaceResourceBlacklist: + description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + namespaceResourceWhitelist: + description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project + properties: + ignore: + items: + properties: + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + warn: + description: Warn indicates if warning condition should be created for apps which have orphaned resources + type: boolean + type: object + roles: + description: Roles are user defined RBAC roles associated with this project + items: + description: ProjectRole represents a role that has access to a project + properties: + description: + description: Description is a description of the role + type: string + groups: + description: Groups are a list of OIDC group claims bound to this role + items: + type: string + type: array + jwtTokens: + description: JWTTokens are a list of generated JWT tokens bound to this role + items: + description: JWTToken holds the issuedAt and expiresAt values of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + name: + description: Name is a name for this role + type: string + policies: + description: Policies Stores a list of casbin formated strings that define access policies for the role in the project + items: + type: string + type: array + required: + - name + type: object + type: array + signatureKeys: + description: List of PGP key IDs that commits to be synced to must be signed with + items: + description: SignatureKey is the specification of a key required to verify commit signatures with + properties: + keyID: + description: The ID of the key in hexadecimal notation + type: string + required: + - keyID + type: object + type: array + sourceRepos: + description: SourceRepos contains list of repository URLs which can be used for deployment + items: + type: string + type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in this project + items: + description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps + properties: + applications: + description: Applications contains a list of applications that the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window will be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would otherwise be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified in cron format + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object From 8baf0d4465e8784fdd0c769d3db000e221e1aab9 Mon Sep 17 00:00:00 2001 From: stephen-harris <54176138+stephen-harris@users.noreply.github.com> Date: Thu, 21 Jan 2021 17:48:29 +0000 Subject: [PATCH 04/18] Feat(argo-rollouts): Update argo-rollouts to v0.10.2 (#538) * feat(argo-rollouts): Update argo-rollouts to v0.10.2 Signed-off-by: Stephen Harris * chore: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in favor of apiextensions.k8s.io/v1 CustomResourceDefinition Signed-off-by: Stephen Harris --- charts/argo-rollouts/Chart.yaml | 4 +- charts/argo-rollouts/README.md | 4 +- .../argo-rollouts-aggregate-roles.yaml | 8 + .../templates/argo-rollouts-clusterrole.yaml | 138 +++++++++--------- .../templates/argo-rollouts-deployment.yaml | 12 +- .../templates/argo-rollouts-role.yaml | 131 ++++++++++------- .../templates/crds/analysis-run-crd.yaml | 31 +++- .../templates/crds/analysis-template-crd.yaml | 31 +++- .../crds/cluster-analysis-template-crd.yaml | 31 +++- .../templates/crds/experiment-crd.yaml | 13 +- .../templates/crds/rollout-crd.yaml | 87 ++++++++++- charts/argo-rollouts/values.yaml | 2 +- 12 files changed, 343 insertions(+), 149 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2acfa9cc..eed61c87 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "0.9.1" +appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.3.10 +version: 0.4.0 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 37ea661b..38bef6ea 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -2,7 +2,7 @@ Argo Rollouts Chart ============= A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. -Current chart version is `0.3.7` +Current chart version is `0.4.0` Source code can be found [here](https://github.com/argoproj/argo-rollouts) @@ -33,7 +33,7 @@ $ helm install --name my-release argo/argo-rollouts | controller.component | string | `"rollouts-controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.repository | string | `"argoproj/argo-rollouts"` | | -| controller.image.tag | string | `"v0.8.0"` | | +| controller.image.tag | string | `"v0.10.2"` | | | controller.name | string | `"argo-rollouts"` | | | controller.resources | Resource limits and requests for the controller pods. | `{}` | | controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | diff --git a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml index 2cc55d1f..715aa001 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml @@ -13,8 +13,10 @@ rules: - argoproj.io resources: - rollouts + - rollouts/scale - experiments - analysistemplates + - clusteranalysistemplates - analysisruns verbs: - get @@ -36,8 +38,11 @@ rules: - argoproj.io resources: - rollouts + - rollouts/scale + - rollouts/status - experiments - analysistemplates + - clusteranalysistemplates - analysisruns verbs: - create @@ -64,8 +69,11 @@ rules: - argoproj.io resources: - rollouts + - rollouts/scale + - rollouts/status - experiments - analysistemplates + - clusteranalysistemplates - analysisruns verbs: - create diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml index abc1a113..b9595710 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml @@ -8,6 +8,43 @@ metadata: app.kubernetes.io/name: {{ .Release.Name }}-clusterrole app.kubernetes.io/part-of: {{ .Release.Name }} rules: +- apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch +# replicaset access needed for managing ReplicaSets - apiGroups: - apps resources: @@ -20,6 +57,7 @@ rules: - update - patch - delete +# services patch needed to update selector of canary/stable/active/preview services - apiGroups: - "" resources: @@ -29,59 +67,52 @@ rules: - list - watch - patch +# secret read access to run analysis templates which reference secrets - apiGroups: - - "" + - "" resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - rollouts + - secrets verbs: - get - list - watch +# pod list/update needed for updating ephemeral data +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - update +# pods eviction needed for restart +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +# event write needed for emitting events +- apiGroups: + - "" + resources: + - events + verbs: + - create - update - patch +# ingress patch needed for managing ingress annotations, create needed for nginx canary - apiGroups: - - argoproj.io + - networking.k8s.io + - extensions resources: - - rollouts/finalizers - verbs: - - update -- apiGroups: - - argoproj.io - resources: - - analysisruns - - experiments + - ingresses verbs: - create - get - list - watch - - update - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysisruns/finalizers - - experiments/finalizers - verbs: - - update -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch +# job access needed for analysis template job metrics - apiGroups: - batch resources: @@ -94,24 +125,7 @@ rules: - update - patch - delete -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch +# virtualservice access needed for using the Istio provider - apiGroups: - networking.istio.io resources: @@ -121,6 +135,7 @@ rules: - get - update - list +# trafficsplit access needed for using the SMI provider - apiGroups: - split.smi-spec.io resources: @@ -131,17 +146,4 @@ rules: - get - update - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete -- apiGroups: - - "*" - resources: - - "*/finalizers" - verbs: - - "*" {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index c2c2df64..b78b1402 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -30,14 +30,13 @@ spec: {{- end }} serviceAccountName: {{ .Values.serviceAccount.name }} containers: - - command: - - "/bin/rollouts-controller" image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + {{- if not .Values.clusterInstall }} + args: + - --namespaced + {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: {{ .Values.controller.name }} - volumeMounts: - - name: tmp - mountPath: /tmp resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} @@ -52,8 +51,5 @@ spec: affinity: {{- toYaml .Values.controller.affinity | nindent 8 }} {{- end }} - volumes: - - name: tmp - emptyDir: {} strategy: type: Recreate diff --git a/charts/argo-rollouts/templates/argo-rollouts-role.yaml b/charts/argo-rollouts/templates/argo-rollouts-role.yaml index dee6f168..4c80d507 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-role.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-role.yaml @@ -7,6 +7,43 @@ metadata: app.kubernetes.io/name: {{ .Release.Name }}-role app.kubernetes.io/part-of: {{ .Release.Name }} rules: +- apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch +# replicaset access needed for managing ReplicaSets - apiGroups: - apps resources: @@ -19,6 +56,7 @@ rules: - update - patch - delete +# services patch needed to update selector of canary/stable/active/preview services - apiGroups: - "" resources: @@ -28,59 +66,52 @@ rules: - list - watch - patch +# secret read access to run analysis templates which reference secrets - apiGroups: - - "" + - "" resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - rollouts + - secrets verbs: - get - list - watch +# pod list/update needed for updating ephemeral data +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - update +# pods eviction needed for restart +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +# event write needed for emitting events +- apiGroups: + - "" + resources: + - events + verbs: + - create - update - patch +# ingress patch needed for managing ingress annotations, create needed for nginx canary - apiGroups: - - argoproj.io + - networking.k8s.io + - extensions resources: - - rollouts/finalizers - verbs: - - update -- apiGroups: - - argoproj.io - resources: - - analysisruns - - experiments + - ingresses verbs: - create - get - list - watch - - update - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysisruns/finalizers - - experiments/finalizers - verbs: - - update -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch +# job access needed for analysis template job metrics - apiGroups: - batch resources: @@ -93,28 +124,24 @@ rules: - update - patch - delete +# virtualservice access needed for using the Istio provider - apiGroups: - - extensions + - networking.istio.io resources: - - ingresses + - virtualservices verbs: - - create - - get - - list - watch - - patch + - get + - update + - list +# trafficsplit access needed for using the SMI provider - apiGroups: - - "" + - split.smi-spec.io resources: - - events + - trafficsplits verbs: - create + - watch + - get - update - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 3a4caef4..e5a78219 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -1,9 +1,9 @@ {{- if .Values.installCRDs }} -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.4.0 name: analysisruns.argoproj.io spec: additionalPrinterColumns: @@ -41,6 +41,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object secretKeyRef: properties: key: @@ -81,6 +88,15 @@ spec: type: string provider: properties: + datadog: + properties: + interval: + type: string + query: + type: string + required: + - query + type: object job: properties: metadata: @@ -2053,6 +2069,8 @@ spec: fsGroup: format: int64 type: integer + fsGroupChangePolicy: + type: string runAsGroup: format: int64 type: integer @@ -2679,6 +2697,15 @@ spec: - storageAccountName - threshold type: object + newRelic: + properties: + profile: + type: string + query: + type: string + required: + - query + type: object prometheus: properties: address: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index c559fae1..7e67249d 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -1,9 +1,9 @@ {{- if .Values.installCRDs }} -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.4.0 name: analysistemplates.argoproj.io spec: group: argoproj.io @@ -35,6 +35,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object secretKeyRef: properties: key: @@ -75,6 +82,15 @@ spec: type: string provider: properties: + datadog: + properties: + interval: + type: string + query: + type: string + required: + - query + type: object job: properties: metadata: @@ -2047,6 +2063,8 @@ spec: fsGroup: format: int64 type: integer + fsGroupChangePolicy: + type: string runAsGroup: format: int64 type: integer @@ -2673,6 +2691,15 @@ spec: - storageAccountName - threshold type: object + newRelic: + properties: + profile: + type: string + query: + type: string + required: + - query + type: object prometheus: properties: address: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 9a768072..4682d90c 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -1,9 +1,9 @@ {{- if .Values.installCRDs }} -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.4.0 name: clusteranalysistemplates.argoproj.io spec: group: argoproj.io @@ -35,6 +35,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object secretKeyRef: properties: key: @@ -75,6 +82,15 @@ spec: type: string provider: properties: + datadog: + properties: + interval: + type: string + query: + type: string + required: + - query + type: object job: properties: metadata: @@ -2047,6 +2063,8 @@ spec: fsGroup: format: int64 type: integer + fsGroupChangePolicy: + type: string runAsGroup: format: int64 type: integer @@ -2673,6 +2691,15 @@ spec: - storageAccountName - threshold type: object + newRelic: + properties: + profile: + type: string + query: + type: string + required: + - query + type: object prometheus: properties: address: diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index bd435156..1133a9c8 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -1,9 +1,9 @@ {{- if .Values.installCRDs }} -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.4.0 name: experiments.argoproj.io spec: additionalPrinterColumns: @@ -44,6 +44,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object secretKeyRef: properties: key: @@ -2031,6 +2038,8 @@ spec: fsGroup: format: int64 type: integer + fsGroupChangePolicy: + type: string runAsGroup: format: int64 type: integer diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 18afb92b..74fb4ad9 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -1,9 +1,9 @@ {{- if .Values.installCRDs }} -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.4.0 name: rollouts.argoproj.io spec: additionalPrinterColumns: @@ -16,13 +16,11 @@ spec: name: Current type: integer - JSONPath: .status.updatedReplicas - description: Total number of non-terminated pods targeted by this rollout that - have the desired template spec + description: Total number of non-terminated pods targeted by this rollout that have the desired template spec name: Up-to-date type: integer - JSONPath: .status.availableReplicas - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this rollout + description: Total number of available pods (ready for at least minReadySeconds) targeted by this rollout name: Available type: integer group: argoproj.io @@ -39,6 +37,7 @@ spec: labelSelectorPath: .status.selector specReplicasPath: .spec.replicas statusReplicasPath: .status.HPAReplicas + status: {} validation: openAPIV3Schema: properties: @@ -125,6 +124,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object podTemplateHashValue: type: string type: object @@ -157,6 +163,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object podTemplateHashValue: type: string type: object @@ -205,6 +218,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object podTemplateHashValue: type: string type: object @@ -242,6 +262,17 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: type: object type: object + canaryMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object canaryService: type: string maxSurge: @@ -254,6 +285,17 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + stableMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object stableService: type: string steps: @@ -270,6 +312,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object podTemplateHashValue: type: string type: object @@ -305,6 +354,13 @@ spec: type: string valueFrom: properties: + fieldRef: + properties: + fieldPath: + type: string + required: + - fieldPath + type: object podTemplateHashValue: type: string type: object @@ -316,6 +372,8 @@ spec: type: boolean name: type: string + requiredForCompletion: + type: boolean templateName: type: string required: @@ -385,6 +443,17 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + setCanaryScale: + properties: + matchTrafficWeight: + type: boolean + replicas: + format: int32 + type: integer + weight: + format: int32 + type: integer + type: object setWeight: format: int32 type: integer @@ -2367,6 +2436,8 @@ spec: fsGroup: format: int64 type: integer + fsGroupChangePolicy: + type: string runAsGroup: format: int64 type: integer @@ -2992,8 +3063,6 @@ spec: - name - status type: object - stableRS: - type: string type: object collisionCount: format: int32 @@ -3048,6 +3117,8 @@ spec: - startTime type: object type: array + promoteFull: + type: boolean readyReplicas: format: int32 type: integer diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index a488e6ec..4e11b693 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -13,7 +13,7 @@ controller: affinity: {} image: repository: argoproj/argo-rollouts - tag: v0.9.1 + tag: v0.10.2 pullPolicy: IfNotPresent resources: {} From 5e46d0eba0374c80156ea0e8ad470400e50457bb Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Thu, 21 Jan 2021 10:55:51 -0800 Subject: [PATCH 05/18] enable stale bot --- .github/stale.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/stale.yaml diff --git a/.github/stale.yaml b/.github/stale.yaml new file mode 100644 index 00000000..d9f65632 --- /dev/null +++ b/.github/stale.yaml @@ -0,0 +1,17 @@ +# Number of days of inactivity before an issue becomes stale +daysUntilStale: 60 +# Number of days of inactivity before a stale issue is closed +daysUntilClose: 7 +# Issues with these labels will never be considered stale +exemptLabels: + - pinned + - security +# Label to use when marking an issue as stale +staleLabel: wontfix +# Comment to post when marking an issue as stale. Set to `false` to disable +markComment: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. +# Comment to post when closing a stale issue. Set to `false` to disable +closeComment: false \ No newline at end of file From bb0e3e67c7df35eb75f5544c8fc3830fc6c94cbe Mon Sep 17 00:00:00 2001 From: Alex Collins Date: Fri, 22 Jan 2021 03:19:42 -0800 Subject: [PATCH 06/18] chore: Add/invite new code-owners (#551) * chore: Add/invite new code-owners * remove @vladlosev from argo-events --- CODEOWNERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index 3fa1142c..0d75ccc8 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,13 +1,13 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners # Argo Workflows -/charts/argo @benjaminws @stefansedich @paguos +/charts/argo @benjaminws @stefansedich @paguos @vladlosev @yann-soubeyrand # Argo CD -/charts/argo-cd @seanson @spencergilbert +/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand # Argo Events -/charts/argo-events @jbehling +/charts/argo-events @jbehling @VaibhavPage # Argo Rollouts /charts/argo-rollouts @cabrinha From ef64e585fe90d88055f0cf052bfd74d863fcec73 Mon Sep 17 00:00:00 2001 From: Chulki Lee Date: Fri, 22 Jan 2021 20:23:36 +0900 Subject: [PATCH 07/18] fix(argo-cd): quote version annotation (#534) Signed-off-by: Chulki Lee Co-authored-by: David J. M. Karlsen --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/templates/dex/deployment.yaml | 4 ++-- charts/argo-cd/templates/redis/deployment.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 761255f0..025028e5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 1.7.6 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.11.2 +version: 2.11.3 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 29802398..c595a014 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.dex.name }} - app.kubernetes.io/version: {{ .Values.dex.image.tag }} + app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} spec: selector: matchLabels: @@ -31,7 +31,7 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.dex.name }} - app.kubernetes.io/version: {{ .Values.dex.image.tag }} + app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} {{- if .Values.dex.podLabels }} {{- toYaml .Values.dex.podLabels | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 58934683..3ab7ac0c 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.redis.name }} - app.kubernetes.io/version: {{ .Values.redis.image.tag }} + app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} spec: selector: matchLabels: @@ -31,7 +31,7 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argocd app.kubernetes.io/component: {{ .Values.redis.name }} - app.kubernetes.io/version: {{ .Values.redis.image.tag }} + app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} {{- if .Values.redis.podLabels }} {{- toYaml .Values.redis.podLabels | nindent 8 }} {{- end }} From 6b6254ef77d44a3185bda56aa229c0b2a7d7c161 Mon Sep 17 00:00:00 2001 From: Sergey Shaykhullin <46970457+sergeyshaykhullin@users.noreply.github.com> Date: Fri, 22 Jan 2021 14:47:08 +0300 Subject: [PATCH 08/18] fix(argo-rollouts): Fix critical deployment schema bug (#552) * Fix map -> array in containers Signed-off-by: sergeyshaykhullin * Bump chart version Signed-off-by: sergeyshaykhullin Co-authored-by: David J. M. Karlsen --- charts/argo-rollouts/Chart.yaml | 2 +- charts/argo-rollouts/templates/argo-rollouts-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index eed61c87..a6f74059 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.4.0 +version: 0.4.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index b78b1402..dd04516a 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -30,7 +30,7 @@ spec: {{- end }} serviceAccountName: {{ .Values.serviceAccount.name }} containers: - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" {{- if not .Values.clusterInstall }} args: - --namespaced From a497e0ddaffd6b824f4ec88b331dd395abc49ed8 Mon Sep 17 00:00:00 2001 From: smcavallo Date: Mon, 25 Jan 2021 13:47:48 -0500 Subject: [PATCH 09/18] chore(argo): update argo to 2.12.5 (#554) * update argo to 2.12.5 Signed-off-by: smcavallo * updated Signed-off-by: smcavallo --- charts/argo/Chart.yaml | 4 ++-- charts/argo/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 44c812c7..ee83daf9 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v2.12.3 +appVersion: v2.12.5 description: A Helm chart for Argo Workflows name: argo -version: 0.15.2 +version: 0.15.3 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index b1491b14..a15938db 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -7,7 +7,7 @@ images: # Secrets with credentials to pull images from a private registry pullSecrets: [] # - name: argo-pull-secret - tag: v2.12.3 + tag: v2.12.5 crdVersion: v1alpha1 installCRD: true From 20b750a04533527c1e8faa331e17cb99a3a6ea10 Mon Sep 17 00:00:00 2001 From: Wylie Hobbs Date: Mon, 25 Jan 2021 23:36:53 -0700 Subject: [PATCH 10/18] fix(argo-cd): bump dex image for secretEnv in staticClients to work (#519) * Bump dex image for secretEnv in staticClients to work Signed-off-by: Wylie Hobbs * Bump chart again Signed-off-by: Wylie Hobbs --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 025028e5..127b6400 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 1.7.6 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.11.3 +version: 2.11.4 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5331d96b..f665e173 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -195,7 +195,7 @@ dex: image: repository: quay.io/dexidp/dex - tag: v2.22.0 + tag: v2.26.0 imagePullPolicy: IfNotPresent initImage: repository: From cce87f5163a9c6eeaef885f1e70bf35c349a16b1 Mon Sep 17 00:00:00 2001 From: Lucas Bickel Date: Tue, 26 Jan 2021 18:03:14 +0100 Subject: [PATCH 11/18] fix(argo-cd): remove charts/argo-cd/charts/redis-ha/ from git tree (#539) * fix(argo-cd): remove charts/argo-cd/charts/redis-ha/ from git tree Signed-off-by: Lucas Bickel * fix(ci): unpack dep from tarball instead instead of git Signed-off-by: Lucas Bickel --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/charts/redis-ha/Chart.yaml | 21 - charts/argo-cd/charts/redis-ha/OWNERS | 6 - charts/argo-cd/charts/redis-ha/README.md | 230 ----------- .../redis-ha/ci/haproxy-enabled-values.yaml | 10 - .../charts/redis-ha/templates/NOTES.txt | 25 -- .../charts/redis-ha/templates/_configs.tpl | 275 ------------- .../charts/redis-ha/templates/_helpers.tpl | 83 ---- .../redis-ha/templates/redis-auth-secret.yaml | 12 - .../templates/redis-ha-announce-service.yaml | 41 -- .../templates/redis-ha-configmap.yaml | 25 -- .../redis-ha-exporter-script-configmap.yaml | 11 - .../redis-ha/templates/redis-ha-pdb.yaml | 15 - .../redis-ha/templates/redis-ha-role.yaml | 19 - .../templates/redis-ha-rolebinding.yaml | 19 - .../redis-ha/templates/redis-ha-service.yaml | 35 -- .../templates/redis-ha-serviceaccount.yaml | 12 - .../templates/redis-ha-servicemonitor.yaml | 35 -- .../templates/redis-ha-statefulset.yaml | 319 --------------- .../templates/redis-haproxy-deployment.yaml | 151 -------- .../templates/redis-haproxy-service.yaml | 42 -- .../redis-haproxy-serviceaccount.yaml | 12 - .../redis-haproxy-servicemonitor.yaml | 34 -- .../tests/test-redis-ha-configmap.yaml | 27 -- .../templates/tests/test-redis-ha-pod.yaml | 20 - charts/argo-cd/charts/redis-ha/values.yaml | 362 ------------------ scripts/publish.sh | 6 +- 27 files changed, 4 insertions(+), 1845 deletions(-) delete mode 100644 charts/argo-cd/charts/redis-ha/Chart.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/OWNERS delete mode 100644 charts/argo-cd/charts/redis-ha/README.md delete mode 100644 charts/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/NOTES.txt delete mode 100644 charts/argo-cd/charts/redis-ha/templates/_configs.tpl delete mode 100644 charts/argo-cd/charts/redis-ha/templates/_helpers.tpl delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-auth-secret.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-announce-service.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-configmap.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-role.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-rolebinding.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-service.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-haproxy-service.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml delete mode 100644 charts/argo-cd/charts/redis-ha/values.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 127b6400..210a61bb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 1.7.6 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.11.4 +version: 2.11.5 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/charts/redis-ha/Chart.yaml b/charts/argo-cd/charts/redis-ha/Chart.yaml deleted file mode 100644 index 04a04fdf..00000000 --- a/charts/argo-cd/charts/redis-ha/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -appVersion: 5.0.6 -description: Highly available Kubernetes implementation of Redis -engine: gotpl -home: http://redis.io/ -icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png -keywords: -- redis -- keyvalue -- database -maintainers: -- email: salimsalaues@gmail.com - name: ssalaues -- email: aaron.layfield@gmail.com - name: dandydeveloper -name: redis-ha -sources: -- https://redis.io/download -- https://github.com/scality/Zenko/tree/development/1.0/kubernetes/zenko/charts/redis-ha -- https://github.com/oliver006/redis_exporter -version: 4.4.2 diff --git a/charts/argo-cd/charts/redis-ha/OWNERS b/charts/argo-cd/charts/redis-ha/OWNERS deleted file mode 100644 index cf4f87d5..00000000 --- a/charts/argo-cd/charts/redis-ha/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- ssalaues -- dandydeveloper -reviewers: -- ssalaues -- dandydeveloper \ No newline at end of file diff --git a/charts/argo-cd/charts/redis-ha/README.md b/charts/argo-cd/charts/redis-ha/README.md deleted file mode 100644 index ba93ce0f..00000000 --- a/charts/argo-cd/charts/redis-ha/README.md +++ /dev/null @@ -1,230 +0,0 @@ -# Redis - -[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs. - -## TL;DR; - -```bash -$ helm install stable/redis-ha -``` - -By default this chart install 3 pods total: - * one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available) - * two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available) - -## Introduction - -This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. - -## Prerequisites - -- Kubernetes 1.8+ with Beta APIs enabled -- PV provisioner support in the underlying infrastructure - -## Upgrading the Chart - -Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually. - -### Upgrading the chart from 3.x to 4.x - -Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs. - -## Installing the Chart - -To install the chart - -```bash -$ helm install stable/redis-ha -``` - -The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the deployment: - -```bash -$ helm delete -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Redis chart and their default values. - -| Parameter | Description | Default | -|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| -| `image` | Redis image | `redis` | -| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] | -| `tag` | Redis tag | `5.0.6-alpine` | -| `replicas` | Number of redis master/slave pods | `3` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template | -| `rbac.create` | Create and use RBAC resources | `true` | -| `redis.port` | Port to access the redis service | `6379` | -| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` | -| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml | -| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | `` | -| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` | -| `sentinel.port` | Port to access the sentinel service | `26379` | -| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` | -| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml | -| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | `` | -| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` | -| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` | -| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` | -| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | `` | -| `authKey` | The key holding the redis password in an existing secret. | `auth` | -| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | `` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` | -| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` | -| `securityContext` | Security context to be added to the Redis server pods. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` | -| `affinity` | Override all other affinity settings with a string. | `""` | -| `persistentVolume.size` | Size for the volume | 10Gi | -| `persistentVolume.annotations` | Annotations for the volume | `{}` | -| `persistentVolume.reclaimPolicy` | Method used to reclaim an obsoleted volume. `Delete` or `Retain` | `""` | -| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` | -| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | -| `exporter.image` | Exporter image | `oliver006/redis_exporter` | -| `exporter.tag` | Exporter tag | `v0.31.0` | -| `exporter.port` | Exporter port | `9121` | -| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | -| `exporter.extraArgs` | Additional args for the exporter | `{}` | -| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | | -| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | -| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` | -| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | -| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` | -| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | -| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | -| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` | -| `haproxy.replicas` | Number of HAProxy instances | `3` | -| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` | -| `haproxy.image.tag` | HAProxy Image Tag | `2.0.1` | -| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` | -| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] | -| `haproxy.annotations` | HAProxy template annotations | `{}` | -| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | `` | -| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | `` | -| `haproxy.resources` | HAProxy resources | `{}` | -| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` | -| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` | -| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set | -| `haproxy.service.annotations` | HAProxy service annotations | `{}` | -| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` | -| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` | -| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` | -| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` | -| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` | -| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `exporter-port` | -| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` | -| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` | -| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` | -| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | -| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` | -| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` | -| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | -| `haproxy.init.resources` | Extra init resources | `{}` | -| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` | -| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` | -| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` | -| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` | -| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set | -| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` | -| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` | -| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` | -| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` | -| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` | -| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set | -| `hostPath.path` | Use this path on the host for data storage | not set | -| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` | -| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` | -| `sysctlImage.command` | sysctlImage command to execute | [] | -| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` | -| `sysctlImage.repository` | sysctlImage Init container name | `busybox` | -| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` | -| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` | -| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctlImage.resources` | sysctlImage resources | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install \ - --set image=redis \ - --set tag=5.0.5-alpine \ - stable/redis-ha -``` - -The above command sets the Redis server within `default` namespace. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install -f values.yaml stable/redis-ha -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Custom Redis and Sentinel config options - -This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options. - -[Example redis.conf](http://download.redis.io/redis-stable/redis.conf) -[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf) - -For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as: - -```yml - repl-timeout: "60" -``` - -Note: - -1. Some config options should be renamed by redis version,e.g.: - - ``` - # In redis 5.x,see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf - min-replicas-to-write: 1 - min-replicas-max-lag: 5 - - # In redis 4.x and redis 3.x,see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf - min-slaves-to-write 1 - min-slaves-max-lag 5 - ``` - -Sentinel options supported must be in the the `sentinel