DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update(argo-cd): update argocd helm chart to latest version based on official release

Browse source
This commit is contained in:
jfeldman325 2023-02-17 16:20:27 -05:00
parent f004ce3bef
commit ad517ceb42
116 changed files with 12914 additions and 3362 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
charts/argo-cd/Chart.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.12.17
digest: sha256:ad1833436031e3578165d48646c90323040fa1bc00d9235fe7ba7c67b20094ec
generated: "2021-07-27T16:35:27.2509236-04:00"
version: 4.22.4
digest: sha256:5df60910862b364ebfb82cba2b2f0951c39ad36446647fb3f501bdeadc92fbd7
generated: "2022-12-26T22:58:11.561184+09:00"

18
charts/argo-cd/Chart.yaml
View file

@ -1,22 +1,26 @@
apiVersion: v2
appVersion: v2.3.1
appVersion: v2.6.2
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 4.7.9
home: https://github.com/coreweave/argo-helm
version: 5.21.1
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
keywords:
- argoproj
- argocd
- gitops
maintainers:
- name: coreweave
- name: argoproj
url: https://argoproj.github.io/
dependencies:
- name: redis-ha
version: 4.12.18
version: 4.22.4
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled
annotations:
artifacthub.io/changes: |
- "[Fixed]: Add missing NetworkPolicy for ApplicationSet and Notifications"
category: CI/CD
- kind: changed
description: Upgrade Argo CD to v2.6.2

1173
charts/argo-cd/README.md
View file

File diff suppressed because it is too large Load diff

539
charts/argo-cd/README.md.gotmpl Normal file
View file

@ -0,0 +1,539 @@
# Argo CD Chart
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
Source code can be found here:
{{ template "chart.sourcesList" . }}
This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes.
The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
## High Availability
This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections.
Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail.
> **Warning:**
> You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes.
### HA mode with autoscaling
```yaml
redis-ha:
enabled: true
controller:
replicas: 1
server:
autoscaling:
enabled: true
minReplicas: 2
repoServer:
autoscaling:
enabled: true
minReplicas: 2
applicationSet:
replicaCount: 2
```
### HA mode without autoscaling
```yaml
redis-ha:
enabled: true
controller:
replicas: 1
server:
replicas: 2
repoServer:
replicas: 2
applicationSet:
replicaCount: 2
```
### Synchronizing Changes from Original Repository
In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
When installing Argo CD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`.
To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`:
https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket
Or you clone the repository and do a local `git-diff`:
```bash
git clone https://github.com/argoproj/argo-cd.git
cd argo-cd
git diff v1.8.7 v2.0.0 -- manifests/install.yaml
```
Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds).
### Custom resource definitions
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart.
Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `<chart>/templates` to address this design decision.
If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
```bash
kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVersion>"
# Eg. version v2.4.9
kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
```
## Changelog
For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.19.0
This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections.
You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories.
### 5.13.0
This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
### 5.12.0
If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead.
For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`.
For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys.
### 5.10.0
This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly.
The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project.
### 5.7.0
This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively.
Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`.
If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes.
### 5.5.20
This version moved API version templates into dedicated helper. If you are using these in your umbrella
chart please migrate your templates to pattern `argo-cd.apiVersion.<component>`.
### 5.5.0
This version introduces new `configs.params` section that replaces command line arguments for containers.
Please refer to documentation in values.yaml for migrating the configuration.
### 5.2.0
Custom resource definitions were moved to `templates` folder so they can be managed by Helm.
To adopt already created CRDs, please use following command:
```bash
YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd
YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd
for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do
kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm
kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE"
kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME"
done
```
### 5.0.0
This version **removes support for**:
- deprecated repository credentials (parameter `configs.repositoryCredentials`)
- option to run application controller as a Deployment
- the parameters `server.additionalApplications` and `server.additionalProjects`
Please carefully read the following section if you are using these parameters!
In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps).
If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below:
1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart
You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`.
e.g:
```yaml
server:
additionalApplications:
- name: guestbook
namespace: argocd
additionalLabels: {}
additionalAnnotations:
"helm.sh/resource-policy": keep # <-- add this
finalizers:
- resources-finalizer.argocd.argoproj.io
project: guestbook
source:
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
path: guestbook
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: guestbook
syncPolicy:
automated:
prune: false
selfHeal: false
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas
info:
- name: url
value: https://argoproj.github.io/
```
You can also keep your existing CRDs by running the following scripts.
```bash
# keep Applications
for app in "guestbook"; do
kubectl annotate --overwrite application $app helm.sh/resource-policy=keep
done
# keep Projects
for project in "guestbook"; do
kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep
done
```
2. Upgrade argo-cd Helm chart to v5.0.0
3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource)
```bash
# delete annotations from Applications
for app in "guestbook"; do
kubectl annotate --overwrite application $app helm.sh/resource-policy-
done
# delete annotations from Projects
for project in "guestbook"; do
kubectl annotate --overwrite appproject $project helm.sh/resource-policy-
done
```
4. Adopt existing resources to [argocd-apps](../argocd-apps)
### 4.9.0
This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller`
### 4.3.*
With this minor version, the notification notifier's `service.slack` is no longer configured by default.
### 4.0.0 and above
This helm chart version deploys Argo CD v2.3. The Argo CD Notifications and ApplicationSet are part of Argo CD now. You no longer need to install them separately. The Notifications and ApplicationSet components **are bundled into default** Argo CD installation.
Please read the [v2.2 to 2.3 upgrade instructions] in the upstream repository.
### 3.13.0
This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of Argo CD, it can be passed via the `server.extraArgs` field
### 3.10.2
Argo CD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default
It can be re-enabled by setting `server.staticAssets.enabled` to true
### 3.8.1
This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization:
```yaml
# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name)
repoServer:
serviceAccount:
create: true
# Case 2)
controller:
serviceAccount:
name: "" # or <nil>
# Case 3)
dex:
serviceAccount:
name: "" # or <nil>
# Case 4)
server:
serviceAccount:
name: "" # or <nil>
```
Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE)
### 3.2.*
With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an Argo CD instance**,
especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`).
If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like:
```yaml
kubeVersionOverride: "1.18.0"
```
Then you should no longer encounter this issue.
### 3.0.0 and above
Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3.
### 2.14.7 and above
The `matchLabels` key in the Argo CD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
### 2.10.x to 2.11.0
The application controller is now available as a `StatefulSet` when the `controller.enableStatefulSet` flag is set to true. Depending on your Helm deployment this may be a downtime or breaking change if enabled when using HA and will become the default in 3.x.
### 1.8.7 to 2.x.x
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map
What was
```yaml
server:
extraArgs:
insecure: ""
```
is now
```yaml
server:
extraArgs:
- --insecure
```
## Prerequisites
- {{ template "chart.kubeVersionLine" . }}
- Helm v3.0.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install my-release argo/argo-cd
NAME: my-release
...
```
## General parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) ) }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Global Configs
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "global" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo CD Configs
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "configs" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo CD Controller
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "controller" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo Repo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "repoServer" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if and (hasPrefix "server" .Key) (not (hasPrefix "server.additional" .Key)) }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
### Using AWS ALB Ingress Controller With GRPC
If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
Example:
```yaml
server:
ingress:
enabled: true
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
ingressGrpc:
enabled: true
isAWSALB: true
awsALB:
serviceType: ClusterIP
```
## Dex
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "dex" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Redis
### Option 1 - Single Redis instance (default option)
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "redis." .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
### Option 2 - Redis HA
This option uses the following third-party chart to bootstrap a clustered Redis: https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha.
For all available configuration options, please read upstream README and/or chart source.
The main options are listed here:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "redis-ha" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image |
| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag |
| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository |
| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag |
| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository |
### Option 3 - External Redis
If you want to use an existing Redis (eg. a managed service from a cloud provider), you can use these parameters:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "externalRedis" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## ApplicationSet
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "applicationSet" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Notifications
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "notifications" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md

2
charts/argo-cd/ci/default-values.yaml
View file

@ -1 +1,3 @@
# Test with default values
crds:
keep: false

12
charts/argo-cd/ci/external-redis-values.yaml Normal file
View file

@ -0,0 +1,12 @@
crds:
keep: false
redis:
enabled: false
redis-ha:
enabled: false
externalRedis:
host: "redis-master.redis.svc.cluster.local"
password: "argocd"

6
charts/argo-cd/ci/ha-autoscaling-values.yaml
View file

@ -1,10 +1,10 @@
# Test High Availability with autoscaling
crds:
keep: false
redis-ha:
enabled: true
controller:
enableStatefulSet: true
server:
autoscaling:
enabled: true

9
charts/argo-cd/ci/ha-static-values.yaml
View file

@ -1,15 +1,12 @@
# Test High Availability without autoscaling
crds:
keep: false
redis-ha:
enabled: true
controller:
enableStatefulSet: true
server:
replicas: 2
env:
- name: ARGOCD_API_SERVER_REPLICAS
value: '2'
repoServer:
replicas: 2

3
charts/argo-cd/package.json
View file

@ -1,3 +0,0 @@
{
"name": "argo-cd"
}

144
charts/argo-cd/templates/NOTES.txt
View file

@ -1,15 +1,143 @@
{{- if or .Values.configs.repositoryCredentials .Values.server.config.repositories }}
WARNING: You are using configs.repositoryCredentials and/or server.config.repositories parameter that are DEPRECATED
Instead, use configs.repositoryTemplates and/or configs.repositories parameters
Read More about here: https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour
{{- if .Values.controller.args.statusProcessors }}
DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors
{{- end }}
{{- if .Values.controller.args.operationProcessors }}
DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors
{{- end }}
{{- if .Values.controller.args.appResyncPeriod }}
DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation
{{- end }}
{{- if .Values.controller.args.appHardResyncPeriod }}
DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation
{{- end }}
{{- if .Values.controller.args.selfHealTimeout }}
DEPRECATED option controller.args.selfHealTimeout - Use configs.params.controller.self.heal.timeout.seconds
{{- end }}
{{- if .Values.controller.args.repoServerTimeoutSeconds }}
DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds
{{- end }}
{{- if .Values.controller.logFormat }}
DEPRECATED option controller.logFormat - Use configs.params.controller.log.format
{{- end }}
{{- if .Values.controller.logLevel }}
DEPRECATED option controller.logLevel - Use configs.params.controller.log.level
{{- end }}
{{- if .Values.server.logFormat }}
DEPRECATED option server.logFormat - Use configs.params.server.log.format
{{- end }}
{{- if .Values.server.logLevel }}
DEPRECATED option server.logLevel - Use configs.params.server.log.level
{{- end }}
{{- if has "--insecure" .Values.server.extraArgs }}
DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure
{{- end }}
{{- if .Values.repoServer.logFormat }}
DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format
{{- end }}
{{- if .Values.repoServer.logLevel }}
DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level
{{- end }}
{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }}
DEPRECATED option server.config - Use configs.cm
{{- end }}
{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
DEPRECATED option server.rbacConfig - Use configs.rbac
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
{{- end }}
{{- if .Values.configs.gpgKeys }}
DEPRECATED option configs.gpgKeys - Use config.gpg.keys
{{- end }}
{{- if .Values.configs.gpgKeysAnnotations }}
DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
{{- end }}
{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if .Values.configs.knownHostsAnnotations }}
DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations
{{- end }}
{{- if hasKey .Values.configs "knownHosts" }}
DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts
{{- end }}
{{- if .Values.configs.tlsCertsAnnotations }}
DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations
{{- end }}
{{- if hasKey .Values.configs "tlsCerts" }}
DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates
{{- end }}
{{- if .Values.applicationSet.logFormat }}
DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format
{{- end }}
{{- if .Values.applicationSet.logLevel }}
DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level
{{- end }}
{{- if .Values.applicationSet.args.policy }}
DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy
{{- end }}
{{- if .Values.applicationSet.args.dryRun }}
DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun
{{- end }}
{{- if .Values.controller.service }}
REMOVED option controller.service - Use controller.metrics
{{- end }}
{{- if .Values.repoServer.copyutil }}
REMOVED option repoSever.copyutil.resources - Use repoServer.resources
{{- end }}
{{- if .Values.applicationSet.args.debug }}
REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
{{- end }}
{{- if .Values.applicationSet.args.enableLeaderElection }}
REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
{{- end }}
{{- if .Values.controller.containerPort }}
REMOVED option controller.containerPort - Use controller.containerPorts
{{- end }}
{{- if .Values.server.containerPort }}
REMOVED option server.containerPort - Use server.containerPorts
{{- end }}
{{- if .Values.repoServer.containerPort }}
REMOVED option repoServer.containerPort - Use repoServer.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.metricsAddr }}
REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.probeBindAddr }}
REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.redis.containerPort }}
REMOVED option redis.containerPort - Use redis.containerPorts
{{- end }}
{{- if .Values.redis.metrics.containerPort }}
REMOVED option redis.metrics.containerPort - Use redis.containerPorts
{{- end }}
{{- end}}
In order to access the server UI you'll need to visit the following url:
In order to access the server UI you have the following options:
1. {{ include "coreweave.externalDnsName" . }}
1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress in the values file `server.ingress.enabled` and either
- Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
- Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}}
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli)
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
After reaching the UI the first time you can login using Dex or OIDC.
{{ else -}}
After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`.
{{ end -}}

65
charts/argo-cd/templates/_common.tpl Normal file
View file

@ -0,0 +1,65 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-cd.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo-cd.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-cd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create Argo CD app version
*/}}
{{- define "argo-cd.defaultTag" -}}
{{- default .Chart.AppVersion .Values.global.image.tag }}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "argo-cd.labels" -}}
helm.sh/chart: {{ include "argo-cd.chart" .context }}
{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argocd
{{- with .context.Values.global.additionalLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-cd.selectorLabels" -}}
{{- if .name -}}
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }}
{{ end -}}
app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }}
app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}

339
charts/argo-cd/templates/_helpers.tpl
View file

@ -1,34 +1,11 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-cd.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo-cd.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create controller name and version as used by the chart label.
Truncated at 52 chars because StatefulSet label 'controller-revision-hash' is limited
to 63 chars and it includes 10 chars of hash and a separating '-'.
*/}}
{{- define "argo-cd.controller.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}}
{{- end -}}
{{/*
@ -38,6 +15,17 @@ Create dex name and version as used by the chart label.
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create Dex server endpoint
*/}}
{{- define "argo-cd.dex.server" -}}
{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}}
{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}}
{{- $host := include "argo-cd.dex.fullname" . -}}
{{- $port := int .Values.dex.servicePortHttp -}}
{{- printf "%s://%s:%d" $scheme $host $port }}
{{- end }}
{{/*
Create redis name and version as used by the chart label.
*/}}
@ -53,6 +41,18 @@ Create redis name and version as used by the chart label.
{{- end -}}
{{- end -}}
{{/*
Return Redis server endpoint
*/}}
{{- define "argo-cd.redis.server" -}}
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
{{- printf "%s:%s" (include "argo-cd.redis.fullname" .) (toString .Values.redis.servicePort) }}
{{- else if and .Values.externalRedis.host .Values.externalRedis.port }}
{{- printf "%s:%s" .Values.externalRedis.host (toString .Values.externalRedis.port) }}
{{- end }}
{{- end -}}
{{/*
Create argocd server name and version as used by the chart label.
*/}}
@ -169,178 +169,163 @@ Create the name of the notifications bots slack service account to use
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-cd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "argo-cd.labels" -}}
helm.sh/chart: {{ include "argo-cd.chart" .context }}
{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argocd
{{- with .context.Values.global.additionalLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-cd.selectorLabels" -}}
{{- if .name -}}
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }}
{{ end -}}
app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }}
app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-cd.ingress.apiVersion" -}}
{{- if .Values.apiVersionOverrides.ingress -}}
{{- print .Values.apiVersionOverrides.ingress -}}
{{- else if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "argo-cd.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end -}}
{{/*
Argo Configuration Preset Values (Incluenced by Values configuration)
*/}}
{{- define "argo-cd.config.presets" -}}
{{- if .Values.configs.styles }}
{{- define "argo-cd.config.cm.presets" -}}
{{- if .Values.configs.styles -}}
ui.cssurl: "./custom/custom.styles.css"
{{- end }}
{{- end -}}
{{- if not .Values.global.cluster.ngcp}}
resource.inclusions: |
- apiGroups:
- "kubeflow.org"
kinds:
- MPIJob
- TFJob
- MXJob
- PyTorchJob
- XGBoostJob
clusters:
- https://10.135.192.1:443
- https://kubernetes.default.svc
- apiGroups:
- "networking.k8s.io"
kinds:
- Ingress
- NetworkPolicy
clusters:
- https://10.135.192.1:443
- https://kubernetes.default.svc
- apiGroups:
- "cert-manager.io"
kinds:
- Certificate
clusters:
- https://10.135.192.1:443
- https://kubernetes.default.svc
- apiGroups:
- "*"
kinds:
- Deployment
- Pod
- ConfigMap
- Event
- LimitRange
- PersistentVolumeClaim
- PodTemplate
- ReplicationController
- Service
- Secret
- Endpoint
- ControllerRevision
- Application
- PodDisruptionBudget
- ServiceAccount
- StatefulSet
- SealedSecret
- Workflow
- WorkflowTemplate
- CronWorkflow
- AppProject
- Role
- RoleBinding
- InferenceService
- Revision
- PodAutoscaler
- Virtualservice
- HorizontalPodAutoscaler
- Batch
- Extention
- Job
- CronJob
- ResourceQuota
- IngressRoute
- IngressRouteTcp
- IngressRouteUdp
- Middleware
- TlsOption
- TlsStore
- TraefikService
- DataVolume
- ScaledObject
- Issuer
- CertificateRequest
- ServiceMonitor
- VirtualServer
clusters:
- https://10.135.192.1:443
- https://kubernetes.default.svc
{{- end}}
{{- end -}}
{{/*
Merge Argo Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config" -}}
{{- if .Values.server.configEnabled -}}
{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }}
{{- end -}}
{{- end -}}
{{- define "coreweave.config" -}}
{{- if .Values.server.configEnabled -}}
{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config" $))) .Values.server.exclusions) }}
{{- end -}}
{{- end -}}
{{/*
Return the default Argo CD app version
*/}}
{{- define "argo-cd.defaultTag" -}}
{{- default .Chart.AppVersion .Values.global.image.tag }}
{{- define "argo-cd.config.cm" -}}
{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}}
{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{ $key }}: {{ toString $value | toYaml }}
{{- end }}
{{- end -}}
{{/*
Create the name of the notifications controller secret to use
Argo Params Default Configuration Presets
*/}}
{{- define "argo-cd.notifications.secretName" -}}
{{- if .Values.notifications.secret.create -}}
{{ default (printf "%s-secret" (include "argo-cd.notifications.fullname" .)) .Values.notifications.secret.name }}
{{- else -}}
{{ default "argocd-notifications-secret" .Values.notifications.secret.name }}
{{- end -}}
{{- define "argo-cd.config.params.presets" -}}
repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}"
server.repo.server.strict.tls: {{ .Values.repoServer.certificateSecret.enabled | toString }}
{{- with include "argo-cd.redis.server" . }}
redis.server: {{ . | quote }}
{{- end }}
{{- if .Values.dex.enabled }}
server.dex.server: {{ include "argo-cd.dex.server" . | quote }}
server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }}
{{- end }}
{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }}
{{ $component }}.log.format: {{ $.Values.global.logging.format | quote }}
{{ $component }}.log.level: {{ $.Values.global.logging.level | quote }}
{{- end }}
{{- if .Values.applicationSet.enabled }}
applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }}
{{- end }}
{{- end -}}
{{/*
Create the name of the configmap to use
Merge Argo Params Configuration with Preset Configuration
*/}}
{{- define "argo-cd.notifications.configMapName" -}}
{{- if .Values.notifications.cm.create -}}
{{ default (printf "%s-cm" (include "argo-cd.notifications.fullname" .)) .Values.notifications.cm.name }}
{{- else -}}
{{ default "argocd-notifications-cm" .Values.notifications.cm.name }}
{{- end -}}
{{- define "argo-cd.config.params" -}}
{{- $config := omit .Values.configs.params "annotations" }}
{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{ $key }}: {{ toString $value | toYaml }}
{{- end }}
{{- end -}}
{{/*
Create Hostname helper -- Coreweave Use Only
*/}}
{{- define "coreweave.externalDnsName" -}}
{{- if .Values.fullnameOverride -}}
{{ default (printf "%s.%s.%s.ingress.coreweave.cloud" .Values.fullnameOverride .Release.Namespace (.Values.region | lower | toString)) .Values.customExternalDnsName }}
{{- else -}}
{{ default (printf "%s.%s.%s.ingress.coreweave.cloud" .Release.Name .Release.Namespace (.Values.region | lower | toString)) .Values.customExternalDnsName }}
{{- end -}}
{{- end -}}
{{- define "coreweave.vpc"}}
{{- if gt (len .Values.global.network.vpcs) 0}}
vpc.coreweave.cloud/name: "{{ include "vpcList" . }}"
{{- end}}
vpc.coreweave.cloud/kubernetes-networking: "{{- not .Values.global.network.disableK8sNetworking}}"
{{- end}}
{{/*
Create DRY Helpers
Convert VPC array to comma separated list
*/}}
{{- define "coreweave.nodeAffinityAndTolerations" -}}
tolerations:
- key: is_cpu_compute
operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/region
operator: In
values:
- {{ .Values.region }}
- key: node.coreweave.cloud/class
operator: In
values:
- cpu
{{- define "vpcList" -}}
{{- $names := list -}}
{{- range .Values.global.network.vpcs }}
{{- $names = .name | append $names -}}
{{- end -}}
{{- define "coreweave.tolerations" -}}
{{- if .Values.tolerations }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- else }}
tolerations:
- key: is_cpu_compute
operator: Exists
{{- end }}
{{- join "," $names }}
{{- end -}}
{{- define "coreweave.affinity" -}}
{{- if .Values.affinity }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- else }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/region
operator: In
values:
- {{ .Values.region }}
- key: node.coreweave.cloud/class
operator: In
values:
- cpu
{{- end }}
{{- end -}}
{{- define "coreweave.certSecretName" -}}
{{printf "%s-tls-cert" .Release.Name }}
{{- end -}}
# Taken from bitnami common, allows for adding template strings to values file
{{- define "argo-cd.retemplate"}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end}}

52
charts/argo-cd/templates/_versions.tpl Normal file
View file

@ -0,0 +1,52 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "argo-cd.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end }}
{{/*
Return the appropriate apiVersion for autoscaling
*/}}
{{- define "argo-cd.apiVersion.autoscaling" -}}
{{- if .Values.apiVersionOverrides.autoscaling -}}
{{- print .Values.apiVersionOverrides.autoscaling -}}
{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}}
{{- print "autoscaling/v2beta1" -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cert-manager
*/}}
{{- define "argo-cd.apiVersion.cert-manager" -}}
{{- if .Values.apiVersionOverrides.certmanager -}}
{{- print .Values.apiVersionOverrides.certmanager -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}}
{{- print "cert-manager.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" -}}
{{- print "cert-manager.io/v1beta1" -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" -}}
{{- print "cert-manager.io/v1alpha3" -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" -}}
{{- print "cert-manager.io/v1alpha2" -}}
{{- else -}}
{{- print "certmanager.k8s.io/v1alpha1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for GKE resources
*/}}
{{- define "argo-cd.apiVersions.cloudgoogle" -}}
{{- if .Values.apiVersionOverrides.cloudgoogle -}}
{{- print .Values.apiVersionOverrides.cloudgoogle -}}
{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
{{- print "cloud.google.com/v1" -}}
{{- else -}}
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}

18
charts/argo-cd/templates/argocd-aggregate-roles.yaml → charts/argo-cd/templates/aggregate-roles.yaml
View file

@ -11,6 +11,12 @@ rules:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- get
@ -30,6 +36,12 @@ rules:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create
@ -54,6 +66,12 @@ rules:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create

27
charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
View file

@ -1,23 +1,24 @@
{{- if .Values.controller.clusterAdminAccess.enabled }}
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
{{- if .Values.controller.clusterRoleRules.enabled }}
{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 0 }}
{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
{{- else }}
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}

11
charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
View file

@ -1,16 +1,17 @@
{{- if .Values.controller.clusterAdminAccess.enabled }}
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
name: {{ include "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

248
charts/argo-cd/templates/argocd-application-controller/coreweave-role.yaml
View file

@ -1,248 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-full-access
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- pods/log
- pods/portforward
- pods/exec
- pods/attach
verbs:
- "*"
- apiGroups:
- ""
- extensions
- apps
- networking.k8s.io
resources:
- configmaps
- endpoints
- events
- limitranges
- persistentvolumeclaims
- persistentvolumeclaims/finalizers
- podtemplates
- replicationcontrollers
- services
- controllerrevisions
- deployments
- deployments/status
- replicasets
- statefulsets
- applications
- ingresses
- ingresses/status
- networkpolicies
- poddisruptionbudgets
- serviceaccounts
- deployments/scale
- statefulsets/scale
verbs:
- '*'
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- '*'
- apiGroups:
- virtualservers.coreweave.com
resources:
- virtualservers
verbs:
- create
- delete
- update
- patch
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflows
- workfloweventbindings
- workflows/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- applications
- appprojects
- workflowtaskresults
- workflowtasksets
- workflowtasksets/finalizers
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- list
- get
- watch
- create
- patch
- bind
- delete
- update
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- serving.kubeflow.org
resources:
- inferenceservices
verbs:
- '*'
- apiGroups:
- serving.knative.dev
resources:
- services
- revisions
verbs:
- '*'
- apiGroups:
- autoscaling.internal.knative.dev
resources:
- podautoscalers
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- virtualservices
verbs:
- list
- get
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- batch
- extensions
resources:
- jobs
- jobs/status
- cronjobs
verbs:
- '*'
- apiGroups:
- ""
resources:
- resourcequotas
- limitranges
verbs:
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- list
- watch
- patch
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- tlsoptions
- tlsstores
- traefikservices
verbs:
- '*'
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes
- datavolumes/source
verbs:
- '*'
- apiGroups:
- keda.sh
resources:
- scaledobjects
- scaledjobs
- triggerauthentications
verbs:
- '*'
- apiGroups:
- cert-manager.io
resources:
- certificates
- issuers
- certificaterequests
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- list
- get
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- '*'
- apiGroups:
- sps.tensorworks.com.au
resources:
- spsapps
- spsapps/status
- scalablepixelstreamingversions
- scalablepixelstreamingversions/status
- scalablepixelstreamingapplications/status
- scalablepixelstreamingapplications
verbs:
- '*'
- apiGroups:
- kubeflow.org
resources:
- mpijobs
- tfjobs
- mxjobs
- pytorchjobs
- xgboostjobs
- mpijobs/status
- tfjobs/status
- pytorchjobs/status
- mxjobs/status
- xgboostjobs/status
verbs:
- '*'
- apiGroups:
- apps.kruise.io
resources:
- clonesets
- broadcastjobs
- workloadspreads
verbs:
- '*'

14
charts/argo-cd/templates/argocd-application-controller/coreweave-rolebinding.yaml
View file

@ -1,14 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}-coreweave
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-full-access
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

150
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -1,150 +0,0 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }}
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag | quote }}
spec:
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
{{- if .Values.controller.enableStatefulSet }}
serviceName: {{ template "argo-cd.controller.fullname" . }}
{{- end }}
revisionHistoryLimit: 5
replicas: {{ .Values.controller.replicas }}
template:
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag | quote }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- command:
- argocd-application-controller
- --status-processors
- {{ .Values.controller.args.statusProcessors | quote }}
- --operation-processors
- {{ .Values.controller.args.operationProcessors | quote }}
- --app-resync
- {{ .Values.controller.args.appResyncPeriod | quote }}
- --self-heal-timeout-seconds
- {{ .Values.controller.args.selfHealTimeout | quote }}
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --repo-server-timeout-seconds
- {{ .Values.controller.args.repoServerTimeoutSeconds | quote }}
- --logformat
- {{ .Values.controller.logFormat }}
- --loglevel
- {{ .Values.controller.logLevel }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
- --metrics-application-labels
- {{ . }}
{{- end }}
{{- end }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- end }}
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
{{- if .Values.controller.containerSecurityContext }}
securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.controller.env }}
env:
{{- toYaml .Values.controller.env | nindent 8 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
ports:
- name: controller
containerPort: {{ .Values.controller.containerPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.containerPort }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.controller.containerPort }}
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
workingDir: /home/argocd
volumeMounts:
- name: argocd-home
mountPath: /home/argocd
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- with .Values.controller.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{include "coreweave.affinity" . | nindent 6 }}
{{include "coreweave.tolerations" . | nindent 6 }}
serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- emptyDir: {}
name: argocd-home
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.controller.initContainers }}
initContainers:
{{- toYaml .Values.controller.initContainers | nindent 6 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}

28
charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml → charts/argo-cd/templates/argocd-application-controller/metrics.yaml
View file

@ -1,25 +1,25 @@
{{- if .Values.controller.metrics.enabled}}
{{- if .Values.controller.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.controller.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.controller.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
{{- if .Values.controller.metrics.service.labels }}
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}-metrics
{{- with .Values.controller.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: metrics
- name: {{ .Values.controller.metrics.service.portName }}
protocol: TCP
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: controller
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
View file

@ -10,7 +10,7 @@ spec:
- from:
- namespaceSelector: {}
ports:
- port: controller
- port: metrics
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}

22
charts/argo-cd/templates/argocd-application-controller/poddisruptionbudget.yaml → charts/argo-cd/templates/argocd-application-controller/pdb.yaml
View file

@ -1,24 +1,24 @@
{{- if .Values.controller.pdb.enabled }}
apiVersion: policy/v1beta1
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.pdb.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.controller.pdb.minAvailable }}
minAvailable: {{ .Values.controller.pdb.minAvailable }}
{{- else if .Values.controller.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }}
{{- with .Values.controller.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: 0
minAvailable: {{ .Values.controller.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:

4
charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
View file

@ -14,6 +14,10 @@ metadata:
{{- if .Values.controller.metrics.rules.additionalLabels }}
{{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.rules.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
groups:
- name: argocd

19
charts/argo-cd/templates/argocd-application-controller/service.yaml
View file

@ -1,19 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.service.annotations }}
annotations:
{{- range $key, $value := .Values.controller.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
ports:
- name: {{ .Values.controller.service.portName }}
port: {{ .Values.controller.service.port }}
targetPort: {{ .Values.controller.containerPort }}
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}

3
charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
View file

@ -12,4 +12,7 @@ metadata:
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- range $key, $value := .Values.controller.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

13
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View file

@ -14,9 +14,13 @@ metadata:
{{- with .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
- port: {{ .Values.controller.metrics.service.portName }}
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
@ -29,6 +33,13 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}

317
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml Normal file
View file

@ -0,0 +1,317 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
annotations:
{{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.controller.statefulsetAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{ include "coreweave.vpc" $ | indent 4}}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicas }}
# TODO: Remove for breaking release as history limit cannot be patched
revisionHistoryLimit: 5
serviceName: {{ include "argo-cd.controller.fullname" . }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- argocd-application-controller
- --metrics-port={{ .Values.controller.containerPorts.metrics }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
- --metrics-application-labels
- {{ . }}
{{- end }}
{{- end }}
{{- with .Values.controller.args.statusProcessors }}
- --status-processors
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.operationProcessors }}
- --operation-processors
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.appResyncPeriod }}
- --app-resync
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.appHardResyncPeriod }}
- --app-hard-resync
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.selfHealTimeout }}
- --self-heal-timeout-seconds
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.repoServerTimeoutSeconds }}
- --repo-server-timeout-seconds
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.logFormat }}
- --logformat
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
env:
{{- with .Values.controller.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_CONTROLLER_REPLICAS
value: {{ .Values.controller.replicas | quote }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.reconciliation
optional: true
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.hard.reconciliation
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: repo.server
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.status.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.operation.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.format
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.level
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.metrics.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.plaintext
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.strict.tls
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.resource.health.persist
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.app.state.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.default.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPorts.metrics }}
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
workingDir: /home/argocd
volumeMounts:
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
{{- with .Values.controller.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.controller.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
{{ (include "argo-cd.retemplate" (dict "value" (default .Values.global.affinity .Values.controller.affinity) "context" $) ) | indent 8 }}
{{- with .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: argocd-home
emptyDir: {}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
{{- with .Values.controller.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- with .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}

235
charts/argo-cd/templates/argocd-applicationset/deployment.yaml Normal file
View file

@ -0,0 +1,235 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.applicationSet.deploymentAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{ include "coreweave.vpc" $ | indent 4}}
{{- end }}
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
replicas: {{ .Values.applicationSet.replicaCount }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
template:
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 6 }}
{{- end }}
containers:
- name: {{ .Values.applicationSet.name }}
image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }}
command:
- entrypoint.sh
- argocd-applicationset-controller
- --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
- --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
- --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
{{- with .Values.applicationSet.args.policy }}
- --policy={{ . }}
{{- end }}
{{- with .Values.applicationSet.args.dryRun }}
- --dry-run={{ . }}
{{- end }}
{{- with .Values.applicationSet.logFormat }}
- --logformat
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.logLevel }}
- --loglevel
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- with .Values.applicationSet.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.leader.election
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.namespace
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.policy
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.debug
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.dryrun
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
{{- with .Values.applicationSet.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.applicationSet.containerPorts.metrics }}
protocol: TCP
- name: probe
containerPort: {{ .Values.applicationSet.containerPorts.probe }}
protocol: TCP
- name: webhook
containerPort: {{ .Values.applicationSet.containerPorts.webhook }}
protocol: TCP
{{- if .Values.applicationSet.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: probe
initialDelaySeconds: {{ .Values.applicationSet.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.applicationSet.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.applicationSet.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.applicationSet.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.applicationSet.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.applicationSet.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: probe
initialDelaySeconds: {{ .Values.applicationSet.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.applicationSet.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.applicationSet.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.applicationSet.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.applicationSet.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{- toYaml .Values.applicationSet.resources | nindent 12 }}
volumeMounts:
{{- with .Values.applicationSet.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /tmp
name: tmp
{{- with .Values.applicationSet.extraContainers }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.applicationSet.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
{{ (include "argo-cd.retemplate" (dict "value" (default .Values.global.affinity .Values.applicationSet.affinity) "context" $) ) | indent 8 }}
{{- with .Values.applicationSet.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
volumes:
{{- with .Values.applicationSet.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
emptyDir: {}
- name: tmp
emptyDir: {}
{{- with .Values.applicationSet.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.applicationSet.dnsPolicy }}
{{- end }}

25
charts/argo-cd/templates/argocd-applicationset/metrics.yaml Normal file
View file

@ -0,0 +1,25 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }}
{{- with .Values.applicationSet.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: {{ .Values.applicationSet.metrics.service.portName }}
protocol: TCP
port: {{ .Values.applicationSet.metrics.service.servicePort }}
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}
{{- end }}

25
charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml Normal file
View file

@ -0,0 +1,25 @@
{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
ingress:
{{- if .Values.applicationSet.webhook.ingress.enabled }}
- ports:
- port: webhook
{{- end }}
{{- if .Values.applicationSet.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

26
charts/argo-cd/templates/argocd-applicationset/pdb.yaml Normal file
View file

@ -0,0 +1,26 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.applicationSet.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.applicationSet.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
{{- end }}

88
charts/argo-cd/templates/argocd-applicationset/role.yaml Normal file
View file

@ -0,0 +1,88 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- end }}

16
charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.applicationSet.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

24
charts/argo-cd/templates/argocd-applicationset/service.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.applicationSet.service.annotations }}
annotations:
{{- range $key, $value := .Values.applicationSet.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ports:
- name: {{ .Values.applicationSet.service.portName }}
port: {{ .Values.applicationSet.service.port }}
targetPort: webhook
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}
{{- end }}

18
charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml Normal file
View file

@ -0,0 +1,18 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
{{- if .Values.applicationSet.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- range $key, $value := .Values.applicationSet.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

51
charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml Normal file
View file

@ -0,0 +1,51 @@
{{- if .Values.applicationSet.enabled }}
{{- if and .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
{{- with .Values.applicationSet.metrics.serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.metrics.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.applicationSet.metrics.service.portName }}
{{- with .Values.applicationSet.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }}
{{- end }}
{{- end }}

72
charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml Normal file
View file

@ -0,0 +1,72 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}}
{{- $servicePort := .Values.applicationSet.service.portName -}}
{{- $paths := .Values.applicationSet.webhook.ingress.paths -}}
{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}}
{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.webhook.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.webhook.ingress.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.applicationSet.webhook.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
{{- if .Values.applicationSet.webhook.ingress.hosts }}
{{- range $host := .Values.applicationSet.webhook.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.applicationSet.webhook.ingress.tls }}
tls:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}

42
charts/argo-cd/templates/argocd-configs/applications.yaml
View file

@ -1,42 +0,0 @@
{{- range .Values.server.additionalApplications }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
{{- with .additionalAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with .additionalLabels }}
labels:
{{- toYaml . | nindent 8 }}
{{- end }}
name: {{ .name }}
{{- with .namespace }}
namespace: {{ . }}
{{- end }}
{{- with .finalizers }}
finalizers:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
project: {{ tpl .project $ }}
source:
{{- toYaml .source | nindent 8 }}
destination:
{{- toYaml .destination | nindent 8 }}
{{- with .syncPolicy }}
syncPolicy:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .ignoreDifferences }}
ignoreDifferences:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .info }}
info:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

13
charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
View file

@ -1,15 +1,16 @@
{{- if .Values.server.configEnabled }}
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
{{- if .Values.server.configAnnotations }}
{{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }}
annotations:
{{- range $key, $value := .Values.server.configAnnotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
data: {{- include "argo-cd.config" $ | nindent 4 }}
{{- end }}
data:
{{- include "argo-cd.config.cm" . | trim | nindent 2 }}
{{- end }}

14
charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmd-params-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }}
{{- if .Values.configs.params.annotations }}
annotations:
{{- range $key, $value := .Values.configs.params.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- include "argo-cd.config.params" . | trim | nindent 2 }}

24
charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if and .Values.dex.enabled .Values.dex.certificateSecret.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-dex-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }}
{{- with .Values.dex.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.dex.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
{{- with .Values.dex.certificateSecret.ca }}
ca.crt: {{ . | b64enc | quote }}
{{- end }}
tls.crt: {{ .Values.dex.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.dex.certificateSecret.key | b64enc | quote }}
{{- end }}

12
charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
View file

@ -1,16 +1,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- if .Values.configs.gpgKeysAnnotations }}
name: argocd-gpg-keys-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}}
annotations:
{{- range $key, $value := .Values.configs.gpgKeysAnnotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
name: argocd-gpg-keys-cm
{{- with .Values.configs.gpgKeys }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}}
data:
{{- toYaml . | nindent 2 }}
{{- end }}

8
charts/argo-cd/templates/argocd-notifications/configmap.yaml → charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
View file

@ -2,15 +2,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "argo-cd.notifications.configMapName" . }}
name: argocd-notifications-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
data:
context: |
argocdUrl: {{ .Values.notifications.argocdUrl | quote }}
{{- with .Values.notifications.context }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.context }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.notifiers }}
{{- toYaml . | nindent 2 }}
{{- end }}

10
charts/argo-cd/templates/argocd-notifications/secret.yaml → charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml
View file

@ -2,18 +2,18 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.notifications.secretName" . }}
name: argocd-notifications-secret
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- if .Values.notifications.secret.annotations }}
{{- with .Values.notifications.secret.annotations }}
annotations:
{{- range $key, $value := .Values.notifications.secret.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
type: Opaque
stringData:
{{- with .Values.notifications.secret.items }}
{{ toYaml . | nindent 2 }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

12
charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
View file

@ -1,18 +1,18 @@
{{- if .Values.server.rbacConfigCreate }}
{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }}
{{- if .Values.server.rbacConfigAnnotations }}
{{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }}
annotations:
{{- range $key, $value := .Values.server.rbacConfigAnnotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.server.rbacConfig }}
{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }}
data:
{{- toYaml .Values.server.rbacConfig | nindent 4 }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

24
charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if .Values.repoServer.certificateSecret.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }}
{{- with .Values.repoServer.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
{{- with .Values.repoServer.certificateSecret.ca }}
ca.crt: {{ . | b64enc | quote }}
{{- end }}
tls.crt: {{ .Values.repoServer.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.repoServer.certificateSecret.key | b64enc | quote }}
{{- end }}

35
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -5,34 +5,37 @@ metadata:
name: argocd-secret
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
{{- if .Values.configs.secret.annotations }}
{{- with .Values.configs.secret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.configs.secret.annotations }}
annotations:
{{- range $key, $value := .Values.configs.secret.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- if .Values.configs.secret.githubSecret }}
webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }}
{{- with .Values.configs.secret.githubSecret }}
webhook.github.secret: {{ . | b64enc }}
{{- end }}
{{- if .Values.configs.secret.gitlabSecret }}
webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }}
{{- with .Values.configs.secret.gitlabSecret }}
webhook.gitlab.secret: {{ . | b64enc }}
{{- end }}
{{- if .Values.configs.secret.bitbucketServerSecret }}
webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }}
{{- with .Values.configs.secret.bitbucketServerSecret }}
webhook.bitbucketserver.secret: {{ . | b64enc }}
{{- end }}
{{- if .Values.configs.secret.bitbucketUUID }}
webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }}
{{- with .Values.configs.secret.bitbucketUUID }}
webhook.bitbucket.uuid: {{ . | b64enc }}
{{- end }}
{{- if .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }}
{{- with .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ . | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }}
tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }}
{{- with .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .key | b64enc }}
tls.crt: {{ .crt | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerAdminPassword }}
admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}

21
charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml Normal file
View file

@ -0,0 +1,21 @@
{{- if and .Values.server.certificateSecret.enabled (not .Values.server.certificate.enabled) }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }}
{{- with .Values.server.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.server.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.server.certificateSecret.key | b64enc | quote }}
{{- end }}

21
charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
View file

@ -1,13 +1,22 @@
apiVersion: v1
{{- toYaml .Values.configs.knownHosts | nindent 0 }}
kind: ConfigMap
metadata:
name: argocd-ssh-known-hosts-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "ssh-known-hosts-cm") | nindent 4 }}
{{- if .Values.configs.knownHostsAnnotations }}
{{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }}
annotations:
{{- range $key, $value := .Values.configs.knownHostsAnnotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
name: argocd-ssh-known-hosts-cm
data:
ssh_known_hosts: |
{{- if hasKey .Values.configs "knownHosts" }}
{{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }}
{{- else }}
{{- .Values.configs.ssh.knownHosts | nindent 4 }}
{{- end }}
{{- with .Values.configs.ssh.extraHosts }}
{{- . | nindent 4 }}
{{- end }}

4
charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
View file

@ -2,10 +2,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-custom-styles
name: argocd-styles-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
data:
custom.styles.css: |
{{- .Values.configs.styles | nindent 4 }}
{{- end }}
{{- end }}

21
charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
View file

@ -1,15 +1,22 @@
apiVersion: v1
{{- if .Values.configs.tlsCerts }}
{{- toYaml .Values.configs.tlsCerts | nindent 0 }}
{{- end }}
kind: ConfigMap
metadata:
name: argocd-tls-certs-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "tls-certs-cm") | nindent 4 }}
{{- if .Values.configs.tlsCertsAnnotations }}
{{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }}
annotations:
{{- range $key, $value := .Values.configs.tlsCertsAnnotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if hasKey .Values.configs "tlsCerts" }}
{{- with .Values.configs.tlsCerts }}
{{- toYaml . | nindent 0 }}
{{- end }}
name: argocd-tls-certs-cm
{{- else }}
{{- with .Values.configs.tls.certificates }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
View file

@ -27,5 +27,5 @@ stringData:
{{- end }}
{{- end }}
config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }}
{{- end }}

22
charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml Normal file
View file

@ -0,0 +1,22 @@
{{- if and (or .Values.externalRedis.username .Values.externalRedis.password) (not .Values.externalRedis.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.redis.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .Values.externalRedis.secretAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: Opaque
data:
{{- with .Values.externalRedis.username }}
redis-username: {{ . | b64enc }}
{{- end }}
{{- with .Values.externalRedis.password }}
redis-password: {{ . | b64enc }}
{{- end }}
{{- end }}

58
charts/argo-cd/templates/argocd-configs/projects.yaml
View file

@ -1,58 +0,0 @@
{{- range .Values.server.additionalProjects }}
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
{{- with .additionalAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with .additionalLabels }}
labels:
{{- toYaml . | nindent 8 }}
{{- end }}
name: {{ .name }}
{{- with .namespace }}
namespace: {{ . }}
{{- end }}
{{- with .finalizers }}
finalizers:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
description: {{ .description }}
sourceRepos:
{{- toYaml .sourceRepos | nindent 8 }}
destinations:
{{- toYaml .destinations | nindent 8 }}
{{- with .clusterResourceWhitelist }}
clusterResourceWhitelist:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .namespaceResourceBlacklist }}
namespaceResourceBlacklist:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .namespaceResourceWhitelist }}
namespaceResourceWhitelist:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .orphanedResources }}
orphanedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .roles }}
roles:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .syncWindows }}
syncWindows:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .signatureKeys }}
signatureKeys:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

13
charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml
View file

@ -1,13 +0,0 @@
{{- if .Values.configs.repositoryCredentials }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-repository-credentials
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
type: Opaque
data:
{{- range $key, $value := .Values.configs.repositoryCredentials }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}

6
charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
View file

@ -7,6 +7,12 @@ metadata:
labels:
argocd.argoproj.io/secret-type: repo-creds
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with $.Values.configs.credentialTemplatesAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- range $key, $value := $repo_cred_value }}
{{ $key }}: {{ $value | toString | b64enc }}

6
charts/argo-cd/templates/argocd-configs/repository-secret.yaml
View file

@ -7,6 +7,12 @@ metadata:
labels:
argocd.argoproj.io/secret-type: repository
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with $.Values.configs.repositoriesAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- range $key, $value := $repo_value }}
{{ $key }}: {{ $value | b64enc }}

57
charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml
View file

@ -1,13 +1,21 @@
{{ if .Values.notifications.bots.slack.enabled }}
{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.notifications.fullname" . }}-bot
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
strategy:
{{- .Values.notifications.bots.slack.updateStrategy | toYaml | nindent 4 }}
type: Recreate
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }}
@ -16,29 +24,50 @@ spec:
labels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 8 }}
spec:
{{- with .Values.notifications.bots.slack.imagePullSecrets }}
{{- with .Values.notifications.bots.slack.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }}
{{- with .Values.notifications.bots.slack.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsBotsSlackServiceAccountName" . }}
containers:
- name: {{ template "argo-cd.notifications.fullname" . }}-bot
- name: {{ include "argo-cd.notifications.fullname" . }}-bot
image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }}
resources:
{{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
command:
- argocd-notifications
- bot
- --loglevel={{ default .Values.global.logging.level .Values.notifications.bots.slack.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.bots.slack.logFormat }}
{{- range .Values.notifications.bots.slack.extraArgs }}
- {{ . | squote }}
{{- end }}
workingDir: /app
ports:
- containerPort: 8080
name: http
{{- with .Values.notifications.bots.slack.containerSecurityContext }}
securityContext: {{- toYaml . | nindent 12 }}
{{- end }}
{{include "coreweave.nodeAffinityAndTolerations" . | nindent 6 }}
resources:
{{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }}
{{- with .Values.notifications.bots.slack.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.notifications.bots.slack.dnsPolicy }}
{{ end }}

26
charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml Normal file
View file

@ -0,0 +1,26 @@
{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}-bot
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }}
{{- with .Values.notifications.bots.slack.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.bots.slack.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.notifications.bots.slack.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.notifications.bots.slack.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }}
{{- end }}

2
charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml
View file

@ -1,4 +1,4 @@
{{ if .Values.notifications.bots.slack.enabled }}
{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

2
charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml
View file

@ -1,4 +1,4 @@
{{ if .Values.notifications.bots.slack.enabled }}
{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:

2
charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml
View file

@ -1,4 +1,4 @@
{{ if .Values.notifications.bots.slack.enabled }}
{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
apiVersion: v1
kind: Service
metadata:

2
charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.notifications.bots.slack.serviceAccount.create }}
{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.notifications.bots.slack.serviceAccount.automountServiceAccountToken }}

110
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -2,71 +2,78 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
annotations:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{ include "coreweave.vpc" $ | indent 4}}
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag | quote }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
strategy:
{{- .Values.notifications.updateStrategy | toYaml | nindent 4 }}
type: Recreate
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
template:
metadata:
{{- if .Values.notifications.podAnnotations }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.notifications.podAnnotations) }}
annotations:
{{- range $key, $value := .Values.notifications.podAnnotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 8 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag | quote }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.notifications.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.notifications.imagePullSecrets }}
{{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
{{- if .Values.notifications.securityContext }}
securityContext: {{- toYaml .Values.notifications.securityContext | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
containers:
- name: {{ .Values.notifications.name }}
image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }}
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
command:
- argocd-notifications
- --loglevel={{ .Values.notifications.logLevel }}
{{- if .Values.notifications.metrics.enabled }}
- --metrics-port={{ .Values.notifications.metrics.port }}
{{- end }}
- --metrics-port={{ .Values.notifications.containerPorts.metrics }}
- --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
- --namespace={{ .Release.Namespace }}
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --secret-name={{ include "argo-cd.notifications.secretName" . }}
- --config-map-name={{ include "argo-cd.notifications.configMapName" . }}
{{- range .Values.notifications.extraArgs }}
- {{ . | squote }}
{{- end }}
workingDir: /app
ports:
{{- if .Values.notifications.metrics.enabled }}
- containerPort: {{ .Values.notifications.metrics.port }}
name: metrics
protocol: TCP
{{- end }}
{{- if .Values.notifications.containerSecurityContext }}
securityContext: {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
{{- end }}
{{- with .Values.notifications.extraEnv }}
env: {{ toYaml . | nindent 12 }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.notifications.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.notifications.containerPorts.metrics }}
protocol: TCP
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
workingDir: /app
volumeMounts:
- name: tls-certs
mountPath: /app/config/tls
@ -75,12 +82,37 @@ spec:
{{- with .Values.notifications.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.notifications.extraContainers }}
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
{{- with .Values.notifications.initContainers }}
initContainers:
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
{{- with .Values.notifications.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
{{ (include "argo-cd.retemplate" (dict "value" (default .Values.global.affinity .Values.notifications.affinity) "context" $) ) | indent 8 }}
{{- with .Values.notifications.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
volumes:
- configMap:
{{- with .Values.notifications.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
@ -88,11 +120,9 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- with .Values.notifications.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{include "coreweave.affinity" . | nindent 6 }}
{{include "coreweave.tolerations" . | nindent 6 }}
{{- with .Values.notifications.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.notifications.dnsPolicy }}
{{- end }}

13
charts/argo-cd/templates/argocd-notifications/service-metrics.yaml → charts/argo-cd/templates/argocd-notifications/metrics.yaml
View file

@ -2,21 +2,24 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}-metrics
name: {{ include "argo-cd.notifications.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }}
{{- with .Values.notifications.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.metrics.service.annotations }}
{{- with .Values.notifications.metrics.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
ports:
- name: metrics
- name: {{ .Values.notifications.metrics.service.portName }}
protocol: TCP
port: {{ .Values.notifications.metrics.port }}
targetPort: {{ .Values.notifications.metrics.port }}
targetPort: metrics
{{- end }}

26
charts/argo-cd/templates/argocd-notifications/pdb.yaml Normal file
View file

@ -0,0 +1,26 @@
{{- if and .Values.notifications.enabled .Values.notifications.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- with .Values.notifications.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.notifications.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.notifications.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
{{- end }}

4
charts/argo-cd/templates/argocd-notifications/role.yaml
View file

@ -28,7 +28,7 @@ rules:
- apiGroups:
- ""
resourceNames:
- {{ template "argo-cd.notifications.fullname" . }}-cm
- argocd-notifications-cm
resources:
- configmaps
verbs:
@ -36,7 +36,7 @@ rules:
- apiGroups:
- ""
resourceNames:
- {{ template "argo-cd.notifications.fullname" . }}-secret
- argocd-notifications-secret
resources:
- secrets
verbs:

3
charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml
View file

@ -12,4 +12,7 @@ metadata:
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- range $key, $value := .Values.notifications.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

21
charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
View file

@ -14,9 +14,13 @@ metadata:
{{- if .Values.notifications.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.notifications.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
- port: {{ .Values.notifications.metrics.service.portName }}
path: /metrics
{{- if .Values.notifications.metrics.serviceMonitor.interval }}
interval: {{ .Values.notifications.metrics.serviceMonitor.interval }}
@ -24,6 +28,21 @@ spec:
{{- if .Values.notifications.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.notifications.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}

27
charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
View file

@ -1,23 +1,24 @@
{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }}
{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
rules:
{{- if .Values.repoServer.clusterRoleRules.enabled }}
{{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 0 }}
{{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
{{- else }}
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}

9
charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
View file

@ -1,16 +1,17 @@
{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }}
{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
name: {{ include "argo-cd.repoServerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

379
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -1,40 +1,50 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.repoServer.deploymentAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{ include "coreweave.vpc" $ | indent 4}}
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag | quote }}
spec:
{{- if not .Values.repoServer.autoscaling.enabled }}
replicas: {{ .Values.repoServer.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
revisionHistoryLimit: 5
{{- if (ne .Values.repoServer.autoscaling.enabled true) }}
replicas: {{ .Values.repoServer.replicas }}
{{- end }}
template:
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }}
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if .Values.repoServer.certificateSecret.enabled }}
checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag | quote }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.repoServer.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
{{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.repoServer.name }}
@ -44,79 +54,209 @@ spec:
- entrypoint.sh
args:
- argocd-repo-server
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
- --port={{ .Values.repoServer.containerPorts.server }}
- --metrics-port={{ .Values.repoServer.containerPorts.metrics }}
{{- with .Values.repoServer.logFormat }}
- --logformat
- {{ .Values.repoServer.logFormat }}
- --loglevel
- {{ .Values.repoServer.logLevel }}
{{- with .Values.repoServer.extraArgs }}
{{- . | toYaml | nindent 8 }}
- {{ . | quote }}
{{- end }}
{{- if .Values.repoServer.containerSecurityContext }}
securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- with .Values.repoServer.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.repoServer.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
{{- if .Values.repoServer.env }}
{{- toYaml .Values.repoServer.env | nindent 8 }}
{{- end }}
{{- if .Values.openshift.enabled }}
- name: USER_NAME
value: argocd
{{- end }}
{{- with .Values.repoServer.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.openshift.enabled }}
- name: USER_NAME
value: argocd
{{- end }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.reconciliation
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.log.format
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.log.level
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.parallelism.limit
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.disable.tls
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.tls.minversion
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.tls.maxversion
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.tls.ciphers
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.repo.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.default.cache.expiration
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.max.combined.directory.manifests.size
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.plugin.tar.exclusions
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
{{- with .Values.repoServer.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8 }}
{{- end }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp-dir
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: tmp
ports:
- name: repo-server
containerPort: {{ .Values.repoServer.containerPort }}
containerPort: {{ .Values.repoServer.containerPorts.server }}
protocol: TCP
{{ if .Values.repoServer.metrics.enabled }}
- name: metrics
containerPort: 8084
containerPort: {{ .Values.repoServer.containerPorts.metrics }}
protocol: TCP
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
httpGet:
path: /healthz?full=true
port: metrics
initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }}
@ -124,52 +264,11 @@ spec:
failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.repoServer.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- with .Values.repoServer.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{include "coreweave.affinity" . | nindent 6 }}
{{include "coreweave.tolerations" . | nindent 6 }}
serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 6 }}
{{- end }}
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- emptyDir: {}
name: gpg-keyring
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: helm-working-dir
emptyDir: {}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: tmp-dir
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins
initContainers:
- command:
- cp
@ -177,18 +276,88 @@ spec:
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
name: copyutil
{{- with .Values.repoServer.resources }}
resources:
{{- toYaml .Values.repoServer.copyutil.resources | nindent 10 }}
{{- if .Values.repoServer.containerSecurityContext }}
securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.repoServer.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
{{- if .Values.repoServer.initContainers }}
{{- toYaml .Values.repoServer.initContainers | nindent 6 }}
{{- with .Values.repoServer.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- if .Values.repoServer.priorityClassName }}
priorityClassName: {{ .Values.repoServer.priorityClassName }}
{{- end }}
{{- with .Values.repoServer.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
{{ (include "argo-cd.retemplate" (dict "value" (default .Values.global.affinity .Values.repoServer.affinity) "context" $) ) | indent 8 }}
{{- with .Values.repoServer.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.repoServer.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.repoServer.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: helm-working-dir
emptyDir: {}
- name: plugins
emptyDir: {}
- name: var-files
emptyDir: {}
- name: tmp
emptyDir: {}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
emptyDir: {}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
{{- with .Values.repoServer.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.repoServer.hostNetwork }}
{{- with .Values.repoServer.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.repoServer.dnsPolicy }}

26
charts/argo-cd/templates/argocd-repo-server/hpa.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.repoServer.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }}
kind: HorizontalPodAutoscaler
metadata:
labels:
@ -13,16 +13,32 @@ spec:
minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }}
maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }}
metrics:
{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }}
{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.repoServer.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

26
charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml → charts/argo-cd/templates/argocd-repo-server/metrics.yaml
View file

@ -1,25 +1,25 @@
{{- if .Values.repoServer.metrics.enabled}}
{{- if .Values.repoServer.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.repoServer.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.repoServer.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }}
{{- if .Values.repoServer.metrics.service.labels }}
{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
{{- with .Values.repoServer.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: metrics
- name: {{ .Values.repoServer.metrics.service.portName }}
protocol: TCP
port: {{ .Values.repoServer.metrics.service.servicePort }}
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }}
{{- end }}
{{- end }}

22
charts/argo-cd/templates/argocd-repo-server/poddisruptionbudget.yaml → charts/argo-cd/templates/argocd-repo-server/pdb.yaml
View file

@ -1,24 +1,24 @@
{{- if .Values.repoServer.pdb.enabled }}
apiVersion: policy/v1beta1
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- with .Values.repoServer.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.pdb.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.repoServer.pdb.minAvailable }}
minAvailable: {{ .Values.repoServer.pdb.minAvailable }}
{{- else if .Values.repoServer.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.repoServer.pdb.maxUnavailable }}
{{- with .Values.repoServer.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: 0
minAvailable: {{ .Values.repoServer.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:

3
charts/argo-cd/templates/argocd-repo-server/service.yaml
View file

@ -9,6 +9,9 @@ metadata:
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- with .Values.repoServer.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ports:

5
charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
View file

@ -12,4 +12,7 @@ metadata:
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- end }}
{{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

13
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -14,9 +14,13 @@ metadata:
{{- with .Values.repoServer.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
- port: {{ .Values.repoServer.metrics.service.portName }}
{{- with .Values.repoServer.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
@ -29,6 +33,13 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}

4
charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml → charts/argo-cd/templates/argocd-server/aws/service.yaml
View file

@ -12,11 +12,11 @@ spec:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: server
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: server
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None

39
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -1,29 +1,32 @@
{{- if .Values.server.certificate.enabled -}}
{{- if .Values.apiVersionOverrides.certmanager -}}
apiVersion: {{ .Values.apiVersionOverrides.certmanager }}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
apiVersion: cert-manager.io/v1
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
apiVersion: cert-manager.io/v1alpha3
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }}
apiVersion: cert-manager.io/v1alpha2
{{- else }}
apiVersion: certmanager.k8s.io/v1alpha1
{{- end }}
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
kind: Certificate
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
commonName: {{ (include "coreweave.externalDnsName" .) | quote }}
secretName: {{ .Values.server.certificate.secretName }}
commonName: {{ .Values.server.certificate.domain | quote }}
dnsNames:
- {{ (include "coreweave.externalDnsName" . ) | quote }}
{{- range .Values.server.certificate.additionalHosts }}
- {{ .Values.server.certificate.domain | quote }}
{{- range .Values.server.certificate.additionalHosts }}
- {{ . | quote }}
{{- end }}
{{- with .Values.server.certificate.duration }}
duration: {{ . | quote }}
{{- end }}
{{- with .Values.server.certificate.renewBefore }}
renewBefore: {{ . | quote }}
{{- end }}
issuerRef:
kind: ClusterIssuer
name: letsencrypt-prod
secretName: {{ include "coreweave.certSecretName" . | quote }}
{{- with .Values.server.certificate.issuer.group }}
group: {{ . | quote }}
{{- end }}
kind: {{ .Values.server.certificate.issuer.kind | quote }}
name: {{ .Values.server.certificate.issuer.name | quote }}
{{- with .Values.server.certificate.privateKey }}
privateKey:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

24
charts/argo-cd/templates/argocd-server/clusterrole.yaml
View file

@ -1,8 +1,9 @@
{{- if .Values.server.clusterAdminAccess.enabled }}
{{- $config := .Values.server.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
@ -27,4 +28,21 @@ rules:
- pods/log
verbs:
- get
{{- end }}
{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
{{- end }}
- apiGroups:
- argoproj.io
resources:
- applications
verbs:
- get
- list
- update
- watch
{{- end }}

11
charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
View file

@ -1,16 +1,17 @@
{{- if .Values.server.clusterAdminAccess.enabled }}
{{- $config := .Values.server.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.serverServiceAccountName" . }}
name: {{ include "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

425
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -1,40 +1,46 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{ include "coreweave.vpc" $ | indent 4}}
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag | quote }}
spec:
{{- if not .Values.server.autoscaling.enabled }}
replicas: {{ .Values.server.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
revisionHistoryLimit: 5
{{- if (ne .Values.server.autoscaling.enabled true) }}
replicas: {{ .Values.server.replicas }}
{{- end }}
template:
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }}
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag | quote }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.server.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
{{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.server.name }}
@ -42,80 +48,264 @@ spec:
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
command:
- argocd-server
- --insecure
{{ if .Values.server.staticAssets.enabled }}
- --staticassets
- /shared/app
{{ end }}
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
{{- if .Values.dex.enabled }}
- --dex-server
- http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }}
{{- end }}
- --port={{ .Values.server.containerPorts.server }}
- --metrics-port={{ .Values.server.containerPorts.metrics }}
{{- with .Values.server.logFormat }}
- --logformat
- {{ .Values.server.logFormat }}
- {{ . | quote }}
{{- end }}
{{- with .Values.server.logLevel }}
- --loglevel
- {{ .Values.server.logLevel }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
- {{ . | quote }}
{{- end }}
{{- with .Values.server.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.server.containerSecurityContext }}
securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.server.env }}
env:
{{- toYaml .Values.server.env | nindent 8 }}
{{- end }}
{{- with .Values.server.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_SERVER_INSECURE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.insecure
optional: true
- name: ARGOCD_SERVER_BASEHREF
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.basehref
optional: true
- name: ARGOCD_SERVER_ROOTPATH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.rootpath
optional: true
- name: ARGOCD_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.log.format
optional: true
- name: ARGOCD_SERVER_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.log.level
optional: true
- name: ARGOCD_SERVER_REPO_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: repo.server
optional: true
- name: ARGOCD_SERVER_DEX_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server
optional: true
- name: ARGOCD_SERVER_DISABLE_AUTH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.disable.auth
optional: true
- name: ARGOCD_SERVER_ENABLE_GZIP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.enable.gzip
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.repo.server.timeout.seconds
optional: true
- name: ARGOCD_SERVER_X_FRAME_OPTIONS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.x.frame.options
optional: true
- name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.content.security.policy
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.repo.server.plaintext
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.repo.server.strict.tls
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server.plaintext
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server.strict.tls
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.tls.minversion
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.tls.maxversion
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.tls.ciphers
optional: true
- name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.connection.status.cache.expiration
optional: true
- name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.oidc.cache.expiration
optional: true
- name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.login.attempts.expiration
optional: true
- name: ARGOCD_SERVER_STATIC_ASSETS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.staticassets
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.app.state.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.default.cache.expiration
optional: true
- name: ARGOCD_MAX_COOKIE_NUMBER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.http.cookie.maxnumber
optional: true
- name: ARGOCD_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
- name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.enable.proxy.extension
optional: true
{{- with .Values.server.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- if .Values.server.volumeMounts }}
{{- toYaml .Values.server.volumeMounts | nindent 8}}
{{- with .Values.server.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: extensions
mountPath: /tmp/extensions/
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
{{- if .Values.configs.styles }}
- mountPath: "/shared/app/custom/custom.styles.css"
subPath: "custom.styles.css"
name: custom-styles
{{- end }}
{{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }}
- mountPath: /home/argocd/.aws
name: aws-config
{{- end }}
- mountPath: /app/config/dex/tls
name: argocd-dex-server-tls
- mountPath: /home/argocd
name: plugins-home
- mountPath: /shared/app/custom
name: styles
- mountPath: /tmp
name: tmp-dir
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
protocol: TCP
{{ if .Values.server.metrics.enabled }}
- name: metrics
containerPort: 8083
protocol: TCP
name: tmp
{{- if .Values.server.extensions.enabled }}
- mountPath: /tmp/extensions
name: extensions
{{- end }}
ports:
- name: server
containerPort: {{ .Values.server.containerPorts.server }}
protocol: TCP
- name: metrics
containerPort: {{ .Values.server.containerPorts.metrics }}
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
path: /healthz?full=true
port: server
initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
@ -124,7 +314,7 @@ spec:
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
port: server
initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
@ -132,61 +322,81 @@ spec:
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.server.resources | nindent 10 }}
{{- if .Values.server.lifecycle }}
{{- with .Values.server.lifecycle }}
lifecycle:
{{- toYaml .Values.server.lifecycle | nindent 10 }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.server.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: argocd-extensions
image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }}
imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
volumeMounts:
- name: extensions
mountPath: /tmp/extensions/
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
- name: tmp
mountPath: /tmp
{{- end }}
{{- with .Values.server.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.server.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.server.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
{{ (include "argo-cd.retemplate" (dict "value" (default .Values.global.affinity .Values.server.affinity) "context" $) ) | indent 8 }}
{{- with .Values.server.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{include "coreweave.affinity" . | nindent 6 }}
{{include "coreweave.tolerations" . | nindent 6 }}
serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- if .Values.server.volumes }}
{{- toYaml .Values.server.volumes | nindent 6}}
{{- with .Values.server.volumes }}
{{- toYaml . | nindent 6}}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: extensions
emptyDir: {}
{{- end }}
- emptyDir: {}
name: static-files
- emptyDir: {}
name: tmp-dir
{{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }}
- emptyDir: {}
name: aws-config
{{- end }}
{{- if .Values.configs.styles }}
- configMap:
name: argocd-custom-styles
name: custom-styles
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
- name: plugins-home
emptyDir: {}
- name: tmp
emptyDir: {}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
- configMap:
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: styles
configMap:
name: argocd-styles-cm
optional: true
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
@ -194,14 +404,21 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
- name: argocd-dex-server-tls
secret:
secretName: argocd-dex-server-tls
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: plugins-home
{{- if .Values.server.initContainers }}
initContainers:
{{- toYaml .Values.server.initContainers | nindent 6 }}
items:
- key: tls.crt
path: tls.crt
- key: ca.crt
path: ca.crt
{{- with .Values.server.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- if .Values.server.priorityClassName }}
priorityClassName: {{ .Values.server.priorityClassName }}
{{- end }}
hostNetwork: {{ .Values.server.hostNetwork }}
{{- with .Values.server.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.server.dnsPolicy }}

15
charts/argo-cd/templates/argocd-server/extensions-rolebinding.yaml
View file

@ -1,15 +0,0 @@
{{- if .Values.server.extensions.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
name: argocd-server-extensions
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-server-extensions
subjects:
- kind: ServiceAccount
name: argocd-server
{{- end }}

17
charts/argo-cd/templates/argocd-server/extensions.yaml
View file

@ -1,17 +0,0 @@
{{- if .Values.server.extensions.enabled }}
{{- range $extension := .Values.server.extensions.contents }}
---
apiVersion: argoproj.io/v1alpha1
kind: ArgoCDExtension
metadata:
name: {{ $extension.name }}
finalizers:
- extensions-finalizer.argocd.argoproj.io
labels:
{{- include "argo-cd.labels" (dict "context" $ "component" $.Values.server.name "name" (printf "%s-extensions" $.Values.server.name)) | nindent 4 }}
spec:
sources:
- web:
url: {{ $extension.url }}
{{- end }}
{{- end }}

21
charts/argo-cd/templates/argocd-server/extentions-role.yaml
View file

@ -1,21 +0,0 @@
{{- if .Values.server.extensions.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
name: argocd-server-extensions
rules:
- apiGroups:
- argoproj.io
resources:
- argocdextensions
verbs:
- create
- get
- list
- watch
- update
- delete
- patch
{{- end }}

2
charts/argo-cd/templates/argocd-server/backendconfig.yaml → charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.server.GKEbackendConfig.enabled }}
apiVersion: cloud.google.com/v1beta1
apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }}
kind: BackendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}

0
charts/argo-cd/templates/argocd-server/frontendconfig.yaml → charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml
View file

0
charts/argo-cd/templates/argocd-server/managedCertificate.yaml → charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml
View file

26
charts/argo-cd/templates/argocd-server/hpa.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.server.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }}
kind: HorizontalPodAutoscaler
metadata:
labels:
@ -13,16 +13,32 @@ spec:
minReplicas: {{ .Values.server.autoscaling.minReplicas }}
maxReplicas: {{ .Values.server.autoscaling.maxReplicas }}
metrics:
{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- end }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

57
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -1,89 +1,72 @@
{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}}
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- $pathType := .Values.server.ingressGrpc.pathType -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- if .Values.server.ingressGrpc.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingressGrpc.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}-grpc
name: {{ include "argo-cd.server.fullname" . }}-grpc
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingressGrpc.labels }}
{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }}
{{- with .Values.server.ingressGrpc.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.ingressGrpc.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingressGrpc.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingressGrpc.tls }}
{{- with .Values.server.ingressGrpc.tls }}
tls:
{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}

100
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -1,47 +1,89 @@
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := .Values.server.service.servicePortHttp -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
{{- if .Values.server.ingress.enabled -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- $pathType := .Values.server.ingress.pathType -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
{{- if .Values.customExternalDnsName }}
kubernetes.io/ingress.class: {{ .Values.customIngressControllerClassAnnotation }}
{{- end }}
{{- if .Values.server.certificate.enabled }}
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/redirect-entry-point: https
{{- end }}
ingress.kubernetes.io/force-ssl-redirect: "false"
ingress.kubernetes.io/ssl-redirect: "false"
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }}
alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: |
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
{{- end }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
- host: {{ include "coreweave.externalDnsName" . }}
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }}
- path: {{ $p }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
name: {{ template "argo-cd.server.fullname" $ }}-grpc
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- if .Values.server.certificate.enabled }}
{{- end }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.server.ingress.tls }}
tls:
- hosts:
- {{ include "coreweave.externalDnsName" . }}
secretName: {{ include "coreweave.certSecretName" . }}
{{- end }}
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}

24
charts/argo-cd/templates/argocd-server/metrics-service.yaml → charts/argo-cd/templates/argocd-server/metrics.yaml
View file

@ -2,24 +2,24 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.server.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.server.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }}
{{- if .Values.server.metrics.service.labels }}
{{- toYaml .Values.server.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}-metrics
{{- with .Values.server.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: metrics
- name: {{ .Values.server.metrics.service.portName }}
protocol: TCP
port: {{ .Values.server.metrics.service.servicePort }}
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
{{- end }}
{{- end }}

0
charts/argo-cd/templates/argocd-server/route.yaml → charts/argo-cd/templates/argocd-server/openshift/route.yaml
View file

22
charts/argo-cd/templates/argocd-server/poddisruptionbudget.yaml → charts/argo-cd/templates/argocd-server/pdb.yaml
View file

@ -1,24 +1,24 @@
{{- if .Values.server.pdb.enabled }}
apiVersion: policy/v1beta1
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.pdb.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.server.pdb.minAvailable }}
minAvailable: {{ .Values.server.pdb.minAvailable }}
{{- else if .Values.server.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.server.pdb.maxUnavailable }}
{{- with .Values.server.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: 0
minAvailable: {{ .Values.server.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:

8
charts/argo-cd/templates/argocd-server/role.yaml
View file

@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
@ -22,7 +22,11 @@ rules:
- argoproj.io
resources:
- applications
- applicationsets
- appprojects
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
verbs:
- create
- get
@ -37,4 +41,4 @@ rules:
- events
verbs:
- create
- list
- list

13
charts/argo-cd/templates/argocd-server/service.yaml
View file

@ -1,12 +1,15 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.service.annotations }}
{{- if or .Values.server.service.annotations .Values.server.service.public}}
annotations:
{{- if .Values.server.service.public}}
metallb.universe.tf/address-pool: public-{{default .Values.global.region .Values.region | lower}}
{{- end}}
{{- range $key, $value := .Values.server.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
@ -19,14 +22,14 @@ spec:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: {{ .Values.server.containerPorts.server }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttp }}
{{- end }}
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
targetPort: {{ .Values.server.containerPorts.server }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttps }}
{{- end }}
@ -49,4 +52,4 @@ spec:
{{- end }}
{{- with .Values.server.service.sessionAffinity }}
sessionAffinity: {{ . }}
{{- end }}
{{- end }}

3
charts/argo-cd/templates/argocd-server/serviceaccount.yaml
View file

@ -12,4 +12,7 @@ metadata:
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- range $key, $value := .Values.server.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

13
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View file

@ -14,9 +14,13 @@ metadata:
{{- with .Values.server.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- range $key, $value := .Values.server.metrics.serviceMonitor.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
endpoints:
- port: metrics
- port: {{ .Values.server.metrics.service.portName }}
{{- with .Values.server.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
@ -29,6 +33,13 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.server.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}

2070
charts/argo-cd/templates/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

Some files were not shown because too many files have changed in this diff Show more