From e248b6b3166491e187f7cdf499b28fb9fbf70408 Mon Sep 17 00:00:00 2001 From: Abdullah Alaqeel Date: Thu, 21 Mar 2024 02:52:58 +0300 Subject: [PATCH 1/2] fix(argocd-image-updater): Properly quoting the config map values (and other fixes) (#2512) fix(argocd-image-updater): Properly quoting the config map values fix(argocd-image-updater): Only adding a data field to argocd-image-updater-ssh-config when there's data to be added fix(argocd-image-updater): Only include config.argocd if config.applicationsAPIKind is set to 'argocd' chore(argocd-image-updater): removing unneeded whitespace in Role and RoleBinding Signed-off-by: Abdullah Alaqeel --- charts/argocd-image-updater/Chart.yaml | 10 +++++-- .../templates/configmap-sshconfig.yaml | 4 +-- .../templates/configmap.yaml | 28 ++++++++++--------- .../argocd-image-updater/templates/rbac.yaml | 4 +-- charts/argocd-image-updater/values.yaml | 1 + 5 files changed, 27 insertions(+), 20 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 43d69f51..2e34fad6 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.5 +version: 0.9.6 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,5 +18,9 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allow overriding of .Release.Namespace with .Values.namespaceOverride + - kind: fixed + description: Properly quoting the config map values + - kind: fixed + description: Only adding a data field to argocd-image-updater-ssh-config when there's data to be added + - kind: changed + description: Only include config.argocd if config.applicationsAPIKind is set to 'argocd' diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 9233137c..9fd83d92 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -5,7 +5,7 @@ metadata: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- with .Values.config.sshConfig }} data: - {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} - {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 57ef2197..84eb6875 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -8,30 +8,32 @@ metadata: namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} - applications_api: {{ . }} + applications_api: {{ . | quote }} + {{- if eq . "argocd" }} + argocd.grpc_web: {{ $.Values.config.argocd.grpcWeb | quote }} + {{- with $.Values.config.argocd.serverAddress }} + argocd.server_addr: {{ . | quote }} {{- end }} - argocd.grpc_web: {{ .Values.config.argocd.grpcWeb | quote }} - {{- with .Values.config.argocd.serverAddress }} - argocd.server_addr: {{ . }} + argocd.insecure: {{ $.Values.config.argocd.insecure | quote }} + argocd.plaintext: {{ $.Values.config.argocd.plaintext | quote }} + {{- end -}} {{- end }} - argocd.insecure: {{ .Values.config.argocd.insecure | quote }} - argocd.plaintext: {{ .Values.config.argocd.plaintext | quote }} {{- with .Values.config.logLevel }} - log.level: {{ . }} + log.level: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitUser }} - git.user: {{ . }} + git.user: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitMail }} - git.email: {{ . }} + git.email: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitTemplate }} git.commit-message-template: | {{- nindent 4 . }} {{- end }} kube.events: {{ .Values.config.disableKubeEvents | quote }} + {{- with .Values.config.registries }} registries.conf: | - {{- with .Values.config.registries }} - registries: - {{- toYaml . | nindent 6 }} - {{- end }} + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 685b0b89..50d75876 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: @@ -37,7 +37,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index fb5aad1a..7cbbe05b 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -101,6 +101,7 @@ config: applicationsAPIKind: "" # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + # Note: this is only relevant if config.applicationsAPIKind == 'argocd' argocd: # -- Use the gRPC-web protocol to connect to the Argo CD API grpcWeb: true From 8a4c87529520a05a2026bc7ae1bfc743cace8d89 Mon Sep 17 00:00:00 2001 From: amcamina Date: Fri, 22 Mar 2024 17:09:43 +0100 Subject: [PATCH 2/2] feat(argo-rollouts): Allow customizing additional RBAC rules for other providers (#2556) * Allow customizing additional RBAC rules for other providers Signed-off-by: Alvaro.Camina * Changing additionalRules from dict to list Signed-off-by: Alvaro.Camina * Changing additionalRules from dict to list and addressing comment Signed-off-by: Alvaro.Camina * Runing `./scripts/helm-docs.sh` to update the README Signed-off-by: Alvaro.Camina --------- Signed-off-by: Alvaro.Camina Co-authored-by: Alvaro.Camina Co-authored-by: Aikawa Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 1 + .../templates/controller/clusterrole.yaml | 21 +++++++++++-------- charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2db0614d..5d6ccc7d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.3 +version: 2.34.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-rollouts to v1.6.6 + - kind: added + description: Allow customizing additional RBAC rules for other providers diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 3627de83..adf27530 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -60,6 +60,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | | providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole | | providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider | | providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 35fd8215..a60070b3 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -258,23 +258,26 @@ rules: {{- if .Values.providerRBAC.providers.contour }} # Access needed when using the Contour provider - apiGroups: - - projectcontour.io + - projectcontour.io resources: - - httpproxies + - httpproxies verbs: - - get - - list - - watch - - update + - get + - list + - watch + - update {{- end }} {{- if .Values.providerRBAC.providers.glooPlatform }} # Access needed when using the Gloo Platform provider - apiGroups: - - networking.gloo.solo.io + - networking.gloo.solo.io resources: - - routetables + - routetables verbs: - - '*' + - '*' +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 19ab340e..1a4a9ede 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -273,6 +273,8 @@ providerRBAC: contour: true # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` glooPlatform: true + # -- Additional RBAC rules for others providers + additionalRules: [] dashboard: # -- Deploy dashboard server