DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into security/catch-all

Browse source 
* main:
  feat(argocd-image-updater): Support extra K8s manifests (#2429)
  docs(argo-workflows): fix wrong `artifactRepository` identations on values.yaml (#2426)
  docs(argo-cd): Fix policy.csv block (#2423)
This commit is contained in:
Petr Drastil 2024-01-18 10:32:39 +01:00
commit b54360fc9d
No known key found for this signature in database
GPG key ID: B147517F4051E6ED
8 changed files with 88 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/argo-cd/values.yaml
View file

@ -291,7 +291,7 @@ configs:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# policy.csv |
# policy.csv: |
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow

6
charts/argo-workflows/Chart.yaml
View file

@ -3,7 +3,7 @@ appVersion: v3.5.4
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.40.6
version: 0.40.7
icon: https://argoproj.github.io/argo-workflows/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -16,5 +16,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Bump argo-workflows to v3.5.4
- kind: fixed
description: Wrong identation in artifactRepository block

58
charts/argo-workflows/values.yaml
View file

@ -769,41 +769,41 @@ artifactRepository:
# roleARN:
# useSDKCreds: true
# encryptionOptions:
# enableEncryption: true
# enableEncryption: true
# -- Store artifact in a GCS object store
# @default -- `{}` (See [values.yaml])
gcs: {}
# bucket: <project>-argo
# keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
#
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# bucket: <project>-argo
# keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
# # serviceAccountKeySecret is a secret selector.
# # It references the k8s secret named 'my-gcs-credentials'.
# # This secret is expected to have have the key 'serviceAccountKey',
# # containing the base64 encoded credentials
# # to the bucket.
# #
# # If it's running on GKE and Workload Identity is used,
# # serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# -- Store artifact in Azure Blob Storage
# @default -- `{}` (See [values.yaml])
azure: {}
# endpoint: https://mystorageaccountname.blob.core.windows.net
# container: my-container-name
# blobNameFormat: path/in/container
## accountKeySecret is a secret selector.
## It references the k8s secret named 'my-azure-storage-credentials'.
## This secret is expected to have have the key 'account-access-key',
## containing the base64 encoded credentials to the storage account.
## If a managed identity has been assigned to the machines running the
## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
## then accountKeySecret is not needed, and useSDKCreds should be
## set to true instead:
# useSDKCreds: true
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# endpoint: https://mystorageaccountname.blob.core.windows.net
# container: my-container-name
# blobNameFormat: path/in/container
# # accountKeySecret is a secret selector.
# # It references the k8s secret named 'my-azure-storage-credentials'.
# # This secret is expected to have have the key 'account-access-key',
# # containing the base64 encoded credentials to the storage account.
# # If a managed identity has been assigned to the machines running the
# # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
# # then accountKeySecret is not needed, and useSDKCreds should be
# # set to true instead:
# useSDKCreds: true
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# -- The section of custom artifact repository.
# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)

8
charts/argocd-image-updater/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.9.2
version: 0.9.3
appVersion: v0.12.2
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -18,7 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Update outdated link on README
- kind: changed
description: Refactor README
- kind: added
description: Support extra K8s manifests

1
charts/argocd-image-updater/README.md
View file

@ -86,6 +86,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. |
| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry |
| extraEnv | list | `[]` | Extra environment variables for argocd-image-updater |
| extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater |
| fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override |
| image.pullPolicy | string | `"Always"` | Default image pull policy |
| image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository |

14
charts/argocd-image-updater/ci/enable-extra-objects-values.yaml Normal file
View file

@ -0,0 +1,14 @@
# Test with extraObjects enabled
# Do not deploy the CRDs as they are already present from the previous test
installCRDs: false
extraObjects:
- apiVersion: v1
kind: Secret
metadata:
name: datadog
type: Opaque
data:
address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com
api-key: dGVzdC1hcGkta2V5Cg== # test-api-key
app-key: dGVzdC1hcHAta2V5Cg== # test-app-key

8
charts/argocd-image-updater/templates/extra-manifests.yaml Normal file
View file

@ -0,0 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

29
charts/argocd-image-updater/values.yaml
View file

@ -42,6 +42,35 @@ extraEnv: []
# - name: AWS_REGION
# value: "us-west-1"
# -- Extra K8s manifests to deploy for argocd-image-updater
## Note: Supports use of custom Helm templates
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argocd-image-updater-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argocd-image-updater"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argocd-image-updater-secrets-store
# type: Opaque
# labels:
# app.kubernetes.io/part-of: argocd
# -- Init containers to add to the image updater pod
initContainers: []
# - name: download-tools