DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into align-permission

Browse source
This commit is contained in:
yu-croco 2024-08-10 20:37:11 +09:00
commit c1cc19ce69
22 changed files with 311 additions and 187 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/lint-and-test.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: 3.9

2
.github/workflows/publish.yml vendored
View file

@ -66,7 +66,7 @@ jobs:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Login to GHCR
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}

4
.github/workflows/renovate.yaml vendored
View file

@ -26,11 +26,11 @@ jobs:
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Self-hosted Renovate
uses: renovatebot/github-action@042670e39b8d7335e992c3fa526ecbfbd52ef57b # v40.2.2
uses: renovatebot/github-action@0c94129d48b4e92addf23686b8a735b3057a0448 # v40.2.5
with:
configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 37.421.4
renovate-version: 38.18.0
token: '${{ steps.get_token.outputs.token }}'
env:
LOG_LEVEL: 'debug'

6
.github/workflows/scorecard.yml vendored
View file

@ -38,7 +38,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
@ -60,7 +60,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: SARIF file
path: results.sarif
@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
with:
sarif_file: results.sarif

8
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.11.4
kubeVersion: ">=1.23.0-0"
appVersion: v2.12.0
kubeVersion: ">=1.25.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 7.3.6
version: 7.4.2
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -27,4 +27,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Address inconsistent redis-secret-init ServiceAccount handling
description: Fix Redis race condition due to optional REDIS_PASSWORD

27
charts/argo-cd/README.md
View file

@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 7.0.0
We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
If you used the value, please migrate like below.
```yaml
# before
configs:
clusterCredentials:
- mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
# after
configs:
clusterCredentials:
mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
```
### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
@ -622,7 +647,7 @@ server:
## Prerequisites
- Kubernetes: `>=1.23.0-0`
- Kubernetes: `>=1.25.0-0`
- We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach.
- Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info.
- Helm v3.0.0+

25
charts/argo-cd/README.md.gotmpl
View file

@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 7.0.0
We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
If you used the value, please migrate like below.
```yaml
# before
configs:
clusterCredentials:
- mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
# after
configs:
clusterCredentials:
mycluster:
server: https://mycluster.example.com
labels: {}
annotations: {}
# ...
```
### 6.10.0
This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.

14
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -208,10 +208,22 @@ spec:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}
optional: true
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-username
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-sentinel-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:

2
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -205,9 +205,9 @@ spec:
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
optional: true
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}

2
charts/argo-cd/templates/argocd-applicationset/role.yaml
View file

@ -34,6 +34,8 @@ rules:
- appprojects
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:

8
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -182,9 +182,9 @@ spec:
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
optional: true
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}
@ -290,6 +290,12 @@ spec:
key: reposerver.revision.cache.lock.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
valueFrom:
configMapKeyRef:
key: reposerver.include.hidden.directories
name: argocd-cmd-params-cm
optional: true
{{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
- name: HELM_CACHE_HOME
value: /helm-working-dir

2
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -250,9 +250,9 @@ spec:
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
optional: true
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}

271
charts/argo-cd/templates/crds/crd-application.yaml
View file

@ -39,20 +39,29 @@ spec:
name: Revision
priority: 10
type: string
- jsonPath: .spec.project
name: Project
priority: 10
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Application is a definition of Application resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@ -150,22 +159,21 @@ spec:
type: object
type: array
revision:
description: Revision is the revision (Git) or chart version (Helm)
which to sync the application to If omitted, will use the revision
specified in app spec.
description: |-
Revision is the revision (Git) or chart version (Helm) which to sync the application to
If omitted, will use the revision specified in app spec.
type: string
revisions:
description: Revisions is the list of revision (Git) or chart
version (Helm) which to sync each source in sources field for
the application to If omitted, will use the revision specified
in app spec.
description: |-
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
If omitted, will use the revision specified in app spec.
items:
type: string
type: array
source:
description: Source overrides the source definition set in the
application. This is typically set in a Rollback operation and
is nil during a Sync operation
description: |-
Source overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name, and must be specified
@ -486,18 +494,18 @@ spec:
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be
commit, tag, or branch. If omitted, will equal to HEAD.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
type: object
sources:
description: Sources overrides the source definition set in the
application. This is typically set in a Rollback operation and
is nil during a Sync operation
description: |-
Sources overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
items:
description: ApplicationSource contains all required information
about the source of an application
@ -825,11 +833,10 @@ spec:
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -848,10 +855,10 @@ spec:
the sync.
properties:
force:
description: Force indicates whether or not to supply
the --force flag to `kubectl apply`. The --force flag
deletes and re-create the resource, when PATCH encounters
conflict and has retried for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
hook:
@ -859,10 +866,10 @@ spec:
perform the sync. This is the default strategy
properties:
force:
description: Force indicates whether or not to supply
the --force flag to `kubectl apply`. The --force flag
deletes and re-create the resource, when PATCH encounters
conflict and has retried for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
type: object
@ -883,9 +890,9 @@ spec:
not set.
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
description: |-
Namespace specifies the target namespace for the application's resources.
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster's
@ -914,10 +921,9 @@ spec:
kind:
type: string
managedFieldsManagers:
description: ManagedFieldsManagers is a list of trusted managers.
Fields mutated by those managers will take precedence over
the desired state defined in the SCM and won't be displayed
in diffs
description: |-
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
desired state defined in the SCM and won't be displayed in diffs
items:
type: string
type: array
@ -944,18 +950,17 @@ spec:
type: object
type: array
project:
description: Project is a reference to the project this application
belongs to. The empty string means that application belongs to the
'default' project.
description: |-
Project is a reference to the project this application belongs to.
The empty string means that application belongs to the 'default' project.
type: string
revisionHistoryLimit:
description: RevisionHistoryLimit limits the number of items kept
in the application's revision history, which is used for informational
purposes as well as for rollbacks to previous versions. This should
only be changed in exceptional circumstances. Setting to zero will
store no history. This will reduce storage used. Increasing will
increase the space used to store the history, so we do not recommend
increasing it. Default is 10.
description: |-
RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
This should only be changed in exceptional circumstances.
Setting to zero will store no history. This will reduce storage used.
Increasing will increase the space used to store the history, so we do not recommend increasing it.
Default is 10.
format: int64
type: integer
source:
@ -1274,10 +1279,10 @@ spec:
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be commit,
tag, or branch. If omitted, will equal to HEAD. In case of Helm,
this is a semver tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -1606,10 +1611,10 @@ spec:
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to sync the application to. In case of Git, this can be commit,
tag, or branch. If omitted, will equal to HEAD. In case of
Helm, this is a semver tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -2102,11 +2107,10 @@ spec:
Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -2448,11 +2452,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -2464,9 +2467,9 @@ spec:
type: object
type: array
observedAt:
description: 'ObservedAt indicates when the application state was
updated without querying latest git state Deprecated: controller
no longer updates ObservedAt field'
description: |-
ObservedAt indicates when the application state was updated without querying latest git state
Deprecated: controller no longer updates ObservedAt field
format: date-time
type: string
operationState:
@ -2579,22 +2582,21 @@ spec:
type: object
type: array
revision:
description: Revision is the revision (Git) or chart version
(Helm) which to sync the application to If omitted,
will use the revision specified in app spec.
description: |-
Revision is the revision (Git) or chart version (Helm) which to sync the application to
If omitted, will use the revision specified in app spec.
type: string
revisions:
description: Revisions is the list of revision (Git) or
chart version (Helm) which to sync each source in sources
field for the application to If omitted, will use the
revision specified in app spec.
description: |-
Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
If omitted, will use the revision specified in app spec.
items:
type: string
type: array
source:
description: Source overrides the source definition set
in the application. This is typically set in a Rollback
operation and is nil during a Sync operation
description: |-
Source overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name, and must
@ -2937,19 +2939,18 @@ spec:
(Git or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to sync the application to. In case of
Git, this can be commit, tag, or branch. If omitted,
will equal to HEAD. In case of Helm, this is a semver
tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
type: object
sources:
description: Sources overrides the source definition set
in the application. This is typically set in a Rollback
operation and is nil during a Sync operation
description: |-
Sources overrides the source definition set in the application.
This is typically set in a Rollback operation and is nil during a Sync operation
items:
description: ApplicationSource contains all required
information about the source of an application
@ -3300,11 +3301,10 @@ spec:
(Git or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision
of the source to sync the application to. In case
of Git, this can be commit, tag, or branch. If
omitted, will equal to HEAD. In case of Helm,
this is a semver tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -3325,11 +3325,10 @@ spec:
to perform the sync.
properties:
force:
description: Force indicates whether or not to
supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource,
when PATCH encounters conflict and has retried
for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
hook:
@ -3337,11 +3336,10 @@ spec:
to perform the sync. This is the default strategy
properties:
force:
description: Force indicates whether or not to
supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource,
when PATCH encounters conflict and has retried
for 5 times.
description: |-
Force indicates whether or not to supply the --force flag to `kubectl apply`.
The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
retried for 5 times.
type: boolean
type: object
type: object
@ -3385,9 +3383,9 @@ spec:
description: Group specifies the API group of the resource
type: string
hookPhase:
description: HookPhase contains the state of any operation
associated with this resource OR hook This can also
contain values for non-hook resources.
description: |-
HookPhase contains the state of any operation associated with this resource OR hook
This can also contain values for non-hook resources.
type: string
hookType:
description: HookType specifies the type of the hook.
@ -3772,11 +3770,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -4127,11 +4124,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to sync the application to. In case of
Git, this can be commit, tag, or branch. If omitted,
will equal to HEAD. In case of Helm, this is a semver
tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -4158,8 +4154,9 @@ spec:
description: Resources is a list of Kubernetes resources managed by
this application
items:
description: 'ResourceStatus holds the current sync and health status
of a resource TODO: describe members of this type'
description: |-
ResourceStatus holds the current sync and health status of a resource
TODO: describe members of this type
properties:
group:
type: string
@ -4242,10 +4239,9 @@ spec:
if Server is not set.
type: string
namespace:
description: Namespace specifies the target namespace
for the application's resources. The namespace will
only be set for namespace-scoped resources that have
not set a value for .metadata.namespace
description: |-
Namespace specifies the target namespace for the application's resources.
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster's
@ -4274,10 +4270,9 @@ spec:
kind:
type: string
managedFieldsManagers:
description: ManagedFieldsManagers is a list of trusted
managers. Fields mutated by those managers will take
precedence over the desired state defined in the SCM
and won't be displayed in diffs
description: |-
ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
desired state defined in the SCM and won't be displayed in diffs
items:
type: string
type: array
@ -4623,11 +4618,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the
source to sync the application to. In case of Git, this
can be commit, tag, or branch. If omitted, will equal
to HEAD. In case of Helm, this is a semver tag for the
Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL
@ -4978,11 +4972,10 @@ spec:
or Helm) that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to sync the application to. In case of
Git, this can be commit, tag, or branch. If omitted,
will equal to HEAD. In case of Helm, this is a semver
tag for the Chart's version.
description: |-
TargetRevision defines the revision of the source to sync the application to.
In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
In case of Helm, this is a semver tag for the Chart's version.
type: string
required:
- repoURL

45
charts/argo-cd/templates/crds/crd-applicationset.yaml
View file

@ -72,6 +72,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
name:
type: string
requeueAfterSeconds:
@ -668,6 +669,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
template:
properties:
metadata:
@ -2430,6 +2432,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
name:
type: string
requeueAfterSeconds:
@ -3026,6 +3029,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
template:
properties:
metadata:
@ -6891,6 +6895,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type: array
template:
@ -7487,6 +7492,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
name:
type: string
requeueAfterSeconds:
@ -8083,6 +8089,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
template:
properties:
metadata:
@ -11948,6 +11955,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type: array
mergeKeys:
@ -14648,6 +14656,7 @@ spec:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type: array
goTemplate:
@ -15306,11 +15315,16 @@ spec:
type: string
step:
type: string
targetRevisions:
items:
type: string
type: array
required:
- application
- message
- status
- step
- targetRevisions
type: object
type: array
conditions:
@ -15334,6 +15348,37 @@ spec:
- type
type: object
type: array
resources:
items:
properties:
group:
type: string
health:
properties:
message:
type: string
status:
type: string
type: object
hook:
type: boolean
kind:
type: string
name:
type: string
namespace:
type: string
requiresPruning:
type: boolean
status:
type: string
syncWave:
format: int64
type: integer
version:
type: string
type: object
type: array
type: object
required:
- metadata

60
charts/argo-cd/templates/crds/crd-project.yaml
View file

@ -31,22 +31,28 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what
may be deployed (repository whitelist, resource whitelist/blacklist) * who
can access these applications (roles, OIDC group claims bindings) * and
what they can do (RBAC policies) * automation access to these roles (JWT
tokens)'
description: |-
AppProject provides a logical grouping of applications, providing controls for:
* where the apps may deploy to (cluster whitelist)
* what may be deployed (repository whitelist, resource whitelist/blacklist)
* who can access these applications (roles, OIDC group claims bindings)
* and what they can do (RBAC policies)
* automation access to these roles (JWT tokens)
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@ -57,9 +63,9 @@ spec:
description: ClusterResourceBlacklist contains list of blacklisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -74,9 +80,9 @@ spec:
description: ClusterResourceWhitelist contains list of whitelisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -103,9 +109,9 @@ spec:
not set.
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
description: |-
Namespace specifies the target namespace for the application's resources.
The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster's
@ -118,9 +124,9 @@ spec:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -135,9 +141,9 @@ spec:
description: NamespaceResourceWhitelist contains list of whitelisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: |-
GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
concepts during lookup stages without having partially valid types
properties:
group:
type: string

1
charts/argo-cd/templates/redis-secret-init/job.yaml
View file

@ -13,6 +13,7 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
spec:
ttlSecondsAfterFinished: 60
template:
metadata:
labels:

2
charts/argo-rollouts/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v1.7.1
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.37.3
version: 2.37.4
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:

1
charts/argo-rollouts/README.md
View file

@ -57,6 +57,7 @@ For full list of changes please check ArtifactHub [changelog].
| keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
| nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template |
| notifications.configmap.create | bool | `true` | Whether to create notifications configmap |
| notifications.notifiers | object | `{}` | Configures notification services |
| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret |
| notifications.secret.create | bool | `false` | Whether to create notifications secret |

2
charts/argo-rollouts/templates/controller/notifcations-configmap.yaml → charts/argo-rollouts/templates/controller/notifications-configmap.yaml
View file

@ -1,3 +1,4 @@
{{ if .Values.notifications.configmap.create }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -20,3 +21,4 @@ data:
subscriptions: |
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

4
charts/argo-rollouts/values.yaml
View file

@ -449,6 +449,10 @@ dashboard:
volumeMounts: []
notifications:
configmap:
# -- Whether to create notifications configmap
create: true
secret:
# -- Whether to create notifications secret
create: false

6
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.5.8
appVersion: v3.5.10
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.41.11
version: 0.41.14
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -17,4 +17,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Add `app:` label to components to match upstream
description: Avoid empty namespace in role binding when singleNamespace is true

4
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -17,7 +17,9 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
namespace: {{ $namespace }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}