DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

resolve conflicts

Browse source
This commit is contained in:
mikhail-klimko 2024-01-31 16:45:08 +03:00
commit c57fddf861
74 changed files with 668 additions and 416 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/CODEOWNERS vendored
View file

@ -2,5 +2,5 @@
/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24
/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24
/charts/argo-events/ @pdrastil @jmeridth @tico24
/charts/argo-rollouts/ @jmeridth
/charts/argo-events/ @pdrastil @jmeridth @tico24 @yu-croco
/charts/argo-rollouts/ @jmeridth @yu-croco

18
.github/configs/labeler.yaml vendored
View file

@ -1,17 +1,23 @@
argo-cd:
- charts/argo-cd/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-cd/**
argo-events:
- charts/argo-events/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-events/**
argo-rollouts:
- charts/argo-rollouts/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-rollouts/**
argo-workflows:
- charts/argo-workflows/**/*
- changed-files:
- any-glob-to-any-file: charts/argo-workflows/**
argocd-image-updater:
- charts/argocd-image-updater/**/*
- changed-files:
- any-glob-to-any-file: charts/argocd-image-updater/**
argocd-apps:
- charts/argocd-apps/**/*
- changed-files:
- any-glob-to-any-file: charts/argocd-apps/**

57
.github/workflows/chart-version-bump.yml vendored Normal file
View file

@ -0,0 +1,57 @@
## Used on Renovate PRs to bump the chart version and add a changelog entry
## Reference: https://github.com/stefanzweifel/git-auto-commit-action
## Reference: https://github.com/marketplace/actions/changed-files
name: 'Chart Version Bump and Changelog'
on:
pull_request:
types:
- labeled
permissions:
contents: write
jobs:
helm-bumper:
if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
token: ${{ secrets.PAT }}
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2
with:
files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml
- name: "Bump Version and Changelog"
run: |
chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)"
echo "Changed chart name is: $chartName"
echo "----------------------------------------"
parentDir="charts/${chartName}"
# Bump the chart version by one patch version
version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}')
major=$(echo $version | cut -d. -f1)
minor=$(echo $version | cut -d. -f2)
patch=$(echo $version | cut -d. -f3)
patch=$(expr $patch + 1)
sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml
# Add a changelog entry
appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}')
sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml
echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml
echo " - kind: changed" >> ${parentDir}/Chart.yaml
echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml
cat ${parentDir}/Chart.yaml
- name: "Commit and push changes"
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
with:
commit_options: '--signoff'

2
.github/workflows/lint-and-test.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.9

2
.github/workflows/pr-sizing.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
with:
configuration-path: ".github/configs/labeler.yaml"
repo-token: "${{ secrets.GITHUB_TOKEN }}"

4
.github/workflows/publish.yml vendored
View file

@ -59,9 +59,7 @@ jobs:
PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
- name: Run chart-releaser
# todo: change later to v1.6.0 (also in agro-rollouts chart)
# issue: https://github.com/helm/chart-releaser-action/issues/171
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
config: "./.github/configs/cr.yaml"
skip_packaging: true

2
.github/workflows/scorecard.yml vendored
View file

@ -60,7 +60,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: SARIF file
path: results.sarif

2
.github/workflows/stale.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
pull-requests: write # for actions/stale to close stale PRs
runs-on: ubuntu-latest
steps:
- uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
- uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Number of days of inactivity before an issue becomes stale

2
charts/argo-cd/Chart.yaml
View file

@ -3,7 +3,7 @@ appVersion: v2.9-2024.1.24-ccd7124b3
kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.51.6-8-cap-2.9-2024.1.24-ccd7124b3
version: 5.53.12-cap-2.9-2024.1.24-ccd7124b3
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:

35
charts/argo-cd/README.md
View file

@ -105,6 +105,14 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
### 5.35.0
This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
@ -515,7 +523,7 @@ NAME: my-release
|-----|------|---------|-------------|
| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
| configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
| configs.cm."kustomize.setNamespace.enabled" | bool | `false` | Enable set namespace during kustomize build |
| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
@ -551,6 +559,7 @@ NAME: my-release
| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. |
| configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. |
| configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... |
| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. |
| configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap |
| configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. |
| configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. |
@ -559,6 +568,8 @@ NAME: my-release
| configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret |
| configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password |
| configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` |
| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events |
| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events |
| configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events |
| configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events |
| configs.secret.createSecret | bool | `true` | Create the argocd-secret |
@ -679,6 +690,7 @@ NAME: my-release
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes |
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod |
| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods |
@ -792,10 +804,11 @@ NAME: my-release
| server.env | list | `[]` | Environment variables to pass to Argo CD server |
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
| server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions |
| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions |
| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD |
| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions |
| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image |
| server.extensions.image.tag | string | `"v0.2.1"` | Tag to use for extensions image |
| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image |
| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image |
| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
| server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
@ -946,7 +959,7 @@ server:
| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
| dex.image.tag | string | `"v2.37.0"` | Dex image tag |
| dex.image.tag | string | `"v2.38.0"` | Dex image tag |
| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| dex.initContainers | list | `[]` | Init containers to add to the dex pod |
| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
@ -1028,13 +1041,13 @@ server:
| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.53.0"` | Tag to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter |
| redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar |
| redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server |
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.0.13-alpine"` | Redis tag |
| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.metrics.enabled | bool | `false` | Deploy metrics service |
@ -1093,7 +1106,7 @@ The main options are listed here:
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
@ -1102,8 +1115,8 @@ The main options are listed here:
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
| redis-ha.image.repository | string | `"redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag |
| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
@ -1337,3 +1350,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[EKS EoL]: https://endoflife.date/amazon-eks
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer

12
charts/argo-cd/README.md.gotmpl
View file

@ -104,6 +104,14 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
### 5.35.0
This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
@ -117,7 +125,7 @@ In case the manifests are updated before moving to Argo CD v2.8, the containers
### 5.26.0
This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`.
This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`.
Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics.
To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`.
@ -571,3 +579,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[EKS EoL]: https://endoflife.date/amazon-eks
[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer

14
charts/argo-cd/ci/extension-values.yaml Normal file
View file

@ -0,0 +1,14 @@
# Test Argo CD extension
crds:
keep: false
# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension
server:
extensions:
enabled: true
extensionList:
- name: extension-metrics
env:
- name: EXTENSION_URL
value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt

14
charts/argo-cd/templates/_helpers.tpl
View file

@ -11,7 +11,7 @@ to 63 chars and it includes 10 chars of hash and a separating '-'.
{{/*
Create the name of the controller service account to use
*/}}
{{- define "argo-cd.controllerServiceAccountName" -}}
{{- define "argo-cd.controller.serviceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
@ -40,7 +40,7 @@ Create Dex server endpoint
{{/*
Create the name of the dex service account to use
*/}}
{{- define "argo-cd.dexServiceAccountName" -}}
{{- define "argo-cd.dex.serviceAccountName" -}}
{{- if .Values.dex.serviceAccount.create -}}
{{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
{{- else -}}
@ -78,7 +78,7 @@ Return Redis server endpoint
{{/*
Create the name of the redis service account to use
*/}}
{{- define "argo-cd.redisServiceAccountName" -}}
{{- define "argo-cd.redis.serviceAccountName" -}}
{{- if .Values.redis.serviceAccount.create -}}
{{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
{{- else -}}
@ -96,7 +96,7 @@ Create argocd server name and version as used by the chart label.
{{/*
Create the name of the Argo CD server service account to use
*/}}
{{- define "argo-cd.serverServiceAccountName" -}}
{{- define "argo-cd.server.serviceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
@ -114,7 +114,7 @@ Create argocd repo-server name and version as used by the chart label.
{{/*
Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- define "argo-cd.repoServer.serviceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
@ -132,7 +132,7 @@ Create argocd application set name and version as used by the chart label.
{{/*
Create the name of the application set service account to use
*/}}
{{- define "argo-cd.applicationSetServiceAccountName" -}}
{{- define "argo-cd.applicationSet.serviceAccountName" -}}
{{- if .Values.applicationSet.serviceAccount.create -}}
{{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }}
{{- else -}}
@ -150,7 +150,7 @@ Create argocd notifications name and version as used by the chart label.
{{/*
Create the name of the notifications service account to use
*/}}
{{- define "argo-cd.notificationsServiceAccountName" -}}
{{- define "argo-cd.notifications.serviceAccountName" -}}
{{- if .Values.notifications.serviceAccount.create -}}
{{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }}
{{- else -}}

9
charts/argo-cd/templates/aggregate-roles.yaml
View file

@ -14,9 +14,6 @@ rules:
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- get
@ -39,9 +36,6 @@ rules:
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create
@ -69,9 +63,6 @@ rules:
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create

2
charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
View file

@ -12,6 +12,6 @@ roleRef:
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.controllerServiceAccountName" . }}
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

10
charts/argo-cd/templates/argocd-application-controller/role.yaml
View file

@ -34,4 +34,12 @@ rules:
- events
verbs:
- create
- list
- list
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch

8
charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
View file

@ -1,15 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

14
charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.controllerServiceAccountName" . }}
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.controller.serviceAccount.annotations }}
{{- with .Values.controller.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.controller.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- range $key, $value := .Values.controller.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.controller.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -55,7 +55,7 @@ spec:
{{- if .Values.controller.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
containers:
- args:
- /usr/local/bin/argocd-application-controller

2
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View file

@ -55,7 +55,7 @@ spec:
{{- if .Values.applicationSet.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
containers:
- name: {{ .Values.applicationSet.name }}
image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}

6
charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
name: {{ include "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.applicationSet.fullname" . }}
name: {{ include "argo-cd.applicationSet.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

14
charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.applicationSet.serviceAccount.annotations }}
{{- with .Values.applicationSet.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- range $key, $value := .Values.applicationSet.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.applicationSet.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

6
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -16,7 +16,7 @@ metadata:
{{- end }}
{{- end }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- with .Values.configs.secret.githubSecret }}
@ -34,6 +34,10 @@ data:
{{- with .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ . | b64enc }}
{{- end }}
{{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }}
webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }}
webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }}
{{- end }}
{{- with .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .key | b64enc }}
tls.crt: {{ .crt | b64enc }}

63
charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml
View file

@ -1,63 +0,0 @@
{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.notifications.fullname" . }}-bot
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }}
template:
metadata:
labels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 8 }}
spec:
{{- with .Values.notifications.bots.slack.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsBotsSlackServiceAccountName" . }}
containers:
- name: {{ include "argo-cd.notifications.fullname" . }}-bot
image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }}
command:
- argocd-notifications
- bot
workingDir: /app
ports:
- containerPort: 8080
name: http
resources:
{{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }}
{{- with .Values.notifications.bots.slack.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end }}

2
charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
View file

@ -11,6 +11,6 @@ roleRef:
name: {{ include "argo-cd.notifications.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.notificationsServiceAccountName" . }}
name: {{ include "argo-cd.notifications.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

2
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -54,7 +54,7 @@ spec:
{{- if .Values.notifications.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }}
containers:
- name: {{ .Values.notifications.name }}
image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}

6
charts/argo-cd/templates/argocd-notifications/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
name: {{ include "argo-cd.notifications.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.notifications.fullname" . }}
name: {{ include "argo-cd.notifications.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.notificationsServiceAccountName" . }}
name: {{ include "argo-cd.notifications.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

14
charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.notificationsServiceAccountName" . }}
name: {{ include "argo-cd.notifications.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.notifications.serviceAccount.annotations }}
{{- with .Values.notifications.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.notifications.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- range $key, $value := .Values.notifications.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.notifications.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
View file

@ -12,6 +12,6 @@ roleRef:
name: {{ include "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.repoServerServiceAccountName" . }}
name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

22
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -65,7 +65,7 @@ spec:
{{- if .Values.repoServer.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }}
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
@ -373,14 +373,30 @@ spec:
{{- end }}
{{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
- name: helm-working-dir
{{- if .Values.repoServer.existingVolumes.helmWorkingDir -}}
{{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: plugins
{{- if .Values.repoServer.existingVolumes.plugins -}}
{{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: var-files
{{- if .Values.repoServer.existingVolumes.varFiles -}}
{{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if .Values.repoServer.existingVolumes.tmp -}}
{{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
@ -391,7 +407,11 @@ spec:
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
{{- if .Values.repoServer.existingVolumes.gpgKeyring -}}
{{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls

8
charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.repoServer.fullname" . }}
name: {{ include "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

14
charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.repoServer.serviceAccount.annotations }}
{{- with .Values.repoServer.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
View file

@ -12,6 +12,6 @@ roleRef:
name: {{ include "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.serverServiceAccountName" . }}
name: {{ include "argo-cd.server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

31
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -27,6 +27,9 @@ spec:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
@ -56,7 +59,7 @@ spec:
{{- if .Values.server.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }}
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
@ -357,13 +360,22 @@ spec:
lifecycle:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.server.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }}
initContainers:
{{- with .Values.server.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: argocd-extensions
image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }}
imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
{{- range .Values.server.extensions.extensionList }}
- name: {{ .name }}
image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }}
imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }}
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
{{- with .Values.server.extensions.containerSecurityContext }}
{{- toYaml $.Values.server.extensions.resources | nindent 10 }}
{{- with $.Values.server.extensions.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
@ -372,13 +384,10 @@ spec:
mountPath: /tmp/extensions/
- name: tmp
mountPath: /tmp
env:
{{- toYaml .env | nindent 10 }}
{{- end }}
{{- with .Values.server.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.server.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }}
affinity:

3
charts/argo-cd/templates/argocd-server/role.yaml
View file

@ -27,9 +27,6 @@ rules:
- applicationsets
{{- end }}
- appprojects
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
verbs:
- create
- get

6
charts/argo-cd/templates/argocd-server/rolebinding.yaml
View file

@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
@ -11,5 +11,5 @@ roleRef:
name: {{ template "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
name: {{ include "argo-cd.server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

14
charts/argo-cd/templates/argocd-server/serviceaccount.yaml
View file

@ -3,17 +3,17 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.serverServiceAccountName" . }}
name: {{ include "argo-cd.server.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.server.serviceAccount.annotations }}
{{- with .Values.server.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.server.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- range $key, $value := .Values.server.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.server.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

107
charts/argo-cd/templates/crds/crd-extension.yaml
View file

@ -1,107 +0,0 @@
{{- if and .Values.crds.install .Values.server.extensions.enabled }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
controller-gen.kubebuilder.io/version: v0.4.1
labels:
app.kubernetes.io/name: argocdextensions.argoproj.io
app.kubernetes.io/part-of: argocd
{{- with .Values.crds.additionalLabels }}
{{- toYaml . | nindent 4}}
{{- end }}
name: argocdextensions.argoproj.io
spec:
group: argoproj.io
names:
kind: ArgoCDExtension
listKind: ArgoCDExtensionList
plural: argocdextensions
singular: argocdextension
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ArgoCDExtension is the Schema for the argocdextensions API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension
properties:
sources:
description: Sources specifies where the extension should come from
items:
description: ExtensionSource specifies where the extension should
be sourced from
properties:
git:
description: Git is specified if the extension should be sourced
from a git repository
properties:
revision:
description: Revision specifies the revision of the Repository
to fetch
type: string
url:
description: URL specifies the Git repository URL to fetch
type: string
type: object
web:
description: Web is specified if the extension should be sourced
from a web file
properties:
url:
description: URK specifies the remote file URL
type: string
type: object
type: object
type: array
required:
- sources
type: object
status:
description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension
properties:
conditions:
items:
properties:
message:
description: Message contains human-readable message indicating
details about condition
type: string
status:
description: Boolean status describing if the condition is currently
true
type: string
type:
description: Type is an ArgoCDExtension condition type
type: string
required:
- message
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
{{- end }}

2
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -58,7 +58,7 @@ spec:
{{- if .Values.dex.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }}
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}

8
charts/argo-cd/templates/dex/rolebinding.yaml
View file

@ -2,16 +2,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
name: {{ include "argo-cd.dex.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.dex.fullname" . }}
name: {{ include "argo-cd.dex.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.dexServiceAccountName" . }}
name: {{ include "argo-cd.dex.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

8
charts/argo-cd/templates/dex/serviceaccount.yaml
View file

@ -3,14 +3,14 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.dexServiceAccountName" . }}
name: {{ include "argo-cd.dex.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.dex.serviceAccount.annotations }}
{{- with .Values.dex.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.dex.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
{{- end }}

2
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -51,7 +51,7 @@ spec:
{{- if .Values.redis.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }}
serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }}
containers:
- name: {{ .Values.redis.name }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}

8
charts/argo-cd/templates/redis/serviceaccount.yaml
View file

@ -3,14 +3,14 @@ apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.redisServiceAccountName" . }}
name: {{ include "argo-cd.redis.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- if .Values.redis.serviceAccount.annotations }}
{{- with .Values.redis.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.redis.serviceAccount.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
{{- end }}

71
charts/argo-cd/values.yaml
View file

@ -294,7 +294,7 @@ configs:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# policy.csv |
# policy.csv: |
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow
@ -306,6 +306,9 @@ configs:
# The scope value can be a string, or a list of strings.
scopes: "[groups]"
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
policy.matchMode: "glob"
# GnuPG public keys for commit verification
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
gpg:
@ -519,6 +522,12 @@ configs:
bitbucketUUID: ""
# -- Shared secret for authenticating Gogs webhook events
gogsSecret: ""
## Azure DevOps
azureDevops:
# -- Shared secret username for authenticating Azure DevOps webhook events
username: ""
# -- Shared secret password for authenticating Azure DevOps webhook events
password: ""
# -- add additional secrets to be added to argocd-secret
## Custom secrets. Useful for injecting SSO secrets into environment variables.
@ -939,7 +948,7 @@ dex:
# -- Dex image repository
repository: ghcr.io/dexidp/dex
# -- Dex image tag
tag: v2.37.0
tag: v2.38.0
# -- Dex imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1177,7 +1186,7 @@ redis:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.13-alpine
tag: 7.0.15-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1193,7 +1202,7 @@ redis:
# -- Repository to use for the redis-exporter
repository: public.ecr.aws/bitnami/redis-exporter
# -- Tag to use for the redis-exporter
tag: 1.53.0
tag: 1.57.0
# -- Image pull policy for the redis-exporter
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1398,9 +1407,9 @@ redis-ha:
## Redis image
image:
# -- Redis repository
repository: redis
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.13-alpine
tag: 7.0.15-alpine
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
@ -1408,7 +1417,7 @@ redis-ha:
# -- Repository to use for the redis-exporter
image: public.ecr.aws/bitnami/redis-exporter
# -- Tag to use for the redis-exporter
tag: 1.53.0
tag: 1.57.0
persistentVolume:
# -- Configures persistence on Redis nodes
enabled: false
@ -1577,29 +1586,43 @@ server:
# -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
lifecycle: {}
## Argo UI extensions
## Argo CD extensions
## This function in tech preview stage, do expect instability or breaking changes in newer versions.
## Ref: https://github.com/argoproj-labs/argocd-extensions
## Ref: https://github.com/argoproj-labs/argocd-extension-installer
## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
extensions:
# -- Enable support for Argo UI extensions
# -- Enable support for Argo CD extensions
enabled: false
## Argo UI extensions image
## Argo CD extension installer image
image:
# -- Repository to use for extensions image
repository: "ghcr.io/argoproj-labs/argocd-extensions"
# -- Tag to use for extensions image
tag: "v0.2.1"
# -- Repository to use for extension installer image
repository: "quay.io/argoprojlabs/argocd-extension-installer"
# -- Tag to use for extension installer image
tag: "v0.0.1"
# -- Image pull policy for extensions
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Extensions for Argo CD
# @default -- `[]` (See [values.yaml])
## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
extensionList: []
# - name: extension-metrics
# env:
# - name: EXTENSION_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
# - name: EXTENSION_CHECKSUM_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
# -- Server UI extensions container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
@ -2208,6 +2231,24 @@ repoServer:
# - name: cmp-tmp
# emptyDir: {}
# -- Volumes to be used in replacement of emptydir on default volumes
existingVolumes: {}
# gpgKeyring:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-keyring
# helmWorkingDir:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-workdir
# tmp:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-tmp
# varFiles:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-varfiles
# plugins:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-plugins
# -- Toggle the usage of a ephemeral Helm working directory
useEphemeralHelmWorkingDir: true

6
charts/argo-events/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.8.1
appVersion: v1.9.0
description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events
version: 2.4.1
version: 2.4.2
home: https://github.com/argoproj/argo-helm
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords:
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Upgrade Argo Events to v1.8.1
description: Bump argo-events to v1.9.0

6
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.6.2
appVersion: v1.6.5
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.32.5
version: 2.34.2
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Upgrade Argo Rollouts CRDs to match them mainstream from v1.6.2
description: Bump argo-rollouts to v1.6.5

7
charts/argo-rollouts/README.md
View file

@ -65,6 +65,8 @@ For full list of changes please check ArtifactHub [changelog].
| providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider |
| providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider |
| providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider |
| providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` |
| providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` |
| providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider |
| providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider |
| providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider |
@ -89,6 +91,9 @@ For full list of changes please check ArtifactHub [changelog].
| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod |
| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
| controller.logging.kloglevel | string | `"0"` | Set the klog logging level |
| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller |
| controller.metrics.enabled | bool | `false` | Deploy metrics service |
| controller.metrics.service.annotations | object | `{}` | Service annotations |
@ -149,6 +154,8 @@ For full list of changes please check ArtifactHub [changelog].
| dashboard.ingress.pathType | string | `"Prefix"` | Dashboard ingress path type |
| dashboard.ingress.paths | list | `["/"]` | Dashboard ingress paths |
| dashboard.ingress.tls | list | `[]` | Dashboard ingress tls |
| dashboard.logging.kloglevel | string | `"0"` | Set the klog logging level |
| dashboard.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| dashboard.nodeSelector | object | `{}` | [Node selector] |
| dashboard.pdb.annotations | object | `{}` | Annotations to be added to dashboard [Pod Disruption Budget] |
| dashboard.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the dashboard |

21
charts/argo-rollouts/templates/controller/clusterrole.yaml
View file

@ -255,5 +255,26 @@ rules:
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.contour }}
# Access needed when using the Contour provider
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- list
- watch
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- end }}
{{- end }}

3
charts/argo-rollouts/templates/controller/deployment.yaml
View file

@ -45,6 +45,9 @@ spec:
args:
- --healthzPort={{ .Values.controller.containerPorts.healthz }}
- --metricsport={{ .Values.controller.containerPorts.metrics }}
- "--loglevel={{ .Values.controller.logging.level }}"
- "--logformat={{ .Values.controller.logging.format }}"
- "--kloglevel={{ .Values.controller.logging.kloglevel }}"
{{- if not .Values.clusterInstall }}
- --namespaced
{{- end }}

9
charts/argo-rollouts/templates/controller/role.yaml
View file

@ -256,5 +256,14 @@ rules:
- get
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
resources:
- routetables
verbs:
- '*'
{{- end }}
{{- end }}
{{- end }}

3
charts/argo-rollouts/templates/dashboard/deployment.yaml
View file

@ -45,6 +45,9 @@ spec:
- image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}"
imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }}
args:
- dashboard
- "--loglevel={{ .Values.dashboard.logging.level }}"
- "--kloglevel={{ .Values.dashboard.logging.kloglevel }}"
{{- with .Values.dashboard.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}

16
charts/argo-rollouts/values.yaml
View file

@ -55,6 +55,13 @@ controller:
tolerations: []
# -- Assign custom [affinity] rules to the deployment
affinity: {}
logging:
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
level: info
# -- Set the klog logging level
kloglevel: "0"
# -- Set the logging format (one of: `text`, `json`)
format: "text"
# -- Assign custom [TopologySpreadConstraints] rules to the controller
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
@ -262,6 +269,10 @@ providerRBAC:
traefik: true
# -- Adds RBAC rules for the Apisix provider
apisix: true
# -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md`
contour: true
# -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md`
glooPlatform: true
dashboard:
# -- Deploy dashboard server
@ -280,6 +291,11 @@ dashboard:
tolerations: []
# -- Assign custom [affinity] rules to the deployment
affinity: {}
logging:
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
level: info
# -- Set the klog logging level
kloglevel: "0"
# -- Assign custom [TopologySpreadConstraints] rules to the dashboard server
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

8
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.5.2
appVersion: v3.5.4
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.39.5
version: 0.40.9
icon: https://argoproj.github.io/argo-workflows/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -16,5 +16,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Upgrade Argo Workflows to v3.5.2
- kind: added
description: Add MySQL persistence support explicitly on README

15
charts/argo-workflows/README.md
View file

@ -84,9 +84,12 @@ Please see the upstream [Operator Manual's High Availability page](https://argop
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
### Workflow server authentication
### Argo Workflows server authentication
By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting.
Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means.
Please refer to [Argo Server Auth Mode] for more details.
Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details.
## Values
@ -183,7 +186,7 @@ Fields to note:
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] |
| controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time |
| controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods |
| controller.persistence | object | `{}` | enable persistence using postgres |
| controller.persistence | object | `{}` | enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. |
| controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods |
| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers |
| controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. |
@ -280,6 +283,7 @@ Fields to note:
| server.extraContainers | list | `[]` | Extra containers to be added to the server deployment |
| server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container |
| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment |
| server.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| server.image.registry | string | `"quay.io"` | Registry to use for the server |
| server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server |
| server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. |
@ -326,12 +330,13 @@ Fields to note:
| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret |
| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups |
| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. |
| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider |
| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client |
| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider |
| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers |
| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. |
| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets |
| server.sso.redirectUrl | string | `"https://argo/oauth2/callback"` | |
| server.sso.redirectUrl | string | `""` | |
| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider |
| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) |
| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim |
@ -385,3 +390,5 @@ Fields to note:
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog
[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/
[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/

10
charts/argo-workflows/README.md.gotmpl
View file

@ -84,9 +84,13 @@ Please see the upstream [Operator Manual's High Availability page](https://argop
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
### Workflow server authentication
### Argo Workflows server authentication
Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means.
Please refer to [Argo Server Auth Mode] for more details.
Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details.
By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting.
## Values
@ -204,3 +208,5 @@ Fields to note:
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog
[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/
[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/

2
charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml
View file

@ -83,8 +83,6 @@ rules:
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows

9
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -19,7 +19,7 @@ data:
parallelism: {{ .Values.controller.parallelism }}
{{- end }}
{{- if .Values.controller.resourceRateLimit }}
resourceRateLimit: {{ toYaml .Values.controller.resourceRateLimit | nindent 6 }}
resourceRateLimit: {{- toYaml .Values.controller.resourceRateLimit | nindent 6 }}
{{- end }}
{{- with .Values.controller.namespaceParallelism }}
namespaceParallelism: {{ . }}
@ -141,11 +141,11 @@ data:
clientSecret:
name: {{ .Values.server.sso.clientSecret.name }}
key: {{ .Values.server.sso.clientSecret.key }}
redirectUrl: {{ .Values.server.sso.redirectUrl }}
redirectUrl: {{ .Values.server.sso.redirectUrl | quote }}
rbac:
enabled: {{ .Values.server.sso.rbac.enabled }}
{{- with .Values.server.sso.scopes }}
scopes: {{ toYaml . | nindent 8 }}
scopes: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.sso.issuerAlias }}
issuerAlias: {{ toYaml . }}
@ -162,6 +162,9 @@ data:
{{- with .Values.server.sso.insecureSkipVerify }}
insecureSkipVerify: {{ toYaml . }}
{{- end }}
{{- with .Values.server.sso.filterGroupsRegex }}
filterGroupsRegex: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.workflowRestrictions }}
workflowRestrictions: {{- toYaml . | nindent 6 }}

1
charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -38,6 +38,7 @@ rules:
- workflowtaskresults
verbs:
- create
- patch
- apiGroups:
- argoproj.io
resources:

2
charts/argo-workflows/templates/extra-manifests.yaml
View file

@ -1,6 +1,6 @@
{{ range .Values.extraObjects }}
---
{{- if typeIs "string" . }}
{{ if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}

4
charts/argo-workflows/templates/server/server-deployment.yaml
View file

@ -37,6 +37,10 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.extraInitContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 8 }}

85
charts/argo-workflows/values.yaml
View file

@ -146,7 +146,8 @@ controller:
capabilities:
drop:
- ALL
# -- enable persistence using postgres
# -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available.
## Ref: https://argo-workflows.readthedocs.io/en/latest/workflow-archive/
persistence: {}
# connectionPool:
# maxIdleConns: 100
@ -171,6 +172,17 @@ controller:
# # sslMode must be one of: disable, require, verify-ca, verify-full
# # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq
# sslMode: require
# mysql:
# host: localhost
# port: 3306
# database: argo
# tableName: argo_workflows
# userNameSecret:
# name: argo-mysql-config
# key: username
# passwordSecret:
# name: argo-mysql-config
# key: password
# -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
# Only valid for 2.7+
@ -458,6 +470,12 @@ server:
# -- Service port name
servicePortName: "" # http
# -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
hostAliases: []
# - ip: 10.20.30.40
# hostnames:
# - git.myhostname
serviceAccount:
# -- Create a service account for the server
create: true
@ -675,7 +693,7 @@ server:
# -- Key of a secret to retrieve the app OIDC client secret
key: client-secret
# - The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
redirectUrl: https://argo/oauth2/callback
redirectUrl: ""
rbac:
# -- Adds ServiceAccount Policy to server (Cluster)Role.
enabled: true
@ -701,6 +719,11 @@ server:
userInfoPath: ""
# -- Skip TLS verification for the HTTP client
insecureSkipVerify: false
# -- Filter the groups returned by the OIDC provider
## A logical "OR" is used between each regex in the list
filterGroupsRegex: []
# - ".*argo-wf.*"
# - ".*argo-workflow.*"
# -- Extra containers to be added to the server deployment
extraContainers: []
@ -758,41 +781,41 @@ artifactRepository:
# roleARN:
# useSDKCreds: true
# encryptionOptions:
# enableEncryption: true
# enableEncryption: true
# -- Store artifact in a GCS object store
# @default -- `{}` (See [values.yaml])
gcs: {}
# bucket: <project>-argo
# keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
#
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# bucket: <project>-argo
# keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
# # serviceAccountKeySecret is a secret selector.
# # It references the k8s secret named 'my-gcs-credentials'.
# # This secret is expected to have have the key 'serviceAccountKey',
# # containing the base64 encoded credentials
# # to the bucket.
# #
# # If it's running on GKE and Workload Identity is used,
# # serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# -- Store artifact in Azure Blob Storage
# @default -- `{}` (See [values.yaml])
azure: {}
# endpoint: https://mystorageaccountname.blob.core.windows.net
# container: my-container-name
# blobNameFormat: path/in/container
## accountKeySecret is a secret selector.
## It references the k8s secret named 'my-azure-storage-credentials'.
## This secret is expected to have have the key 'account-access-key',
## containing the base64 encoded credentials to the storage account.
## If a managed identity has been assigned to the machines running the
## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
## then accountKeySecret is not needed, and useSDKCreds should be
## set to true instead:
# useSDKCreds: true
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# endpoint: https://mystorageaccountname.blob.core.windows.net
# container: my-container-name
# blobNameFormat: path/in/container
# # accountKeySecret is a secret selector.
# # It references the k8s secret named 'my-azure-storage-credentials'.
# # This secret is expected to have have the key 'account-access-key',
# # containing the base64 encoded credentials to the storage account.
# # If a managed identity has been assigned to the machines running the
# # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
# # then accountKeySecret is not needed, and useSDKCreds should be
# # set to true instead:
# useSDKCreds: true
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# -- The section of custom artifact repository.
# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)

6
charts/argocd-apps/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-apps
description: A Helm chart for managing additional Argo CD Applications and Projects
type: application
version: 1.4.1
version: 1.6.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -17,5 +17,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: syncOptions for applications
- kind: added
description: ability to specify ignoreApplicationDifferences for applicationsets

2
charts/argocd-apps/README.md
View file

@ -30,7 +30,7 @@ $ helm install my-release argo/argocd-apps
|-----|------|---------|-------------|
| applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release |
| applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release |
| extensions | list | `[]` (See [values.yaml]) | Deploy Argo UI Extensions within this helm release |
| extensions | list | `[]` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. |
| itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release |
| projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release |

4
charts/argocd-apps/ci/applicationsets-values.yaml
View file

@ -13,6 +13,10 @@ applicationsets:
directories:
- path: guestbook
- path: kustomize-*
# Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync
ignoreApplicationDifferences:
- jsonPointers:
- /spec/syncPolicy
template:
metadata:
name: '{{path.basename}}'

12
charts/argocd-apps/ci/extensions-values.yaml
View file

@ -1,12 +0,0 @@
# Test with extensions
extensions:
- name: example
namespace: default
additionalLabels: {}
additionalAnnotations: {}
sources:
- git:
url: https://github.com/argoproj-labs/argocd-example-extension.git
- web:
url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar

4
charts/argocd-apps/templates/applicationsets.yaml
View file

@ -27,6 +27,10 @@ spec:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .strategy }}
{{- with .ignoreApplicationDifferences }}
ignoreApplicationDifferences:
{{- toYaml . | nindent 4 }}
{{- end }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}

6
charts/argocd-apps/values.yaml
View file

@ -106,6 +106,10 @@ applicationsets: []
# directories:
# - path: guestbook
# - path: kustomize-*
# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync
# ignoreApplicationDifferences:
# - jsonPointers:
# - /spec/syncPolicy
# # Progressive Syncs is an experimental feature and it must be explicitly enabled
# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs
# strategy:
@ -219,7 +223,7 @@ itemTemplates: []
# server: '{{`{{cluster}}`}}'
# namespace: guestbook
# -- Deploy Argo UI Extensions within this helm release
# -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info.
# @default -- `[]` (See [values.yaml])
## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary.
## Ref: https://github.com/argoproj-labs/argocd-extensions

4
charts/argocd-image-updater/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.9.1
version: 0.9.3
appVersion: v0.12.2
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Introduce chart signing
description: Support extra K8s manifests

31
charts/argocd-image-updater/README.md
View file

@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd-image-updater argo/argocd-image-updater
```
You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart).
## Prerequisites
@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc
## Configuration options
In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags).
In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page].
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance:
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance:
```yaml
config:
@ -35,12 +35,12 @@ config:
plaintext: true
```
Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so.
### ArgoCD API key
### Argo CD API key
If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
Please also read [Configuration of Container Registries].
```yaml
config:
@ -52,7 +52,7 @@ If you specify a token value the secret will be created.
### Registries
ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]):
- Docker Hub
- Google Container Registry
@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in
- GitHub Container Registry
- GitHub Docker Packages
If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.
@ -74,18 +74,19 @@ The `config.registries` value can be used exactly as it looks in the documentati
| config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) |
| config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API |
| config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. |
| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. |
| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. |
| config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address |
| config.argocd.token | string | `""` | If specified, the secret with ArgoCD API key will be created. |
| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. |
| config.disableKubeEvents | bool | `false` | Disable kubernetes events |
| config.gitCommitMail | string | `""` | E-Mail address to use for Git commits |
| config.gitCommitTemplate | string | `""` | Changing the Git commit message |
| config.gitCommitUser | string | `""` | Username to use for Git commits |
| config.logLevel | string | `"info"` | ArgoCD Image Update log level |
| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
| config.sshConfig | object | `{}` | ArgoCD Image Updater ssh client parameter configuration. |
| config.logLevel | string | `"info"` | Argo CD Image Update log level |
| config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. |
| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry |
| extraEnv | list | `[]` | Extra environment variables for argocd-image-updater |
| extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater |
| fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override |
| image.pullPolicy | string | `"Always"` | Default image pull policy |
| image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository |
@ -125,3 +126,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server
[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags
[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/
[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112

20
charts/argocd-image-updater/README.md.gotmpl
View file

@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd-image-updater argo/argocd-image-updater
```
You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart).
## Prerequisites
@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc
## Configuration options
In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags).
In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page].
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance:
All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance:
```yaml
config:
@ -35,12 +35,12 @@ config:
plaintext: true
```
Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so.
### ArgoCD API key
### Argo CD API key
If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
Please also read [Configuration of Container Registries].
```yaml
config:
@ -52,7 +52,7 @@ If you specify a token value the secret will be created.
### Registries
ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]):
- Docker Hub
- Google Container Registry
@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in
- GitHub Container Registry
- GitHub Docker Packages
If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.
@ -71,3 +71,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server
[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags
[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/
[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112

14
charts/argocd-image-updater/ci/enable-extra-objects-values.yaml Normal file
View file

@ -0,0 +1,14 @@
# Test with extraObjects enabled
# Do not deploy the CRDs as they are already present from the previous test
installCRDs: false
extraObjects:
- apiVersion: v1
kind: Secret
metadata:
name: datadog
type: Opaque
data:
address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com
api-key: dGVzdC1hcGkta2V5Cg== # test-api-key
app-key: dGVzdC1hcHAta2V5Cg== # test-app-key

8
charts/argocd-image-updater/templates/extra-manifests.yaml Normal file
View file

@ -0,0 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

39
charts/argocd-image-updater/values.yaml
View file

@ -42,6 +42,35 @@ extraEnv: []
# - name: AWS_REGION
# value: "us-west-1"
# -- Extra K8s manifests to deploy for argocd-image-updater
## Note: Supports use of custom Helm templates
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argocd-image-updater-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argocd-image-updater"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argocd-image-updater-secrets-store
# type: Opaque
# labels:
# app.kubernetes.io/part-of: argocd
# -- Init containers to add to the image updater pod
initContainers: []
# - name: download-tools
@ -77,9 +106,9 @@ config:
serverAddress: ""
# -- If specified, the certificate of the Argo CD API server is not verified.
insecure: false
# -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.
# -- If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS.
plaintext: false
# -- If specified, the secret with ArgoCD API key will be created.
# -- If specified, the secret with Argo CD API key will be created.
token: ""
# -- Disable kubernetes events
@ -94,10 +123,10 @@ config:
# -- Changing the Git commit message
gitCommitTemplate: ""
# -- ArgoCD Image Update log level
# -- Argo CD Image Update log level
logLevel: "info"
# -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)
# -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)
registries: []
# - name: Docker Hub
# api_url: https://registry-1.docker.io
@ -122,7 +151,7 @@ config:
# credentials: ext:/scripts/auth1.sh
# credsexpire: 10h
# -- ArgoCD Image Updater ssh client parameter configuration.
# -- Argo CD Image Updater ssh client parameter configuration.
sshConfig:
{}
# config: |

91
renovate.json Normal file
View file

@ -0,0 +1,91 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"kubernetes": {
"fileMatch": ["\\.yaml$", "\\.yml$"]
},
"extends": [
"config:base",
"docker:enableMajor"
],
"labels": ["renovate"],
"includePaths": [
"**/charts/argo-workflows/Chart.yaml",
"**/charts/argo-cd/Chart.yaml",
"**/charts/argo-events/Chart.yaml",
"**/charts/argo-rollouts/Chart.yaml",
"**/charts/argocd-image-updater/Chart.yaml"
],
"regexManagers": [
{
"fileMatch": ["charts/argo-workflows/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-workflows",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argo-cd/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-cd",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argo-events/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-events",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argo-rollouts/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj/argo-rollouts",
"datasourceTemplate": "github-releases"
},
{
"fileMatch": ["charts/argocd-image-updater/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj-labs/argocd-image-updater",
"datasourceTemplate": "github-releases"
}
],
"packageRules": [
{
"matchPackagePatterns": ["argoproj/argo-workflows"],
"commitMessagePrefix": "chore(argo-workflows):"
},
{
"matchPackagePatterns": ["argoproj/argo-cd"],
"commitMessagePrefix": "chore(argo-cd):"
},
{
"matchPackagePatterns": ["argoproj/argo-events"],
"commitMessagePrefix": "chore(argo-events):"
},
{
"matchPackagePatterns": ["argoproj/argo-rollouts"],
"commitMessagePrefix": "chore(argo-rollouts):"
},
{
"matchPackagePatterns": ["argoproj-labs/argocd-image-updater"],
"commitMessagePrefix": "chore(argocd-image-updater):"
},
{
"matchPackagePatterns": ["redis-ha"],
"enabled": false
}
]
}