diff --git a/CODEOWNERS b/CODEOWNERS index f35c9b71..bb890183 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -4,7 +4,7 @@ /charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler # Argo CD -/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler +/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler # Argo Events /charts/argo-events @jbehling @VaibhavPage @oliverbaehler diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d3c33558..ed2d87be 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.1.1 +version: 3.2.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d94003d7..6d1430d1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -227,12 +227,14 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.ingress.enabled | Enable an ingress resource for the server | `false` | | server.ingress.hosts | List of ingress hosts | `[]` | | server.ingress.labels | Additional ingress labels. | `{}` | +| server.ingress.ingressClassName | Defines which ingress controller will implement the resource | `""` | | server.ingress.tls | Ingress TLS configuration. | `[]` | | server.ingress.https | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | `false` | | server.ingressGrpc.annotations | Additional ingress annotations for dedicated [gRPC-ingress] | `{}` | | server.ingressGrpc.enabled | Enable an ingress resource for the server for dedicated [gRPC-ingress] | `false` | | server.ingressGrpc.hosts | List of ingress hosts for dedicated [gRPC-ingress] | `[]` | | server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` | +| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` | | server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` | | server.route.enabled | Enable a OpenShift route for the server | `false` | | server.route.hostname | Hostname of OpenShift route | `""` | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 431f9069..9ab07ef4 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -138,4 +138,17 @@ app.kubernetes.io/instance: {{ .context.Release.Name }} {{- if .component }} app.kubernetes.io/component: {{ .component }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* +Return the appropriate apiVersion for ingress +*/}} +{{- define "argo-cd.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 914f1b8a..1f5fc4ea 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -3,11 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} {{- $paths := .Values.server.ingressGrpc.paths -}} {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} +apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: {{- if .Values.server.ingressGrpc.annotations }} @@ -19,41 +15,74 @@ metadata: name: {{ template "argo-cd.server.fullname" . }}-grpc labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.ingressGrpc.labels }} -{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} -{{- end }} + {{- if .Values.server.ingressGrpc.labels }} + {{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} + {{- end }} spec: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} rules: {{- if .Values.server.ingressGrpc.hosts }} - {{- range $host := .Values.server.ingressGrpc.hosts }} + {{- range $host := .Values.server.ingressGrpc.hosts }} - host: {{ $host }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end -}} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} - {{- end -}} + {{- end }} + {{- end -}} + {{- end -}} {{- else }} - http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end -}} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} + {{- end }} + {{- end -}} {{- end -}} {{- if .Values.server.ingressGrpc.tls }} tls: -{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} + {{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index d4e5020f..1bd2c53c 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -3,11 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} {{- $paths := .Values.server.ingress.paths -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} +apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: {{- if .Values.server.ingress.annotations }} @@ -19,41 +15,74 @@ metadata: name: {{ template "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.ingress.labels }} -{{- toYaml .Values.server.ingress.labels | nindent 4 }} -{{- end }} + {{- if .Values.server.ingress.labels }} + {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- end }} spec: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} rules: {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} - host: {{ $host }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} - {{- end -}} + {{- end }} + {{- end -}} + {{- end -}} {{- else }} - http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} - {{- end -}} + {{- end }} + {{- end -}} {{- end -}} {{- if .Values.server.ingress.tls }} tls: -{{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- toYaml .Values.server.ingress.tls | nindent 4 }} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index bb235eec..71707f09 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.dex.serviceAccount.create }} +{{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1b7c2682..32e244ab 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -493,6 +493,7 @@ server: enabled: false annotations: {} labels: {} + ingressClassName: "" ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. @@ -521,6 +522,7 @@ server: enabled: false annotations: {} labels: {} + ingressClassName: "" ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 8830c053..1f138c3c 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.2.5 +version: 1.3.2 keywords: - argo-events - sensor-controller diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml index d6de39d2..56721159 100644 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ b/charts/argo-events/templates/argo-events-roles.yaml @@ -49,10 +49,13 @@ rules: - workflowtemplates/finalizers - sensors - sensors/finalizers + - sensors/status - eventsources - eventsources/finalizers + - eventsources/status - eventbus - eventbus/finalizers + - eventbus/status - apiGroups: - "" resources: diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml index dd734a88..900daf41 100644 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml @@ -18,6 +18,9 @@ spec: labels: app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} release: {{ .Release.Name }} + {{- with .Values.eventbusController.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ .Values.serviceAccount }} containers: diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml index 95e7e83a..9fcd1eaf 100644 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml @@ -18,6 +18,9 @@ spec: labels: app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} release: {{ .Release.Name }} + {{- with .Values.eventsourceController.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ .Values.serviceAccount }} containers: diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml index 214ee2bb..371fe82f 100644 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ b/charts/argo-events/templates/sensor-controller-deployment.yaml @@ -18,6 +18,9 @@ spec: labels: app: {{ .Release.Name }}-{{ .Values.sensorController.name }} release: {{ .Release.Name }} + {{- with .Values.sensorController.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ .Values.serviceAccount }} containers: diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 95a2b7d9..8aa83e6a 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -51,6 +51,7 @@ sensorController: tag: v1.2.3 replicaCount: 1 sensorImage: sensor + podAnnotations: {} nodeSelector: {} tolerations: {} affinity: {} @@ -61,6 +62,7 @@ eventsourceController: tag: v1.2.3 replicaCount: 1 eventsourceImage: eventsource + podAnnotations: {} nodeSelector: {} tolerations: {} affinity: {} @@ -70,6 +72,7 @@ eventbusController: image: eventbus-controller tag: v1.2.3 replicaCount: 1 + podAnnotations: {} nodeSelector: {} tolerations: {} affinity: {} diff --git a/charts/argo-applicationset/.helmignore b/charts/argocd-applicationset/.helmignore similarity index 100% rename from charts/argo-applicationset/.helmignore rename to charts/argocd-applicationset/.helmignore diff --git a/charts/argo-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml similarity index 95% rename from charts/argo-applicationset/Chart.yaml rename to charts/argocd-applicationset/Chart.yaml index c467c3c6..ebb5ee1c 100644 --- a/charts/argo-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.2 +version: 0.1.3 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argo-applicationset/README.md b/charts/argocd-applicationset/README.md similarity index 98% rename from charts/argo-applicationset/README.md rename to charts/argocd-applicationset/README.md index 316bd8ce..b200d9cf 100644 --- a/charts/argo-applicationset/README.md +++ b/charts/argocd-applicationset/README.md @@ -18,7 +18,7 @@ To install the chart with the release name `my-release`: $ helm repo add argo https://argoproj.github.io/argo-helm "argo" has been added to your repositories -$ helm install --name my-release argo/argo-applicationset +$ helm install --name my-release argo/argocd-applicationset NAME: my-release ... ``` @@ -61,7 +61,7 @@ ct install --namespace argocd | mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume | | mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume | | mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` | -| nameOverride | string | `""` | Provide a name in place of `argo-applicationset` | +| nameOverride | string | `""` | Provide a name in place of `argocd-applicationset` | | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | | podAnnotations | object | `{}` | Annotations for the controller pods | | podSecurityContext | object | `{}` | Pod Security Context | diff --git a/charts/argo-applicationset/ci/default-values.yaml b/charts/argocd-applicationset/ci/default-values.yaml similarity index 100% rename from charts/argo-applicationset/ci/default-values.yaml rename to charts/argocd-applicationset/ci/default-values.yaml diff --git a/charts/argo-applicationset/ci/leader-election-values.yaml b/charts/argocd-applicationset/ci/leader-election-values.yaml similarity index 100% rename from charts/argo-applicationset/ci/leader-election-values.yaml rename to charts/argocd-applicationset/ci/leader-election-values.yaml diff --git a/charts/argo-applicationset/crds/crd-applicationset.yaml b/charts/argocd-applicationset/crds/crd-applicationset.yaml similarity index 100% rename from charts/argo-applicationset/crds/crd-applicationset.yaml rename to charts/argocd-applicationset/crds/crd-applicationset.yaml diff --git a/charts/argo-applicationset/templates/_helpers.tpl b/charts/argocd-applicationset/templates/_helpers.tpl similarity index 100% rename from charts/argo-applicationset/templates/_helpers.tpl rename to charts/argocd-applicationset/templates/_helpers.tpl diff --git a/charts/argo-applicationset/templates/crds.yaml b/charts/argocd-applicationset/templates/crds.yaml similarity index 100% rename from charts/argo-applicationset/templates/crds.yaml rename to charts/argocd-applicationset/templates/crds.yaml diff --git a/charts/argo-applicationset/templates/deployment.yaml b/charts/argocd-applicationset/templates/deployment.yaml similarity index 100% rename from charts/argo-applicationset/templates/deployment.yaml rename to charts/argocd-applicationset/templates/deployment.yaml diff --git a/charts/argo-applicationset/templates/psp.yaml b/charts/argocd-applicationset/templates/psp.yaml similarity index 100% rename from charts/argo-applicationset/templates/psp.yaml rename to charts/argocd-applicationset/templates/psp.yaml diff --git a/charts/argo-applicationset/templates/rbac.yaml b/charts/argocd-applicationset/templates/rbac.yaml similarity index 100% rename from charts/argo-applicationset/templates/rbac.yaml rename to charts/argocd-applicationset/templates/rbac.yaml diff --git a/charts/argo-applicationset/templates/serviceaccount.yaml b/charts/argocd-applicationset/templates/serviceaccount.yaml similarity index 100% rename from charts/argo-applicationset/templates/serviceaccount.yaml rename to charts/argocd-applicationset/templates/serviceaccount.yaml diff --git a/charts/argo-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml similarity index 100% rename from charts/argo-applicationset/values.yaml rename to charts/argocd-applicationset/values.yaml diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 2d1ada91..881c18ae 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.1.1 +version: 1.1.2 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argocd-notifications/templates/deployment.yaml b/charts/argocd-notifications/templates/deployment.yaml index bc6948d3..0e18f698 100644 --- a/charts/argocd-notifications/templates/deployment.yaml +++ b/charts/argocd-notifications/templates/deployment.yaml @@ -26,8 +26,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argocd-notifications.serviceAccountName" . }} - securityContext: - runAsNonRoot: true + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 8 }} + {{- end }} containers: - name: {{ include "argocd-notifications.name" . }}-controller image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -51,6 +52,9 @@ spec: name: metrics protocol: TCP {{- end }} + {{- if .Values.containerSecurityContext }} + securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- end }} {{- with .Values.extraEnv }} env: {{ toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index 35cce8df..0a27e643 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -65,6 +65,13 @@ notifiers: podAnnotations: {} +## Pod Security Context +securityContext: + runAsNonRoot: true + +## Container Security Context +containerSecurityContext: {} + resources: {} # limits: # cpu: 100m