From 687392688fdbc28eb0813b083e3e63771d138c5a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 07:35:42 -0500 Subject: [PATCH 01/29] chore(deps): update renovatebot/github-action action to v40.2.8 (#2912) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0bb3233e..f1250bcc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7 + uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From a344d64fbdb584b40fce03b8c1cf7e05034b866d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20Reegn?= Date: Tue, 10 Sep 2024 23:55:38 +0200 Subject: [PATCH 02/29] fix(argocd-apps): don't render empty app description (#2911) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(argocd-apps): don't render empty app description Signed-off-by: Zoltán Reegn * chore: Apply suggestions from code review Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: Zoltán Reegn Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/templates/projects.yaml | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 397e9db6..f6cc3443 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 2.0.0 +version: 2.0.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: make the chart use maps instead of lists + - kind: fixed + description: not rendering empty app description diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index 34a865ea..d6032636 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -25,7 +25,9 @@ spec: {{- with $projectData.permitOnlyProjectScopedClusters }} permitOnlyProjectScopedClusters: {{ . }} {{- end }} - description: {{ $projectData.description }} + {{- with $projectData.description }} + description: {{ . }} + {{- end }} {{- with $projectData.sourceRepos }} sourceRepos: {{- toYaml . | nindent 4 }} From 7c8bbd62e84c48c70368d9491493ed6b5018472c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 10:57:30 +0900 Subject: [PATCH 03/29] chore(deps): update actions/create-github-app-token action to v1.11.0 (#2918) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f1250bcc..5c90efbc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From e718e4665175c79ce5a50a6c8bd49b2bb9188ffe Mon Sep 17 00:00:00 2001 From: venegator Date: Fri, 13 Sep 2024 16:01:59 +0200 Subject: [PATCH 04/29] feat(argo-workflows): Add honorLabels parameter to Argo Workflows ServiceMonitor (#2920) * Update workflow-controller-servicemonitor.yaml Signed-off-by: venegator * Update values.yaml Signed-off-by: venegator * Update Chart.yaml Signed-off-by: venegator * Update README.md Signed-off-by: venegator * Update charts/argo-workflows/Chart.yaml Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com> Signed-off-by: venegator * Update workflow-controller-servicemonitor.yaml Signed-off-by: venegator --------- Signed-off-by: venegator Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-servicemonitor.yaml | 2 ++ charts/argo-workflows/values.yaml | 3 +++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 8b242c4f..30ff622d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.1 +version: 0.42.2 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add loadBalancerClass field for Service resources + description: add honorLabels config for ServiceMonitor resource diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index deec1649..43e86677 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -175,6 +175,7 @@ Fields to note: | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | +| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 1695f96d..01844a87 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -24,6 +24,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry @@ -37,6 +38,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- with .Values.controller.metricsConfig.targetLabels }} targetLabels: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 5c2a674d..aa6e86b1 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -143,6 +143,9 @@ controller: servicePortName: metrics # -- Flag to enable headless service headlessService: false + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels + honorLabels: false # -- ServiceMonitor relabel configs to apply to samples before scraping ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] From 97acfc9360155a7f5aea4a5c5e6ab6b7dabb20c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Sep 2024 07:50:42 -0500 Subject: [PATCH 05/29] chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 in the dependencies group (#2921) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8c948600..b94e76ce 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From b33b3dbd3066a03c5aa8def211b4303f74de6477 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 19:02:55 +0900 Subject: [PATCH 06/29] chore(deps): update renovatebot/github-action action to v40.2.9 (#2924) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 5c90efbc..526f897a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 + uses: renovatebot/github-action@17973eff4f1b66dc88786ea5490d902aaa274cbf # v40.2.9 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 2e05c8b57b9e51bf27928cee723cf8116de38403 Mon Sep 17 00:00:00 2001 From: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> Date: Mon, 16 Sep 2024 15:37:59 +0200 Subject: [PATCH 07/29] docs(argo-rollouts): add more description for notification secret creation (#2922) * docs(argo-rollouts): add more description for secret creation Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): bump chart version Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): fix lint Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): change reference to controller Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): fix readme Signed-off-by: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> --------- Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> Signed-off-by: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 2 +- charts/argo-rollouts/values.yaml | 3 ++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 39dd385a..44abcb53 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.6 +version: 2.37.7 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: add loadBalancerClass field for Service resources + - kind: added + description: add description for manual secret creation diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 724a6b82..126a1dcd 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -60,7 +60,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.configmap.create | bool | `true` | Whether to create notifications configmap | | notifications.notifiers | object | `{}` | Configures notification services | | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | -| notifications.secret.create | bool | `false` | Whether to create notifications secret | +| notifications.secret.create | bool | `false` | Whether to create notifications secret. | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e78aa2bb..b6b5821c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -456,7 +456,8 @@ notifications: create: true secret: - # -- Whether to create notifications secret + # -- Whether to create notifications secret. + ## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}". create: false # -- Generic key:value pairs to be inserted into the notifications secret items: {} From 8096751c175f6a5250bda64dc86d4de1e56b2e50 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 06:04:30 -0500 Subject: [PATCH 08/29] chore(deps): update renovatebot/github-action action to v40.2.10 (#2925) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 526f897a..077a96f4 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@17973eff4f1b66dc88786ea5490d902aaa274cbf # v40.2.9 + uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 8adc2939a26ce3c0e0cdcaaaddcca91e71859d5d Mon Sep 17 00:00:00 2001 From: Neile Havens Date: Thu, 19 Sep 2024 19:09:54 -0500 Subject: [PATCH 09/29] fix(argo-events): Fix events-webhook Service using non-default port (#2929) Resolves #2926 Signed-off-by: Neile Havens --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/templates/argo-events-webhook/service.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index aae23442..dc6af9ac 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.2 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.7 +version: 2.4.8 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update Jetstream versions as following upstream + description: events-webhook Service using non-default port diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index e1f2b2ee..797ceb43 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: ports: - - port: 443 + - port: {{ int .Values.webhook.port }} targetPort: webhook selector: {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }} From 133e70a9ea9c9db4e86df35621a6fcdc4847ad5a Mon Sep 17 00:00:00 2001 From: d3adb5 Date: Fri, 20 Sep 2024 00:59:01 -0700 Subject: [PATCH 10/29] feat(argo-cd): allow setting runtime class name (#2930) Allow chart users to set a runtime class name for all Argo CD components. Signed-off-by: d3adb5 --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 8 +++++ .../deployment.yaml | 3 ++ .../statefulset.yaml | 3 ++ .../argocd-applicationset/deployment.yaml | 3 ++ .../argocd-notifications/deployment.yaml | 3 ++ .../argocd-repo-server/deployment.yaml | 3 ++ .../templates/argocd-server/deployment.yaml | 3 ++ charts/argo-cd/templates/dex/deployment.yaml | 3 ++ .../argo-cd/templates/redis/deployment.yaml | 3 ++ charts/argo-cd/values.yaml | 31 +++++++++++++++++++ 11 files changed, 66 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index febb1e67..210bbc7b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.5.2 +version: 7.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Certificate template was wrong leading to null + - kind: added + description: Ability to set runtime class for all components diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8b0cb174..5ed80a40 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -713,6 +713,7 @@ NAME: my-release | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | | global.tolerations | list | `[]` | Default tolerations for all components | @@ -856,6 +857,7 @@ NAME: my-release | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -950,6 +952,7 @@ NAME: my-release | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.replicas | int | `1` | The number of repo server pods to run | | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | @@ -1103,6 +1106,7 @@ NAME: my-release | server.route.hostname | string | `""` | Hostname of OpenShift Route | | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | @@ -1210,6 +1214,7 @@ NAME: my-release | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | dex.serviceAccount.create | bool | `true` | Create dex service account | @@ -1308,6 +1313,7 @@ NAME: my-release | redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | | redis.service.labels | object | `{}` | Additional redis service labels | @@ -1500,6 +1506,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | @@ -1583,6 +1590,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 3938c25d..32205efd 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 4fb49bee..3c644c69 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -37,6 +37,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 060d20c5..9af597b2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 0f6ad38b..85d58e2b 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 500b2e44..9a15e596 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -47,6 +47,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f20f2af0..f015c847 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -41,6 +41,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index bc9b4530..fa11aef6 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -43,6 +43,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 76e1b00a..65581665 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- end }} {{- end }} spec: + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 08a26b8b..8e1b8c39 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -44,6 +44,9 @@ global: ## Used for ingresses, certificates, SSO, notifications, etc. domain: argocd.example.com + # -- Runtime class name for all components + runtimeClassName: "" + # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -619,6 +622,10 @@ controller: ## like round-robin, then the shards will be well-balanced. dynamicClusterDistribution: false + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + # -- Application controller heartbeat time # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution heartbeatTime: 10 @@ -919,6 +926,10 @@ dex: # -- Additional command line arguments to pass to the Dex server extraArgs: [] + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + metrics: # -- Deploy metrics service enabled: false @@ -1213,6 +1224,10 @@ redis: # -- Redis name name: redis + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Redis Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -1701,6 +1716,10 @@ server: # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Argo CD server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server @@ -2364,6 +2383,10 @@ repoServer: # -- The number of repo server pods to run replicas: 1 + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Repo server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server @@ -2752,6 +2775,10 @@ applicationSet: # -- The number of ApplicationSet controller pods to run replicas: 1 + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -3119,6 +3146,10 @@ notifications: # @default -- `""` (defaults to https://`global.domain`) argocdUrl: "" + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: From c5e6458cd6277c6f66816742e9e18256a6d8aaa9 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 20 Sep 2024 12:23:53 +0100 Subject: [PATCH 11/29] fix(argo-cd): Remove unwanted newline on redis-init-secret job's imagepullsecrets (#2931) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 210bbc7b..a3335e3b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.0 +version: 7.6.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Ability to set runtime class for all components + - kind: fixed + description: Remove unwanted newline on redis-init-secret job's imagepullsecrets diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 643dadc7..15bed02d 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -30,7 +30,7 @@ spec: spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: - {{ toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - command: From fd70c609bd6e98e8b067c7c4915957c51acd786c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:08:21 +0100 Subject: [PATCH 12/29] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.11 (#2932) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 30ff622d..6071b4e8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.10 +appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.2 +version: 0.42.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add honorLabels config for ServiceMonitor resource + description: Bump argo-workflows to v3.5.11 From b50a0731e745e068bddda412081609810eeb54c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Sep 2024 19:35:15 +0900 Subject: [PATCH 13/29] chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 in the dependencies group (#2933) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b94e76ce..8cfa51f0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif From edd04f6ec8b9a96617651a8c32d00099f9732089 Mon Sep 17 00:00:00 2001 From: Jonny Langefeld Date: Mon, 23 Sep 2024 10:27:10 -0700 Subject: [PATCH 14/29] fix(argo-cd): Remove namespace from cluster scope resource (#2833) * Remove namespace from cluster scope resource A few resources I noticed had the namespace set for cluster scoped resources. Signed-off-by: Jonny Langefeld * Update clusterrole.yaml Signed-off-by: Jonny Langefeld * chore: Apply changes from code review Signed-off-by: Marco Maurer --------- Signed-off-by: Jonny Langefeld Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 4 ++-- .../argo-cd/templates/argocd-applicationset/clusterrole.yaml | 1 - .../templates/argocd-applicationset/clusterrolebinding.yaml | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a3335e3b..c57b7c0f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.1 +version: 7.6.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Remove unwanted newline on redis-init-secret job's imagepullsecrets + description: Remove namespace field from cluster scoped resources diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 7b1f1998..2723e3d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index af6d5297..9dcae8d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: From 0afd9e66bf361724870ebe239c7ee049af15e604 Mon Sep 17 00:00:00 2001 From: l2h Date: Thu, 26 Sep 2024 00:17:55 +0900 Subject: [PATCH 15/29] feat(argo-cd): add multi-namespace support for ApplicationSet controller RBAC (#2935) * feat(argo-cd): support multiple namespaces in applicationsetcontroller Signed-off-by: leehosu * fetch upstream Signed-off-by: leehosu * update README Signed-off-by: leehosu * change a values about namespace Signed-off-by: leehosu --------- Signed-off-by: leehosu --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../argocd-applicationset/clusterrolebinding.yaml | 8 ++++++++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c57b7c0f..128c408a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.2 +version: 7.6.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Remove namespace field from cluster scoped resources + - kind: added + description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5ed80a40..6d07f360 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -742,6 +742,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index 9dcae8d2..c6c1beb7 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -13,4 +13,12 @@ subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ include "argo-cd.namespace" . }} +{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}} +{{- range $namespace := (split "," $namespaces) }} + {{- if $namespace }} + - kind: ServiceAccount + name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }} + namespace: {{ $namespace | trim | quote }} + {{- end }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8e1b8c39..832d4184 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -278,6 +278,8 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) + applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] ## List of additional namespaces where applications may be created in and reconciled from. From 1773b67d65142bbd46543912139d9a080eb93a00 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 25 Sep 2024 23:31:02 +0200 Subject: [PATCH 16/29] chore(deps): update actions/checkout action to v4.2.0 (#2937) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 077a96f4..e4937114 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 From 4b651b3474a0518cb01c0c3af35e4ea0c5b64a00 Mon Sep 17 00:00:00 2001 From: DoumLaberge <33817317+DoumLaberge@users.noreply.github.com> Date: Wed, 25 Sep 2024 18:04:50 -0400 Subject: [PATCH 17/29] fix(argo-cd): Align imagePullSecrets for redis-secret-init Job (#2928) * issue-2848 Correction of the imagepullsecret for redis * issue-2848 Bump chart version to 7.5.3 * chore: Add changelog entry Signed-off-by: Marco Maurer --------- Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: dlaberge Co-authored-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 128c408a..41132c7d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.3 +version: 7.6.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller. + - kind: fixed + description: Align imagePullSecrets for redis-secret-init Job with other manifests diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 15bed02d..8a280e35 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -28,7 +28,7 @@ spec: {{- end }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} From d0341cc441a6efc456067f0facc4a6fe34ae54a3 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 26 Sep 2024 01:17:08 +0200 Subject: [PATCH 18/29] chore(github): Use correct email of the Renovate bot (#2938) Signed-off-by: Marco Maurer Co-authored-by: Aikawa --- .github/configs/renovate-config.js | 3 ++- renovate.json | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js index 9118ffe9..f453f640 100644 --- a/.github/configs/renovate-config.js +++ b/.github/configs/renovate-config.js @@ -1,6 +1,7 @@ module.exports = { platform: 'github', - gitAuthor: 'renovate[bot] ', + // This ensures that the gitAuthor and gitSignOff fields match + gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>', autodiscover: false, allowPostUpgradeCommandTemplating: true, allowedPostUpgradeCommands: [".*"], diff --git a/renovate.json b/renovate.json index 4e068215..730f497e 100644 --- a/renovate.json +++ b/renovate.json @@ -5,7 +5,8 @@ }, "extends": [ "config:recommended", - "docker:enableMajor" + "docker:enableMajor", + ":gitSignOff" ], "labels": ["renovate"], "includePaths": [ From e94dc2ea10172909f55c477bbddab2c0e6bd504e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:37:59 +0900 Subject: [PATCH 19/29] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.4 (#2940) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41132c7d..b260b1c9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.3 +appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.4 +version: 7.6.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Align imagePullSecrets for redis-secret-init Job with other manifests + - kind: changed + description: Bump argo-cd to v2.12.4 From 388c5aea6604f4a7bfe8d6cfd089a4a047632017 Mon Sep 17 00:00:00 2001 From: KrisF-Midnight <166425225+KrisF-Midnight@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:56:55 +0200 Subject: [PATCH 20/29] feat(argo-workflows): add configurable scrape interval for metrics and telemetry (#2942) feat: add configurable scrape interval for metrics and telemetry Signed-off-by: KrisF-Midnight --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 ++ .../controller/workflow-controller-servicemonitor.yaml | 4 ++-- charts/argo-workflows/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6071b4e8..29130932 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.3 +version: 0.42.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.11 + description: Scrape interval for metrics and telemetry data can now be set diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 43e86677..7c6774ca 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -177,6 +177,7 @@ Fields to note: | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | | controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | @@ -224,6 +225,7 @@ Fields to note: | controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service | | controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server | | controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data | | controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path | | controller.telemetryConfig.port | int | `8081` | telemetry container port | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 01844a87..46fd18dd 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -15,7 +15,7 @@ spec: {{- if .Values.controller.metricsConfig.enabled }} - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} - interval: 30s + interval: {{ .Values.controller.metricsConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} @@ -29,7 +29,7 @@ spec: {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s + interval: {{ .Values.controller.telemetryConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index aa6e86b1..646ffc39 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -127,6 +127,8 @@ controller: enabled: false # -- Path is the path where metrics are emitted. Must start with a "/". path: /metrics + # -- Frequency at which prometheus scrapes metrics + interval: 30s # -- Port is the port where metrics are emitted port: 9090 # -- How often custom metrics are cleared from memory @@ -234,6 +236,8 @@ controller: enabled: false # -- telemetry path path: /telemetry + # -- Frequency at which prometheus scrapes telemetry data + interval: 30s # -- telemetry container port port: 8081 # -- How often custom metrics are cleared from memory From ebb2d15f1e370e6023770713596aa480c71b8914 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Sep 2024 07:05:21 -0500 Subject: [PATCH 21/29] chore(deps): bump the dependencies group with 2 updates (#2943) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index a6ad9274..32bd1677 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7dc62234..3da3a390 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8cfa51f0..84395b6a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif From c8948d20963f945f611c74462cc775fafdc37bd5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 12:59:02 +0200 Subject: [PATCH 22/29] chore(deps): update renovatebot/github-action action to v40.2.11 (#2946) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e4937114..8918c54a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 + uses: renovatebot/github-action@718692a6e1205fb03bed8a101596ef5755b5f35d # v40.2.11 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 6b3f648f39b552f70785aa119e7ae8523534c8cc Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:23:55 +0900 Subject: [PATCH 23/29] chore(deps): update renovatebot/github-action action to v40.3.0 (#2947) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 8918c54a..0bc7ca25 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@718692a6e1205fb03bed8a101596ef5755b5f35d # v40.2.11 + uses: renovatebot/github-action@180db1547505e30c02d41959fe65ada1523ee207 # v40.3.0 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 32a3541b7fdc4426323039492c39d75d5b781042 Mon Sep 17 00:00:00 2001 From: charlychiu Date: Mon, 30 Sep 2024 20:24:51 +0800 Subject: [PATCH 24/29] chore(argo-cd): Add Proxy Extensions config (#2944) * chore(argo-cd): Add Proxy Extensions config Signed-off-by: charlychiu * chore(argo-cd): Update docs Signed-off-by: charlychiu --------- Signed-off-by: charlychiu Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b260b1c9..eff7d03e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.5 +version: 7.6.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.12.4 + - kind: added + description: Value configs.params."server.enable.proxy.extension" was added diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6d07f360..108c9673 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -754,6 +754,7 @@ NAME: my-release | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | | configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 832d4184..e6479acb 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -228,6 +228,25 @@ configs: # - profile # - email + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -266,6 +285,8 @@ configs: server.disable.auth: false # -- Enable GZIP compression server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin From 687bedb94658acd2b990303e28536df5403d7b20 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 1 Oct 2024 03:24:31 +0900 Subject: [PATCH 25/29] fix(argo-cd): Arrange for ApplicationSet in any namespace (#2945) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- .../argocd-applicationset/clusterrolebinding.yaml | 8 -------- charts/argo-cd/values.yaml | 4 +++- 4 files changed, 7 insertions(+), 13 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eff7d03e..16b11ae6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.6 +version: 7.6.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Value configs.params."server.enable.proxy.extension" was added + - kind: fixed + description: Arrange for ApplicationSet in any namespace. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 108c9673..b44bb431 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -742,7 +742,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | -| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index c6c1beb7..9dcae8d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -13,12 +13,4 @@ subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ include "argo-cd.namespace" . }} -{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}} -{{- range $namespace := (split "," $namespaces) }} - {{- if $namespace }} - - kind: ServiceAccount - name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }} - namespace: {{ $namespace | trim | quote }} - {{- end }} -{{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index e6479acb..70dfb347 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -299,7 +299,9 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false - # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] From c38d299f01aef4a0fa76bf9daae675b89facb72e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 22:03:14 +0200 Subject: [PATCH 26/29] chore(deps): update renovatebot/github-action action to v40.3.1 (#2950) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0bc7ca25..c77544f0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@180db1547505e30c02d41959fe65ada1523ee207 # v40.3.0 + uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 994838a2ef355feb82a5517ec51ef21154b5dd76 Mon Sep 17 00:00:00 2001 From: Maneesh Singh Date: Mon, 30 Sep 2024 23:03:26 -0700 Subject: [PATCH 27/29] feat(argocd-apps): finalizers for applicationset (#2952) --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/ci/applicationsets-values.yaml | 2 ++ charts/argocd-apps/templates/applicationsets.yaml | 4 ++++ charts/argocd-apps/values.yaml | 2 ++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index f6cc3443..c4433fa4 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 2.0.1 +version: 2.0.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: not rendering empty app description + - kind: added + description: allow setting applicationset finalizers diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index ed84c5fb..394e2c88 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -4,6 +4,8 @@ applicationsets: applicationset: additionalLabels: {} additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io # See PR #10026 (ArgoCD v2.5 or later) # goTemplate: false generators: diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index e8ae2134..606d6078 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -17,6 +17,10 @@ metadata: {{- with $appSetData.namespace }} namespace: {{ . }} {{- end }} + {{- with $appSetData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if hasKey $appSetData "goTemplate" }} goTemplate: {{ $appSetData.goTemplate }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 1fad3941..127dc6a9 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -97,6 +97,8 @@ applicationsets: {} # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io # # See PR #10026 (ArgoCD v2.5 or later) # # goTemplate: false # generators: From d61432be3c1e460e7037462b6b5d5f8f1bdcc6d7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 2 Oct 2024 09:46:40 +0900 Subject: [PATCH 28/29] fix(argo-workflows): Avoid to create ClusterRole for cluster template when singleNamespace (#2955) --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-cluster-roles.yaml | 2 +- .../templates/server/server-cluster-roles.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 29130932..20246486 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.4 +version: 0.42.5 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Scrape interval for metrics and telemetry data can now be set + - kind: fixed + description: Avoid to create ClusterRole for cluster template when singleNamespace diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 1b01b117..1e8f764c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -198,7 +198,7 @@ rules: - watch {{- end }} -{{- if .Values.controller.clusterWorkflowTemplates.enabled }} +{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index dbb5ff9f..f0953099 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -118,7 +118,7 @@ rules: - patch - delete -{{- if .Values.server.clusterWorkflowTemplates.enabled }} +{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From bbb38b310dc80ddb51e1094765a68fc714c08204 Mon Sep 17 00:00:00 2001 From: killianmuldoon <47175296+killianmuldoon@users.noreply.github.com> Date: Thu, 3 Oct 2024 14:53:05 +0100 Subject: [PATCH 29/29] feat(argo-cd): Add affinity to redisSecretInit Job (#2962) feat: Add affinity to redisSecretInit Job Signed-off-by: killianmuldoon --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis-secret-init/job.yaml | 4 ++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 16b11ae6..4a70abc4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.7 +version: 7.6.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Arrange for ApplicationSet in any namespace. + - kind: added + description: Set affinity in redis secret-init job. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b44bb431..f0d146b1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1394,6 +1394,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 8a280e35..5fd41f64 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -54,6 +54,10 @@ spec: priorityClassName: {{ . }} {{- end }} restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 70dfb347..be3cec78 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1725,6 +1725,9 @@ redisSecretInit: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} + # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {}