From 79ec8fdb942aaffaeba5cd1cdf7e0184cd7a16f0 Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Sat, 25 Jan 2025 15:31:37 +0200 Subject: [PATCH 1/2] feat(argocd-image-updater): Make cm and secret names configurable (#2998) * feat: made argocd image updater cm and secret name templated Signed-off-by: AvivGuiser * fix indention Signed-off-by: AvivGuiser * update Chart.yaml Signed-off-by: AvivGuiser * chore: Apply changes from code review Signed-off-by: Marco Maurer * chore: Reflect changes from review inside changelog Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: AvivGuiser Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer --- charts/argocd-image-updater/Chart.yaml | 4 +-- charts/argocd-image-updater/README.md | 6 +++- .../templates/configmap-authscripts.yaml | 2 +- .../templates/configmap-sshconfig.yaml | 10 ++++-- .../templates/configmap.yaml | 2 +- .../templates/deployment.yaml | 32 +++++++++---------- .../templates/secret.yaml | 2 +- charts/argocd-image-updater/values.yaml | 12 +++++-- 8 files changed, 44 insertions(+), 26 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index f3880ec5..02438363 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.4 +version: 0.12.0 appVersion: v0.15.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.15.2 + description: ConfigMap and Secret names are now configurable diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 7a35b881..d77ee710 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -70,6 +70,7 @@ The `config.registries` value can be used exactly as it looks in the documentati |-----|------|---------|-------------| | affinity | object | `{}` | Kubernetes affinity settings for the deployment | | authScripts.enabled | bool | `false` | Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` | +| authScripts.name | string | `"argocd-image-updater-authscripts"` | Name of the authentication scripts ConfigMap | | authScripts.scripts | object | `{}` | Map of key-value pairs where the key consists of the name of the script and the value the contents | | config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) | | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | @@ -77,6 +78,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. | | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | | config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | +| config.argocd.tokenSecretName | string | `"argocd-image-updater-secret"` | Name of the Secret containing the token | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | | config.gitCommitSignOff | bool | `false` | Enables sign off on commits | @@ -85,8 +87,10 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | | config.logLevel | string | `"info"` | Argo CD Image Update log level | +| config.name | string | `"argocd-image-updater-config"` | Name of the ConfigMap | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | -| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.config | string | `""` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.name | string | `"argocd-image-updater-ssh-config"` | Name of the sshConfig ConfigMap | | createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index fbb345e3..259054f6 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 9fd83d92..9ff9ba61 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -1,11 +1,17 @@ +{{- $sshConfig := omit .Values.config.sshConfig "name" }} +{{- range $key, $val := $sshConfig }} + {{- if not $val }} + {{ $_ := unset $sshConfig $key }} + {{- end }} +{{- end }} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} -{{- with .Values.config.sshConfig }} +{{- with $sshConfig }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 46ee3b80..8eb0e704 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-config + name: {{ .Values.config.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 4aaa83b3..87f1fbf4 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -44,79 +44,79 @@ spec: valueFrom: configMapKeyRef: key: applications_api - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_GRPC_WEB valueFrom: configMapKeyRef: key: argocd.grpc_web - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_SERVER valueFrom: configMapKeyRef: key: argocd.server_addr - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_INSECURE valueFrom: configMapKeyRef: key: argocd.insecure - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_PLAINTEXT valueFrom: configMapKeyRef: key: argocd.plaintext - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_TOKEN valueFrom: secretKeyRef: key: argocd.token - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} optional: true - name: IMAGE_UPDATER_LOGLEVEL valueFrom: configMapKeyRef: key: log.level - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_USER valueFrom: configMapKeyRef: key: git.user - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_EMAIL valueFrom: configMapKeyRef: key: git.email - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: IMAGE_UPDATER_KUBE_EVENTS valueFrom: configMapKeyRef: key: kube.events - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGNING_KEY valueFrom: configMapKeyRef: key: git.commit-signing-key - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGNING_METHOD valueFrom: configMapKeyRef: key: git.commit-signing-method - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGN_OFF valueFrom: configMapKeyRef: key: git.commit-sign-off - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} @@ -177,13 +177,13 @@ spec: path: registries.conf - key: git.commit-message-template path: commit.template - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true name: image-updater-conf {{- if .Values.authScripts.enabled }} - configMap: defaultMode: 0777 - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} name: authscripts {{- end }} - configMap: @@ -191,7 +191,7 @@ spec: optional: true name: ssh-known-hosts - configMap: - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} optional: true name: ssh-config - name: ssh-signing-key diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index 08955095..171add82 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 4825833e..15832520 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -109,6 +109,8 @@ volumes: [] # emptyDir: {} config: + # -- Name of the ConfigMap + name: argocd-image-updater-config # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) applicationsAPIKind: "" @@ -125,6 +127,8 @@ config: plaintext: false # -- If specified, the secret with Argo CD API key will be created. token: "" + # -- Name of the Secret containing the token + tokenSecretName: "argocd-image-updater-secret" # -- Disable kubernetes events disableKubeEvents: false @@ -175,9 +179,11 @@ config: # credentials: ext:/scripts/auth1.sh # credsexpire: 10h - # -- Argo CD Image Updater ssh client parameter configuration. sshConfig: - {} + # -- Name of the sshConfig ConfigMap + name: argocd-image-updater-ssh-config + # -- Argo CD Image Updater ssh client parameter configuration. + config: "" # config: | # Host * # PubkeyAcceptedAlgorithms +ssh-rsa @@ -188,6 +194,8 @@ config: authScripts: # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` enabled: false + # -- Name of the authentication scripts ConfigMap + name: argocd-image-updater-authscripts # -- Map of key-value pairs where the key consists of the name of the script and the value the contents scripts: {} # auth1.sh: | From 296362871281cc4b4b7b2389a83ec8d190430aaf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Jan 2025 18:30:41 +0000 Subject: [PATCH 2/2] chore(deps): bump the dependencies group with 4 updates (#3141) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/stale.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 4c4db950..f8f9fe02 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,7 +38,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 with: # Note: Also update in scripts/lint.sh version: v3.11.0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2e74eab1..f6dcec99 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -59,7 +59,7 @@ jobs: PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" - name: Run chart-releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 with: config: "./.github/configs/cr.yaml" env: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 231f25c1..e9a10387 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index d0813423..159a0e8e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale