DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/main' into 2523

Browse source
This commit is contained in:
irizzant 2024-03-05 20:29:42 +00:00
commit d12184a29f
68 changed files with 803 additions and 162 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.github/configs/renovate-config.js vendored Normal file
View file

@ -0,0 +1,7 @@
module.exports = {
platform: 'github',
gitAuthor: 'renovate[bot] <renovate[bot]@users.noreply.github.com>',
autodiscover: false,
allowPostUpgradeCommandTemplating: true,
allowedPostUpgradeCommands: [".*"],
};

57
.github/workflows/chart-version-bump.yml vendored
View file

@ -1,57 +0,0 @@
## Used on Renovate PRs to bump the chart version and add a changelog entry
## Reference: https://github.com/stefanzweifel/git-auto-commit-action
## Reference: https://github.com/marketplace/actions/changed-files
name: 'Chart Version Bump and Changelog'
on:
pull_request:
types:
- labeled
permissions:
contents: write
jobs:
helm-bumper:
if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
token: ${{ secrets.PAT }}
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2
with:
files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml
- name: "Bump Version and Changelog"
run: |
chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)"
echo "Changed chart name is: $chartName"
echo "----------------------------------------"
parentDir="charts/${chartName}"
# Bump the chart version by one patch version
version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}')
major=$(echo $version | cut -d. -f1)
minor=$(echo $version | cut -d. -f2)
patch=$(echo $version | cut -d. -f3)
patch=$(expr $patch + 1)
sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml
# Add a changelog entry
appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}')
sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml
echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml
echo " - kind: changed" >> ${parentDir}/Chart.yaml
echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml
cat ${parentDir}/Chart.yaml
- name: "Commit and push changes"
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
with:
commit_options: '--signoff'

1
.github/workflows/publish.yml vendored
View file

@ -12,6 +12,7 @@ permissions:
jobs:
publish:
if: github.repository == 'argoproj/argo-helm'
permissions:
contents: write # for helm/chart-releaser-action to push chart release and create a release
packages: write # to push OCI chart package to GitHub Registry

37
.github/workflows/renovate.yaml vendored Normal file
View file

@ -0,0 +1,37 @@
name: Renovate
on:
# The "*" (#42, asterisk) character has special semantics in YAML, so this
# string has to be quoted.
schedule:
- cron: '0 * * * *'
# Manual trigger is also possible
workflow_dispatch: {}
permissions:
contents: read
jobs:
renovate:
if: github.repository == 'argoproj/argo-helm'
runs-on: ubuntu-latest
steps:
- name: Get token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
id: get_token
with:
app-id: ${{ vars.RENOVATE_APP_ID }}
private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Self-hosted Renovate
uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3
with:
configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 37.222.0
token: '${{ steps.get_token.outputs.token }}'
env:
LOG_LEVEL: 'debug'
RENOVATE_REPOSITORIES: '${{ github.repository }}'

6
charts/argo-cd/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.10.1
appVersion: v2.10.2
kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 6.2.3
version: 6.6.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -27,4 +27,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Updated Redis image tag to 7.2.4
description: Support ApplicationSet in any namespace.

21
charts/argo-cd/README.md
View file

@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 6.4.0
Added support for application controller dynamic cluster distribution.
Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
Added env variables to handle the non-standard names generated by the helm chart.
Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
### 6.1.0
Added support for global domain used by all components.
@ -720,12 +729,15 @@ NAME: my-release
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
| controller.containerPorts.metrics | int | `8082` | Metrics container port |
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment |
| controller.dnsConfig | object | `{}` | [DNS configuration] |
| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution |
| controller.env | list | `[]` | Environment variables to pass to application controller |
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod |
| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution |
| controller.hostNetwork | bool | `false` | Host Network for application controller pods |
| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
@ -940,7 +952,7 @@ NAME: my-release
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
| server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| server.ingress.annotations | object | `{}` | Additional ingress annotations |
| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service |
| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service |
| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service |
| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` |
| server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server |
@ -1077,6 +1089,9 @@ NAME: my-release
| dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag |
| dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 |
| dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe |
| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe |
| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
| dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -1109,6 +1124,9 @@ NAME: my-release
| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods |
| dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 |
| dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe |
| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe |
| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
| dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -1284,6 +1302,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature |
| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |
| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |

9
charts/argo-cd/README.md.gotmpl
View file

@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 6.4.0
Added support for application controller dynamic cluster distribution.
Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
Added env variables to handle the non-standard names generated by the helm chart.
Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
### 6.1.0
Added support for global domain used by all components.

6
charts/argo-cd/ci/dynamic-sharding-values.yaml Normal file
View file

@ -0,0 +1,6 @@
# Test application controller dynamic cluster distribution
crds:
keep: false
controller:
dynamicClusterDistribution: true

357
charts/argo-cd/templates/argocd-application-controller/deployment.yaml Normal file
View file

@ -0,0 +1,357 @@
{{- if .Values.controller.dynamicClusterDistribution }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicas }}
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if .Values.configs.cm.create }}
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- if .Values.controller.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
containers:
- args:
- /usr/local/bin/argocd-application-controller
- --metrics-port={{ .Values.controller.containerPorts.metrics }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
- --metrics-application-labels
- {{ . }}
{{- end }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
env:
{{- with (concat .Values.global.env .Values.controller.env) }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION
value: "true"
- name: ARGOCD_CONTROLLER_HEARTBEAT_TIME
value: {{ .Values.controller.heartbeatTime | quote }}
- name: ARGOCD_APPLICATION_CONTROLLER_NAME
value: {{ template "argo-cd.controller.fullname" . }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.reconciliation
optional: true
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.hard.reconciliation
optional: true
- name: ARGOCD_RECONCILIATION_JITTER
valueFrom:
configMapKeyRef:
key: timeout.reconciliation.jitter
name: argocd-cm
optional: true
- name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.error.grace.period.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: repo.server
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.status.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.operation.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.format
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.level
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.metrics.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.plaintext
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.strict.tls
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.resource.health.persist
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.app.state.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.default.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.insecure
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.headers
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
- name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.sharding.algorithm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.kubectl.parallelism.limit
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_MAX
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.k8sclient.retry.max
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.k8sclient.retry.base.backoff
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.diff.server.side
optional: true
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPorts.metrics }}
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- with .Values.controller.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
workingDir: /home/argocd
volumeMounts:
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
{{- with .Values.controller.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.controller.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: argocd-home
emptyDir: {}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}
{{- with .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- end }}

4
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -1,3 +1,4 @@
{{- if not .Values.controller.dynamicClusterDistribution | default false }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
@ -77,6 +78,8 @@ spec:
{{- end }}
- name: ARGOCD_CONTROLLER_REPLICAS
value: {{ .Values.controller.replicas | quote }}
- name: ARGOCD_APPLICATION_CONTROLLER_NAME
value: {{ template "argo-cd.controller.fullname" . }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
@ -350,3 +353,4 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- end }}

89
charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml Normal file
View file

@ -0,0 +1,89 @@
{{- if .Values.applicationSet.allowAnyNamespace }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- end }}

17
charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml Normal file
View file

@ -0,0 +1,17 @@
{{- if .Values.applicationSet.allowAnyNamespace }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.applicationSet.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

4
charts/argo-cd/templates/argocd-applicationset/ingress.yaml
View file

@ -24,7 +24,7 @@ spec:
http:
paths:
{{- with .Values.applicationSet.ingress.extraPaths }}
{{- toYaml . | nindent 10 }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.applicationSet.ingress.path }}
pathType: {{ .Values.applicationSet.ingress.pathType }}
@ -46,7 +46,7 @@ spec:
number: {{ $.Values.applicationSet.service.port }}
{{- end }}
{{- with .Values.applicationSet.ingress.extraRules }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }}
tls:

2
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -85,6 +85,8 @@ spec:
- name: USER_NAME
value: argocd
{{- end }}
- name: ARGOCD_REPO_SERVER_NAME
value: {{ template "argo-cd.repoServer.fullname" . }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:

4
charts/argo-cd/templates/argocd-server/aws/ingress.yaml
View file

@ -26,7 +26,7 @@ spec:
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
{{- toYaml . | nindent 10 }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingressGrpc.pathType }}
@ -55,7 +55,7 @@ spec:
number: {{ $servicePort }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:

2
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -75,6 +75,8 @@ spec:
{{- with (concat .Values.global.env .Values.server.env) }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_SERVER_NAME
value: {{ template "argo-cd.server.fullname" . }}
- name: ARGOCD_SERVER_INSECURE
valueFrom:
configMapKeyRef:

4
charts/argo-cd/templates/argocd-server/gke/ingress.yaml
View file

@ -31,7 +31,7 @@ spec:
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
{{- toYaml . | nindent 10 }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ .Values.server.ingress.pathType }}
@ -53,7 +53,7 @@ spec:
number: {{ $servicePort }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:

6
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -1,4 +1,4 @@
{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}}
{{- if .Values.server.ingressGrpc.enabled -}}
{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -25,7 +25,7 @@ spec:
http:
paths:
{{- with .Values.server.ingressGrpc.extraPaths }}
{{- toYaml . | nindent 10 }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingressGrpc.path }}
pathType: {{ .Values.server.ingressGrpc.pathType }}
@ -47,7 +47,7 @@ spec:
number: {{ $.Values.server.service.servicePortHttps }}
{{- end }}
{{- with .Values.server.ingressGrpc.extraRules }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }}
tls:

4
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -26,7 +26,7 @@ spec:
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
{{- toYaml . | nindent 10 }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingress.pathType }}
@ -48,7 +48,7 @@ spec:
number: {{ $servicePort }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:

10
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -99,8 +99,9 @@ spec:
{{- if .Values.dex.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz/live
port: metrics
path: {{ .Values.dex.livenessProbe.httpPath }}
port: {{ .Values.dex.livenessProbe.httpPort }}
scheme: {{ .Values.dex.livenessProbe.httpScheme }}
initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }}
@ -110,8 +111,9 @@ spec:
{{- if .Values.dex.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz/ready
port: metrics
path: {{ .Values.dex.readinessProbe.httpPath }}
port: {{ .Values.dex.readinessProbe.httpPort }}
scheme: {{ .Values.dex.readinessProbe.httpScheme }}
initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }}

2
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -193,7 +193,7 @@ spec:
- name: health
configMap:
name: {{ include "argo-cd.redis.fullname" . }}-health-configmap
defaultMode: 0755
defaultMode: 493
{{- with .Values.redis.volumes }}
{{- toYaml . | nindent 8}}
{{- end }}

81
charts/argo-cd/values.yaml
View file

@ -577,8 +577,22 @@ controller:
# -- The number of application controller pods to run.
# Additional replicas will cause sharding of managed clusters across number of replicas.
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
replicas: 1
# -- Enable dynamic cluster distribution (alpha)
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
## This is done using a deployment instead of a statefulSet
## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
## like round-robin, then the shards will be well-balanced.
dynamicClusterDistribution: false
# -- Application controller heartbeat time
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
heartbeatTime: 10
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
revisionHistoryLimit: 5
@ -662,6 +676,9 @@ controller:
# -- Annotations for the application controller StatefulSet
statefulsetAnnotations: {}
# -- Annotations for the application controller Deployment
deploymentAnnotations: {}
# -- Annotations to be added to application controller pods
podAnnotations: {}
@ -1039,6 +1056,12 @@ dex:
livenessProbe:
# -- Enable Kubernetes liveness probe for Dex >= 2.28.0
enabled: false
# -- Http path to use for the liveness probe
httpPath: /healthz/live
# -- Http port to use for the liveness probe
httpPort: metrics
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme: HTTP
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
@ -1053,6 +1076,12 @@ dex:
readinessProbe:
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
enabled: false
# -- Http path to use for the readiness probe
httpPath: /healthz/ready
# -- Http port to use for the readiness probe
httpPort: metrics
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme: HTTP
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
@ -2009,6 +2038,7 @@ server:
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraPaths: []
# - path: /*
# pathType: Prefix
@ -2020,15 +2050,17 @@ server:
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - host: example.example.com
# http:
# path: /
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: example-svc
# name: '{{ include "argo-cd.server.fullname" . }}'
# port:
# name: http
# name: '{{ .Values.server.service.servicePortHttpsName }}'
# -- Additional TLS configuration
# @default -- `[]` (See [values.yaml])
@ -2042,8 +2074,9 @@ server:
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
aws:
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
backendProtocolVersion: HTTP2
## This tells AWS to send traffic from the ALB using gRPC.
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
backendProtocolVersion: GRPC
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
@ -2114,6 +2147,7 @@ server:
# -- Additional ingress paths for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraPaths: []
# - path: /*
# pathType: Prefix
@ -2125,15 +2159,17 @@ server:
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - host: example.example.com
# http:
# path: /
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: example-svc
# name: '{{ include "argo-cd.server.fullname" . }}'
# port:
# name: http
# name: '{{ .Values.server.service.servicePortHttpName }}'
# -- Additional TLS configuration for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
@ -2874,15 +2910,17 @@ applicationSet:
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - host: example.example.com
# http:
# path: /
# backend:
# service:
# name: example-svc
# port:
# name: http
# - http:
# paths:
# - path: /api/webhook
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.applicationSet.fullname" . }}'
# port:
# name: '{{ .Values.applicationSet.service.portName }}'
# -- Additional ingress TLS configuration
# @default -- `[]` (See [values.yaml])
@ -2890,7 +2928,8 @@ applicationSet:
# - secretName: argocd-applicationset-tls
# hosts:
# - argocd-applicationset.example.com
# -- Enable ApplicationSet in any namespace feature
allowAnyNamespace: false
## Notifications controller
notifications:
# -- Enable notifications controller

8
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.5.4
appVersion: v3.5.5
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.40.11
version: 0.40.14
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -16,5 +16,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Add caSecret in the artifactory.s3 configuration values.
- kind: added
description: Support namespaceOverride

1
charts/argo-workflows/README.md
View file

@ -124,6 +124,7 @@ Fields to note:
| images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. |
| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
| nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template |
| namespaceOverride | string | `.Release.Namespace` | Override the namespace |
| singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. |
### Workflow

8
charts/argo-workflows/templates/_helpers.tpl
View file

@ -189,3 +189,11 @@ Return the appropriate apiVersion for GKE resources
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Expand the namespace of the release.
Allows overriding it for multi-namespace deployments in combined charts.
*/}}
{{- define "argo-workflows.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}

2
charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml
View file

@ -4,7 +4,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $cm_name }}
namespace: {{ $.Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" $ | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }}
{{- with $cm_val.annotations }}

2
charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View file

@ -8,7 +8,7 @@ kind: ClusterRole
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}

2
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "argo-workflows.controller.config-map.name" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
data:

6
charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
View file

@ -8,7 +8,7 @@ kind: ClusterRoleBinding
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
@ -23,7 +23,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
---
@ -40,6 +40,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
{{- end }}

2
charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml
View file

@ -3,7 +3,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:

6
charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
@ -89,6 +89,10 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
{{- if eq (int .Values.controller.replicas) 1 }}
- name: LEADER_ELECTION_DISABLE
value: "true"
{{- end }}
{{- with .Values.controller.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}

2
charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceAccount.labels }}

2
charts/argo-workflows/templates/controller/workflow-controller-service.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}

4
charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceMonitor.additionalLabels }}
@ -43,7 +43,7 @@ spec:
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
- {{ include "argo-workflows.namespace" . | quote }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}

2
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding

2
charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role

2
charts/argo-workflows/templates/controller/workflow-sa.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.workflow.serviceAccount.create -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: v1
kind: ServiceAccount

2
charts/argo-workflows/templates/server/gke/backendconfig.yaml
View file

@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }}
kind: BackendConfig
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:

2
charts/argo-workflows/templates/server/gke/frontendconfig.yaml
View file

@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:

2
charts/argo-workflows/templates/server/gke/managedcertificate.yaml
View file

@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
spec:
domains:
{{- with .Values.server.GKEmanagedCertificate.domains }}

2
charts/argo-workflows/templates/server/server-cluster-roles.yaml
View file

@ -8,7 +8,7 @@ kind: ClusterRole
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}

6
charts/argo-workflows/templates/server/server-crb.yaml
View file

@ -8,7 +8,7 @@ kind: ClusterRoleBinding
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
@ -23,7 +23,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- if .Values.server.clusterWorkflowTemplates.enabled }}
---
@ -40,6 +40,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end -}}
{{- end -}}

2
charts/argo-workflows/templates/server/server-deployment-hpa.yaml
View file

@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:

2
charts/argo-workflows/templates/server/server-deployment-pdb.yaml
View file

@ -3,7 +3,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:

2
charts/argo-workflows/templates/server/server-deployment.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}

2
charts/argo-workflows/templates/server/server-ingress.yaml
View file

@ -14,7 +14,7 @@ metadata:
{{- end }}
{{- end }}
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingress.labels }}

2
charts/argo-workflows/templates/server/server-sa.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.serviceAccount.labels }}

2
charts/argo-workflows/templates/server/server-service.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}

4
charts/argo-workflows/values.yaml
View file

@ -26,6 +26,10 @@ nameOverride:
# -- String to fully override "argo-workflows.fullname" template
fullnameOverride:
# -- Override the namespace
# @default -- `.Release.Namespace`
namespaceOverride: ""
# -- Labels to set on all resources
commonLabels: {}

3
charts/argocd-apps/Chart.yaml
View file

@ -19,4 +19,5 @@ annotations:
artifacthub.io/changes: |
- kind: added
description: make the chart use maps instead of lists
- kind: added
description: Support Template Patch to ApplicationSet

13
charts/argocd-apps/ci/applicationsets-values.yaml
View file

@ -46,6 +46,19 @@ applicationsets:
syncPolicy:
# Set Application finalizer
preserveResourcesOnDeletion: false
templatePatch: |
spec:
source:
helm:
valueFiles:
{{- range $valueFile := .valueFiles }}
- {{ $valueFile }}
{{- end }}
{{- if .autoSync }}
syncPolicy:
automated:
prune: {{ .prune }}
{{- end }}
applicationset-list-generator:
generators:
- list:

4
charts/argocd-apps/templates/applicationsets.yaml
View file

@ -84,4 +84,8 @@ spec:
{{- end }}
{{- end -}}
{{- end }}
{{- with .templatePatch }}
templatePatch: |
{{- . | nindent 4 }}
{{- end }}
{{- end }}

14
charts/argocd-apps/values.yaml
View file

@ -157,6 +157,20 @@ applicationsets: {}
# syncPolicy:
# # Set Application finalizer
# preserveResourcesOnDeletion: false
# # Templating is only available on string type
# templatePatch: |
# spec:
# source:
# helm:
# valueFiles:
# {{- range $valueFile := .valueFiles }}
# - {{ $valueFile }}
# {{- end }}
# {{- if .autoSync }}
# syncPolicy:
# automated:
# prune: {{ .prune }}
# {{- end }}
# -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release
# @default -- `[]` (See [values.yaml])

4
charts/argocd-image-updater/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.9.4
version: 0.9.5
appVersion: v0.12.2
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Allow defining additional labels to Service Account
description: Allow overriding of .Release.Namespace with .Values.namespaceOverride

1
charts/argocd-image-updater/README.md
View file

@ -105,6 +105,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
| metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
| metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override |
| namespaceOverride | string | `""` | Global namespace (argocd-image-updater.namespace in _helpers.tpl) override |
| nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment |
| podAnnotations | object | `{}` | Pod Annotations for the deployment |
| podLabels | object | `{}` | Pod Labels for the deployment |

7
charts/argocd-image-updater/templates/_helpers.tpl
View file

@ -24,6 +24,13 @@ If release name contains chart name it will be used as a full name.
{{- end }}
{{- end }}
{{/*
Override .Release.Namespace
*/}}
{{- define "argocd-image-updater.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}

2
charts/argocd-image-updater/templates/configmap-authscripts.yaml
View file

@ -5,7 +5,7 @@ metadata:
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
name: argocd-image-updater-authscripts
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
data:
{{- toYaml .Values.authScripts.scripts | nindent 2}}
{{- end }}

2
charts/argocd-image-updater/templates/configmap-sshconfig.yaml
View file

@ -4,7 +4,7 @@ metadata:
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
name: argocd-image-updater-ssh-config
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
data:
{{- with .Values.config.sshConfig }}
{{- toYaml . | nindent 2 }}

2
charts/argocd-image-updater/templates/configmap.yaml
View file

@ -5,7 +5,7 @@ metadata:
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
name: argocd-image-updater-config
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
data:
{{- with .Values.config.applicationsAPIKind }}
applications_api: {{ . }}

2
charts/argocd-image-updater/templates/deployment.yaml
View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "argocd-image-updater.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
spec:

2
charts/argocd-image-updater/templates/metrics-service.yaml
View file

@ -14,7 +14,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "argocd-image-updater.fullname" . }}-metrics
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
spec:
ports:
- name: metrics

5
charts/argocd-image-updater/templates/rbac.yaml
View file

@ -6,7 +6,7 @@ metadata:
labels:
{{ include "argocd-image-updater.labels" . | nindent 4 }}
name: {{ include "argocd-image-updater.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
rules:
- apiGroups:
- ''
@ -39,6 +39,7 @@ metadata:
labels:
{{ include "argocd-image-updater.labels" . | nindent 4 }}
name: {{ include "argocd-image-updater.fullname" . }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -46,5 +47,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ include "argocd-image-updater.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
{{- end }}

2
charts/argocd-image-updater/templates/secret.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: argocd-image-updater-secret
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
type: Opaque

2
charts/argocd-image-updater/templates/serviceaccount.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "argocd-image-updater.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.labels }}

4
charts/argocd-image-updater/templates/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "argocd-image-updater.fullname" . }}-metrics
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argocd-image-updater.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
{{- with .Values.metrics.serviceMonitor.selector }}
@ -29,7 +29,7 @@ spec:
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
- {{ include "argocd-image-updater.namespace" . | quote }}
selector:
matchLabels:
{{- include "argocd-image-updater.selectorLabels" . | nindent 6 }}

2
charts/argocd-image-updater/values.yaml
View file

@ -17,6 +17,8 @@ imagePullSecrets: []
nameOverride: ""
# -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override
fullnameOverride: ""
# -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override
namespaceOverride: ""
# -- Extra arguments for argocd-image-updater not defined in `config.argocd`.
# If a flag contains both key and value, they need to be split to a new entry

52
renovate.json
View file

@ -4,7 +4,7 @@
"fileMatch": ["\\.yaml$", "\\.yml$"]
},
"extends": [
"config:base",
"config:recommended",
"docker:enableMajor"
],
"labels": ["renovate"],
@ -13,10 +13,12 @@
"**/charts/argo-cd/Chart.yaml",
"**/charts/argo-events/Chart.yaml",
"**/charts/argo-rollouts/Chart.yaml",
"**/charts/argocd-image-updater/Chart.yaml"
"**/charts/argocd-image-updater/Chart.yaml",
"**/.github/workflows/renovate.yaml"
],
"regexManagers": [
"customManagers": [
{
"customType": "regex",
"fileMatch": ["charts/argo-workflows/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
@ -26,6 +28,7 @@
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"fileMatch": ["charts/argo-cd/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
@ -35,6 +38,7 @@
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"fileMatch": ["charts/argo-events/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
@ -44,6 +48,7 @@
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"fileMatch": ["charts/argo-rollouts/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
@ -53,6 +58,7 @@
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"fileMatch": ["charts/argocd-image-updater/Chart.yaml$"],
"matchStrings": [
"\\sappVersion: (?<currentValue>.*)\\s"
@ -60,32 +66,42 @@
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
"depNameTemplate": "argoproj-labs/argocd-image-updater",
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"],
"matchStrings": [
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+version: (?<currentValue>.*)"
]
}
],
"packageRules": [
{
"matchPackagePatterns": ["argoproj/argo-workflows"],
"commitMessagePrefix": "chore(argo-workflows):"
},
{
"matchPackagePatterns": ["argoproj/argo-cd"],
"commitMessagePrefix": "chore(argo-cd):"
},
{
"matchPackagePatterns": ["argoproj/argo-events"],
"commitMessagePrefix": "chore(argo-events):"
},
{
"matchPackagePatterns": ["argoproj/argo-rollouts"],
"commitMessagePrefix": "chore(argo-rollouts):"
"matchPackagePatterns": [
"argoproj/argo-workflows",
"argoproj/argo-cd",
"argoproj/argo-events",
"argoproj/argo-rollouts"
],
"commitMessagePrefix": "chore({{{replace 'argoproj/' '' depName}}}):",
"postUpgradeTasks": {
"commands": ["./scripts/renovate-bump-version.sh {{depName}}"]
}
},
{
"matchPackagePatterns": ["argoproj-labs/argocd-image-updater"],
"commitMessagePrefix": "chore(argocd-image-updater):"
"commitMessagePrefix": "chore({{{replace 'argoproj-labs/' '' depName}}}):",
"postUpgradeTasks": {
"commands": ["./scripts/renovate-bump-version.sh {{depName}}"]
}
},
{
"matchPackagePatterns": ["redis-ha"],
"enabled": false
},
{
"matchPackageNames": ["ghcr.io/renovatebot/renovate"],
"extends": ["schedule:monthly"]
}
]
}

31
scripts/renovate-bump-version.sh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
depName="${1}"
if [ -z "${depName}" ]; then
echo "Missing argument 'depName'" >&2
echo "Example usage: $0 argoproj/argo-cd" >&2
exit 1
fi
chartName=$(echo "$depName" | sed -e "s+^argoproj/++" -e "s+^argoproj-labs/++")
echo "Changed chart name is: $chartName"
echo "----------------------------------------"
parentDir="charts/${chartName}"
# Bump the chart version by one patch version
version=$(grep '^version:' "${parentDir}/Chart.yaml" | awk '{print $2}')
major=$(echo "${version}" | cut -d. -f1)
minor=$(echo "${version}" | cut -d. -f2)
patch=$(echo "${version}" | cut -d. -f3)
patch=$((patch + 1))
sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${parentDir}/Chart.yaml"
# Add a changelog entry
appVersion=$(grep '^appVersion:' "${parentDir}/Chart.yaml" | awk '{print $2}')
sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${parentDir}/Chart.yaml"
{
echo " artifacthub.io/changes: |"
echo " - kind: changed"
echo " description: Bump ${chartName} to ${appVersion}"
} >> "${parentDir}/Chart.yaml"
cat "${parentDir}/Chart.yaml"