DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update argocd from upstream

Browse source
This commit is contained in:
Ilia Medvedev 2024-05-09 11:20:52 +03:00
commit d426070dcd
141 changed files with 2614 additions and 1340 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.github/configs/renovate-config.js vendored Normal file
View file

@ -0,0 +1,7 @@
module.exports = {
platform: 'github',
gitAuthor: 'renovate[bot] <renovate[bot]@users.noreply.github.com>',
autodiscover: false,
allowPostUpgradeCommandTemplating: true,
allowedPostUpgradeCommands: [".*"],
};

57
.github/workflows/chart-version-bump.yml vendored
View file

@ -1,57 +0,0 @@
## Used on Renovate PRs to bump the chart version and add a changelog entry
## Reference: https://github.com/stefanzweifel/git-auto-commit-action
## Reference: https://github.com/marketplace/actions/changed-files
name: 'Chart Version Bump and Changelog'
on:
pull_request:
types:
- labeled
permissions:
contents: write
jobs:
helm-bumper:
if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
token: ${{ secrets.PAT }}
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2
with:
files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml
- name: "Bump Version and Changelog"
run: |
chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)"
echo "Changed chart name is: $chartName"
echo "----------------------------------------"
parentDir="charts/${chartName}"
# Bump the chart version by one patch version
version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}')
major=$(echo $version | cut -d. -f1)
minor=$(echo $version | cut -d. -f2)
patch=$(echo $version | cut -d. -f3)
patch=$(expr $patch + 1)
sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml
# Add a changelog entry
appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}')
sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml
echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml
echo " - kind: changed" >> ${parentDir}/Chart.yaml
echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml
cat ${parentDir}/Chart.yaml
- name: "Commit and push changes"
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
with:
commit_options: '--signoff'

10
.github/workflows/lint-and-test.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
options: --user 1001
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Run ah lint
working-directory: ./charts
run: ah lint
@ -22,17 +22,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: 3.9
@ -70,7 +70,7 @@ jobs:
fi
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
if: steps.list-changed.outputs.changed == 'true'
with:
config: .github/configs/kind-config.yaml

2
.github/workflows/pr-sizing.yml vendored
View file

@ -25,6 +25,6 @@ jobs:
size-label:
runs-on: ubuntu-latest
steps:
- uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0
- uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

2
.github/workflows/pr-title.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
- uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

7
.github/workflows/publish.yml vendored
View file

@ -12,18 +12,19 @@ permissions:
jobs:
publish:
if: github.repository == 'argoproj/argo-helm'
permissions:
contents: write # for helm/chart-releaser-action to push chart release and create a release
packages: write # to push OCI chart package to GitHub Registry
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: v3.10.1 # Also update in lint-and-test.yaml
@ -67,7 +68,7 @@ jobs:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}

37
.github/workflows/renovate.yaml vendored Normal file
View file

@ -0,0 +1,37 @@
name: Renovate
on:
# The "*" (#42, asterisk) character has special semantics in YAML, so this
# string has to be quoted.
schedule:
- cron: '0 * * * *'
# Manual trigger is also possible
workflow_dispatch: {}
permissions:
contents: read
jobs:
renovate:
if: github.repository == 'argoproj/argo-helm'
runs-on: ubuntu-latest
steps:
- name: Get token
uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
id: get_token
with:
app-id: ${{ vars.RENOVATE_APP_ID }}
private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Self-hosted Renovate
uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11
with:
configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 37.278.0
token: '${{ steps.get_token.outputs.token }}'
env:
LOG_LEVEL: 'debug'
RENOVATE_REPOSITORIES: '${{ github.repository }}'

4
.github/workflows/scorecard.yml vendored
View file

@ -33,7 +33,7 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
persist-credentials: false
@ -60,7 +60,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: SARIF file
path: results.sarif

6
charts/argo-cd/Chart.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.23.0
digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c
generated: "2023-05-15T19:25:26.049618+09:00"
version: 4.26.1
digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41
generated: "2024-02-18T19:42:53.135599+02:00"

4
charts/argo-cd/Chart.yaml
View file

@ -3,7 +3,7 @@ appVersion: v2.10-2024.3.29-1dcc54e29
kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.55.0-1-cap-2.10-2024.3.29-1dcc54e29
version: 6.7.18-cap-2.10-2024.3.29-1dcc54e29
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -18,7 +18,7 @@ maintainers:
url: https://argoproj.github.io/
dependencies:
- name: redis-ha
version: 4.23.0
version: 4.26.1
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled
annotations:

357
charts/argo-cd/README.md
View file

@ -64,7 +64,180 @@ applicationSet:
replicas: 2
```
### Synchronizing Changes from Original Repository
## Ingress configuration
Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples
below corespond to their respective sections.
### SSL-Passthrough
The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place.
```yaml
global:
domain: argocd.example.com
certificate:
enabled: true
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
tls: true
```
### SSL Termination at Ingress Controller
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
extraTls:
- hosts:
- argocd.example.com
# Based on the ingress controller used secret might be optional
secretName: wildcard-tls
```
> **Note:**
> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section.
### Multiple ingress resources for gRPC protocol support
Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour).
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
ingress:
enabled: true
ingressClassName: contour-internal
extraTls:
- hosts:
- argocd.example.com
secretName: wildcard-tls
ingressGrpc:
enabled: true
ingressClassName: contour-internal
extraTls:
- hosts:
- grpc.argocd.example.com
secretName: wildcard-tls
```
### Multiple ingress domains
```yaml
global:
domain: argocd.example.com
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: "<my-issuer>"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
tls: true
extraHosts:
- name: argocd-alias.example.com
path: /
```
### AWS Application Load Balancer
Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode).
The provided example assumes you are using TLS off-loading via AWS ACM service.
> **Note:**
> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section.
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
ingress:
enabled: true
controller: aws
ingressClassName: alb
annotations:
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
aws:
serviceType: ClusterIP # <- Used with target-type: ip
backendProtocolVersion: GRPC
```
### GKE Application Load Balancer
The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations
automatically if you provide configuration for GKE resources.
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
service:
annotations:
cloud.google.com/neg: '{"ingress": true}'
cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
ingress:
enabled: true
controller: gke
gke:
backendConfig:
healthCheck:
checkIntervalSec: 30
timeoutSec: 5
healthyThreshold: 1
unhealthyThreshold: 2
type: HTTP
requestPath: /healthz
port: 8080
frontendConfig:
redirectToHttps:
enabled: true
managedCertificate:
enabled: true
```
## Synchronizing Changes from Original Repository
In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
@ -105,15 +278,51 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 6.4.0
Added support for application controller dynamic cluster distribution.
Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
Added env variables to handle the non-standard names generated by the helm chart.
Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
### 6.1.0
Added support for global domain used by all components.
### 6.0.0
This version **removes support for**:
* deprecated component options `logLevel` and `logFormat`
* deprecated component arguments `<components>.args.<feature>` that were replaced with `configs.params`
* deprecated configuration `server.config` that was replaced with `configs.cm`
* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac`
Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations.
Please review your setup and adjust to new configuration options:
* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname
* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path
* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname
* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `<hostname>-tls` secret when `tls: true`
* additional hostnames and routing can be provided via `extraHosts` configuration section
* additional TLS secrets can be provided via `extraTls` configuration section
Please refer to [ingress configuration](#ingress-configuration) for examples.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
### 5.35.0
This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
Please see more information about EoL: [Amazon EKS EoL][EKS EoL].
@ -399,7 +608,7 @@ NAME: my-release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
| apiVersionOverrides | object | `{}` | |
| applicationVersioning.enabled | bool | `true` | enables the Codefresh application versioning feature |
| applicationVersioning.useApplicationConfiguration | bool | `true` | use ApplicationConfiguration CRD to manage application versioning |
| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs |
@ -499,6 +708,7 @@ NAME: my-release
| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates |
| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments |
| global.domain | string | `"argocd.example.com"` | Default domain used by all components |
| global.env | list | `[]` | Environment variables to pass to all deployed Deployments |
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
@ -529,11 +739,11 @@ NAME: my-release
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
| configs.cm."kustomize.setNamespace.enabled" | bool | `false` | Enable set namespace during kustomize build |
| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge |
| configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache |
| configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository |
| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap |
| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] |
| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO |
| configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap |
| configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap |
| configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm |
@ -544,6 +754,7 @@ NAME: my-release
| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout |
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
| configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. |
| configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts |
@ -592,17 +803,21 @@ NAME: my-release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
| controller.args | object | `{}` | DEPRECATED - Application controller commandline flags |
| controller.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
| controller.containerPorts.metrics | int | `8082` | Metrics container port |
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment |
| controller.dnsConfig | object | `{}` | [DNS configuration] |
| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution |
| controller.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for application controller |
| controller.env | list | `[]` | Environment variables to pass to application controller |
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod |
| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution |
| controller.hostNetwork | bool | `false` | Host Network for application controller pods |
| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
@ -618,6 +833,7 @@ NAME: my-release
| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace |
| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector |
| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller |
| controller.metrics.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
| controller.metrics.service.annotations | object | `{}` | Metrics service annotations |
| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| controller.metrics.service.labels | object | `{}` | Metrics service labels |
@ -651,6 +867,7 @@ NAME: my-release
| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. |
| controller.resources | object | `{}` | Resource limits and requests for the application controller pods |
| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history |
| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| controller.serviceAccount.create | bool | `true` | Create a service account for the application controller |
@ -668,6 +885,7 @@ NAME: my-release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
| repoServer.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. |
| repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server |
| repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] |
@ -690,6 +908,7 @@ NAME: my-release
| repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment |
| repoServer.dnsConfig | object | `{}` | [DNS configuration] |
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for repo server |
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes |
@ -722,6 +941,7 @@ NAME: my-release
| repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
| repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
| repoServer.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
| repoServer.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
| repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| repoServer.name | string | `"repo-server"` | Repo server name |
@ -745,7 +965,7 @@ NAME: my-release
| repoServer.service.annotations | object | `{}` | Repo server service annotations |
| repoServer.service.labels | object | `{}` | Repo server service labels |
| repoServer.service.port | int | `8081` | Repo server service port |
| repoServer.service.portName | string | `"https-repo-server"` | Repo server service port name |
| repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name |
| repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| repoServer.serviceAccount.create | bool | `true` | Create repo server service account |
@ -762,13 +982,8 @@ NAME: my-release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine |
| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] |
| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine |
| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] |
| server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate |
| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. |
| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
| server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. |
| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server |
| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] |
@ -778,7 +993,7 @@ NAME: my-release
| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] |
| server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate |
| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |
| server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
| server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
@ -796,6 +1011,8 @@ NAME: my-release
| server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret |
| server.certificateSecret.key | string | `""` | Private Key of the certificate |
| server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret |
| server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource |
| server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource |
| server.containerPorts.metrics | int | `8083` | Metrics container port |
| server.containerPorts.server | int | `8080` | Server container port |
| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
@ -803,6 +1020,7 @@ NAME: my-release
| server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment |
| server.dnsConfig | object | `{}` | [DNS configuration] |
| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods |
| server.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for the Argo CD server |
| server.env | list | `[]` | Environment variables to pass to Argo CD server |
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
@ -810,7 +1028,7 @@ NAME: my-release
| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD |
| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions |
| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image |
| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image |
| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image |
| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
| server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
@ -820,28 +1038,36 @@ NAME: my-release
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
| server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| server.ingress.annotations | object | `{}` | Additional ingress annotations |
| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service |
| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service |
| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` |
| server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server |
| server.ingress.extraPaths | list | `[]` | Additional ingress paths |
| server.ingress.hosts | list | `[]` | List of ingress hosts |
| server.ingress.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` |
| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record |
| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths |
| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules |
| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration |
| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller |
| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller |
| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer |
| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource |
| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname |
| server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource |
| server.ingress.labels | object | `{}` | Additional ingress labels |
| server.ingress.path | string | `"/"` | The path to Argo CD server |
| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
| server.ingress.paths | list | `["/"]` | List of ingress paths |
| server.ingress.tls | list | `[]` | Ingress TLS configuration |
| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` |
| server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] |
| server.ingressGrpc.awsALB.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service |
| server.ingressGrpc.awsALB.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service |
| server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] |
| server.ingressGrpc.extraPaths | list | `[]` | Additional ingress paths for dedicated [gRPC-ingress] |
| server.ingressGrpc.hosts | list | `[]` | List of ingress hosts for dedicated [gRPC-ingress] |
| server.ingressGrpc.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` |
| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record |
| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] |
| server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules |
| server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] |
| server.ingressGrpc.hostname | string | `""` (defaults to grpc.`server.ingress.hostname`) | Argo CD server hostname for dedicated [gRPC-ingress] |
| server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] |
| server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB |
| server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] |
| server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] |
| server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` |
| server.ingressGrpc.paths | list | `["/"]` | List of ingress paths for dedicated [gRPC-ingress] |
| server.ingressGrpc.tls | list | `[]` | Ingress TLS configuration for dedicated [gRPC-ingress] |
| server.ingressGrpc.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` |
| server.initContainers | list | `[]` | Init containers to add to the server pod |
| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container |
| server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
@ -864,6 +1090,7 @@ NAME: my-release
| server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
| server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
| server.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
| server.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
| server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| server.name | string | `"server"` | Argo CD server name |
@ -913,33 +1140,12 @@ NAME: my-release
| server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container |
| server.volumes | list | `[]` | Additional volumes to the server pod |
### Using AWS ALB Ingress Controller With GRPC
If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
Example:
```yaml
server:
ingress:
enabled: true
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
ingressGrpc:
enabled: true
isAWSALB: true
awsALB:
serviceType: ClusterIP
```
## Dex
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
| dex.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
| dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret |
| dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. |
| dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) |
@ -954,6 +1160,7 @@ server:
| dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment |
| dex.dnsConfig | object | `{}` | [DNS configuration] |
| dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods |
| dex.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for Dex server |
| dex.enabled | bool | `true` | Enable dex |
| dex.env | list | `[]` | Environment variables to pass to the Dex server |
| dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server |
@ -970,6 +1177,9 @@ server:
| dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag |
| dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 |
| dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe |
| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe |
| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
| dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -1002,6 +1212,9 @@ server:
| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods |
| dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 |
| dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe |
| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe |
| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
| dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -1029,6 +1242,7 @@ server:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
| redis.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
| redis.containerPorts.metrics | int | `9121` | Metrics container port |
| redis.containerPorts.redis | int | `6379` | Redis container port |
| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context |
@ -1043,7 +1257,7 @@ server:
| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter |
| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
@ -1061,7 +1275,7 @@ server:
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag |
| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server |
@ -1132,17 +1346,18 @@ The main options are listed here:
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. |
| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag |
| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
@ -1177,10 +1392,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags |
| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature |
| applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |
| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |
| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
@ -1191,7 +1407,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
@ -1200,8 +1416,9 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment |
| applicationSet.dnsConfig | object | `{}` | [DNS configuration] |
| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods |
| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller |
| applicationSet.enabled | bool | `true` | Enable ApplicationSet controller |
| applicationSet.extraArgs | list | `[]` | List of extra cli args to add |
| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags |
| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod |
| applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller |
| applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the ApplicationSet controller |
@ -1211,6 +1428,18 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller |
| applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller |
| applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
| applicationSet.ingress.annotations | object | `{}` | Additional ingress annotations |
| applicationSet.ingress.enabled | bool | `false` | Enable an ingress resource for ApplicationSet webhook |
| applicationSet.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record |
| applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths |
| applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules |
| applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration |
| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname |
| applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource |
| applicationSet.ingress.labels | object | `{}` | Additional ingress labels |
| applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths |
| applicationSet.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
| applicationSet.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` |
| applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod |
| applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller |
| applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
@ -1233,6 +1462,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
| applicationSet.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
| applicationSet.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
| applicationSet.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
| applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string |
@ -1256,7 +1486,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations |
| applicationSet.service.labels | object | `{}` | ApplicationSet service labels |
| applicationSet.service.port | int | `7000` | ApplicationSet service port |
| applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name |
| applicationSet.service.portName | string | `"http-webhook"` | ApplicationSet service port name |
| applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type |
| applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
@ -1266,22 +1496,14 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller |
| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations |
| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks |
| applicationSet.webhook.ingress.extraPaths | list | `[]` | Additional ingress paths |
| applicationSet.webhook.ingress.hosts | list | `[]` | List of ingress hosts |
| applicationSet.webhook.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource |
| applicationSet.webhook.ingress.labels | object | `{}` | Additional ingress labels |
| applicationSet.webhook.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
| applicationSet.webhook.ingress.paths | list | `["/api/webhook"]` | List of ingress paths |
| applicationSet.webhook.ingress.tls | list | `[]` | Ingress TLS configuration |
## Notifications
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
| notifications.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource |
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
| notifications.containerPorts.metrics | int | `9001` | Metrics container port |
@ -1336,6 +1558,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret |
| notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret |
| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name |
| notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account |

234
charts/argo-cd/README.md.gotmpl
View file

@ -63,7 +63,181 @@ applicationSet:
replicas: 2
```
### Synchronizing Changes from Original Repository
## Ingress configuration
Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples
below corespond to their respective sections.
### SSL-Passthrough
The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place.
```yaml
global:
domain: argocd.example.com
certificate:
enabled: true
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
tls: true
```
### SSL Termination at Ingress Controller
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
extraTls:
- hosts:
- argocd.example.com
# Based on the ingress controller used secret might be optional
secretName: wildcard-tls
```
> **Note:**
> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section.
### Multiple ingress resources for gRPC protocol support
Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour).
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
ingress:
enabled: true
ingressClassName: contour-internal
extraTls:
- hosts:
- argocd.example.com
secretName: wildcard-tls
ingressGrpc:
enabled: true
ingressClassName: contour-internal
extraTls:
- hosts:
- grpc.argocd.example.com
secretName: wildcard-tls
```
### Multiple ingress domains
```yaml
global:
domain: argocd.example.com
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: "<my-issuer>"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
tls: true
extraHosts:
- name: argocd-alias.example.com
path: /
```
### AWS Application Load Balancer
Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode).
The provided example assumes you are using TLS off-loading via AWS ACM service.
> **Note:**
> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section.
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
ingress:
enabled: true
controller: aws
ingressClassName: alb
annotations:
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
aws:
serviceType: ClusterIP # <- Used with target-type: ip
backendProtocolVersion: GRPC
```
### GKE Application Load Balancer
The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations
automatically if you provide configuration for GKE resources.
```yaml
global:
domain: argocd.example.com
configs:
params:
server.insecure: true
server:
service:
annotations:
cloud.google.com/neg: '{"ingress": true}'
cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
ingress:
enabled: true
controller: gke
gke:
backendConfig:
healthCheck:
checkIntervalSec: 30
timeoutSec: 5
healthyThreshold: 1
unhealthyThreshold: 2
type: HTTP
requestPath: /healthz
port: 8080
frontendConfig:
redirectToHttps:
enabled: true
managedCertificate:
enabled: true
```
## Synchronizing Changes from Original Repository
In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
@ -104,15 +278,51 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 6.4.0
Added support for application controller dynamic cluster distribution.
Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
Added env variables to handle the non-standard names generated by the helm chart.
Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
### 6.1.0
Added support for global domain used by all components.
### 6.0.0
This version **removes support for**:
* deprecated component options `logLevel` and `logFormat`
* deprecated component arguments `<components>.args.<feature>` that were replaced with `configs.params`
* deprecated configuration `server.config` that was replaced with `configs.cm`
* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac`
Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations.
Please review your setup and adjust to new configuration options:
* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname
* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path
* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname
* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `<hostname>-tls` secret when `tls: true`
* additional hostnames and routing can be provided via `extraHosts` configuration section
* additional TLS secrets can be provided via `extraTls` configuration section
Please refer to [ingress configuration](#ingress-configuration) for examples.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
### 5.35.0
This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
Please see more information about EoL: [Amazon EKS EoL][EKS EoL].
@ -456,28 +666,6 @@ NAME: my-release
{{- end }}
{{- end }}
### Using AWS ALB Ingress Controller With GRPC
If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
Example:
```yaml
server:
ingress:
enabled: true
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
ingressGrpc:
enabled: true
isAWSALB: true
awsALB:
serviceType: ClusterIP
```
## Dex
| Key | Type | Default | Description |

6
charts/argo-cd/ci/dynamic-sharding-values.yaml Normal file
View file

@ -0,0 +1,6 @@
# Test application controller dynamic cluster distribution
crds:
keep: false
controller:
dynamicClusterDistribution: true

132
charts/argo-cd/templates/NOTES.txt
View file

@ -1,133 +1,3 @@
{{- if .Values.controller.args.statusProcessors }}
DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors
{{- end }}
{{- if .Values.controller.args.operationProcessors }}
DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors
{{- end }}
{{- if .Values.controller.args.appResyncPeriod }}
DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation
{{- end }}
{{- if .Values.controller.args.appHardResyncPeriod }}
DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation
{{- end }}
{{- if .Values.controller.args.selfHealTimeout }}
DEPRECATED option controller.args.selfHealTimeout - Use configs.params.controller.self.heal.timeout.seconds
{{- end }}
{{- if .Values.controller.args.repoServerTimeoutSeconds }}
DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds
{{- end }}
{{- if .Values.controller.logFormat }}
DEPRECATED option controller.logFormat - Use configs.params.controller.log.format
{{- end }}
{{- if .Values.controller.logLevel }}
DEPRECATED option controller.logLevel - Use configs.params.controller.log.level
{{- end }}
{{- if .Values.server.logFormat }}
DEPRECATED option server.logFormat - Use configs.params.server.log.format
{{- end }}
{{- if .Values.server.logLevel }}
DEPRECATED option server.logLevel - Use configs.params.server.log.level
{{- end }}
{{- if has "--insecure" .Values.server.extraArgs }}
DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure
{{- end }}
{{- if .Values.repoServer.logFormat }}
DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format
{{- end }}
{{- if .Values.repoServer.logLevel }}
DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level
{{- end }}
{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }}
DEPRECATED option server.config - Use configs.cm
{{- end }}
{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
DEPRECATED option server.rbacConfig - Use configs.rbac
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
{{- end }}
{{- if .Values.configs.gpgKeys }}
DEPRECATED option configs.gpgKeys - Use config.gpg.keys
{{- end }}
{{- if .Values.configs.gpgKeysAnnotations }}
DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
{{- end }}
{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if .Values.configs.knownHostsAnnotations }}
DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations
{{- end }}
{{- if hasKey .Values.configs "knownHosts" }}
DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts
{{- end }}
{{- if .Values.configs.tlsCertsAnnotations }}
DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations
{{- end }}
{{- if hasKey .Values.configs "tlsCerts" }}
DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates
{{- end }}
{{- if .Values.applicationSet.replicaCount }}
DEPRECATED option applicationSet.replicaCount - Use applicationSet.replicas
{{- end }}
{{- if .Values.applicationSet.logFormat }}
DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format
{{- end }}
{{- if .Values.applicationSet.logLevel }}
DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level
{{- end }}
{{- if .Values.applicationSet.args.policy }}
DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy
{{- end }}
{{- if .Values.applicationSet.args.dryRun }}
DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun
{{- end }}
{{- if .Values.controller.service }}
REMOVED option controller.service - Use controller.metrics
{{- end }}
{{- if .Values.repoServer.copyutil }}
REMOVED option repoSever.copyutil.resources - Use repoServer.resources
{{- end }}
{{- if .Values.applicationSet.args.debug }}
REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
{{- end }}
{{- if .Values.applicationSet.args.enableLeaderElection }}
REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
{{- end }}
{{- if .Values.controller.containerPort }}
REMOVED option controller.containerPort - Use controller.containerPorts
{{- end }}
{{- if .Values.server.containerPort }}
REMOVED option server.containerPort - Use server.containerPorts
{{- end }}
{{- if .Values.repoServer.containerPort }}
REMOVED option repoServer.containerPort - Use repoServer.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.metricsAddr }}
REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.probeBindAddr }}
REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.redis.containerPort }}
REMOVED option redis.containerPort - Use redis.containerPorts
{{- end }}
{{- if .Values.redis.metrics.containerPort }}
REMOVED option redis.metrics.containerPort - Use redis.containerPorts
{{- end }}
{{- if .Values.apiVersionOverrides.autoscaling }}
REMOVED option apiVersionOverrides.autoscaling - API autoscaling/v2 is GA from 1.23
{{- end }}
{{- if .Values.apiVersionOverrides.certmanager }}
REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22
{{- end }}
In order to access the server UI you have the following options:
1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
@ -139,7 +9,7 @@ In order to access the server UI you have the following options:
- Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}}
{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

8
charts/argo-cd/templates/_helpers.tpl
View file

@ -159,10 +159,14 @@ Create the name of the notifications service account to use
{{- end -}}
{{/*
Argo Configuration Preset Values (Incluenced by Values configuration)
Argo Configuration Preset Values (Influenced by Values configuration)
*/}}
{{- define "argo-cd.config.cm.presets" -}}
{{- $presets := dict -}}
{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}}
{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}}
{{- end -}}
{{- if .Values.configs.styles -}}
{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}}
{{- end -}}
@ -173,7 +177,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration)
Merge Argo Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config.cm" -}}
{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}}
{{- $config := omit .Values.configs.cm "create" "annotations" -}}
{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{- $fmted := $value | toString }}

13
charts/argo-cd/templates/_versions.tpl
View file

@ -5,16 +5,3 @@ Return the target Kubernetes version
{{- define "argo-cd.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end }}
{{/*
Return the appropriate apiVersion for GKE resources
*/}}
{{- define "argo-cd.apiVersions.cloudgoogle" -}}
{{- if .Values.apiVersionOverrides.cloudgoogle -}}
{{- print .Values.apiVersionOverrides.cloudgoogle -}}
{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
{{- print "cloud.google.com/v1" -}}
{{- else -}}
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}

3
charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
View file

@ -1,5 +1,4 @@
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
{{- if .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

3
charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
View file

@ -1,5 +1,4 @@
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
{{- if .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

370
charts/argo-cd/templates/argocd-application-controller/deployment.yaml Normal file
View file

@ -0,0 +1,370 @@
{{- if .Values.controller.dynamicClusterDistribution }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicas }}
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if .Values.configs.cm.create }}
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- if .Values.controller.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
containers:
- args:
- /usr/local/bin/argocd-application-controller
- --metrics-port={{ .Values.controller.containerPorts.metrics }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
- --metrics-application-labels
- {{ . }}
{{- end }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
env:
{{- with (concat .Values.global.env .Values.controller.env) }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION
value: "true"
- name: ARGOCD_CONTROLLER_HEARTBEAT_TIME
value: {{ .Values.controller.heartbeatTime | quote }}
- name: ARGOCD_APPLICATION_CONTROLLER_NAME
value: {{ template "argo-cd.controller.fullname" . }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.reconciliation
optional: true
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.hard.reconciliation
optional: true
- name: ARGOCD_RECONCILIATION_JITTER
valueFrom:
configMapKeyRef:
key: timeout.reconciliation.jitter
name: argocd-cm
optional: true
- name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.error.grace.period.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: repo.server
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.status.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.operation.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.format
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.level
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.metrics.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.plaintext
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.strict.tls
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.resource.health.persist
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.app.state.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.default.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.insecure
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.headers
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
- name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.sharding.algorithm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.kubectl.parallelism.limit
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_MAX
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.k8sclient.retry.max
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.k8sclient.retry.base.backoff
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.diff.server.side
optional: true
- name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.ignore.normalizer.jq.timeout
optional: true
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPorts.metrics }}
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- with .Values.controller.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
workingDir: /home/argocd
volumeMounts:
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
{{- with .Values.controller.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.controller.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: argocd-home
{{- if .Values.controller.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}
{{- with .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- end }}

3
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View file

@ -22,6 +22,9 @@ spec:
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.controller.metrics.serviceMonitor.relabelings }}
relabelings:

53
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View file

@ -1,3 +1,4 @@
{{- if not .Values.controller.dynamicClusterDistribution | default false }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
@ -13,8 +14,7 @@ metadata:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicas }}
# TODO: Remove for breaking release as history limit cannot be patched
revisionHistoryLimit: 5
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
serviceName: {{ include "argo-cd.controller.fullname" . }}
selector:
matchLabels:
@ -23,7 +23,7 @@ spec:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
{{- if .Values.configs.cm.create }}
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
@ -56,6 +56,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
containers:
- args:
- /usr/local/bin/argocd-application-controller
@ -66,38 +67,6 @@ spec:
- {{ . }}
{{- end }}
{{- end }}
{{- with .Values.controller.args.statusProcessors }}
- --status-processors
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.operationProcessors }}
- --operation-processors
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.appResyncPeriod }}
- --app-resync
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.appHardResyncPeriod }}
- --app-hard-resync
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.selfHealTimeout }}
- --self-heal-timeout-seconds
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.repoServerTimeoutSeconds }}
- --repo-server-timeout-seconds
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.logFormat }}
- --logformat
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
@ -110,6 +79,8 @@ spec:
{{- end }}
- name: ARGOCD_CONTROLLER_REPLICAS
value: {{ .Values.controller.replicas | quote }}
- name: ARGOCD_APPLICATION_CONTROLLER_NAME
value: {{ template "argo-cd.controller.fullname" . }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
@ -296,6 +267,12 @@ spec:
name: argocd-cmd-params-cm
key: controller.diff.server.side
optional: true
- name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.ignore.normalizer.jq.timeout
optional: true
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
@ -363,7 +340,12 @@ spec:
{{- toYaml . | nindent 6 }}
{{- end }}
- name: argocd-home
{{- if .Values.controller.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
@ -383,3 +365,4 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- end }}

4
charts/argo-cd/templates/argocd-applicationset/certificate.yaml
View file

@ -14,9 +14,9 @@ metadata:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
secretName: {{ .Values.applicationSet.certificate.secretName }}
commonName: {{ .Values.applicationSet.certificate.domain | quote }}
commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
dnsNames:
- {{ .Values.applicationSet.certificate.domain | quote }}
- {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
{{- range .Values.applicationSet.certificate.additionalHosts }}
- {{ . | quote }}
{{- end }}

89
charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml Normal file
View file

@ -0,0 +1,89 @@
{{- if .Values.applicationSet.allowAnyNamespace }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- end }}

17
charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml Normal file
View file

@ -0,0 +1,17 @@
{{- if .Values.applicationSet.allowAnyNamespace }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.applicationSet.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

27
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View file

@ -17,7 +17,7 @@ spec:
strategy:
{{- trim . | nindent 4 }}
{{- end }}
replicas: {{ .Values.applicationSet.replicas | default .Values.applicationSet.replicaCount }}
replicas: {{ .Values.applicationSet.replicas }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
@ -56,6 +56,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }}
containers:
- name: {{ .Values.applicationSet.name }}
image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
@ -65,20 +66,6 @@ spec:
- --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
- --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
- --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
{{- with .Values.applicationSet.args.policy }}
- --policy={{ . }}
{{- end }}
{{- with .Values.applicationSet.args.dryRun }}
- --dry-run={{ . }}
{{- end }}
{{- with .Values.applicationSet.logFormat }}
- --logformat
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.logLevel }}
- --loglevel
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
@ -316,9 +303,19 @@ spec:
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
{{- if .Values.applicationSet.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if .Values.applicationSet.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls

62
charts/argo-cd/templates/argocd-applicationset/ingress.yaml Normal file
View file

@ -0,0 +1,62 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.ingress.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.applicationSet.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
- host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
http:
paths:
{{- with .Values.applicationSet.ingress.extraPaths }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.applicationSet.ingress.path }}
pathType: {{ .Values.applicationSet.ingress.pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" . }}
port:
number: {{ .Values.applicationSet.service.port }}
{{- range .Values.applicationSet.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default $.Values.applicationSet.ingress.path .path }}
pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" $ }}
port:
number: {{ $.Values.applicationSet.service.port }}
{{- end }}
{{- with .Values.applicationSet.ingress.extraRules }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }}
tls:
{{- if .Values.applicationSet.ingress.tls }}
- hosts:
- {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
secretName: argocd-applicationset-controller-tls
{{- end }}
{{- with .Values.applicationSet.ingress.extraTls }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

4
charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml
View file

@ -1,4 +1,4 @@
{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }}
{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
@ -8,7 +8,7 @@ metadata:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
ingress:
{{- if .Values.applicationSet.webhook.ingress.enabled }}
{{- if .Values.applicationSet.ingress.enabled }}
- ports:
- port: webhook
{{- end }}

3
charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
View file

@ -23,6 +23,9 @@ spec:
{{- with .Values.applicationSet.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }}
relabelings:

73
charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
View file

@ -1,73 +0,0 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}}
{{- $servicePort := .Values.applicationSet.service.portName -}}
{{- $paths := .Values.applicationSet.webhook.ingress.paths -}}
{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}}
{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.webhook.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.webhook.ingress.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.applicationSet.webhook.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
{{- if .Values.applicationSet.webhook.ingress.hosts }}
{{- range $host := .Values.applicationSet.webhook.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.applicationSet.webhook.ingress.tls }}
tls:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}

4
charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
View file

@ -1,4 +1,4 @@
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
{{- if .Values.configs.cm.create }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -6,7 +6,7 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }}
{{- with .Values.configs.cm.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}

4
charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
View file

@ -5,13 +5,13 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}}
{{- with .Values.configs.gpg.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}}
{{- with .Values.configs.gpg.keys }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}

2
charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
View file

@ -8,7 +8,7 @@ metadata:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
data:
context: |
argocdUrl: {{ .Values.notifications.argocdUrl | quote }}
argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }}
{{- with .Values.notifications.context }}
{{- toYaml . | nindent 4 }}
{{- end }}

2
charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml
View file

@ -2,7 +2,7 @@
apiVersion: v1
kind: Secret
metadata:
name: argocd-notifications-secret
name: {{ .Values.notifications.secret.name }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}

6
charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
View file

@ -1,4 +1,4 @@
{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }}
{{- if .Values.configs.rbac.create }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -6,13 +6,13 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }}
{{- with .Values.configs.rbac.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }}
{{- with (omit .Values.configs.rbac "create" "annotations") }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}

6
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -16,7 +16,7 @@ metadata:
{{- end }}
{{- end }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- with .Values.configs.secret.githubSecret }}
@ -38,10 +38,6 @@ data:
webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }}
webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }}
{{- end }}
{{- with .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .key | b64enc }}
tls.crt: {{ .crt | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerAdminPassword }}
admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}
admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }}

8
charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
View file

@ -5,7 +5,7 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }}
{{- with .Values.configs.ssh.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
@ -13,11 +13,7 @@ metadata:
{{- end }}
data:
ssh_known_hosts: |
{{- if hasKey .Values.configs "knownHosts" }}
{{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }}
{{- else }}
{{- .Values.configs.ssh.knownHosts | nindent 4 }}
{{- end }}
{{- .Values.configs.ssh.knownHosts | nindent 4 }}
{{- with .Values.configs.ssh.extraHosts }}
{{- . | nindent 4 }}
{{- end }}

8
charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
View file

@ -5,19 +5,13 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }}
{{- with .Values.configs.tls.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if hasKey .Values.configs "tlsCerts" }}
{{- with .Values.configs.tlsCerts }}
{{- toYaml . | nindent 0 }}
{{- end }}
{{- else }}
{{- with .Values.configs.tls.certificates }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

7
charts/argo-cd/templates/argocd-notifications/clusterrole.yaml
View file

@ -28,6 +28,9 @@ rules:
verbs:
- list
- watch
{{- if (index .Values.configs.params "application.namespaces") }}
- create
{{- end }}
{{- if .Values.notifications.cm.create }}
- apiGroups:
- ""
@ -38,14 +41,12 @@ rules:
verbs:
- get
{{- end }}
{{- if .Values.notifications.secret.create }}
- apiGroups:
- ""
resourceNames:
- argocd-notifications-secret
- {{ .Values.notifications.secret.name }}
resources:
- secrets
verbs:
- get
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View file

@ -55,6 +55,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }}
containers:
- name: {{ .Values.notifications.name }}
image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
@ -66,6 +67,7 @@ spec:
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
- --namespace={{ .Release.Namespace }}
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --secret-name={{ .Values.notifications.secret.name }}
{{- range .Values.notifications.extraArgs }}
- {{ . | squote }}
{{- end }}

2
charts/argo-cd/templates/argocd-notifications/role.yaml
View file

@ -37,7 +37,7 @@ rules:
- apiGroups:
- ""
resourceNames:
- argocd-notifications-secret
- {{ .Values.notifications.secret.name }}
resources:
- secrets
verbs:

7
charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
View file

@ -1,5 +1,4 @@
{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -7,8 +6,8 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
rules:
{{- if .Values.repoServer.clusterRoleRules.enabled }}
{{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
{{- with .Values.repoServer.clusterRoleRules.rules }}
{{- toYaml . | nindent 2 }}
{{- else }}
- apiGroups:
- '*'

3
charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
View file

@ -1,5 +1,4 @@
{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

38
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -30,7 +30,7 @@ spec:
{{- if .Values.repoServer.certificateSecret.enabled }}
checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
{{- if .Values.configs.cm.create }}
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.configs.cmp.create }}
@ -66,6 +66,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }}
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
@ -74,14 +75,6 @@ spec:
- /usr/local/bin/argocd-repo-server
- --port={{ .Values.repoServer.containerPorts.server }}
- --metrics-port={{ .Values.repoServer.containerPorts.metrics }}
{{- with .Values.repoServer.logFormat }}
- --logformat
- {{ . | quote }}
{{- end }}
{{- with .Values.repoServer.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.repoServer.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
@ -97,6 +90,8 @@ spec:
value: {{ .Values.applicationVersioning.enabled | quote }}
- name: CODEFRESH_APPVERSION_USE_APPCONFIG
value: {{ .Values.applicationVersioning.useApplicationConfiguration | quote }}
- name: ARGOCD_REPO_SERVER_NAME
value: {{ template "argo-cd.repoServer.fullname" . }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
@ -416,26 +411,46 @@ spec:
{{- if .Values.repoServer.existingVolumes.helmWorkingDir -}}
{{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }}
{{- else }}
{{- if .Values.repoServer.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- end }}
- name: plugins
{{- if .Values.repoServer.existingVolumes.plugins -}}
{{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }}
{{- else }}
{{- if .Values.repoServer.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: var-files
{{- if .Values.repoServer.existingVolumes.varFiles -}}
{{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }}
{{- else }}
{{- if .Values.repoServer.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: tmp
{{- if .Values.repoServer.existingVolumes.tmp -}}
{{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }}
{{- else }}
{{- if .Values.repoServer.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: ssh-known-hosts
configMap:
@ -450,7 +465,12 @@ spec:
{{- if .Values.repoServer.existingVolumes.gpgKeyring -}}
{{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }}
{{- else }}
{{- if .Values.repoServer.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: argocd-repo-server-tls
secret:

2
charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
View file

@ -13,7 +13,7 @@ metadata:
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
{{- with .Values.repoServer.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

3
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -22,6 +22,9 @@ spec:
{{- with .Values.repoServer.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.repoServer.metrics.serviceMonitor.relabelings }}
relabelings:

71
charts/argo-cd/templates/argocd-server/aws/ingress.yaml Normal file
View file

@ -0,0 +1,71 @@
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }}
{{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: |
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
- host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingressGrpc.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}-grpc
port:
number: {{ $servicePort }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingress.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" . }}
port:
number: {{ $servicePort }}
{{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default $.Values.server.ingress.path .path }}
pathType: {{ default $.Values.server.ingress.pathType .pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
number: {{ $servicePort }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:
{{- if .Values.server.ingress.tls }}
- hosts:
- {{ .Values.server.ingress.hostname | default .Values.global.domain }}
secretName: argocd-server-tls
{{- end }}
{{- with .Values.server.ingress.extraTls }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

6
charts/argo-cd/templates/argocd-server/aws/service.yaml
View file

@ -1,9 +1,9 @@
{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}}
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }}
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }}
alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}-grpc
@ -21,5 +21,5 @@ spec:
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.server.ingressGrpc.awsALB.serviceType }}
type: {{ .Values.server.ingress.aws.serviceType }}
{{- end -}}

4
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -14,9 +14,9 @@ metadata:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
secretName: {{ .Values.server.certificate.secretName }}
commonName: {{ .Values.server.certificate.domain | quote }}
commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
dnsNames:
- {{ .Values.server.certificate.domain | quote }}
- {{ .Values.server.certificate.domain | default .Values.global.domain }}
{{- range .Values.server.certificate.additionalHosts }}
- {{ . | quote }}
{{- end }}

20
charts/argo-cd/templates/argocd-server/clusterrole.yaml
View file

@ -1,5 +1,4 @@
{{- $config := .Values.server.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
{{- if .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -7,6 +6,9 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
{{- if .Values.server.clusterRoleRules.enabled }}
{{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }}
{{- else }}
- apiGroups:
- '*'
resources:
@ -31,7 +33,7 @@ rules:
- pods/log
verbs:
- get
{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }}
- apiGroups:
- ""
resources:
@ -49,6 +51,17 @@ rules:
- list
- update
- watch
{{- if (index .Values.configs.params "application.namespaces") }}
- apiGroups:
- "argoproj.io"
resources:
- "applications"
verbs:
- create
- delete
- update
- patch
{{- end }}
- apiGroups:
- batch
resources:
@ -63,4 +76,5 @@ rules:
verbs:
{{/* supports triggering workflows from UI */}}
- create
{{- end }}
{{- end }}

3
charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
View file

@ -1,5 +1,4 @@
{{- $config := .Values.server.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
{{- if .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

28
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -27,7 +27,7 @@ spec:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
{{- if .Values.configs.cm.create }}
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }}
@ -60,6 +60,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }}
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
@ -68,14 +69,6 @@ spec:
- /usr/local/bin/argocd-server
- --port={{ .Values.server.containerPorts.server }}
- --metrics-port={{ .Values.server.containerPorts.metrics }}
{{- with .Values.server.logFormat }}
- --logformat
- {{ . | quote }}
{{- end }}
{{- with .Values.server.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.server.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
@ -83,6 +76,8 @@ spec:
{{- with (concat .Values.global.env .Values.server.env) }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_SERVER_NAME
value: {{ template "argo-cd.server.fullname" . }}
- name: ARGOCD_SERVER_INSECURE
valueFrom:
configMapKeyRef:
@ -448,12 +443,27 @@ spec:
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: extensions
{{- if .Values.server.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: plugins-home
{{- if .Values.server.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if .Values.server.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm

10
charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml
View file

@ -1,11 +1,13 @@
{{- if .Values.server.GKEbackendConfig.enabled }}
apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }}
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }}
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.gke.backendConfig }}
spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

8
charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml
View file

@ -1,11 +1,13 @@
{{- if .Values.server.GKEfrontendConfig.enabled }}
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }}
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.gke.frontendConfig }}
spec:
{{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

69
charts/argo-cd/templates/argocd-server/gke/ingress.yaml Normal file
View file

@ -0,0 +1,69 @@
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }}
{{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
ingressClassName: "gce"
{{- if .Values.server.ingress.gke.managedCertificate.create }}
networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }}
{{- end }}
{{- if .Values.server.ingress.gke.frontendConfig }}
networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }}
{{- end }}
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
- host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ .Values.server.ingress.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" . }}
port:
number: {{ $servicePort }}
{{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default $.Values.server.ingress.path .path }}
pathType: {{ default $.Values.server.ingress.pathType .pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
number: {{ $servicePort }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:
{{- if .Values.server.ingress.tls }}
- hosts:
- {{ .Values.server.ingress.hostname | default .Values.global.domain }}
secretName: argocd-server-tls
{{- end }}
{{- with .Values.server.ingress.extraTls }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

11
charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml
View file

@ -1,12 +1,15 @@
{{- if .Values.server.GKEmanagedCertificate.enabled }}
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }}
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: {{ template "argo-cd.server.fullname" . }}
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
domains:
{{- with .Values.server.GKEmanagedCertificate.domains }}
{{- toYaml . | nindent 4 }}
- {{ .Values.server.ingress.hostname | default .Values.global.domain }}
{{- with .Values.server.ingress.gke.managedCertificate.extraDomains }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

70
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -1,8 +1,5 @@
{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- $pathType := .Values.server.ingressGrpc.pathType -}}
{{- if .Values.server.ingressGrpc.enabled -}}
{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@ -24,50 +21,43 @@ spec:
ingressClassName: {{ . }}
{{- end }}
rules:
{{- if .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
- host: {{ $host }}
- host: {{ .Values.server.ingressGrpc.hostname | default $hostname }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- with .Values.server.ingressGrpc.extraPaths }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
- path: {{ .Values.server.ingressGrpc.path }}
pathType: {{ .Values.server.ingressGrpc.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
name: {{ include "argo-cd.server.fullname" . }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
number: {{ .Values.server.service.servicePortHttps }}
{{- range .Values.server.ingressGrpc.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
- path: {{ default $.Values.server.ingressGrpc.path .path }}
pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.server.ingressGrpc.tls }}
number: {{ $.Values.server.service.servicePortHttps }}
{{- end }}
{{- with .Values.server.ingressGrpc.extraRules }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }}
tls:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingressGrpc.tls }}
- hosts:
- {{ .Values.server.ingressGrpc.hostname | default $hostname }}
secretName: argocd-server-grpc-tls
{{- end }}
{{- with .Values.server.ingressGrpc.extraTls }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

93
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -1,8 +1,6 @@
{{- if .Values.server.ingress.enabled -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- $pathType := .Values.server.ingress.pathType -}}
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }}
{{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@ -13,78 +11,59 @@ metadata:
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.server.ingress.annotations }}
{{- with .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }}
alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: |
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
{{- end }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host | quote }}
- host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- with .Values.server.ingress.extraPaths }}
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }}
- path: {{ $p }}
pathType: {{ $.Values.server.ingressGrpc.pathType }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingress.pathType }}
backend:
service:
name: {{ template "argo-cd.server.fullname" $ }}-grpc
name: {{ include "argo-cd.server.fullname" . }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
{{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
- path: {{ default $.Values.server.ingress.path .path }}
pathType: {{ default $.Values.server.ingress.pathType .pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.server.ingress.tls }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
- hosts:
- {{ .Values.server.ingress.hostname | default .Values.global.domain }}
{{- range .Values.server.ingress.extraHosts }}
{{- if .name }}
- {{ .name }}
{{- end }}
{{- end }}
secretName: argocd-server-tls
{{- end }}
{{- with .Values.server.ingress.extraTls }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-server/openshift/route.yaml
View file

@ -13,7 +13,7 @@ metadata:
{{- end }}
{{- end }}
spec:
host: {{ .Values.server.route.hostname | quote }}
host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }}
to:
kind: Service
name: {{ template "argo-cd.server.fullname" . }}

2
charts/argo-cd/templates/argocd-server/role.yaml
View file

@ -42,7 +42,7 @@ rules:
verbs:
- create
- list
{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }}
- apiGroups:
- ""
resources:

3
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View file

@ -22,6 +22,9 @@ spec:
{{- with .Values.server.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.server.metrics.serviceMonitor.relabelings }}
relabelings:

6
charts/argo-cd/templates/crds/crd-applicationset.yaml
View file

@ -2397,8 +2397,6 @@ spec:
- metadata
- spec
type: object
required:
- elements
type: object
matrix:
properties:
@ -4757,8 +4755,6 @@ spec:
- metadata
- spec
type: object
required:
- elements
type: object
matrix:
x-kubernetes-preserve-unknown-fields: true
@ -9816,8 +9812,6 @@ spec:
- metadata
- spec
type: object
required:
- elements
type: object
matrix:
x-kubernetes-preserve-unknown-fields: true

21
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -59,6 +59,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }}
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
@ -99,8 +100,9 @@ spec:
{{- if .Values.dex.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz/live
port: metrics
path: {{ .Values.dex.livenessProbe.httpPath }}
port: {{ .Values.dex.livenessProbe.httpPort }}
scheme: {{ .Values.dex.livenessProbe.httpScheme }}
initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }}
@ -110,8 +112,9 @@ spec:
{{- if .Values.dex.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz/ready
port: metrics
path: {{ .Values.dex.readinessProbe.httpPath }}
port: {{ .Values.dex.readinessProbe.httpPort }}
scheme: {{ .Values.dex.readinessProbe.httpScheme }}
initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }}
@ -185,9 +188,19 @@ spec:
{{- end }}
volumes:
- name: static-files
{{- if .Values.dex.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: dexconfig
{{- if .Values.dex.emptyDir.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
- name: argocd-dex-server-tls
secret:
secretName: argocd-dex-server-tls

3
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -52,6 +52,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }}
{{- end }}
serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.redis.automountServiceAccountToken }}
containers:
- name: {{ .Values.redis.name }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
@ -193,7 +194,7 @@ spec:
- name: health
configMap:
name: {{ include "argo-cd.redis.fullname" . }}-health-configmap
defaultMode: 0755
defaultMode: 493
{{- with .Values.redis.volumes }}
{{- toYaml . | nindent 8}}
{{- end }}

538
charts/argo-cd/values.yaml
View file

@ -11,9 +11,7 @@ kubeVersionOverride: ""
# Override APIVersions
# If you want to template helm charts but cannot access k8s API server
# you can set api versions here
apiVersionOverrides:
# -- String to override apiVersion of GKE resources rendered by this helm chart
cloudgoogle: "" # cloud.google.com/v1
apiVersionOverrides: {}
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
@ -45,6 +43,10 @@ crds:
## Globally shared configuration
global:
# -- Default domain used by all components
## Used for ingresses, certificates, SSO, notifications, etc.
domain: argocd.example.com
# -- Common labels for the all resources
additionalLabels: {}
# app: argo-cd
@ -163,9 +165,6 @@ configs:
# -- Annotations to be added to argocd-cm configmap
annotations: {}
# -- Argo CD's externally facing base URL (optional). Required when configuring SSO
url: ""
# -- The name of tracking label used by Argo CD for resource pruning
# @default -- Defaults to app.kubernetes.io/instance
application.instanceLabelKey: ""
@ -191,6 +190,10 @@ configs:
# -- Timeout to refresh application data as well as target manifests cache
timeout.hard.reconciliation: 0s
# -- Enable Status Badge
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/
statusbadge.enabled: false
# Dex configuration
# dex.config: |
# connectors:
@ -248,6 +251,7 @@ configs:
## Server properties
# -- Run server without TLS
## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template.
server.insecure: false
# -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from /
server.basehref: /
@ -278,6 +282,12 @@ configs:
## Set comma-separated list. (e.g. app-team-one, app-team-two)
application.namespaces: ""
# -- JQ Path expression timeout
## By default, the evaluation of a JQPathExpression is limited to one second.
## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression
## that requires more time to evaluate, you can extend the timeout period.
controller.ignore.normalizer.jq.timeout: "1s"
# Argo CD RBAC policy configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbac:
@ -452,16 +462,6 @@ configs:
# insecure: false
# caData: "<base64 encoded certificate>"
# DEPRECATED - Moved to configs.ssh.annotations
# knownHostsAnnotations: {}
# DEPRECATED - Moved to configs.ssh.knownHosts
# knownHosts: {}
# DEPRECATED - Moved to configs.tls.annotations
# tlsCertsAnnotations: {}
# DEPRECATED - Moved to configs.tls.certificates
# tlsCerts: {}
# -- Repository credentials to be used as Templates for other repos
## Creates a secret for each key/value specified below to create repository credentials
credentialTemplates: {}
@ -543,12 +543,6 @@ configs:
{}
# LDAP_PASSWORD: "mypassword"
# -- Argo TLS Data
# DEPRECATED - Use server.certificate or server.certificateSecret
# argocdServerTlsConfig:
# key: ''
# crt: ''
# -- Bcrypt hashed admin password
## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
@ -603,8 +597,25 @@ controller:
# -- The number of application controller pods to run.
# Additional replicas will cause sharding of managed clusters across number of replicas.
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
replicas: 1
# -- Enable dynamic cluster distribution (alpha)
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
## This is done using a deployment instead of a statefulSet
## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
## like round-robin, then the shards will be well-balanced.
dynamicClusterDistribution: false
# -- Application controller heartbeat time
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
heartbeatTime: 10
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
revisionHistoryLimit: 5
## Application controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
@ -637,22 +648,6 @@ controller:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- DEPRECATED - Application controller commandline flags
args: {}
# DEPRECATED - Use configs.params to override
# # -- define the application controller `--status-processors`
# statusProcessors: "20"
# # -- define the application controller `--operation-processors`
# operationProcessors: "10"
# # -- define the application controller `--app-hard-resync`
# appHardResyncPeriod: "0"
# # -- define the application controller `--app-resync`
# appResyncPeriod: "180"
# # -- define the application controller `--self-heal-timeout-seconds`
# selfHealTimeout: "5"
# # -- define the application controller `--repo-server-timeout-seconds`
# repoServerTimeoutSeconds: "60"
# -- Additional command line arguments to pass to application controller
extraArgs: []
@ -698,9 +693,19 @@ controller:
# - name: custom-tools
# emptyDir: {}
## Application controller emptyDir volumes
emptyDir:
# -- EmptyDir size limit for application controller
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# -- Annotations for the application controller StatefulSet
statefulsetAnnotations: {}
# -- Annotations for the application controller Deployment
deploymentAnnotations: {}
# -- Annotations to be added to application controller pods
podAnnotations: {}
@ -783,6 +788,9 @@ controller:
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create a service account for the application controller
create: true
@ -799,6 +807,8 @@ controller:
metrics:
# -- Deploy metrics service
enabled: false
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
applicationLabels:
# -- Enables additional labels in argocd_app_labels metric
enabled: false
@ -1009,6 +1019,13 @@ dex:
# -- Additional volumes to the dex pod
volumes: []
## Dex server emptyDir volumes
emptyDir:
# -- EmptyDir size limit for Dex server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers.
@ -1076,6 +1093,12 @@ dex:
livenessProbe:
# -- Enable Kubernetes liveness probe for Dex >= 2.28.0
enabled: false
# -- Http path to use for the liveness probe
httpPath: /healthz/live
# -- Http port to use for the liveness probe
httpPort: metrics
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme: HTTP
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
@ -1090,6 +1113,12 @@ dex:
readinessProbe:
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
enabled: false
# -- Http path to use for the readiness probe
httpPath: /healthz/ready
# -- Http port to use for the readiness probe
httpPort: metrics
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme: HTTP
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
@ -1104,6 +1133,9 @@ dex:
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create dex service account
create: true
@ -1192,7 +1224,7 @@ redis:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.15-alpine
tag: 7.2.4-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1208,7 +1240,7 @@ redis:
# -- Repository to use for the redis-exporter
repository: public.ecr.aws/bitnami/redis-exporter
# -- Tag to use for the redis-exporter
tag: 1.57.0
tag: 1.58.0
# -- Image pull policy for the redis-exporter
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1404,6 +1436,9 @@ redis:
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create a service account for the redis pod
create: false
@ -1473,7 +1508,7 @@ redis-ha:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.15-alpine
tag: 7.2.4-alpine
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
@ -1481,7 +1516,7 @@ redis-ha:
# -- Repository to use for the redis-exporter
image: public.ecr.aws/bitnami/redis-exporter
# -- Tag to use for the redis-exporter
tag: 1.57.0
tag: 1.58.0
persistentVolume:
# -- Configures persistence on Redis nodes
enabled: false
@ -1499,6 +1534,9 @@ redis-ha:
haproxy:
# -- Enabled HAProxy LoadBalancing/Proxy
enabled: true
# -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
labels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
metrics:
# -- HAProxy enable prometheus metric scraping
enabled: true
@ -1664,7 +1702,7 @@ server:
# -- Repository to use for extension installer image
repository: "quay.io/argoprojlabs/argocd-extension-installer"
# -- Tag to use for extension installer image
tag: "v0.0.1"
tag: "v0.0.5"
# -- Image pull policy for extensions
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1752,6 +1790,13 @@ server:
# - name: custom-tools
# emptyDir: {}
## Argo CD server emptyDir volumes
emptyDir:
# -- EmptyDir size limit for the Argo CD server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# -- Annotations to be added to server Deployment
deploymentAnnotations: {}
@ -1866,7 +1911,8 @@ server:
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-server-tls
# -- Certificate primary domain (commonName)
domain: argocd.example.com
# @default -- `""` (defaults to global.domain)
domain: ""
# -- Certificate Subject Alternate Names (SANs)
additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate.
@ -1971,6 +2017,8 @@ server:
enabled: false
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -1990,6 +2038,9 @@ server:
# -- Prometheus ServiceMonitor annotations
annotations: {}
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create server service account
create: true
@ -2002,29 +2053,48 @@ server:
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# Argo CD server ingress configuration
ingress:
# -- Enable an ingress resource for the Argo CD server
enabled: false
# -- Additional ingress annotations
annotations: {}
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections
controller: generic
# -- Additional ingress labels
labels: {}
# -- Additional ingress annotations
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
annotations: {}
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# -- Defines which ingress controller will implement the resource
ingressClassName: ""
# -- List of ingress hosts
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
hosts: []
# - argocd.example.com
# -- Argo CD server hostname
# @default -- `""` (defaults to global.domain)
hostname: ""
# -- The path to Argo CD server
path: /
# -- List of ingress paths
paths:
- /
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
## You can create this secret via `certificate` or `certificateSecret` option
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraPaths: []
# - path: /*
# pathType: Prefix
@ -2034,22 +2104,76 @@ server:
# port:
# name: use-annotation
# -- Ingress TLS configuration
tls: []
# - secretName: your-certificate-name
# hosts:
# - argocd.example.com
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.server.fullname" . }}'
# port:
# name: '{{ .Values.server.service.servicePortHttpsName }}'
# -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp`
https: false
# -- Additional TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls: []
# - hosts:
# - argocd.example.com
# secretName: your-certificate-name
# dedicated ingress for gRPC as documented at
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
# AWS specific options for Application Load Balancer
# Applies only when `serv.ingress.controller` is set to `aws`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
aws:
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using gRPC.
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
backendProtocolVersion: GRPC
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType: NodePort
# Google specific options for Google Application Load Balancer
# Applies only when `server.ingress.controller` is set to `gke`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
gke:
# -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
backendConfig: {}
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
# -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
frontendConfig: {}
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
# Managed GKE certificate for ingress hostname
managedCertificate:
# -- Create ManagedCertificate resource and annotations for Google Load balancer
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
create: true
# -- Additional domains for ManagedCertificate resource
extraDomains: []
# - argocd.example.com
# Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
ingressGrpc:
# -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
enabled: false
# -- Setup up gRPC ingress to work with an AWS ALB
isAWSALB: false
# -- Additional ingress annotations for dedicated [gRPC-ingress]
annotations: {}
# -- Additional ingress labels for dedicated [gRPC-ingress]
@ -2057,32 +2181,29 @@ server:
# -- Defines which ingress controller will implement the resource [gRPC-ingress]
ingressClassName: ""
awsALB:
# -- Service type for the AWS ALB gRPC service
## Service Type if isAWSALB is set to true
## Can be of type NodePort or ClusterIP depending on which mode you are
## are running. Instance mode needs type NodePort, IP mode needs type
## ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType: NodePort
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
backendProtocolVersion: HTTP2
# -- Argo CD server hostname for dedicated [gRPC-ingress]
# @default -- `""` (defaults to grpc.`server.ingress.hostname`)
hostname: ""
# -- List of ingress hosts for dedicated [gRPC-ingress]
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
hosts: []
# - argocd.example.com
# -- Argo CD server ingress path for dedicated [gRPC-ingress]
path: /
# -- List of ingress paths for dedicated [gRPC-ingress]
paths:
- /
# -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls`
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: grpc.argocd.example.com
# path: /
# -- Additional ingress paths for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraPaths: []
# - path: /*
# pathType: Prefix
@ -2092,15 +2213,27 @@ server:
# port:
# name: use-annotation
# -- Ingress TLS configuration for dedicated [gRPC-ingress]
tls: []
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.server.fullname" . }}'
# port:
# name: '{{ .Values.server.service.servicePortHttpName }}'
# -- Additional TLS configuration for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
extraTls: []
# - secretName: your-certificate-name
# hosts:
# - argocd.example.com
# -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp`
https: false
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
@ -2117,37 +2250,13 @@ server:
# -- Termination policy of Openshift Route
termination_policy: None
GKEbackendConfig:
# -- Enable BackendConfig custom resource for Google Kubernetes Engine
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
# -- Enable custom rules for the server's ClusterRole resource
enabled: false
# -- [BackendConfigSpec]
spec: {}
# spec:
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
## Create a Google Managed Certificate for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
GKEmanagedCertificate:
# -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
enabled: false
# -- Domains for the Google Managed Certificate
domains:
- argocd.example.com
## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
GKEfrontendConfig:
# -- Enable FrontConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [FrontendConfigSpec]
spec: {}
# spec:
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
# -- List of custom rules for the server's ClusterRole resource
rules: []
## Repo Server
repoServer:
@ -2313,6 +2422,13 @@ repoServer:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-plugins
## RepoServer emptyDir volumes
emptyDir:
# -- EmptyDir size limit for repo server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# -- Toggle the usage of a ephemeral Helm working directory
useEphemeralHelmWorkingDir: true
@ -2448,7 +2564,7 @@ repoServer:
# -- Repo server service port
port: 8081
# -- Repo server service port name
portName: https-repo-server
portName: tcp-repo-server
## Repo server metrics service configuration
metrics:
@ -2472,6 +2588,8 @@ repoServer:
enabled: false
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2500,6 +2618,9 @@ repoServer:
# -- List of custom rules for the Repo server's Cluster Role resource
rules: []
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
## Repo server service account
## If create is set to true, make sure to uncomment the name and update the rbac section below
serviceAccount:
@ -2568,16 +2689,7 @@ applicationSet:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- DEPRECATED - ApplicationSet controller command line flags
args: {}
# DEPRECATED - Use configs.params.applicationsetcontroller.policy to override
# -- How application is synced between the generator and the cluster
# policy: sync
# DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override
# -- Enable dry run mode
# dryRun: false
# -- List of extra cli args to add
# -- ApplicationSet controller command line flags
extraArgs: []
# -- Environment variables to pass to the ApplicationSet controller
@ -2607,6 +2719,13 @@ applicationSet:
# -- List of extra volumes to add
extraVolumes: []
## ApplicationSet controller emptyDir volumes
emptyDir:
# -- EmptyDir size limit for applicationSet controller
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
## Metrics service configuration
metrics:
# -- Deploy metrics service
@ -2629,6 +2748,8 @@ applicationSet:
enabled: false
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2659,7 +2780,10 @@ applicationSet:
# -- ApplicationSet service port
port: 7000
# -- ApplicationSet service port name
portName: webhook
portName: http-webhook
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create ApplicationSet controller service account
@ -2782,60 +2906,16 @@ applicationSet:
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
## Webhook for the Git Generator
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
webhook:
ingress:
# -- Enable an ingress resource for Webhooks
enabled: false
# -- Additional ingress annotations
annotations: {}
# -- Additional ingress labels
labels: {}
# -- Defines which ingress ApplicationSet controller will implement the resource
ingressClassName: ""
# -- List of ingress hosts
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
hosts: []
# - argocd-applicationset.example.com
# -- List of ingress paths
paths:
- /api/webhook
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Additional ingress paths
extraPaths: []
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Ingress TLS configuration
tls: []
# - secretName: argocd-applicationset-tls
# hosts:
# - argocd-applicationset.example.com
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
certificate:
# -- Deploy a Certificate resource (requires cert-manager)
enabled: false
# -- The name of the Secret that will be automatically created and managed by this Certificate resource
secretName: argocd-application-controller-tls
secretName: argocd-applicationset-controller-tls
# -- Certificate primary domain (commonName)
domain: argocd.example.com
# @default -- `""` (defaults to global.domain)
domain: ""
# -- Certificate Subject Alternate Names (SANs)
additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate.
@ -2868,6 +2948,72 @@ applicationSet:
# -- Annotations to be applied to the ApplicationSet Certificate
annotations: {}
## Ingress for the Git Generator webhook
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
ingress:
# -- Enable an ingress resource for ApplicationSet webhook
enabled: false
# -- Additional ingress labels
labels: {}
# -- Additional ingress annotations
annotations: {}
# -- Defines which ingress ApplicationSet controller will implement the resource
ingressClassName: ""
# -- Argo CD ApplicationSet hostname
# @default -- `""` (defaults to global.domain)
hostname: ""
# -- List of ingress paths
path: /api/webhook
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls`
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
extraPaths: []
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - http:
# paths:
# - path: /api/webhook
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.applicationSet.fullname" . }}'
# port:
# name: '{{ .Values.applicationSet.service.portName }}'
# -- Additional ingress TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls: []
# - secretName: argocd-applicationset-tls
# hosts:
# - argocd-applicationset.example.com
# -- Enable ApplicationSet in any namespace feature
allowAnyNamespace: false
## Notifications controller
notifications:
# -- Enable notifications controller
@ -2877,7 +3023,8 @@ notifications:
name: notifications-controller
# -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates
argocdUrl:
# @default -- `""` (defaults to https://`global.domain`)
argocdUrl: ""
## Notifications controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
@ -2947,15 +3094,19 @@ notifications:
extraVolumes: []
# -- Define user-defined context
## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/#defining-user-defined-context
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context
context: {}
# region: east
# environmentName: staging
secret:
# -- Whether helm chart creates notifications controller secret
## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
create: true
# -- notifications controller Secret name
name: "argocd-notifications-secret"
# -- key:value pairs of annotations to be added to the secret
annotations: {}
@ -2964,19 +3115,19 @@ notifications:
# -- Generic key:value pairs to be inserted into the secret
## Can be used for templates, notification services etc. Some examples given below.
## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
items: {}
# slack-token:
# # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/slack/
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
# grafana-apiKey:
# # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/grafana/
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
# webhooks-github-token:
# email-username:
# email-password:
# For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
metrics:
# -- Enables prometheus metrics server
@ -3018,7 +3169,7 @@ notifications:
# -- Configures notification services such as slack, email or custom webhook
# @default -- See [values.yaml]
## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
notifiers: {}
# service.slack: |
# token: $slack-token
@ -3095,6 +3246,9 @@ notifications:
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create notifications controller service account
create: true
@ -3118,7 +3272,7 @@ notifications:
rules: []
# -- Contains centrally managed global application subscriptions
## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
subscriptions: []
# # subscription for on-sync-status-unknown trigger notifications
# - recipients:
@ -3134,7 +3288,7 @@ notifications:
# - on-sync-status-unknown
# -- The notification template is used to generate the notification content
## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
templates: {}
# template.app-deployed: |
# email:
@ -3351,7 +3505,7 @@ notifications:
# }]
# -- The trigger defines the condition when the notification should be sent
## For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
triggers: {}
# trigger.on-deployed: |
# - description: Application is synced and healthy. Triggered once per commit.
@ -3385,7 +3539,7 @@ notifications:
# - app-sync-succeeded
# when: app.status.operationState.phase in ['Succeeded']
#
# For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
# defaultTriggers: |
# - on-sync-status-unknown

8
charts/argo-events/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.9.0
appVersion: v1.9.1
description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events
version: 2.4.2
version: 2.4.4
home: https://github.com/argoproj/argo-helm
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Bump argo-events to v1.9.0
- kind: added
description: Support ability to set .Values.namespaceOverride

1
charts/argo-events/README.md
View file

@ -87,6 +87,7 @@ done
| global.podLabels | object | `{}` | Labels for the all deployed pods |
| global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] |
| nameOverride | string | `"argo-events"` | Provide a name in place of `argo-events` |
| namespaceOverride | string | `.Release.Namespace` | Override the namespace |
| openshift | bool | `false` | Deploy on OpenShift |
### Controller

8
charts/argo-events/templates/_helpers.tpl
View file

@ -136,3 +136,11 @@ Define Pdb apiVersion
{{- printf "policy/v1beta1" -}}
{{- end }}
{{- end }}
{{/*
Expand the namespace of the release.
Allows overriding it for multi-namespace deployments in combined charts.
*/}}
{{- define "argo-events.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}

2
charts/argo-events/templates/argo-events-controller/config.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "argo-events.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
labels:
{{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
data:

2
charts/argo-events/templates/argo-events-controller/deployment.yaml
View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "argo-events.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
labels:
{{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }}

2
charts/argo-events/templates/argo-events-controller/pdb.yaml
View file

@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-events.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
labels:
{{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.pdb.labels }}

4
charts/argo-events/templates/argo-events-controller/rbac.yaml
View file

@ -4,7 +4,7 @@ kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }}
metadata:
name: {{ include "argo-events.controller.fullname" . }}
{{- if .Values.controller.rbac.namespaced }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
@ -122,5 +122,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ include "argo-events.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
{{- end }}

2
charts/argo-events/templates/argo-events-controller/service.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-events.controller.fullname" . }}-metrics
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
{{- with .Values.controller.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}

2
charts/argo-events/templates/argo-events-controller/serviceaccount.yaml
View file

@ -4,7 +4,7 @@ kind: ServiceAccount
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "argo-events.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
{{- with .Values.controller.serviceAccount.annotations }}
annotations:
{{- range $key, $value := . }}

4
charts/argo-events/templates/argo-events-controller/servicemonitor.yaml
View file

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-events.controller.fullname" . }}
namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-events.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.metrics.serviceMonitor.selector }}
@ -29,7 +29,7 @@ spec:
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
- {{ include "argo-events.namespace" . | quote }}
selector:
matchLabels:
{{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }}

2
charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml
View file

@ -12,5 +12,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ include "argo-events.webhook.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
{{- end }}

2
charts/argo-events/templates/argo-events-webhook/deployment.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: events-webhook
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
labels:
{{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }}

2
charts/argo-events/templates/argo-events-webhook/pdb.yaml
View file

@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-events.webhook.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
labels:
{{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }}
{{- with .Values.webhook.pdb.labels }}

2
charts/argo-events/templates/argo-events-webhook/service.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: events-webhook
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
labels:
{{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }}
spec:

2
charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml
View file

@ -4,7 +4,7 @@ kind: ServiceAccount
automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "argo-events.webhook.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-events.namespace" . | quote }}
{{- with .Values.webhook.serviceAccount.annotations }}
annotations:
{{- range $key, $value := . }}

3
charts/argo-events/values.yaml
View file

@ -6,6 +6,9 @@
nameOverride: argo-events
# -- String to fully override "argo-events.fullname" template
fullnameOverride: ""
# -- Override the namespace
# @default -- `.Release.Namespace`
namespaceOverride: ""
# -- Deploy on OpenShift
openshift: false

8
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.6.5
appVersion: v1.6.6
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.34.2
version: 2.35.1
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:
@ -18,5 +18,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Bump argo-rollouts to v1.6.5
- kind: added
description: Allow minimum set of RBAC rules for Gateway API resources

5
charts/argo-rollouts/README.md
View file

@ -50,6 +50,7 @@ For full list of changes please check ArtifactHub [changelog].
| extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. |
| fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template |
| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments |
| global.deploymentLabels | object | `{}` | Labels for all deployed Deployments |
| imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. |
| installCRDs | bool | `true` | Install and upgrade CRDs |
| keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
@ -60,12 +61,14 @@ For full list of changes please check ArtifactHub [changelog].
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
| notifications.templates | object | `{}` | Notification templates |
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers |
| providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole |
| providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider |
| providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider |
| providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider |
| providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider |
| providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` |
| providerRBAC.providers.gatewayAPI | bool | `true` | Adds RBAC rules for the Gateway API provider |
| providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` |
| providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider |
| providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider |
@ -82,6 +85,7 @@ For full list of changes please check ArtifactHub [changelog].
| controller.containerPorts.metrics | int | `8090` | Metrics container port |
| controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) |
| controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment |
| controller.deploymentLabels | object | `{}` | Labels to be added to the controller deployment |
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. |
| controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. |
| controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. |
@ -138,6 +142,7 @@ For full list of changes please check ArtifactHub [changelog].
| dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level |
| dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) |
| dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment |
| dashboard.deploymentLabels | object | `{}` | Labels to be added to the dashboard deployment |
| dashboard.enabled | bool | `false` | Deploy dashboard server |
| dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. |
| dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. |

48
charts/argo-rollouts/templates/controller/clusterrole.yaml
View file

@ -94,11 +94,22 @@ rules:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
@ -258,23 +269,42 @@ rules:
{{- if .Values.providerRBAC.providers.contour }}
# Access needed when using the Contour provider
- apiGroups:
- projectcontour.io
- projectcontour.io
resources:
- httpproxies
- httpproxies
verbs:
- get
- list
- watch
- update
- get
- list
- watch
- update
{{- end }}
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
- networking.gloo.solo.io
resources:
- routetables
- routetables
verbs:
- '*'
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- with .Values.providerRBAC.additionalRules }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- end }}

3
charts/argo-rollouts/templates/controller/deployment.yaml
View file

@ -10,6 +10,9 @@ metadata:
name: {{ include "argo-rollouts.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }}
{{ $key }}: {{ $value | quote }}
{{- end }}
app.kubernetes.io/component: {{ .Values.controller.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
spec:

33
charts/argo-rollouts/templates/controller/role.yaml
View file

@ -95,11 +95,22 @@ rules:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.providerRBAC.providers.gatewayAPI }}
- create
- update
{{- end }}
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
@ -259,11 +270,27 @@ rules:
{{- if .Values.providerRBAC.providers.glooPlatform }}
# Access needed when using the Gloo Platform provider
- apiGroups:
- networking.gloo.solo.io
- networking.gloo.solo.io
resources:
- routetables
- routetables
verbs:
- '*'
- '*'
{{- end }}
{{- if .Values.providerRBAC.providers.gatewayAPI }}
# Access needed when using the Gateway API provider
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- tlsroutes
- udproutes
- grpcroutes
verbs:
- get
- list
- watch
- update
{{- end }}
{{- end }}
{{- end }}

3
charts/argo-rollouts/templates/dashboard/deployment.yaml
View file

@ -11,6 +11,9 @@ metadata:
name: {{ include "argo-rollouts.fullname" . }}-dashboard
namespace: {{ .Release.Namespace | quote }}
labels:
{{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dashboard.deploymentLabels) }}
{{ $key }}: {{ $value | quote }}
{{- end }}
app.kubernetes.io/component: {{ .Values.dashboard.component }}
{{- include "argo-rollouts.labels" . | nindent 4 }}
spec:

10
charts/argo-rollouts/values.yaml
View file

@ -41,12 +41,16 @@ extraObjects: []
global:
# -- Annotations for all deployed Deployments
deploymentAnnotations: {}
# -- Labels for all deployed Deployments
deploymentLabels: {}
controller:
# -- Value of label `app.kubernetes.io/component`
component: rollouts-controller
# -- Annotations to be added to the controller deployment
deploymentAnnotations: {}
# -- Labels to be added to the controller deployment
deploymentLabels: {}
# -- Annotations to be added to application controller pods
podAnnotations: {}
# -- [Node selector]
@ -273,6 +277,10 @@ providerRBAC:
contour: true
# -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md`
glooPlatform: true
# -- Adds RBAC rules for the Gateway API provider
gatewayAPI: true
# -- Additional RBAC rules for others providers
additionalRules: []
dashboard:
# -- Deploy dashboard server
@ -283,6 +291,8 @@ dashboard:
component: rollouts-dashboard
# -- Annotations to be added to the dashboard deployment
deploymentAnnotations: {}
# -- Labels to be added to the dashboard deployment
deploymentLabels: {}
# -- Annotations to be added to application dashboard pods
podAnnotations: {}
# -- [Node selector]

8
charts/argo-workflows/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.5.4
appVersion: v3.5.6
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.40.10
version: 0.41.3
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -16,5 +16,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Update argo-workflows documentation links to readthedocs
- kind: changed
description: Fix hyphen typo in values.yaml comments

5
charts/argo-workflows/README.md
View file

@ -111,6 +111,7 @@ Fields to note:
|-----|------|---------|-------------|
| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart |
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
| apiVersionOverrides.monitoring | string | `""` | String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart |
| commonLabels | object | `{}` | Labels to set on all resources |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs |
@ -124,6 +125,7 @@ Fields to note:
| images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. |
| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
| nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template |
| namespaceOverride | string | `.Release.Namespace` | Override the namespace |
| singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. |
### Workflow
@ -168,6 +170,7 @@ Fields to note:
| controller.logging.globallevel | string | `"0"` | Set the glog logging level |
| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server |
| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service |
| controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion |
| controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
@ -336,7 +339,7 @@ Fields to note:
| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers |
| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. |
| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets |
| server.sso.redirectUrl | string | `""` | |
| server.sso.redirectUrl | string | `""` | The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback. |
| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider |
| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) |
| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim |

19
charts/argo-workflows/templates/_helpers.tpl
View file

@ -189,3 +189,22 @@ Return the appropriate apiVersion for GKE resources
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for monitoring CRDs
*/}}
{{- define "argo-workflows.apiVersions.monitoring" -}}
{{- if .Values.apiVersionOverrides.monitoring -}}
{{- print .Values.apiVersionOverrides.monitoring -}}
{{- else -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Expand the namespace of the release.
Allows overriding it for multi-namespace deployments in combined charts.
*/}}
{{- define "argo-workflows.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}

2
charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml
View file

@ -4,7 +4,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $cm_name }}
namespace: {{ $.Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" $ | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }}
{{- with $cm_val.annotations }}

2
charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View file

@ -8,7 +8,7 @@ kind: ClusterRole
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}

7
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "argo-workflows.controller.config-map.name" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
data:
@ -83,6 +83,11 @@ data:
bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}
insecure: {{ .Values.artifactRepository.s3.insecure }}
{{- if .Values.artifactRepository.s3.caSecret }}
caSecret:
name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }}
key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }}
{{- end }}
{{- if .Values.artifactRepository.s3.keyFormat }}
keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
{{- end }}

6
charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
View file

@ -8,7 +8,7 @@ kind: ClusterRoleBinding
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
@ -23,7 +23,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
---
@ -40,6 +40,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
{{- end }}

2
charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml
View file

@ -3,7 +3,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:

6
charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
@ -89,6 +89,10 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
{{- if eq (int .Values.controller.replicas) 1 }}
- name: LEADER_ELECTION_DISABLE
value: "true"
{{- end }}
{{- with .Values.controller.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}

2
charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceAccount.labels }}

5
charts/argo-workflows/templates/controller/workflow-controller-service.yaml
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
@ -32,6 +32,9 @@ spec:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.controller.serviceType }}
{{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }}
clusterIP: None
{{- end }}
{{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }}

9
charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
View file

@ -1,9 +1,10 @@
{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
{{- $apiVersion := include "argo-workflows.apiVersions.monitoring" . }}
{{- if and (.Capabilities.APIVersions.Has $apiVersion) (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }}
apiVersion: {{ $apiVersion }}
kind: ServiceMonitor
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }}
namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceMonitor.additionalLabels }}
@ -43,7 +44,7 @@ spec:
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
- {{ include "argo-workflows.namespace" . | quote }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}

2
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding

Some files were not shown because too many files have changed in this diff Show more