diff --git a/.argo/argo-checkout.yaml b/.argo/argo-checkout.yaml deleted file mode 100644 index d7280c3b..00000000 --- a/.argo/argo-checkout.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -type: container -version: 1 -name: argo-checkout -description: Checks out a source repository to /src -resources: - mem_mib: 500 - cpu_cores: 0.1 -image: argoproj/argoscm:v2.0 -command: ["axscm"] -args: ["clone", "%%inputs.parameters.REPO%%", "/src", "--commit", "%%inputs.parameters.COMMIT%%"] -inputs: - parameters: - COMMIT: - default: "%%session.commit%%" - REPO: - default: "%%session.repo%%" -outputs: - artifacts: - CODE: - path: /src diff --git a/.argo/publish.yaml b/.argo/publish.yaml deleted file mode 100644 index 7f15760c..00000000 --- a/.argo/publish.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -type: workflow -version: 1 -name: Publish Charts -inputs: - parameters: - COMMIT: - default: "%%session.commit%%" - REPO: - default: "%%session.repo%%" -steps: -- CHECKOUT: - template: argo-checkout -- PREPARE: - image: hypnoglow/kubernetes-helm:v2.6.1 - resources: - mem_mib: 500 - cpu_cores: 0.1 - command: ["sh", "-c"] - args: [cd /src && helm init --client-only && ./scripts/publish.sh] - inputs: - artifacts: - CODE: - from: "%%steps.CHECKOUT.outputs.artifacts.CODE%%" - path: /src - outputs: - artifacts: - CODE: - path: /src/output -- PUBLISH: - image: argoproj/argoscm:v2.0 - command: ["sh", "-c"] - args: [ - axscm clone %%inputs.parameters.REPO%% --commit gh-pages /src && cd /src && cp -r /output/* . && - git add . && git commit -m "Build on `date`" && - axscm clone %%inputs.parameters.REPO%% /src --commit gh-pages --merge=gh-pages --push] - resources: - mem_mib: 500 - cpu_cores: 0.1 - inputs: - artifacts: - CODE: - from: "%%steps.PREPARE.outputs.artifacts.CODE%%" - path: /output - ---- -type: policy -version: 1 -name: Publish Charts Policy -template: Publish Charts -notifications: -- when: - - on_failure - whom: - - committer - - author -when: -- event: on_push diff --git a/.circleci/chart-testing.yaml b/.circleci/chart-testing.yaml deleted file mode 100644 index 87e07618..00000000 --- a/.circleci/chart-testing.yaml +++ /dev/null @@ -1,4 +0,0 @@ -chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - - dandydeveloper=https://dandydeveloper.github.io/charts/ diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 6c3306ec..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,41 +0,0 @@ -version: 2.1 -jobs: - lint: - docker: - - image: quay.io/helmpack/chart-testing:v3.3.1 - steps: - - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml - # Technically this only needs to be run on master, but it's good to have it run on every PR - # so that it is regularly tested. - publish: - docker: - # We just need an image with `helm` on it. Handily we know of one already. - - image: quay.io/helmpack/chart-testing:v3.3.1 - steps: - # install the additional keys needed to push to GitHub. Alex Collins owns these keys. - - add_ssh_keys - - run: git config --global user.email "nobody@circleci.com" - - run: git config --global user.name "Circle CI Build" - - checkout - - run: helm repo add stable https://charts.helm.sh/stable - - run: helm repo add minio https://helm.min.io/ - - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ - # Only actually publish charts on master. - - run: | - set -x - if [ "$CIRCLE_BRANCH" = "master" ]; then - export GIT_PUSH=true - else - export GIT_PUSH=false - fi - sh ./scripts/publish.sh -workflows: - version: 2 - workflow: - jobs: - - lint - - publish: - requires: - - lint diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 816593c4..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: '' -labels: 'bug' -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml new file mode 100644 index 00000000..5db1fbc3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -0,0 +1,45 @@ +--- +name: Bug report +description: Create a report to help us improve +labels: +- bug +body: +- type: textarea + attributes: + label: Describe the bug + description: A clear and concise description of what the bug is. + validations: + required: true + +- type: textarea + attributes: + label: To Reproduce + description: Steps to reproduce the behavior + placeholder: | + 1. Go to '...' + 2. Click on '....' + 3. Scroll down to '....' + 4. See error + validations: + required: true + +- type: textarea + attributes: + label: Expected behavior + description: A clear and concise description of what you expected to happen. + validations: + required: true + +- type: textarea + attributes: + label: Screenshots + description: If applicable, add screenshots to help explain your problem. + validations: + required: false + +- type: textarea + attributes: + label: Additional context + description: Add any other context about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 36014cde..00000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: '' -labels: 'enhancement' -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml new file mode 100644 index 00000000..2ff5ab68 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yaml @@ -0,0 +1,35 @@ +--- +name: Feature request +description: Suggest an idea for this project +labels: +- enhancement +body: +- type: textarea + attributes: + label: Is your feature request related to a problem? + description: A clear and concise description of what the problem is. Please describe. + placeholder: | + Ex. I'm always frustrated when [...] + validations: + required: false + +- type: textarea + attributes: + label: Describe the solution you'd like + description: A clear and concise description of what you want to happen. + validations: + required: true + +- type: textarea + attributes: + label: Describe alternatives you've considered + description: A clear and concise description of any alternative solutions or features you've considered. + validations: + required: false + +- type: textarea + attributes: + label: Additional context + description: Add any other context or screenshots about the feature request here. + validations: + required: false diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml new file mode 100644 index 00000000..01fdbe0c --- /dev/null +++ b/.github/configs/cr.yaml @@ -0,0 +1,2 @@ +## Reference: https://github.com/helm/chart-releaser +index-path: "./index.yaml" \ No newline at end of file diff --git a/.github/configs/ct-install.yaml b/.github/configs/ct-install.yaml new file mode 100644 index 00000000..e991d382 --- /dev/null +++ b/.github/configs/ct-install.yaml @@ -0,0 +1,19 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Install Stage +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: + - "argocd-applicationset" diff --git a/.github/configs/ct-lint.yaml b/.github/configs/ct-lint.yaml new file mode 100644 index 00000000..e7188eb1 --- /dev/null +++ b/.github/configs/ct-lint.yaml @@ -0,0 +1,18 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Lint Stage +remote: origin +chart-dirs: + - charts +chart-repos: + - argo=https://argoproj.github.io/argo-helm + - minio=https://helm.min.io/ + - dandydeveloper=https://dandydeveloper.github.io/charts/ + - stable=https://charts.helm.sh/stable + - incubator=https://charts.helm.sh/incubator +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: [] diff --git a/.circleci/lintconf.yaml b/.github/configs/lintconf.yaml similarity index 100% rename from .circleci/lintconf.yaml rename to .github/configs/lintconf.yaml diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 67fe55f4..f614c199 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -4,9 +4,9 @@ If the DCO action in the integration test fails, one or more of your commits are Checklist: -* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning. +* [ ] I have bumped the chart version according to [versioning](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#versioning) +* [ ] I have updated the chart changelog with all the changes that come with this pull request according to [changelog](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#changelog). * [ ] Any new values are backwards compatible and/or have sensible default. -* [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md). * [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo). * [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)). diff --git a/.github/semantic.yml b/.github/semantic.yml new file mode 100644 index 00000000..d93cf9cc --- /dev/null +++ b/.github/semantic.yml @@ -0,0 +1,3 @@ +## Reference: https://github.com/zeke/semantic-pull-requests +# Always validate the PR title, and ignore the commits +titleOnly: true diff --git a/.github/stale.yaml b/.github/stale.yaml deleted file mode 100644 index d9f65632..00000000 --- a/.github/stale.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Number of days of inactivity before an issue becomes stale -daysUntilStale: 60 -# Number of days of inactivity before a stale issue is closed -daysUntilClose: 7 -# Issues with these labels will never be considered stale -exemptLabels: - - pinned - - security -# Label to use when marking an issue as stale -staleLabel: wontfix -# Comment to post when marking an issue as stale. Set to `false` to disable -markComment: > - This issue has been automatically marked as stale because it has not had - recent activity. It will be closed if no further activity occurs. Thank you - for your contributions. -# Comment to post when closing a stale issue. Set to `false` to disable -closeComment: false \ No newline at end of file diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index b81bf109..00000000 --- a/.github/stale.yml +++ /dev/null @@ -1 +0,0 @@ -# See https://github.com/probot/stale diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml new file mode 100644 index 00000000..2de22a8b --- /dev/null +++ b/.github/workflows/lint-and-test.yml @@ -0,0 +1,45 @@ +## Reference: https://github.com/helm/chart-testing-action +--- +name: Linting and Testing +on: pull_request +jobs: + chart-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v1 + + - name: Set up python + uses: actions/setup-python@v2 + with: + python-version: 3.7 + + - name: Setup Chart Linting + id: lint + uses: helm/chart-testing-action@v2.1.0 + + - name: List changed charts + id: list-changed + run: | + ## If executed with debug this won't work anymore. + changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) + charts=$(echo "$changed" | tr '\n' ' ' | xargs) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + echo "::set-output name=changed_charts::$charts" + fi + - name: Run chart-testing (lint) + run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml + + - name: Create kind cluster + uses: helm/kind-action@v1.2.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + run: ct install --config ./.github/configs/ct-install.yaml + if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml new file mode 100644 index 00000000..d1ba98ee --- /dev/null +++ b/.github/workflows/pr-sizing.yml @@ -0,0 +1,14 @@ +## Reference: https://github.com/pascalgn/size-label-action +--- +name: 'PR Size' +on: + pull_request_target: + types: [opened, synchronize, reopened] +jobs: + size-label: + runs-on: ubuntu-latest + steps: + - name: size-label + uses: "pascalgn/size-label-action@v0.4.2" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..f01702a6 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,42 @@ +--- +name: Chart Publish +on: + push: + branches: + - master + - rewrite-build +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@v1 + + - name: Add dependency chart repos + run: | + helm repo add argo https://argoproj.github.io/argo-helm + helm repo add minio https://helm.min.io/ + helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ + helm repo add stable https://charts.helm.sh/stable + helm repo add incubator https://charts.helm.sh/incubator + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases. + - name: Fetch current Chart Index + run: | + git checkout origin/gh-pages index.yaml + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.2.0 + with: + config: "./.github/configs/cr.yaml" + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b671fc09..03965cc5 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,19 +1,31 @@ +## Reference: https://github.com/actions/stale name: Mark stale issues and pull requests - on: schedule: - cron: "30 1 * * *" - jobs: stale: - runs-on: ubuntu-latest - steps: - uses: actions/stale@v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: 'Stale issue message' - stale-pr-message: 'Stale pull request message' + # Number of days of inactivity before an issue becomes stale + days-before-stale: 60 + # Number of days of inactivity before a stale issue is closed + days-before-close: 7 + # Issues with these labels will never be considered stale + exempt-issue-labels: "on-hold,pinned,security" + exempt-pr-labels: "on-hold,pinned,security" + # Comment to post when marking an issue as stale. + stale-issue-message: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. + stale-pr-message: > + This pull request has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. + # Label to use when marking an issue as stale stale-issue-label: 'no-issue-activity' stale-pr-label: 'no-pr-activity' diff --git a/CODEOWNERS b/CODEOWNERS index bb890183..012ac7f7 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,16 +1,19 @@ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners +# All charts +/charts/ @mkilchhofer + # Argo Workflows -/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler +/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler # Argo CD -/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler +/charts/argo-cd/ @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1 # Argo Events -/charts/argo-events @jbehling @VaibhavPage @oliverbaehler +/charts/argo-events/ @jbehling @VaibhavPage @oliverbaehler # Argo Rollouts -/charts/argo-rollouts @cabrinha @oliverbaehler +/charts/argo-rollouts/ @oliverbaehler # Argo CD Notifications -/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler +/charts/argocd-notifications/ @alexmt @andyfeller @oliverbaehler @mbevc1 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b64861bb..3d6e1782 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,12 +2,60 @@ Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently. + +# Pull Requests + +All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project. + +## Versioning + +Each chart's version follows the [semver standard](https://semver.org/). New charts should start at version `1.0.0`, if it's considered stable. If it's not considered stable, it must be released as [prerelease](#prerelease). + +Any breaking changes to a chart (backwards incompatible) require: + + * Bump of the current Major version of the chart + * State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` ([See Upgrade](#upgrades)) + +### Immutability + +Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error. + + +### Artifact Hub Annotations + +Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub. + + * [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/) + +#### Changelog + +We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release. + +Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). For every new release the entire `artifacthub.io/changes` needs to be rewritten. Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template: + +``` +name: argo-cd +version: 3.4.1 +... +annotations: + artifacthub.io/changes: | + - "[Added]: Something New was added" + - "[Changed]: Changed Something within this chart" + - "[Changed]: Changed Something else within this chart" + - "[Deprecated]: Something deprecated" + - "[Removed]: Something was removed" + - "[Fixed]: Something was fixed" + - "[Security]": Some Security Patch was included" +``` + +# Testing + ## Testing Argo Workflows Changes Minimally: ``` -helm install charts/argo -n argo +helm install charts/argo-workflows -n argo argo version ``` @@ -22,6 +70,12 @@ helm delete argo-cd --purge kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` +Pre-requisites: +``` +helm repo add redis-ha https://dandydeveloper.github.io/charts/ +helm dependency update +``` + Minimally: ``` @@ -80,7 +134,7 @@ As part of the Continuous Integration system we run Helm's [Chart Testing](https The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. -Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml) +Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml) The linting can be invoked manually with the following command: @@ -90,11 +144,4 @@ The linting can be invoked manually with the following command: ## Publishing Changes -Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this: - -``` -GIT_PUSH=true ./scripts/publish.sh -``` - -Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch. -Write access to https://github.com/argoproj/argo-helm.git is required to publish changes. +Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`). diff --git a/README.md b/README.md index 63c3aa4b..6e1aaf2c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,14 @@ # Argo Helm Charts +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) + Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command: ``` helm repo add argo https://argoproj.github.io/argo-helm ``` + +## Contributing + +We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details. \ No newline at end of file diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 52941728..fe323d72 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.12.14 -digest: sha256:34275a4f4df92c570d07b0553da5d1fa200b6f057f7091746c853fd7399ee30a -generated: "2021-05-03T16:02:41.4356045-04:00" + version: 4.12.17 +digest: sha256:ad1833436031e3578165d48646c90323040fa1bc00d9235fe7ba7c67b20094ec +generated: "2021-07-27T16:35:27.2509236-04:00" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7716e41e..99114a91 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -34,13 +34,65 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop ## Upgrading +### 3.13.0 + +This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of ArgoCD, it can be passed via the `server.extraArgs` field + +### 3.10.2 + +ArgoCD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default +It can be re-enabled by setting `server.staticAssets.enabled` to true + +### 3.8.1 + +This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization: + +```yaml +# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name) +repoServer: + serviceAccount: + create: true + +# Case 2) +controller: + serviceAccount: + name: "" # or + +# Case 3) +dex: + serviceAccount: + name: "" # or + +# Case 4) +server: + serviceAccount: + name: "" # or +``` + +Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE) + +### 3.2.* + +With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**, +especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). + +If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: + +```yaml +kubeVersionOverride: "1.18.0" +``` + +Then you should no longer encounter this issue. + + ### 3.0.0 and above Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. ### 2.14.7 and above -The `matchLabels` key in the ArgoCD Appliaction Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. +The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. ### 2.10.x to 2.11.0 @@ -68,6 +120,7 @@ server: ## Prerequisites - Kubernetes 1.7+ +- Helm v3.0.0+ ## Installing the Chart @@ -82,25 +135,29 @@ NAME: my-release ... ``` -### Helm v3 Compatibility - -Requires chart version 1.5.2 or newer. - -Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. - ## Chart Values | Parameter | Description | Default | |-----|------|---------| | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` | +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.1.2"` | +| global.podAnnotations | Annotations for the all deployed pods | +| global.podLabels | Labels for the all deployed pods | | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | +| global.networkPolicy.create | Create NetworkPolicy objects for all components | `false` | +| global.networkPolicy.defaultDenyIngress | Default deny all ingress traffic | `false` | +| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | -| installCRDs | Install CRDs if you are using Helm2. | `true` | +| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | +| apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` | +| apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` | +| createAggregateRoles | Create clusterroles that extend aggregated roles to use argo-cd crds | `false` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | +| configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` | +| configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | | configs.secret.annotations | Annotations for argocd-secret | `{}` | @@ -110,9 +167,13 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | configs.secret.createSecret | Create the argocd-secret. | `true` | | configs.secret.githubSecret | GitHub incoming webhook secret | `""` | | configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | +| configs.repositoryCredentials | DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories. | `{}` | +| configs.credentialTemplates | Repository credentials to be used as Templates for other repos. | `{}` | +| configs.repositories | Repositories list to be used by applications. | `{}` | | configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` | | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | +| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) | | openshift.enabled | enables using arbitrary uid for argo repo server | `false` | ## ArgoCD Controller @@ -129,6 +190,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | | controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` | | controller.env | Environment variables for the controller. | `[]` | +| controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) | | controller.image.repository | Repository to use for the controller | `global.image.repository` | | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | | controller.image.tag | Tag to use for the controller | `global.image.tag` | @@ -144,6 +206,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.metrics.service.servicePort | Metrics service port | `8082` | | controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | | controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| controller.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | +| controller.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | | controller.name | Controller name string. | `"application-controller"` | | controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | controller.podAnnotations | Annotations for the controller pods | `{}` | @@ -180,6 +244,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | repoServer.containerPort | Repo server port | `8081` | | repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | | repoServer.env | Environment variables for the repo server. | `[]` | +| repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) | | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | @@ -195,6 +260,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | repoServer.metrics.service.servicePort | Metrics service port | `8082` | | repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | | repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| repoServer.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | +| repoServer.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | | repoServer.name | Repo server name | `"repo-server"` | | repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | repoServer.podAnnotations | Annotations for the repo server pods | `{}` | @@ -237,9 +304,13 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | | server.configAnnotations | ArgoCD configuration configmap annotations | `{}` | | server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) | +| server.config.repositories | [DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories.](https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour) | See [values.yaml](values.yaml) | | server.containerPort | Server container port. | `8080` | | server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | +| server.extraContainers | Additional containers for the server. A list of containers. | `[]` | +| server.staticAssets.enabled | Disable deprecated flag --staticassets | `false` | | server.env | Environment variables for the server. | `[]` | +| server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) | | server.image.repository | Repository to use for the server | `global.image.repository` | | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | | server.image.tag | Tag to use for the server | `global.image.tag` | @@ -256,6 +327,9 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` | | server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` | | server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` | +| server.ingressGrpc.isAWSALB | Setup up GRPC ingress to work with an AWS ALB | `false` | +| server.ingressGrpc.awsALB.serviceType | Service type for the AWS ALB GRPC service | `NodePort` | +| server.ingressGrpc.awsALB.backendProtocolVersion | Backend protocol version for the AWS ALB GRPC service | `HTTP2` | | server.route.enabled | Enable a OpenShift route for the server | `false` | | server.route.hostname | Hostname of OpenShift route | `""` | | server.lifecycle | PostStart and PreStop hooks configuration | `{}` | @@ -271,6 +345,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.metrics.service.servicePort | Metrics service port | `8082` | | server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | | server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| server.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | +| server.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | | server.name | Argo CD server name | `"server"` | | server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | server.podAnnotations | Annotations for the server pods | `{}` | @@ -323,18 +399,35 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | dex.metrics.service.labels | Metrics service labels | `{}` | | dex.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | | dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| dex.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | +| dex.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | | dex.name | Dex name | `"dex-server"` | | dex.env | Environment variables for the Dex server. | `[]` | +| dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) | | dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | dex.podAnnotations | Annotations for the Dex server pods | `{}` | | dex.podLabels | Labels for the Dex server pods | `{}` | +| dex.livenessProbe.enabled | Enable Kubernetes liveness probe for Dex >= 2.28.0 | `false` | +| dex.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| dex.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) |`10` | +| dex.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| dex.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| dex.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| dex.readinessProbe.enabled | Enable Kubernetes readiness probe for Dex >= 2.28.0 | `false` | +| dex.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| dex.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) |`10` | +| dex.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| dex.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| dex.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | dex.priorityClassName | Priority class for dex | `""` | | dex.resources | Resource limits and requests for dex | `{}` | | dex.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | | dex.serviceAccount.create | Create dex service account | `true` | | dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` | | dex.servicePortGrpc | Server GRPC port | `5557` | +| dex.servicePortGrpcName | Server GRPC port name | `grpc` | | dex.servicePortHttp | Server HTTP port | `5556` | +| dex.servicePortHttpName | Server GRPC port name | `http` | | dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | | dex.volumeMounts | Dex volume mounts | `"/shared"` | | dex.volumes | Dex volumes | `{}` | @@ -358,6 +451,7 @@ through `xxx.extraArgs` | redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` | | redis.name | Redis name | `"redis"` | | redis.env | Environment variables for the Redis server. | `[]` | +| redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) | | redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | redis.podAnnotations | Annotations for the Redis server pods | `{}` | | redis.podLabels | Labels for the Redis server pods | `{}` | @@ -378,3 +472,25 @@ through `xxx.extraArgs` | redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` | [gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ + + +### Using AWS ALB Ingress Controller With GRPC +If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. + +Example: +```yaml +server: + ingress: + enabled: true + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + ingressGrpc: + enabled: true + isAWSALB: true + awsALB: + serviceType: ClusterIP + +``` diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index c62189e8..714b363e 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -5,8 +5,6 @@ metadata: app.kubernetes.io/name: applications.argoproj.io app.kubernetes.io/part-of: argocd name: applications.argoproj.io - annotations: - helm.sh/hook: crd-install spec: group: argoproj.io names: @@ -269,6 +267,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -367,6 +371,10 @@ spec: properties: group: type: string + jqPathExpressions: + items: + type: string + type: array jsonPointers: items: type: string @@ -378,7 +386,6 @@ spec: namespace: type: string required: - - jsonPointers - kind type: object type: array @@ -545,6 +552,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -840,6 +853,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether toforce applying common labels to resources for Kustomizeapps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -1136,6 +1155,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -1414,6 +1439,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: @@ -1689,6 +1720,12 @@ spec: type: string description: CommonLabels is a list of additional labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean images: description: Images is a list of Kustomize image override specifications items: diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/crds/crd-project.yaml index 40182848..7bb09652 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/crds/crd-project.yaml @@ -5,8 +5,6 @@ metadata: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd name: appprojects.argoproj.io - annotations: - helm.sh/hook: crd-install spec: group: argoproj.io names: diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 138ba588..34cdaaca 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,3 +1,9 @@ +{{- if or .Values.configs.repositoryCredentials .Values.server.config.repositories }} +WARNING: You are using configs.repositoryCredentials and/or server.config.repositories parameter that are DEPRECATED +Instead, use configs.repositoryTemplates and/or configs.repositories parameters +Read More about here: https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour + +{{- end}} In order to access the server UI you have the following options: 1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 @@ -9,7 +15,8 @@ In order to access the server UI you have the following options: - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts -After reaching the UI the first time you can login with username: admin and the password will be the -name of the server pod. You can get the pod name by running: +After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 +kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d + +(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli) diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 1dc2f2c7..23a9f2a9 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -42,10 +42,11 @@ Create dex name and version as used by the chart label. Create redis name and version as used by the chart label. */}} {{- define "argo-cd.redis.fullname" -}} -{{ $redisHa := (index .Values "redis-ha") }} +{{- $redisHa := (index .Values "redis-ha") -}} +{{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}} {{- if $redisHa.enabled -}} {{- if $redisHa.haproxy.enabled -}} - {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- else -}} {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} @@ -71,7 +72,7 @@ Create the name of the controller service account to use */}} {{- define "argo-cd.controllerServiceAccountName" -}} {{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }} + {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} {{- else -}} {{ default "default" .Values.controller.serviceAccount.name }} {{- end -}} @@ -82,18 +83,29 @@ Create the name of the dex service account to use */}} {{- define "argo-cd.dexServiceAccountName" -}} {{- if .Values.dex.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }} + {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} {{- else -}} {{ default "default" .Values.dex.serviceAccount.name }} {{- end -}} {{- end -}} +{{/* +Create the name of the redis service account to use +*/}} +{{- define "argo-cd.redisServiceAccountName" -}} +{{- if .Values.redis.serviceAccount.create -}} + {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redis.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create the name of the ArgoCD server service account to use */}} {{- define "argo-cd.serverServiceAccountName" -}} {{- if .Values.server.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }} + {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} {{- else -}} {{ default "default" .Values.server.serviceAccount.name }} {{- end -}} @@ -104,7 +116,7 @@ Create the name of the repo-server service account to use */}} {{- define "argo-cd.repoServerServiceAccountName" -}} {{- if .Values.repoServer.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} + {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} {{- else -}} {{ default "default" .Values.repoServer.serviceAccount.name }} {{- end -}} @@ -148,11 +160,38 @@ app.kubernetes.io/component: {{ .component }} Return the appropriate apiVersion for ingress */}} {{- define "argo-cd.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if .Values.apiVersionOverrides.ingress -}} +{{- print .Values.apiVersionOverrides.ingress -}} +{{- else if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} +{{- end -}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-cd.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} + +{{/* +Argo Configuration Preset Values (Incluenced by Values configuration) +*/}} +{{- define "argo-cd.config.presets" -}} + {{- if .Values.configs.styles }} +ui.cssurl: "./custom/custom.styles.css" + {{- end }} +{{- end -}} + +{{/* +Merge Argo Configuration with Preset Configuration +*/}} +{{- define "argo-cd.config" -}} + {{- if .Values.server.configEnabled -}} +{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }} + {{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-aggregate-roles.yaml b/charts/argo-cd/templates/argocd-aggregate-roles.yaml new file mode 100644 index 00000000..d11329a3 --- /dev/null +++ b/charts/argo-cd/templates/argocd-aggregate-roles.yaml @@ -0,0 +1,67 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 3426c9c8..bd6ff8aa 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: +{{- if .Values.controller.clusterRoleRules.enabled }} +{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} +{{ else }} - apiGroups: - '*' resources: @@ -16,4 +19,5 @@ rules: - '*' verbs: - '*' -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 7c87bce8..a75c1af1 100755 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -17,17 +17,15 @@ spec: replicas: {{ .Values.controller.replicas }} template: metadata: - {{- if .Values.controller.podAnnotations }} + {{- with (mergeOverwrite .Values.global.podAnnotations .Values.controller.podAnnotations) }} annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} - {{- if .Values.controller.podLabels }} -{{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- with (mergeOverwrite .Values.global.podLabels .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} @@ -50,6 +48,8 @@ spec: - {{ .Values.controller.args.selfHealTimeout | quote }} - --repo-server - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --repo-server-timeout-seconds + - {{ .Values.controller.args.repoServerTimeoutSeconds | quote }} - --logformat - {{ .Values.controller.logFormat }} - --loglevel @@ -70,6 +70,9 @@ spec: {{- if .Values.controller.env }} env: {{- toYaml .Values.controller.env | nindent 8 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: controller @@ -92,12 +95,15 @@ spec: timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + workingDir: /home/argocd volumeMounts: + - name: argocd-home + mountPath: /home/argocd - mountPath: /app/config/controller/tls name: argocd-repo-server-tls -{{- if .Values.controller.volumeMounts }} -{{- toYaml .Values.controller.volumeMounts | nindent 10}} -{{- end }} + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} @@ -118,6 +124,8 @@ spec: {{ toYaml . | indent 6 }} {{- end }} volumes: + - emptyDir: {} + name: argocd-home - name: argocd-repo-server-tls secret: items: @@ -129,9 +137,9 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls -{{- if .Values.controller.volumes }} -{{- toYaml .Values.controller.volumes | nindent 8 }} -{{- end }} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- if .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml new file mode 100644 index 00000000..9116fbcf --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + name: {{ template "argo-cd.controller.fullname" . }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: controller + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 51f81030..249d4e38 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -3,22 +3,32 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + {{- with .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ . }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - {{- if .Values.controller.metrics.serviceMonitor.selector }} -{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} @@ -26,4 +36,3 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} {{- end }} - diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index b17f4f1b..0da0c1ed 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -11,6 +11,5 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -data: -{{- toYaml .Values.server.config | nindent 4 }} +data: {{- include "argo-cd.config" $ | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml new file mode 100644 index 00000000..e96ef9aa --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + {{- if .Values.configs.gpgKeysAnnotations }} + annotations: + {{- range $key, $value := .Values.configs.gpgKeysAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} + name: argocd-gpg-keys-cm +{{- with .Values.configs.gpgKeys }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index d84d2649..62cf6be4 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -36,7 +36,7 @@ data: {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} - admin.passwordMtime: {{ default (date "2006-01-02T15:04:05Z" now) .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} + admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} {{- end }} {{- range $key, $value := .Values.configs.secret.extra }} {{ $key }}: {{ $value | b64enc }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml new file mode 100644 index 00000000..a8079671 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -0,0 +1,11 @@ +{{- if .Values.configs.styles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-custom-styles + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +data: + custom.styles.css: | + {{- .Values.configs.styles | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml similarity index 97% rename from charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml rename to charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml index 354e2ca9..a89bedcb 100644 --- a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml @@ -10,4 +10,4 @@ data: {{- range $key, $value := .Values.configs.repositoryCredentials }} {{ $key }}: {{ $value | b64enc }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml new file mode 100644 index 00000000..f9165d5d --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -0,0 +1,14 @@ +{{- range $repo_cred_key, $repo_cred_value := .Values.configs.credentialTemplates }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-creds-{{ $repo_cred_key }} + labels: + argocd.argoproj.io/secret-type: repo-creds + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} +data: + {{- range $key, $value := $repo_cred_value }} + {{ $key }}: {{ $value | toString | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml new file mode 100644 index 00000000..2c0d4f08 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -0,0 +1,14 @@ +{{- range $repo_key, $repo_value := .Values.configs.repositories }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-{{ $repo_key }} + labels: + argocd.argoproj.io/secret-type: repository + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} +data: + {{- range $key, $value := $repo_value }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 7350db37..9b4c3400 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -16,17 +16,15 @@ spec: {{- end }} template: metadata: - {{- if .Values.repoServer.podAnnotations }} + {{- with (mergeOverwrite .Values.global.podAnnotations .Values.repoServer.podAnnotations) }} annotations: - {{- range $key, $value := .Values.repoServer.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }} app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} - {{- if .Values.repoServer.podLabels }} -{{- toYaml .Values.repoServer.podLabels | nindent 8 }} + {{- with (mergeOverwrite .Values.global.podLabels .Values.repoServer.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} @@ -40,8 +38,7 @@ spec: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} - command: - - uid_entrypoint.sh + args: - argocd-repo-server {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - --redis @@ -67,10 +64,15 @@ spec: value: argocd {{- end }} {{- end }} + {{- with .Values.repoServer.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} + {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} -{{- toYaml .Values.repoServer.volumeMounts | nindent 8}} + {{- toYaml .Values.repoServer.volumeMounts | nindent 8 }} {{- end }} + - mountPath: /app/config/gpg/source + name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring {{- if .Values.configs.knownHosts }} @@ -131,8 +133,11 @@ spec: {{- end }} volumes: {{- if .Values.repoServer.volumes }} -{{- toYaml .Values.repoServer.volumes | nindent 6}} + {{- toYaml .Values.repoServer.volumes | nindent 6 }} {{- end }} + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm - emptyDir: {} name: gpg-keyring {{- if .Values.configs.knownHosts }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml new file mode 100644 index 00000000..0d9274ed --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -0,0 +1,31 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + name: {{ template "argo-cd.repoServer.fullname" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + ports: + - port: repo-server + protocol: TCP + {{- if .Values.repoServer.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 0b343750..2c353479 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -3,22 +3,32 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - {{- if .Values.repoServer.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }} + {{- with .Values.repoServer.metrics.serviceMonitor.namespace }} + namespace: {{ . }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - {{- if .Values.repoServer.metrics.serviceMonitor.selector }} -{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.repoServer.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.repoServer.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.repoServer.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics + {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} @@ -26,4 +36,3 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} {{- end }} - diff --git a/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml b/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml new file mode 100644 index 00000000..4adcd82d --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }}-grpc +spec: + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.ingressGrpc.awsALB.serviceType }} +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 7212922c..64241bfe 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -1,5 +1,7 @@ {{- if .Values.server.certificate.enabled -}} -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} +{{- if .Values.apiVersionOverrides.certmanager -}} +apiVersion: {{ .Values.apiVersionOverrides.certmanager }} +{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} apiVersion: cert-manager.io/v1 {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }} apiVersion: cert-manager.io/v1alpha3 @@ -23,5 +25,5 @@ spec: issuerRef: kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-secret + secretName: {{ .Values.server.certificate.secretName | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index d12c8446..05d1a5ae 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -16,17 +16,15 @@ spec: {{- end }} template: metadata: - {{- if .Values.server.podAnnotations }} + {{- with (mergeOverwrite .Values.global.podAnnotations .Values.server.podAnnotations) }} annotations: - {{- range $key, $value := .Values.server.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} - {{- if .Values.server.podLabels }} -{{- toYaml .Values.server.podLabels | nindent 8 }} + {{- with (mergeOverwrite .Values.global.podLabels .Values.server.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} @@ -42,8 +40,10 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} command: - argocd-server + {{ if .Values.server.staticAssets.enabled }} - --staticassets - /shared/app + {{ end }} - --repo-server - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} {{- if .Values.dex.enabled }} @@ -67,6 +67,9 @@ spec: {{- if .Values.server.env }} env: {{- toYaml .Values.server.env | nindent 8 }} + {{- end }} + {{- with .Values.server.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: {{- if .Values.server.volumeMounts }} @@ -82,6 +85,13 @@ spec: {{- end }} - mountPath: /app/config/server/tls name: argocd-repo-server-tls + {{- if .Values.configs.styles }} + - mountPath: "/shared/app/custom/custom.styles.css" + subPath: "custom.styles.css" + name: custom-styles + {{- end }} + - mountPath: /tmp + name: tmp-dir ports: - name: {{ .Values.server.name }} containerPort: {{ .Values.server.containerPort }} @@ -141,6 +151,13 @@ spec: {{- end }} - emptyDir: {} name: static-files + - emptyDir: {} + name: tmp-dir + {{- if .Values.configs.styles }} + - configMap: + name: argocd-custom-styles + name: custom-styles + {{- end }} {{- if .Values.configs.knownHosts }} - configMap: name: argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 1f5fc4ea..6a90445e 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,8 +1,9 @@ -{{- if .Values.server.ingressGrpc.enabled -}} +{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} {{- $serviceName := include "argo-cd.server.fullname" . -}} {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} {{- $paths := .Values.server.ingressGrpc.paths -}} {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} +{{- $pathType := .Values.server.ingressGrpc.pathType -}} apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: @@ -36,7 +37,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} @@ -63,7 +64,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 1bd2c53c..576b94df 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -3,6 +3,7 @@ {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} {{- $paths := .Values.server.ingress.paths -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} +{{- $pathType := .Values.server.ingress.pathType -}} apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} kind: Ingress metadata: @@ -11,6 +12,10 @@ metadata: {{- range $key, $value := .Values.server.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} + alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} labels: @@ -34,10 +39,30 @@ spec: {{- toYaml $extraPaths | nindent 10 }} {{- end }} {{- range $p := $paths }} + {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} pathType: Prefix {{- end }} + backend: + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ template "argo-cd.server.fullname" $ }}-grpc + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ template "argo-cd.server.fullname" $ }}-grpc + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + - path: {{ $p }} + {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: {{ $pathType }} + {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: @@ -63,7 +88,7 @@ spec: {{- range $p := $paths }} - path: {{ $p }} {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix + pathType: {{ $pathType }} {{- end }} backend: {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml new file mode 100644 index 00000000..8300d696 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -0,0 +1,16 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }} +spec: + ingress: + - {} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 72a4018c..1dc04116 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -44,3 +44,9 @@ spec: {{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} {{- end }} {{- end -}} +{{- with .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} +{{- end }} +{{- with .Values.server.service.sessionAffinity }} + sessionAffinity: {{ . }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index ddf52efa..ab97acc2 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -8,17 +8,27 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.metrics.serviceMonitor.selector }} -{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.server.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.server.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.server.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.server.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics + {{- with .Values.server.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} @@ -26,4 +36,3 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} {{- end }} - diff --git a/charts/argo-cd/templates/crds.yaml b/charts/argo-cd/templates/crds.yaml deleted file mode 100644 index 45ab72d4..00000000 --- a/charts/argo-cd/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 45a2e09e..97951d01 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -12,17 +12,15 @@ spec: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} template: metadata: - {{- if .Values.dex.podAnnotations }} + {{- with (mergeOverwrite .Values.global.podAnnotations .Values.dex.podAnnotations) }} annotations: - {{- range $key, $value := .Values.dex.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }} app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} - {{- if .Values.dex.podLabels }} -{{- toYaml .Values.dex.podLabels | nindent 8 }} + {{- with (mergeOverwrite .Values.global.podLabels .Values.dex.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} @@ -62,6 +60,9 @@ spec: {{- if .Values.dex.env }} env: {{- toYaml .Values.dex.env | nindent 8 }} + {{- end }} + {{- with .Values.dex.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - name: http @@ -70,10 +71,26 @@ spec: - name: grpc containerPort: {{ .Values.dex.containerPortGrpc }} protocol: TCP - {{- if .Values.dex.metrics.enabled }} - name: metrics containerPort: {{ .Values.dex.containerPortMetrics }} protocol: TCP + {{- if .Values.dex.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz/live + port: metrics + {{- with .Values.dex.livenessProbe }} + {{- omit . "enabled" | toYaml | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.dex.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz/ready + port: metrics + {{- with .Values.dex.readinessProbe }} + {{- omit . "enabled" | toYaml | nindent 10 }} + {{- end }} {{- end }} volumeMounts: - mountPath: /tmp diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml new file mode 100644 index 00000000..e79a2e3e --- /dev/null +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.global.networkPolicy.create .Values.dex.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + name: {{ template "argo-cd.dex.fullname" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + ports: + - port: http + protocol: TCP + - port: grpc + protocol: TCP + {{- if .Values.dex.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + protocol: TCP + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 6fa77c4e..c93b085e 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -16,11 +16,11 @@ metadata: {{- end }} spec: ports: - - name: http + - name: {{ .Values.dex.servicePortHttpName }} protocol: TCP port: {{ .Values.dex.servicePortHttp }} targetPort: http - - name: grpc + - name: {{ .Values.dex.servicePortGrpcName }} protocol: TCP port: {{ .Values.dex.servicePortGrpc }} targetPort: grpc diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index adc3394a..ca1d54b0 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -3,26 +3,36 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.dex.fullname" . }} - {{- if .Values.dex.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.dex.metrics.serviceMonitor.namespace }} + {{- with .Values.dex.metrics.serviceMonitor.namespace }} + namespace: {{ . }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} - {{- if .Values.dex.metrics.serviceMonitor.selector }} -{{- toYaml .Values.dex.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.dex.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.dex.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.dex.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.dex.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: - port: metrics - interval: 30s + {{- with .Values.dex.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} path: /metrics + {{- with .Values.dex.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . |nindent 8 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml new file mode 100644 index 00000000..3d47a397 --- /dev/null +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.global.networkPolicy.create .Values.global.networkPolicy.defaultDenyIngress }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} + name: {{ template "argo-cd.fullname" . }}-default-deny +spec: + podSelector: {} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 808c72a2..b4289825 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -12,23 +12,22 @@ spec: app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} template: metadata: - {{- if .Values.redis.podAnnotations }} + {{- with (mergeOverwrite .Values.global.podAnnotations .Values.redis.podAnnotations) }} annotations: - {{- range $key, $value := .Values.redis.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }} - {{- if .Values.redis.podLabels }} -{{- toYaml .Values.redis.podLabels | nindent 8 }} + {{- with (mergeOverwrite .Values.global.podLabels .Values.redis.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - automountServiceAccountToken: false + automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} + serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }} {{- if .Values.redis.securityContext }} securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }} {{- end }} @@ -50,11 +49,14 @@ spec: {{- if .Values.redis.env }} env: {{- toYaml .Values.redis.env | nindent 8 }} + {{- end }} + {{- with .Values.redis.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} {{- end }} ports: - containerPort: {{ .Values.redis.containerPort }} + name: redis {{- if .Values.redis.volumeMounts }} - volumeMounts: {{- toYaml .Values.redis.volumeMounts | nindent 10 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml new file mode 100644 index 00000000..881e257c --- /dev/null +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -0,0 +1,29 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.global.networkPolicy.create .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + name: {{ template "argo-cd.redis.fullname" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + ports: + - port: redis + protocol: TCP + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml new file mode 100644 index 00000000..ae67d3b2 --- /dev/null +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "argo-cd.redisServiceAccountName" . }} +{{- if .Values.redis.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.redis.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5ea8ea16..56e9b443 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3,15 +3,17 @@ ## nameOverride: argocd fullnameOverride: "" - -# Optional CRD installation for those without Helm hooks -installCRDs: true +kubeVersionOverride: "" global: image: repository: quay.io/argoproj/argocd - tag: v2.0.0 + tag: v2.1.2 imagePullPolicy: IfNotPresent + ## Annotations applied to all pods + podAnnotations: {} + ## Labels applied to all pods + podLabels: {} securityContext: {} # runAsUser: 999 # runAsGroup: 999 @@ -25,6 +27,21 @@ global: additionalLabels: {} # app: argo-cd + networkPolicy: + create: false + defaultDenyIngress: false + +# Override APIVersions +# If you want to template helm charts but cannot access k8s API server +# you can set api versions here +apiVersionOverrides: + certmanager: "" # cert-manager.io/v1 + ingress: "" # networking.k8s.io/v1beta1 + +## Create clusterroles that extend existing clusterroles to interact with argo-cd crds +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false + ## Controller controller: name: application-controller @@ -47,6 +64,7 @@ controller: operationProcessors: "10" appResyncPeriod: "180" selfHealTimeout: "5" + repoServerTimeoutSeconds: "60" ## Argo controller log format: text|json logFormat: text @@ -64,6 +82,14 @@ controller: # - name: "ARGOCD_CONTROLLER_REPLICAS" # value: "" + ## envFrom to pass to argocd-controller + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to controller pods ## podAnnotations: {} @@ -79,6 +105,7 @@ controller: # drop: # - all # readOnlyRootFilesystem: true + # runAsNonRoot: true ## Configures the controller port containerPort: 8082 @@ -146,6 +173,9 @@ controller: servicePort: 8082 serviceMonitor: enabled: false + interval: 30s + relabelings: [] + metricRelabelings: [] # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -186,6 +216,13 @@ controller: ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. clusterAdminAccess: enabled: true + ## Enable Custom Rules for the Application Controller's Cluster Role resource + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + enabled: false + rules: [] + ## Dex dex: @@ -199,10 +236,17 @@ dex: labels: {} serviceMonitor: enabled: false + interval: 30s + relabelings: [] + metricRelabelings: [] + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} image: - repository: quay.io/dexidp/dex - tag: v2.26.0 + repository: ghcr.io/dexidp/dex + tag: v2.30.0 imagePullPolicy: IfNotPresent initImage: repository: @@ -213,6 +257,13 @@ dex: ## env: [] + ## envFrom to pass to the Dex server + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Dex server pods ## podAnnotations: {} @@ -221,6 +272,23 @@ dex: ## podLabels: {} + ## Probes for Dex server + ## Supported from Dex >= 2.28.0 + livenessProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + serviceAccount: create: true name: argocd-dex-server @@ -242,8 +310,10 @@ dex: ## Dex deployment container ports containerPortHttp: 5556 servicePortHttp: 5556 + servicePortHttpName: http containerPortGrpc: 5557 servicePortGrpc: 5557 + servicePortGrpcName: grpc containerPortMetrics: 5558 servicePortMetrics: 5558 @@ -279,7 +349,7 @@ redis: image: repository: redis - tag: 6.2.1-alpine + tag: 6.2.4-alpine imagePullPolicy: IfNotPresent ## Additional command line arguments to pass to redis-server @@ -295,6 +365,14 @@ redis: ## env: [] + ## envFrom to pass to the Redis server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Annotations to be added to the Redis server pods ## podAnnotations: {} @@ -322,10 +400,16 @@ redis: ## Redis Pod specific security context securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 runAsNonRoot: true + runAsUser: 999 + + serviceAccount: + create: false + name: "" + ## Annotations applied to created service account + annotations: {} + ## Automount API credentials for the Service Account + automountServiceAccountToken: false resources: {} # limits: @@ -356,7 +440,7 @@ redis-ha: metrics: enabled: true image: - tag: 6.2.1-alpine + tag: 6.2.4-alpine ## Server server: @@ -381,10 +465,22 @@ server: extraArgs: [] # - --insecure + # This flag is used to either remove or pass the CLI flag --staticassets /shared/app to the argocd-server app + staticAssets: + enabled: true + ## Environment variables to pass to argocd-server ## env: [] + ## envFrom to pass to argocd-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container ## lifecycle: {} @@ -456,8 +552,11 @@ server: certificate: enabled: false domain: argocd.example.com - issuer: {} + issuer: + kind: # ClusterIssuer + name: # letsencrypt additionalHosts: [] + secretName: argocd-server-tls ## Server service configuration service: @@ -475,6 +574,8 @@ server: loadBalancerIP: "" loadBalancerSourceRanges: [] externalIPs: [] + externalTrafficPolicy: "" + sessionAffinity: "" ## Server metrics service configuration metrics: @@ -485,6 +586,9 @@ server: servicePort: 8083 serviceMonitor: enabled: false + interval: 30s + relabelings: [] + metricRelabelings: [] # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -513,26 +617,46 @@ server: # - argocd.example.com paths: - / + pathType: Prefix extraPaths: [] # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false - # dedicated ingess for gRPC as documented at + # dedicated ingress for gRPC as documented at # https://argoproj.github.io/argo-cd/operator-manual/ingress/ ingressGrpc: enabled: false + isAWSALB: false annotations: {} labels: {} ingressClassName: "" + awsALB: + ## Service Type if isAWSALB is set to true + ## Can be of type NodePort or ClusterIP depending on which mode you are + ## are running. Instance mode needs type NodePort, IP mode needs type + ## ClusterIP + ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic + serviceType: NodePort + # This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features + backendProtocolVersion: HTTP2 + ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace @@ -542,15 +666,24 @@ server: # - argocd.example.com paths: - / + pathType: Prefix extraPaths: [] # - path: /* # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation tls: [] - # - secretName: argocd-example-tls + # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com https: false @@ -571,6 +704,8 @@ server: url: https://argocd.example.com # Argo CD instance label key application.instanceLabelKey: argocd.argoproj.io/instance + + # DEPRECATED: Please instead use configs.credentialTemplates and configs.repositories # repositories: | # - url: git@github.com:group/repo.git # sshPrivateKeySecret: @@ -582,6 +717,7 @@ server: # - type: helm # url: https://argoproj.github.io/argo-helm # name: argo + # oidc.config: | # name: AzureAD # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 @@ -624,7 +760,7 @@ server: ## Annotations to be added to ArgoCD rbac ConfigMap rbacConfigAnnotations: {} - # Boolean determining whether or not to create the configmap. If false, it is expected tthe configmap will be created + # Boolean determining whether or not to create the configmap. If false, it is expected the configmap will be created # by something else. ArgoCD will not work if there is no configMap created with the name above. rbacConfigCreate: true @@ -754,6 +890,14 @@ repoServer: ## env: [] + ## envFrom to pass to argocd-repo-server + ## + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + ## Argo repoServer log format: text|json logFormat: text ## Argo repoServer log level @@ -833,6 +977,9 @@ repoServer: servicePort: 8084 serviceMonitor: enabled: false + interval: 30s + relabelings: [] + metricRelabelings: [] # selector: # prometheus: kube-prometheus # namespace: monitoring @@ -908,6 +1055,27 @@ configs: # insecure: false # caData: "" + gpgKeysAnnotations: {} + gpgKeys: {} + # 4AEE18F83AFDEB23: | + # -----BEGIN PGP PUBLIC KEY BLOCK----- + # + # mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta + # x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT + # SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ + # 7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa + # buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v + # yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs + # b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW + # BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf + # DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6 + # 9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws + # +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5 + # 4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O + # j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48= + # =Bvzs + # -----END PGP PUBLIC KEY BLOCK----- + knownHostsAnnotations: {} knownHosts: data: @@ -958,25 +1126,48 @@ configs: # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK # XWyb96wrUlv+E8I= # -----END CERTIFICATE----- - # Creates a secret with optional repository credentials - repositoryCredentials: - {} - # sample-ssh-key: | - # -----BEGIN RSA PRIVATE KEY----- - # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N - # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 - # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB - # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x - # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe - # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 - # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 - # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM - # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK - # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ - # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc - # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le - # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= - # -----END RSA PRIVATE KEY----- +## # Creates a secret with optional repository credentials +## DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories + repositoryCredentials: {} + +## Creates a secret for each key/value specified below to create repository credentials + credentialTemplates: {} + # github-enterprise-creds-1: + # url: https://github.com/argoproj + # githubAppID: 1 + # githubAppInstallationID: 2 + # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3 + # githubAppPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + # https-creds: + # url: https://github.com/argoproj + # password: my-password + # username: my-username + # ssh-creds: + # url: git@github.com:argoproj-labs + # sshPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + +## Creates a secret for each key/value specified below to create repositories +## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials". + repositories: {} + # istio-helm-repo: + # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts + # name: istio.io + # type: helm + # private-helm-repo: + # url: https://my-private-chart-repo.internal + # name: private-repo + # type: helm + # password: my-password + # username: my-username + # private-repo: + # url: https://github.com/argoproj/private-repo + secret: createSecret: true ## Annotations to be added to argocd-secret @@ -1011,9 +1202,16 @@ configs: # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - # argocdServerAdminPassword: + # argocdServerAdminPassword: "" # Password modification time defaults to current time if not set # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z" + ## Custom CSS Styles + ## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + # styles: | + # .nav-bar { + # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); + # } + openshift: enabled: false diff --git a/charts/argo-ci/Chart.yaml b/charts/argo-ci/Chart.yaml deleted file mode 100644 index c41334d9..00000000 --- a/charts/argo-ci/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -description: A Helm chart for Argo-CI -name: argo-ci -version: 1.0.0 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -appVersion: v1.0.0-alpha2 -home: https://github.com/argoproj/argo-helm -deprecated: true -dependencies: - - name: argo - version: "^0.16.0" - repository: https://argoproj.github.io/argo-helm diff --git a/charts/argo-ci/README.md b/charts/argo-ci/README.md deleted file mode 100644 index 7eaa9039..00000000 --- a/charts/argo-ci/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Argo CI Chart - -**Deprecated** - Use [Argo-Events](./argo-events) instead. - -This is a **community maintained** chart. diff --git a/charts/argo-ci/templates/NOTES.txt b/charts/argo-ci/templates/NOTES.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/argo-ci/templates/_helpers.tpl b/charts/argo-ci/templates/_helpers.tpl deleted file mode 100644 index f0d83d2e..00000000 --- a/charts/argo-ci/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/argo-ci/templates/ci-deployment.yaml b/charts/argo-ci/templates/ci-deployment.yaml deleted file mode 100644 index bf2e4121..00000000 --- a/charts/argo-ci/templates/ci-deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-ci - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-ci - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-ci - release: {{ .Release.Name }} - spec: - containers: - - name: ci - image: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - env: - - name: IN_CLUSTER - value: "true" - - name: NAMESPACE - value: {{ .Values.workflowNamespace }} - - name: ARGO_CI_IMAGE - value: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}" - - name: CONTROLLER_INSTANCE_ID - value: {{ .Release.Name }} - ports: - - containerPort: 8001 - - containerPort: 8002 - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/argo-ci/templates/ci-service.yaml b/charts/argo-ci/templates/ci-service.yaml deleted file mode 100644 index 3c335c62..00000000 --- a/charts/argo-ci/templates/ci-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-ci - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8001 - selector: - app: {{ .Release.Name }}-ci - sessionAffinity: None - type: LoadBalancer diff --git a/charts/argo-ci/values.yaml b/charts/argo-ci/values.yaml deleted file mode 100644 index 86dadf98..00000000 --- a/charts/argo-ci/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -imageNamespace: argoproj -ciImage: argoci -imageTag: v1.0.0-alpha2 -imagePullPolicy: Always -# Secrets with credentials to pull images from a private registry -imagePullSecrets: [] -# - name: argo-pull-secret -workflowNamespace: default - -argo: - imagesNamespace: argoproj - installMinio: true - minioBucketName: argo-artifacts - useReleaseAsInstanceID: true diff --git a/charts/argo-events/.helmignore b/charts/argo-events/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo-events/.helmignore +++ b/charts/argo-events/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 5def36c7..c29777c7 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart to install Argo-Events in k8s Cluster name: argo-events -version: 1.4.0 +version: 1.7.0 keywords: - argo-events - sensor-controller @@ -13,5 +13,9 @@ maintainers: - name: VaibhavPage - name: whynowy appVersion: 1.3.1 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png +icon: https://argoproj.github.io/argo-events/assets/logo.png home: https://github.com/argoproj/argo-helm +annotations: + artifacthub.io/changes: | + - "[Added]: Ability to specify additional/custom environment variables" + - "[Fixed]: Charts icon url" diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 3c375c3a..2bece9b9 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -15,6 +15,6 @@ This is a **community maintained** chart. It installs the [argo-events](https:// ## Notes on CRD Installation -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart. +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. You can install the CRDs manually from `crds` folder. \ No newline at end of file diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml index cd5d3916..3078a2d3 100644 --- a/charts/argo-events/ci/test-values.yaml +++ b/charts/argo-events/ci/test-values.yaml @@ -1,6 +1,3 @@ serviceAccount: argo-events-sa-test -additionalSaNamespaces: - - nsone - - nstwo instanceID: test-argo-events singleNamespace: false diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml index bfd2d021..c3904980 100644 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ b/charts/argo-events/templates/argo-events-cluster-roles.yaml @@ -1,5 +1,4 @@ {{- if not .Values.singleNamespace }} - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -26,9 +25,9 @@ kind: ClusterRole metadata: name: argo-events-role rules: -{{- if .Values.additionalServiceAccountRules }} -{{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} -{{- end }} + {{- with .Values.additionalServiceAccountRules }} + {{- toYaml . | nindent 2 }} + {{- end }} - apiGroups: - argoproj.io verbs: diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml index 56721159..1371f6a6 100644 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ b/charts/argo-events/templates/argo-events-roles.yaml @@ -1,5 +1,4 @@ {{- if .Values.singleNamespace }} - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -28,8 +27,8 @@ metadata: name: argo-events-role namespace: {{ .Release.Namespace }} rules: - {{- if .Values.additionalServiceAccountRules }} - {{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} + {{- with .Values.additionalServiceAccountRules }} + {{- toYaml . | nindent 2 }} {{- end }} - apiGroups: - argoproj.io diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml index f13b8a1d..fec88b4d 100644 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ b/charts/argo-events/templates/argo-events-sa.yaml @@ -5,7 +5,11 @@ kind: ServiceAccount metadata: name: {{ .Values.serviceAccount }} namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccountAnnotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.additionalSaNamespaces }} +{{ $annotations := .Values.serviceAccountAnnotations }} {{ $sa := .Values.serviceAccount }} {{- range $namespace := .Values.additionalSaNamespaces }} --- @@ -14,5 +18,8 @@ kind: ServiceAccount metadata: name: {{ $sa }} namespace: {{ $namespace }} + {{- with $annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml index e3631828..747bfc11 100644 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.eventbusController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -35,6 +36,9 @@ spec: - --namespaced {{- end }} env: + {{- with .Values.eventbusController.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} - name: NAMESPACE valueFrom: fieldRef: @@ -55,6 +59,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} {{- with .Values.eventbusController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/eventbus-crd.yaml b/charts/argo-events/templates/eventbus-crd.yaml deleted file mode 100644 index 4a67294e..00000000 --- a/charts/argo-events/templates/eventbus-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml index a6522da6..651ff39b 100644 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -35,6 +36,9 @@ spec: - --namespaced {{- end }} env: + {{- with .Values.eventsourceController.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} - name: NAMESPACE valueFrom: fieldRef: @@ -53,6 +57,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} {{- with .Values.eventsourceController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/eventsource-crd.yaml b/charts/argo-events/templates/eventsource-crd.yaml deleted file mode 100644 index 5c6a0b6b..00000000 --- a/charts/argo-events/templates/eventsource-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - scope: Namespaced - names: - kind: EventSource - plural: eventsources - singular: eventsource - listKind: EventSourceList - shortNames: - - es - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml index e6a1c104..6c2f6a04 100644 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ b/charts/argo-events/templates/sensor-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.sensorController.name }} + namespace: {{ .Release.Namespace }} labels: app: {{ .Release.Name }}-{{ .Values.sensorController.name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -35,6 +36,9 @@ spec: - --namespaced {{- end }} env: + {{- with .Values.sensorController.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} - name: NAMESPACE valueFrom: fieldRef: @@ -53,6 +57,7 @@ spec: port: 8081 initialDelaySeconds: 3 periodSeconds: 3 + resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} {{- with .Values.sensorController.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/argo-events/templates/sensor-crd.yaml b/charts/argo-events/templates/sensor-crd.yaml deleted file mode 100644 index d121019e..00000000 --- a/charts/argo-events/templates/sensor-crd.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.installCRD }} -# Define a "sensor" custom resource definition -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - singular: sensor - shortNames: - - sn - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index a54ec010..db6f679d 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -1,5 +1,5 @@ # docker registry -registry: argoproj +registry: quay.io # The image pull policy imagePullPolicy: Always @@ -8,12 +8,12 @@ imagePullPolicy: Always imagePullSecrets: [] # - name: argo-pull-secret -# If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation. -installCRD: true - # ServiceAccount to use for running controller. serviceAccount: argo-events-sa +# serviceAccountAnnotations can be used to enable GKE workload identity, or other use-cases +serviceAccountAnnotations: {} + # Create service accounts in additional namespaces specified # The SA will always be created in the release namespaces additionalSaNamespaces: [] @@ -44,41 +44,53 @@ singleNamespace: true # sensor controller sensorController: name: sensor-controller - image: sensor-controller + image: argoproj/sensor-controller tag: v1.3.1 replicaCount: 1 - sensorImage: sensor + extraEnv: [] + # - name: DEBUG_LOG + # value: "true" + sensorImage: argoproj/sensor podAnnotations: {} nodeSelector: {} podLabels: {} priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventsourceController: name: eventsource-controller - image: eventsource-controller + image: argoproj/eventsource-controller tag: v1.3.1 replicaCount: 1 - eventsourceImage: eventsource + extraEnv: [] + # - name: DEBUG_LOG + # value: "true" + eventsourceImage: argoproj/eventsource podAnnotations: {} nodeSelector: {} podLabels: {} priorityClassName: "" tolerations: [] affinity: {} + resources: {} eventbusController: name: eventbus-controller - image: eventbus-controller + image: argoproj/eventbus-controller tag: v1.3.1 replicaCount: 1 + extraEnv: [] + # - name: DEBUG_LOG + # value: "true" podAnnotations: {} nodeSelector: {} podLabels: {} priorityClassName: "" tolerations: [] affinity: {} + resources: {} natsStreamingImage: nats-streaming:0.17.0 natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2 diff --git a/charts/argo-rollouts/.helmignore b/charts/argo-rollouts/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo-rollouts/.helmignore +++ b/charts/argo-rollouts/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 84752bf3..74431538 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,11 +1,14 @@ -apiVersion: v1 -appVersion: "0.10.2" +apiVersion: v2 +appVersion: "v1.0.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 0.5.2 -icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png +version: 2.0.1 +icon: https://argoproj.github.io/argo-rollouts/assets/logo.png home: https://github.com/argoproj/argo-helm maintainers: - name: alexmt - name: dthomson25 - name: jessesuen +annotations: + artifacthub.io/changes: | + - "[Fixed]: ServiceMonitor selector labels match metrics Service" diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 6d2bef84..9fcd862a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -1,12 +1,11 @@ -Argo Rollouts Chart -============= -A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. +# Argo Rollouts Chart -Current chart version is `0.5.0` +A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. Source code can be found [here](https://github.com/argoproj/argo-rollouts) ## Additional Information + This is a **community maintained** chart. This chart installs [argo-rollouts](https://argoproj.github.io/argo-rollouts/), progressive delivery for Kubernetes. The default installation is intended to be similar to the provided Argo Rollouts [releases](https://github.com/argoproj/argo-rollouts/releases). @@ -14,6 +13,7 @@ The default installation is intended to be similar to the provided Argo Rollouts ## Prerequisites - Kubernetes 1.7+ +- Helm v3.0.0+ ## Installing the Chart @@ -22,27 +22,73 @@ To install the chart with the release name `my-release`: ```console $ helm repo add argo https://argoproj.github.io/argo-helm -$ helm install --name my-release argo/argo-rollouts +$ helm install my-release argo/argo-rollouts ``` +If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-rollouts dashboard by +`kubectl port-forward service/argo-rollouts-dashboard 31000:3100` and pointing the browser to `localhost:31000` + ## Chart Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| clusterInstall | bool | `true` | | -| controller.component | string | `"rollouts-controller"` | | -| controller.image.pullPolicy | string | `"IfNotPresent"` | | -| controller.image.repository | string | `"argoproj/argo-rollouts"` | | -| controller.image.tag | string | `"v0.10.2"` | | -| controller.name | string | `"argo-rollouts"` | | -| controller.resources | Resource limits and requests for the controller pods. | `{}` | -| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| controller.metrics.serviceMonitor.enabled | bool | `false` | | -| imagePullSecrets | list | `[]` | | -| installCRDs | bool | `true` | | -| crdAnnotations | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| serviceAccount.name | string | `"argo-rollouts"` | | +| clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) | +| controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| controller.image.registry | string | `quay.io` | Registry to use | +| controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | +| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| controller.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | +| controller.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | +| imagePullSecrets | list | `[]` | Registry secret names as an array | +| installCRDs | bool | `true` | Install and upgrade CRDs | +| crdAnnotations | object | `{}` | Annotations to be added to all CRDs | +| podAnnotations | object | `{}` | Annotations to be added to the Rollout pods | +| podLabels | object | `{}` | Labels to be added to the Rollout pods | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level | +| containerSecurityContext | object | `{}` | Security Context to set on container level | +| dashboard.enabled | bool | `false` | Deploy dashboard server | +| dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` | +| dashboard.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| dashboard.image.registry | string | `quay.io` | Registry to use | +| dashboard.image.repository | string | `"argoproj/kubectl-argo-rollouts"` | Repository to use | +| dashboard.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| dashboard.resources | object | `{}` | Resource limits and requests for the dashboard pods. | +| dashboard.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| dashboard.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | +| dashboard.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | +| dashboard.podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level | +| dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | +| dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created | +| dashboard.serviceAccount.annotations | object | `{}` | Annotations to add to the dashboard service account | +| dashboard.serviceAccount.name | string | `""` | The name of the dashboard service account to use. If not set and create is true, a name is generated using the fullname template | + +## Upgrading + +### To 2.0.0 + +* The argo-rollouts dashboard is added to the template and can be enabled by setting `dashboard.enabled=true`. +* There is a breaking change where the selector label `app.kubernetes.io/component: {{ .Values.controller.component }}` is added to rollout's deployment and service in order to distinguish between the controller and the dashboard component. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment and Service resource** before you upgrade. This is necessary because Deployment's label selector is immutable. + +### To 1.0.0 + +* This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020. + To migrate to Helm v3 please have a look at the [Helm 2to3 Plugin](https://github.com/helm/helm-2to3). This tool will convert the existing ConfigMap used for Tiller to a Secret of type `helm.sh/release.v1`. +* `quay.io` is the default registry now +* We introduce a template function for the labels here to reduce code duplication. This also affects the Deployment `matchLabels` selector. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment resource** before you upgrade. This is necessary because Deployment's label selector is immutable. +* All resources are now prefixed with the template `"argo-rollouts.fullname"`. + This enables the users to override resource names via the `nameOverride` and `fullnameOverride` parameters. +* Breaking parameters update + * `securityContext` was renamed to `containerSecurityContext` + * Added `controller.image.registry`. Prior to this chart version you had to override the registry via `controller.image.repository` diff --git a/charts/argo-rollouts/ci/test-values.yaml b/charts/argo-rollouts/ci/test-values.yaml new file mode 100644 index 00000000..7ea0c4c8 --- /dev/null +++ b/charts/argo-rollouts/ci/test-values.yaml @@ -0,0 +1,2 @@ +dashboard: + enabled: true diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 48744885..2e5153b5 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -30,3 +30,35 @@ Create chart name and version as used by the chart label. {{- define "argo-rollouts.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-rollouts.labels" -}} +helm.sh/chart: {{ include "argo-rollouts.chart" . }} +{{ include "argo-rollouts.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: argo-rollouts +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-rollouts.selectorLabels" -}} +app.kubernetes.io/name: {{ include "argo-rollouts.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "argo-rollouts.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "argo-rollouts.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml index 715aa001..ab3ac6dd 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml @@ -2,12 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-view + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-view - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -27,12 +26,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-edit + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-edit - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -58,12 +56,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-aggregate-to-admin + name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - app.kubernetes.io/component: aggregate-cluster-role - app.kubernetes.io/name: {{ .Release.Name }}-aggregate-to-admin - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml index c3fb9f0c..fdd0f2b0 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml @@ -2,11 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-clusterrole + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-clusterrole - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -57,6 +56,16 @@ rules: - update - patch - delete +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch # services patch needed to update selector of canary/stable/active/preview services - apiGroups: - "" @@ -68,10 +77,12 @@ rules: - watch - patch # secret read access to run analysis templates which reference secrets +# configmap access to read notification-engine configuration - apiGroups: - "" resources: - secrets + - configmaps verbs: - get - list @@ -135,6 +146,7 @@ rules: - watch - get - update + - patch - list # trafficsplit access needed for using the SMI provider - apiGroups: @@ -147,4 +159,15 @@ rules: - get - update - patch +- apiGroups: + - getambassador.io + resources: + - mappings + verbs: + - create + - watch + - get + - update + - list + - delete {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml index 1d446845..b48ce5b5 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml @@ -2,17 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ .Release.Name }}-clusterrolebinding + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-clusterrolebinding - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Release.Name }}-clusterrole + name: {{ include "argo-rollouts.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index 1c4342bf..71d73352 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -1,52 +1,60 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }} + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 4 }} - {{- end }} + {{- include "argo-rollouts.labels" . | nindent 4 }} spec: selector: matchLabels: - app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate template: metadata: - {{- if .Values.podAnnotations }} + {{- with .Values.podAnnotations }} annotations: - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/name: {{ .Release.Name }} + {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- range $key, $value := .Values.podLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ .Values.serviceAccount.name }} + serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }} containers: - - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" {{- if not .Values.clusterInstall }} args: - --namespaced {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - name: {{ .Values.controller.name }} - resources: -{{- toYaml .Values.controller.resources | nindent 10 }} + name: argo-rollouts + ports: + - containerPort: 8090 + name: metrics + livenessProbe: + {{- toYaml .Values.controller.livenessProbe | nindent 10 }} + readinessProbe: + {{- toYaml .Values.controller.readinessProbe | nindent 10 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{- toYaml .Values.controller.nodeSelector | nindent 8 }} {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.controller.tolerations }} tolerations: {{- toYaml .Values.controller.tolerations | nindent 8 }} @@ -55,5 +63,3 @@ spec: affinity: {{- toYaml .Values.controller.affinity | nindent 8 }} {{- end }} - strategy: - type: Recreate diff --git a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml index 4301b7c8..5e380347 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml @@ -1,14 +1,14 @@ +{{- if .Values.controller.metrics.enabled }} apiVersion: v1 kind: Service metadata: - name: {{ .Release.Name }}-metrics + name: {{ include "argo-rollouts.fullname" . }}-metrics labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAnnotations }} annotations: - {{- range $key, $value := .Values.serviceAnnotations }} - {{ $key }}: {{ $value | quote }} + {{- toYaml . | nindent 4 }} {{- end }} spec: ports: @@ -17,4 +17,6 @@ spec: port: 8090 targetPort: 8090 selector: - app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-role.yaml b/charts/argo-rollouts/templates/argo-rollouts-role.yaml index 4c80d507..23794c34 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-role.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-role.yaml @@ -1,11 +1,11 @@ +{{- if not .Values.clusterInstall }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Release.Name }}-role + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-role - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -67,10 +67,12 @@ rules: - watch - patch # secret read access to run analysis templates which reference secrets +# configmap access to read notification-engine configuration - apiGroups: - "" resources: - secrets + - configmaps verbs: - get - list @@ -145,3 +147,4 @@ rules: - get - update - patch +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml b/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml index ddc0e27d..128df3ab 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml @@ -1,15 +1,16 @@ +{{- if not .Values.clusterInstall }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Release.Name }}-role-binding + name: {{ include "argo-rollouts.fullname" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }}-role-binding - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-role + name: {{ include "argo-rollouts.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml b/charts/argo-rollouts/templates/argo-rollouts-sa.yaml index dca70793..327eb6a5 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-sa.yaml @@ -1,8 +1,13 @@ +{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.serviceAccount.name }} + name: {{ include "argo-rollouts.serviceAccountName" . }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml b/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml index ea67f356..72d9a691 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml @@ -1,18 +1,17 @@ -{{- if .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ .Release.Name }} + name: {{ include "argo-rollouts.fullname" . }} labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- range $key, $value := .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{ $key }}: {{ $value | quote }} {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.additionalAnnotations }} + {{- with .Values.controller.metrics.serviceMonitor.additionalAnnotations }} annotations: -{{ toYaml .Values.controller.metrics.serviceMonitor.additionalAnnotations | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: @@ -22,7 +21,6 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - app.kubernetes.io/component: server - app.kubernetes.io/name: {{ .Release.Name }}-metrics - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index b70b6f0b..08786ca0 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysisruns.argoproj.io spec: group: argoproj.io @@ -2305,6 +2308,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2324,6 +2328,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2345,8 +2350,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2404,6 +2411,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 4712ae2d..12fc5340 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: analysistemplates.argoproj.io spec: group: argoproj.io @@ -2300,6 +2303,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2319,6 +2323,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2340,8 +2345,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2399,6 +2406,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 72832f03..e357b4d2 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: clusteranalysistemplates.argoproj.io spec: group: argoproj.io @@ -2300,6 +2303,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2319,6 +2323,7 @@ spec: start: type: string step: + format: int64 type: integer required: - end @@ -2340,8 +2345,10 @@ spec: threshold: properties: marginal: + format: int64 type: integer pass: + format: int64 type: integer required: - marginal @@ -2399,6 +2406,7 @@ spec: jsonPath: type: string timeoutSeconds: + format: int64 type: integer url: type: string diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 1fa5b261..5f9f8cfc 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: experiments.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 888ca599..10d0a8e1 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.5.0 {{- if .Values.crdAnnotations }} -{{- toYaml .Values.crdAnnotations | nindent 4 }} + {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} + labels: + app.kubernetes.io/name: argo-rollouts + app.kubernetes.io/part-of: argo-rollouts name: rollouts.argoproj.io spec: group: argoproj.io @@ -29,11 +32,13 @@ spec: jsonPath: .status.replicas name: Current type: integer - - description: Total number of non-terminated pods targeted by this rollout that have the desired template spec + - description: Total number of non-terminated pods targeted by this rollout that + have the desired template spec jsonPath: .status.updatedReplicas name: Up-to-date type: integer - - description: Total number of available pods (ready for at least minReadySeconds) targeted by this rollout + - description: Total number of available pods (ready for at least minReadySeconds) + targeted by this rollout jsonPath: .status.availableReplicas name: Available type: integer @@ -300,6 +305,12 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + scaleDownDelayRevisionLimit: + format: int32 + type: integer + scaleDownDelaySeconds: + format: int32 + type: integer stableMetadata: properties: annotations: @@ -487,6 +498,15 @@ spec: - ingress - servicePort type: object + ambassador: + properties: + mappings: + items: + type: string + type: array + required: + - mappings + type: object istio: properties: destinationRule: @@ -2648,9 +2668,15 @@ spec: - containers type: object type: object - required: - - selector - - template + workloadRef: + properties: + apiVersion: + type: string + kind: + type: string + name: + type: string + type: object type: object status: properties: @@ -2765,6 +2791,8 @@ spec: currentStepIndex: format: int32 type: integer + message: + type: string observedGeneration: type: string pauseConditions: @@ -2780,6 +2808,8 @@ spec: - startTime type: object type: array + phase: + type: string promoteFull: type: boolean readyReplicas: diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml new file mode 100644 index 00000000..071ba962 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -0,0 +1,58 @@ +{{- if and .Values.dashboard.enabled .Values.clusterInstall }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - watch +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml new file mode 100644 index 00000000..331fbe4e --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.dashboard.enabled .Values.clusterInstall }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-rollouts.fullname" . }}-dashboard +subjects: +- kind: ServiceAccount + name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml new file mode 100644 index 00000000..48364587 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -0,0 +1,59 @@ +{{- if .Values.dashboard.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} + strategy: + type: Recreate + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- range $key, $value := .Values.podLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + containers: + - image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}" + imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }} + name: argo-rollouts-dashboard + ports: + - containerPort: 3100 + name: dashboard + securityContext: + {{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }} + resources: + {{- toYaml .Values.dashboard.resources | nindent 10 }} + {{- if .Values.dashboard.nodeSelector }} + nodeSelector: + {{- toYaml .Values.dashboard.nodeSelector | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.dashboard.podSecurityContext | nindent 8 }} + {{- if .Values.dashboard.tolerations }} + tolerations: + {{- toYaml .Values.dashboard.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.dashboard.affinity }} + affinity: + {{- toYaml .Values.dashboard.affinity | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-rollouts/templates/dashboard/sa.yaml b/charts/argo-rollouts/templates/dashboard/sa.yaml new file mode 100644 index 00000000..ff0c7300 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/sa.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.dashboard.enabled .Values.dashboard.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.dashboard.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml new file mode 100644 index 00000000..d2bd432b --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.dashboard.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: dashboard + protocol: TCP + port: 3100 + targetPort: 3100 + selector: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index a3200728..4c288b98 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -3,7 +3,6 @@ installCRDs: true clusterInstall: true controller: - name: argo-rollouts component: rollouts-controller ## Node selectors and tolerations for server scheduling to nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ @@ -12,8 +11,9 @@ controller: tolerations: [] affinity: {} image: + registry: quay.io repository: argoproj/argo-rollouts - tag: v0.10.2 + tag: "" pullPolicy: IfNotPresent resources: {} @@ -25,13 +25,40 @@ controller: # memory: 64Mi metrics: + enabled: false serviceMonitor: enabled: false additionalLabels: {} additionalAnnotations: {} + ## Readiness and liveness probes for rollouts controller + livenessProbe: + httpGet: + path: /metrics + port: 8090 + initialDelaySeconds: 30 + periodSeconds: 20 + failureThreshold: 3 + successThreshold: 1 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /metrics + port: 8090 + initialDelaySeconds: 15 + periodSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + timeoutSeconds: 4 + serviceAccount: - name: argo-rollouts + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" ## Annotations to be added to all CRDs ## @@ -41,6 +68,21 @@ crdAnnotations: {} ## podAnnotations: {} +## Security Context to set on pod level +## +podSecurityContext: + runAsNonRoot: true + +## Security Context to set on container level +## +containerSecurityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + ## Annotations to be added to the Rollout service ## serviceAnnotations: {} @@ -52,3 +94,28 @@ podLabels: {} # Secrets with credentials to pull images from a private registry imagePullSecrets: [] # - name: argo-pull-secret + +dashboard: + enabled: false + component: rollouts-dashboard + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: [] + affinity: {} + image: + registry: quay.io + repository: argoproj/kubectl-argo-rollouts + tag: "" + pullPolicy: IfNotPresent + resources: {} + podSecurityContext: + runAsNonRoot: true + containerSecurityContext: {} + serviceAccount: + create: true + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" diff --git a/charts/argo/.helmignore b/charts/argo-workflows/.helmignore similarity index 98% rename from charts/argo/.helmignore rename to charts/argo-workflows/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo/.helmignore +++ b/charts/argo-workflows/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml new file mode 100644 index 00000000..cb5f3fe9 --- /dev/null +++ b/charts/argo-workflows/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: argo-workflows +description: A Helm chart for Argo Workflows +type: application +version: 0.5.1 +appVersion: "v3.1.8" +icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +home: https://github.com/argoproj/argo-helm +sources: + - https://github.com/argoproj/argo-workflows +maintainers: + - name: alexec + - name: alexmt + - name: jessesuen + - name: benjaminws +annotations: + artifacthub.io/changes: | + - "[Added]: Add controller containerRuntimeExecutors param to configmap" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md new file mode 100644 index 00000000..e25a3840 --- /dev/null +++ b/charts/argo-workflows/README.md @@ -0,0 +1,48 @@ +# Argo Workflows Chart + +This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). + +If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. + +## Pre-Requisites + +This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. + +A few options are: + +- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec +- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions + +## Usage Notes + +This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. + +## Values + +The `values.yaml` contains items used to tweak a deployment of this chart. +Fields to note: + +- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute +- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name +- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor +- `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran + +## Breaking changes from the deprecated `argo` chart + +1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory +1. the CRDs were updated to `apiextensions.k8s.io/v1` +1. the container image registry/project/tag format was changed to be more in line with the more common + + ```yaml + image: + registry: quay.io + repository: argoproj/argocli + tag: v3.0.1 + ``` + + this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images. + +1. switched to quay.io as the default registry for all images +1. removed any included usage of Minio +1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create` +1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml new file mode 100644 index 00000000..d3485603 --- /dev/null +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -0,0 +1,5 @@ +server: + ingress: + enabled: true + hosts: + - argo-workflows.127.0.0.1.xip.io diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml new file mode 100644 index 00000000..64c56cc1 --- /dev/null +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -0,0 +1,7 @@ +controller: + serviceMonitor: + enabled: false + metricsConfig: + enabled: true + telemetryConfig: + enabled: true diff --git a/charts/argo-workflows/ci/enable-rbac-values.yaml b/charts/argo-workflows/ci/enable-rbac-values.yaml new file mode 100644 index 00000000..10f717ac --- /dev/null +++ b/charts/argo-workflows/ci/enable-rbac-values.yaml @@ -0,0 +1,5 @@ +workflow: + serviceAccount: + create: true # Specifies whether a service account should be created + rbac: + create: true # adds Role and RoleBinding for the above specified service account to be able to run workflows diff --git a/charts/argo/crds/cluster-workflow-template-crd.yaml b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml similarity index 50% rename from charts/argo/crds/cluster-workflow-template-crd.yaml rename to charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml index a189f17c..fa7da83a 100644 --- a/charts/argo/crds/cluster-workflow-template-crd.yaml +++ b/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,14 +1,9 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation spec: group: argoproj.io - version: v1alpha1 - scope: Cluster names: kind: ClusterWorkflowTemplate listKind: ClusterWorkflowTemplateList @@ -17,7 +12,24 @@ spec: - clusterwftmpl - cwft singular: clusterworkflowtemplate + scope: Cluster versions: - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object served: true storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml new file mode 100644 index 00000000..2878fe9b --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000..9585686a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/crds/argoproj.io_workflows.yaml b/charts/argo-workflows/crds/argoproj.io_workflows.yaml new file mode 100644 index 00000000..59d2fc3b --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflows.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + status: + type: object + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-map-type: atomic + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml new file mode 100644 index 00000000..f6fa080a --- /dev/null +++ b/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt new file mode 100644 index 00000000..b4933a7d --- /dev/null +++ b/charts/argo-workflows/templates/NOTES.txt @@ -0,0 +1,7 @@ +1. Get Argo Server external IP/domain by running: + +kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} + +2. Submit the hello-world workflow by running: + +argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl new file mode 100644 index 00000000..18eae994 --- /dev/null +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -0,0 +1,111 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create argo workflows server name and version as used by the chart label. +*/}} +{{- define "argo-workflows.server.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-workflows.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-workflows.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "argo-workflows.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-workflows.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-workflows.labels" -}} +helm.sh/chart: {{ include "argo-workflows.chart" .context }} +{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argo-workflows +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-workflows.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Create the name of the server service account to use +*/}} +{{- define "argo-workflows.serverServiceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-workflows.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress +*/}} +{{- define "argo-workflows.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-workflows.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml similarity index 79% rename from charts/argo/templates/workflow-aggregate-roles.yaml rename to charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index b89e7b13..ba1c202d 100644 --- a/charts/argo/templates/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -2,10 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-view + name: {{ template "argo-workflows.fullname" . }}-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: @@ -14,6 +11,8 @@ rules: resources: - workflows - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows @@ -28,10 +27,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-edit + name: {{ template "argo-workflows.fullname" . }}-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: @@ -40,6 +36,8 @@ rules: resources: - workflows - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows @@ -59,10 +57,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: before-hook-creation - name: argo-aggregate-to-admin + name: {{ template "argo-workflows.fullname" . }}-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: @@ -71,6 +66,8 @@ rules: resources: - workflows - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows diff --git a/charts/argo/templates/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml similarity index 73% rename from charts/argo/templates/workflow-controller-cluster-roles.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 4d596b1c..72e97f45 100644 --- a/charts/argo/templates/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -5,7 +5,9 @@ kind: Role kind: ClusterRole {{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: - apiGroups: - "" @@ -53,8 +55,6 @@ rules: resources: - workflowtemplates - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers verbs: - get - list @@ -121,19 +121,31 @@ rules: resources: - leases resourceNames: + {{- if .Values.controller.instanceID.enabled }} + {{- if .Values.controller.instanceID.useReleaseName }} + - workflow-controller-{{ .Release.Name }} + - workflow-controller-lease-{{ .Release.Name }} + {{- else }} + - workflow-controller-{{ .Values.controller.instanceID.explicitID }} + - workflow-controller-lease-{{ .Values.controller.instanceID.explicitID }} + {{- end }} + {{- else }} - workflow-controller - workflow-controller-lease + {{- end }} verbs: - get - watch - update - patch - delete + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template rules: - apiGroups: - argoproj.io @@ -144,3 +156,4 @@ rules: - get - list - watch +{{- end }} diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml similarity index 81% rename from charts/argo/templates/workflow-controller-config-map.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 26fe2cd8..36ecf638 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -1,24 +1,29 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap + name: {{ template "argo-workflows.controller.fullname" . }}-configmap labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} data: config: | {{- if .Values.controller.instanceID.enabled }} - {{- if .Values.controller.instanceID.useReleaseName }} + {{- if .Values.controller.instanceID.useReleaseName }} instanceID: {{ .Release.Name }} - {{- else }} + {{- else }} instanceID: {{ .Values.controller.instanceID.explicitID }} - {{- end }} + {{- end }} {{- end }} containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} + {{- with .Values.controller.containerRuntimeExecutors }} + containerRuntimeExecutors: + {{- toYaml . | nindent 6 }} + {{- end }} {{- if .Values.controller.parallelism }} parallelism: {{ .Values.controller.parallelism }} {{- end }} + {{- with .Values.controller.namespaceParallelism }} + namespaceParallelism: {{ . }} + {{- end }} {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} executor: {{- with .Values.executor.resources }} @@ -31,7 +36,7 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} + {{- if .Values.useDefaultArtifactRepo }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} @@ -44,13 +49,13 @@ data: {{- if .Values.useStaticCredentials }} accessKeySecret: key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} + name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} secretKeySecret: key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }} + name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }} - endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }} + bucket: {{ .Values.artifactRepository.s3.bucket }} + endpoint: {{ .Values.artifactRepository.s3.endpoint }} insecure: {{ .Values.artifactRepository.s3.insecure }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml similarity index 50% rename from charts/argo/templates/workflow-controller-crb.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 66cca4d0..1235e325 100644 --- a/charts/argo/templates/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -5,7 +5,9 @@ kind: RoleBinding kind: ClusterRoleBinding {{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io {{- if .Values.singleNamespace }} @@ -13,13 +15,13 @@ roleRef: {{ else }} kind: ClusterRole {{- end }} - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} + name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} {{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} +{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }} {{- $namespace := .Release.Namespace }} {{- range $key := .Values.controller.workflowNamespaces }} {{- if not (eq $key $namespace) }} @@ -29,16 +31,21 @@ subjects: {{- end }} {{- end }} {{- end }} + +{{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template + name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template subjects: - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} + name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo/templates/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml similarity index 55% rename from charts/argo/templates/workflow-controller-deployment-pdb.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index a7352a04..564ba412 100644 --- a/charts/argo/templates/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -2,12 +2,9 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} + name: {{ template "argo-workflows.controller.fullname" . }} labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: {{- if .Values.controller.pdb.minAvailable }} minAvailable: {{ .Values.controller.pdb.minAvailable }} @@ -18,6 +15,5 @@ spec: {{- end }} selector: matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml new file mode 100644 index 00000000..7dee67e5 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with.Values.controller.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{- with .Values.controller.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: controller + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + command: [ "workflow-controller" ] + args: + - "--configmap" + - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "--executor-image" + - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}" + - "--loglevel" + - "{{ .Values.controller.logging.level }}" + - "--gloglevel" + - "{{ .Values.controller.logging.globallevel }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + {{- with .Values.controller.workflowWorkers }} + - "--workflow-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podWorkers }} + - "--pod-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + securityContext: + {{- toYaml .Values.controller.securityContext | nindent 12 }} + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- with .Values.controller.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + ports: + - name: metrics + containerPort: {{ .Values.controller.metricsConfig.port }} + - containerPort: 6060 + livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }} + {{- with .Values.controller.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml new file mode 100644 index 00000000..f5e10857 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -0,0 +1,10 @@ +{{- if .Values.controller.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.controllerServiceAccountName" . }} + {{ with .Values.controller.serviceAccount.annotations }} + annotations: + {{- toYaml .| nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml new file mode 100644 index 00000000..5c248f49 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -0,0 +1,38 @@ +{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.controller.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + {{- with .Values.controller.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4}} + {{- end }} +spec: + ports: + {{- if .Values.controller.metricsConfig.enabled }} + - name: {{ .Values.controller.metricsConfig.servicePortName }} + port: {{ .Values.controller.metricsConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.metricsConfig.port }} + {{- end }} + {{- if .Values.controller.telemetryConfig.enabled }} + - name: {{ .Values.controller.telemetryConfig.servicePortName }} + port: {{ .Values.controller.telemetryConfig.servicePort }} + protocol: TCP + targetPort: {{ .Values.controller.telemetryConfig.port }} + {{- end }} + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo/templates/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml similarity index 58% rename from charts/argo/templates/workflow-controller-servicemonitor.yaml rename to charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 425fedac..54cf1b31 100644 --- a/charts/argo/templates/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -2,14 +2,11 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} + name: {{ template "argo-workflows.controller.fullname" . }} labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceMonitor.additionalLabels }} -{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }} + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: @@ -28,6 +25,5 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml new file mode 100644 index 00000000..67f22504 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.workflow.rbac.create -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow + namespace: {{ $namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-workflow +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml new file mode 100644 index 00000000..66ad9328 --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.create -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml new file mode 100644 index 00000000..7c76585a --- /dev/null +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -0,0 +1,16 @@ +{{- if .Values.workflow.serviceAccount.create -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- with $.Values.workflow.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo/templates/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml similarity index 66% rename from charts/argo/templates/server-cluster-roles.yaml rename to charts/argo-workflows/templates/server/server-cluster-roles.yaml index b6d47c09..6403bf96 100644 --- a/charts/argo/templates/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -1,12 +1,14 @@ {{- if .Values.server.enabled }} apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} + {{- if .Values.singleNamespace }} kind: Role -{{- else }} + {{- else }} kind: ClusterRole -{{- end }} + {{- end }} metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: - apiGroups: - "" @@ -28,7 +30,7 @@ rules: - list - watch - delete -{{- if .Values.server.sso }} + {{- if .Values.server.sso }} - apiGroups: - "" resources: @@ -44,9 +46,7 @@ rules: - secrets verbs: - create -{{- end}} -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} + {{- if .Values.server.sso.rbac }} - apiGroups: - "" resources: @@ -54,8 +54,8 @@ rules: verbs: - get - list + {{- end }} {{- end }} -{{- end }} - apiGroups: - "" resources: @@ -95,27 +95,31 @@ rules: - get {{- end}} - apiGroups: - - argoproj.io + - argoproj.io resources: - - workflows - - workfloweventbindings - - workflowtemplates - - cronworkflows - - cronworkflows/finalizers - - clusterworkflowtemplates + - eventsources + - sensors + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows verbs: - - create - - get - - list - - watch - - update - - patch - - delete + - create + - get + - list + - watch + - update + - patch + - delete + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -132,3 +136,4 @@ rules: - delete {{- end }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml new file mode 100644 index 00000000..16d55902 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.singleNamespace }} +kind: RoleBinding +{{ else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.singleNamespace }} + kind: Role + {{ else }} + kind: ClusterRole + {{- end }} + name: {{ template "argo-workflows.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} + +{{- if .Values.server.clusterWorkflowTemplates.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-workflows.server.fullname" . }}-cluster-template +subjects: +- kind: ServiceAccount + name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml new file mode 100644 index 00000000..aeba6547 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.server.enabled .Values.server.pdb.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- if .Values.server.pdb.minAvailable }} + minAvailable: {{ .Values.server.pdb.minAvailable }} + {{- else if .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml new file mode 100644 index 00000000..21917c43 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -0,0 +1,111 @@ +{{- if .Values.server.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} +spec: + replicas: {{ .Values.server.replicas }} + selector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: argo-server + image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.images.pullPolicy }} + securityContext: + {{- toYaml .Values.server.securityContext | nindent 12 }} + args: + - server + - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + {{- with .Values.server.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + - "--secure={{ .Values.server.secure }}" + {{- if .Values.singleNamespace }} + - "--namespaced" + {{- end }} + ports: + - name: web + containerPort: 2746 + readinessProbe: + httpGet: + path: / + port: 2746 + {{- if .Values.server.secure }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 20 + env: + - name: IN_CLUSTER + value: "true" + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: BASE_HREF + value: {{ .Values.server.baseHref | quote }} + {{- with .Values.server.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.server.resources | nindent 12 }} + volumeMounts: + - name: tmp + mountPath: /tmp + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 10}} + {{- end }} + {{- with .Values.server.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.images.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + {{- with .Values.server.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml new file mode 100644 index 00000000..969676e1 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -0,0 +1,89 @@ +{{- if .Values.server.ingress.enabled -}} +{{- $serviceName := include "argo-workflows.server.fullname" . -}} +{{- $servicePort := .Values.server.servicePort -}} +{{- $paths := .Values.server.ingress.paths -}} +{{- $extraPaths := .Values.server.ingress.extraPaths -}} +{{- $pathType := .Values.server.ingress.pathType -}} +apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- if .Values.server.ingress.labels }} + {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- end }} +spec: + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} + rules: + {{- if .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.server.ingress.tls }} + tls: + {{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml new file mode 100644 index 00000000..adcf7b48 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-workflows.serverServiceAccountName" . }} + {{- with .Values.server.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml new file mode 100644 index 00000000..5d161ee8 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.server.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + {{- with .Values.server.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - port: {{ .Values.server.servicePort }} + {{- with .Values.server.servicePortName }} + name: {{ . }} + {{- end }} + targetPort: 2746 + selector: + {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.serviceType }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} + loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- end }} + {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/argo/values.yaml b/charts/argo-workflows/values.yaml similarity index 61% rename from charts/argo/values.yaml rename to charts/argo-workflows/values.yaml index 31a36041..8e195b47 100644 --- a/charts/argo/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -1,43 +1,49 @@ images: - namespace: argoproj - controller: workflow-controller - server: argocli - executor: argoexec + # imagePullPolicy to apply to all containers pullPolicy: Always # Secrets with credentials to pull images from a private registry pullSecrets: [] # - name: argo-pull-secret - tag: v2.12.5 - -crdVersion: v1alpha1 -installCRD: true - -init: - # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is - # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. - serviceAccount: "" createAggregateRoles: true +## String to partially override "argo-workflows.fullname" template +## +nameOverride: + +## String to fully override "argo-workflows.fullname" template +## +fullnameOverride: + +## Override the Kubernetes version, which is used to evaluate certain manifests +## +kubeVersionOverride: "" + # Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, # and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. singleNamespace: false workflow: - namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. + namespace: # Deprecated, for backwards compatibility: specify a single namespace to run workflows in serviceAccount: - create: false # Specifies whether a service account should be created + create: false # Specifies whether a service account should be created annotations: {} - name: "argo-workflow" # Service account which is used to run workflows + name: "argo-workflow" # Service account which is used to run workflows rbac: - create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows + # Adds Role and RoleBinding for the above specified service account to be able to run workflows + # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) + create: true controller: image: - # Overrides .images.tag if defined. + registry: quay.io + repository: argoproj/workflow-controller + # Overrides the image tag whose default is the chart appVersion. tag: "" # parallelism dictates how many workflows can be running at the same time parallelism: + # Limits the maximum number of incomplete workflows in a namespace + namespaceParallelism: # podAnnotations is an optional map of annotations to be applied to the controller Pods podAnnotations: {} # Optional labels to add to the controller pods @@ -48,7 +54,17 @@ controller: metricsConfig: enabled: false path: /metrics - port: 8080 + port: 9090 + servicePort: 8080 + servicePortName: metrics + # the controller container's securityContext + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL persistence: {} # connectionPool: # maxIdleConns: 100 @@ -69,28 +85,39 @@ controller: # passwordSecret: # name: argo-postgres-config # key: password - workflowDefaults: {} # Only valid for 2.7+ + workflowDefaults: {} # Only valid for 2.7+ # spec: # ttlStrategy: # secondsAfterCompletion: 84600 # workflowWorkers: 32 # podWorkers: 32 - workflowRestrictions: {} # Only valid for 2.9+ + workflowRestrictions: {} # Only valid for 2.9+ # templateReferencing: Strict|Secure telemetryConfig: enabled: false path: /telemetry port: 8081 + servicePort: 8081 + servicePortName: telemetry serviceMonitor: enabled: false additionalLabels: {} - serviceAccount: argo - # Service account annotations - serviceAccountAnnotations: {} + serviceAccount: + create: true + name: "" + # Annotations applied to created service account + annotations: {} name: workflow-controller + # Specify all namespaces to run worksflows need to be able to run in. This controls where the service + # account and RBAC resources will be created. If unspecified, will run in the default namespace. workflowNamespaces: - default containerRuntimeExecutor: docker + # containerRuntimeExecutors: + # - name: emissary + # selector: + # matchLabels: + # workflows.argoproj.io/container-runtime-executor: emissary instanceID: # `instanceID.enabled` configures the controller to filter workflow submissions # to only those which have a matching instanceID attribute. @@ -103,10 +130,6 @@ controller: level: info globallevel: "0" serviceType: ClusterIP - metricsServicePort: 8080 - metricsServicePortName: metrics - telemetryServicePort: 8081 - telemetryServicePortName: telemetry # Annotations to be applied to the controller Service serviceAnnotations: {} # Optional labels to add to the controller Service @@ -115,9 +138,22 @@ controller: # service type `LoadBalancer` loadBalancerSourceRanges: [] resources: {} - # The list of environment variable definitions to be added to the controller - # manages container verbatim. + livenessProbe: + httpGet: + port: 6060 + path: /healthz + # Require three failures to tolerate transient errors. + failureThreshold: 3 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 + + ## Extra environment variables to provide to the controller container + ## extraEnv: + ## - name: FOO + ## value: "bar" extraEnv: [] + # Extra arguments to be added to the controller extraArgs: [] replicas: 1 @@ -138,11 +174,18 @@ controller: priorityClassName: "" # https://argoproj.github.io/argo-workflows/links/ links: [] + clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. + enabled: true + # Extra containers to be added to the controller deployment + extraContainers: [] # executor controls how the init and wait container should be customized executor: image: - # Overrides .images.tag if defined. + registry: quay.io + repository: argoproj/argoexec + # Overrides the image tag whose default is the chart appVersion. tag: "" resources: {} # Adds environment variables for the executor. @@ -154,10 +197,12 @@ server: enabled: true # only updates base url of resources on client side, # it's expected that a proxy server rewrites the request URL and gets rid of this prefix - # https://github.com/argoproj/argo/issues/716#issuecomment-433213190 + # https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190 baseHref: / image: - # Overrides .images.tag if defined. + registry: quay.io + repository: argoproj/argocli + # Overrides the image tag whose default is the chart appVersion. tag: "" # optional map of annotations to be applied to the ui Pods podAnnotations: {} @@ -165,16 +210,21 @@ server: podLabels: {} # SecurityContext to set on the server pods podSecurityContext: {} + securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL name: server serviceType: ClusterIP servicePort: 2746 # servicePortName: http - serviceAccount: argo-server - # Whether to create the service account with the name specified in - # server.serviceAccount and bind it to the server role. - createServiceAccount: true - # Service account annotations - serviceAccountAnnotations: {} + serviceAccount: + create: true + name: "" + annotations: {} # Annotations to be applied to the UI Service serviceAnnotations: {} # Optional labels to add to the UI Service @@ -206,9 +256,15 @@ server: # Run the argo server in "secure" mode. Configure this value instead of # "--secure" in extraArgs. See the following documentation for more details # on secure mode: - # https://argoproj.github.io/argo-workflows/tls/#encrypted + # https://argoproj.github.io/argo-workflows/tls/ secure: false + ## Extra environment variables to provide to the argo-server container + ## extraEnv: + ## - name: FOO + ## value: "bar" + extraEnv: [] + # Extra arguments to provide to the Argo server binary. extraArgs: [] @@ -221,37 +277,44 @@ server: ## ingress: enabled: false + annotations: {} + labels: {} + ingressClassName: "" - ## Annotations to be added to the web ingress. + ## Argo Workflows Server Ingress. + ## Hostnames must be provided if Ingress is enabled. + ## Secrets must be manually created in the namespace ## - # annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + hosts: + [] + # - argoworkflows.example.com + paths: + - / + pathType: Prefix + extraPaths: + [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service + # name: ssl-redirect + # port: + # name: use-annotation + tls: + [] + # - secretName: argoworkflows-example-tls + # hosts: + # - argoworkflows.example.com + https: false - ## Labels to be added to the web ingress. - ## - # labels: - # use-cloudflare-solver: "true" - - ## Hostnames. - ## Must be provided if Ingress is enabled. - ## - # hosts: - # - argo.domain.com - - ## Additional Paths for each host - # paths: - # - serviceName: "ssl-redirect" - # servicePort: "use-annotation" - - ## TLS configuration. - ## Secrets must be manually created in the namespace. - ## - # tls: - # - secretName: argo-ui-tls - # hosts: - # - argo.domain.com clusterWorkflowTemplates: + # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. + enabled: true # Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true sso: @@ -283,6 +346,8 @@ server: ## decisions. # scopes: # - groups + # Extra containers to be added to the server deployment + extraContainers: [] # Influences the creation of the ConfigMap for the workflow-controller itself. useDefaultArtifactRepo: false @@ -294,7 +359,7 @@ artifactRepository: # Note the `key` attribute is not the actual secret, it's the PATH to # the contents in the associated secret, as defined by the `name` attribute. accessKeySecret: - # name: -minio (default) + # name: -minio key: accesskey secretKeySecret: # name: -minio @@ -306,25 +371,16 @@ artifactRepository: # roleARN: # useSDKCreds: true # gcs: - # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey - - -# NOTE: These are setting attributes for the `minio` optional dependency -minio: - # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map - install: false - defaultBucket: - enabled: true - name: argo-artifacts + # bucket: -argo + # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" + # serviceAccountKeySecret is a secret selector. + # It references the k8s secret named 'my-gcs-credentials'. + # This secret is expected to have have the key 'serviceAccountKey', + # containing the base64 encoded credentials + # to the bucket. + # + # If it's running on GKE and Workload Identity is used, + # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey diff --git a/charts/argo/Chart.lock b/charts/argo/Chart.lock deleted file mode 100644 index 4b57ae05..00000000 --- a/charts/argo/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: minio - repository: https://helm.min.io/ - version: 8.0.9 -digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260 -generated: "2021-01-13T15:31:40.823086-08:00" diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml deleted file mode 100644 index 3f10ee6f..00000000 --- a/charts/argo/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v2 -appVersion: v2.12.5 -description: A Helm chart for Argo Workflows -name: argo -version: 0.16.10 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -home: https://github.com/argoproj/argo-helm -maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: benjaminws -dependencies: -- name: minio - version: 8.0.9 - repository: https://helm.min.io/ - condition: minio.install diff --git a/charts/argo/README.md b/charts/argo/README.md deleted file mode 100644 index b0b5613a..00000000 --- a/charts/argo/README.md +++ /dev/null @@ -1,27 +0,0 @@ -## Argo Workflows Chart - -This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). - -If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. - -## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. - -A few options are: -- Setup the CRD yourself manually and use `--set installCRD=false` when installing the helm chart. Find the CRDs in the [argo codebase](https://github.com/argoproj/argo-workflows/tree/master/manifests/base/crds/full) -- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - -## Usage Notes: -This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. - -## Values - -The `values.yaml` contains items used to tweak a deployment of this chart. -Fields to note: -* `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute -* `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name -* `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor -* `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran -* `minio.install`: If this is true, we'll install [minio](https://github.com/kubernetes/charts/tree/master/stable/minio) and build out the artifactRepository section in workflow controller config map. -* `artifactRepository.s3.accessKeySecret` and `artifactRepository.s3.secretKeySecret` These by default link to minio default credentials stored in the secret deployed by the minio chart. diff --git a/charts/argo/crds/cron-workflow-crd.yaml b/charts/argo/crds/cron-workflow-crd.yaml deleted file mode 100644 index abd50b30..00000000 --- a/charts/argo/crds/cron-workflow-crd.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - listKind: CronWorkflowList - plural: cronworkflows - shortNames: - - cwf - - cronwf - singular: cronworkflow - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-crd.yaml b/charts/argo/crds/workflow-crd.yaml deleted file mode 100644 index 24f6abc2..00000000 --- a/charts/argo/crds/workflow-crd.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - listKind: WorkflowList - plural: workflows - shortNames: - - wf - singular: workflow - scope: Namespaced - subresources: {} - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-eventbinding-crd.yaml b/charts/argo/crds/workflow-eventbinding-crd.yaml deleted file mode 100644 index a58de8e7..00000000 --- a/charts/argo/crds/workflow-eventbinding-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workfloweventbindings.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings - shortNames: - - wfeb - singular: workfloweventbinding - scope: Namespaced - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/crds/workflow-template-crd.yaml b/charts/argo/crds/workflow-template-crd.yaml deleted file mode 100644 index 0be13451..00000000 --- a/charts/argo/crds/workflow-template-crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - listKind: WorkflowTemplateList - plural: workflowtemplates - shortNames: - - wftmpl - singular: workflowtemplate - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/argo/templates/NOTES.txt b/charts/argo/templates/NOTES.txt deleted file mode 100644 index 7b4c02f0..00000000 --- a/charts/argo/templates/NOTES.txt +++ /dev/null @@ -1,16 +0,0 @@ -1. Get Argo Server external IP/domain by running: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }} - -2. Submit the hello-world workflow by running: - -argo submit https://raw.githubusercontent.com/argoproj/argo/master/examples/hello-world.yaml --watch - -{{ if .Values.minio.install }} - -3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following -command: - -kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio - -{{ end }} diff --git a/charts/argo/templates/_helpers.tpl b/charts/argo/templates/_helpers.tpl deleted file mode 100644 index f0d83d2e..00000000 --- a/charts/argo/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/argo/templates/cluster-workflow-template-crd.yaml b/charts/argo/templates/cluster-workflow-template-crd.yaml deleted file mode 100644 index be688da3..00000000 --- a/charts/argo/templates/cluster-workflow-template-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Cluster - names: - kind: ClusterWorkflowTemplate - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft -{{- end }} diff --git a/charts/argo/templates/cron-workflow-crd.yaml b/charts/argo/templates/cron-workflow-crd.yaml deleted file mode 100644 index 923abdf2..00000000 --- a/charts/argo/templates/cron-workflow-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: CronWorkflow - plural: cronworkflows - shortNames: - - cronwf - - cwf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/server-crb.yaml b/charts/argo/templates/server-crb.yaml deleted file mode 100644 index ad4cfeda..00000000 --- a/charts/argo/templates/server-crb.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if .Values.singleNamespace }} -kind: RoleBinding -{{ else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.singleNamespace }} - kind: Role - {{ else }} - kind: ClusterRole - {{- end }} - name: {{ .Release.Name }}-{{ .Values.server.name}} -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template -subjects: -- kind: ServiceAccount - name: {{ .Values.server.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/argo/templates/server-deployment-pdb.yaml b/charts/argo/templates/server-deployment-pdb.yaml deleted file mode 100644 index 31f1d4f8..00000000 --- a/charts/argo/templates/server-deployment-pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.pdb.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - {{- if .Values.server.pdb.minAvailable }} - minAvailable: {{ .Values.server.pdb.minAvailable }} - {{- else if .Values.server.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml deleted file mode 100644 index 832fd37d..00000000 --- a/charts/argo/templates/server-deployment.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name}} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.server.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.server.name}} - release: {{ .Release.Name }} - {{- if .Values.server.podLabels }} - {{- toYaml .Values.server.podLabels | nindent 8 }} - {{- end }} - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.server.serviceAccount | quote }} - {{- if .Values.server.podSecurityContext }} - securityContext: - {{- toYaml .Values.server.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: argo-server - args: - - server - - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap - {{- if .Values.server.extraArgs }} - {{- toYaml .Values.server.extraArgs | nindent 10 }} - {{- end }} - {{- if .Values.server.secure }} - - "--secure" - {{- end }} - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - {{- if .Values.server.podPortName }} - ports: - - name: {{ .Values.server.podPortName }} - containerPort: 2746 - {{- end }} - readinessProbe: - httpGet: - path: / - port: 2746 - {{- if .Values.server.secure }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 10 - periodSeconds: 20 - env: - - name: IN_CLUSTER - value: "true" - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: BASE_HREF - value: {{ .Values.server.baseHref | quote }} - resources: - {{- toYaml .Values.server.resources | nindent 12 }} - volumeMounts: - - name: tmp - mountPath: /tmp - {{- with .Values.server.volumeMounts }} - {{- toYaml . | nindent 10}} - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: tmp - emptyDir: {} - {{- with .Values.server.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - {{- with .Values.server.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.server.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} -{{- end -}} diff --git a/charts/argo/templates/server-ingress.yaml b/charts/argo/templates/server-ingress.yaml deleted file mode 100644 index 6eab3f50..00000000 --- a/charts/argo/templates/server-ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.server.enabled -}} -{{- if .Values.server.ingress.enabled -}} -{{- $serviceName := printf "%s-%s" .Release.Name .Values.server.name -}} -{{- $servicePort := .Values.server.servicePort -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- range $key, $value := .Values.server.ingress.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $.Values.server.ingress.paths }} - {{- range $.Values.server.ingress.paths }} - - backend: - serviceName: {{ .serviceName }} - servicePort: {{ .servicePort }} - {{- end }} - {{- end }} - - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.server.ingress.tls }} - tls: -{{ toYaml .Values.server.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/argo/templates/server-sa.yaml b/charts/argo/templates/server-sa.yaml deleted file mode 100644 index 5b419a65..00000000 --- a/charts/argo/templates/server-sa.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.createServiceAccount -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.server.serviceAccount }} - annotations: -{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }} -{{- end -}} diff --git a/charts/argo/templates/server-service.yaml b/charts/argo/templates/server-service.yaml deleted file mode 100644 index ba4d74f6..00000000 --- a/charts/argo/templates/server-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.server.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.server.name }} - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.server.serviceLabels }} - {{- toYaml .Values.server.serviceLabels | nindent 4 }} - {{- end }} - {{- if .Values.server.serviceAnnotations }} - annotations: -{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - - port: {{ .Values.server.servicePort }} - {{- if .Values.server.servicePortName }} - name: {{ .Values.server.servicePortName }} - {{- end }} - targetPort: 2746 - selector: - app: {{ .Release.Name }}-{{ .Values.server.name }} - sessionAffinity: None - type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} - {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/worfkflow-controller-secrets-access.yaml b/charts/argo/templates/worfkflow-controller-secrets-access.yaml deleted file mode 100644 index f0d48519..00000000 --- a/charts/argo/templates/worfkflow-controller-secrets-access.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -rules: -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - - {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }} - verbs: - - get - - watch - - list -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml deleted file mode 100755 index 9ad509d0..00000000 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - release: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} - {{ toYaml .Values.controller.podLabels | nindent 8}} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }} - spec: - serviceAccountName: {{ .Values.controller.serviceAccount | quote }} - {{- if .Values.controller.podSecurityContext }} - securityContext: - {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: controller - image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}" - imagePullPolicy: {{ .Values.images.pullPolicy }} - command: [ "workflow-controller" ] - args: - - "--configmap" - - "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap" - - "--executor-image" - - "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ default .Values.images.tag .Values.executor.image.tag }}" - - "--loglevel" - - "{{ .Values.controller.logging.level }}" - - "--gloglevel" - - "{{ .Values.controller.logging.globallevel }}" - {{- if .Values.singleNamespace }} - - "--namespaced" - {{- end }} - {{- with .Values.controller.workflowWorkers }} - - "--workflow-workers" - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.podWorkers }} - - "--pod-workers" - - {{ . | quote }} - {{- end }} - {{- if .Values.controller.extraArgs }} - {{- toYaml .Values.controller.extraArgs | nindent 10 }} - {{- end }} - env: - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- with .Values.controller.extraEnv }} - {{ toYaml . | nindent 10 }} - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.metricsConfig.enabled }} - ports: - - containerPort: 8080 - {{- end }} - {{- with .Values.images.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} - {{- end }} diff --git a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml b/charts/argo/templates/workflow-controller-minio-secret-crb.yaml deleted file mode 100644 index 722776a4..00000000 --- a/charts/argo/templates/workflow-controller-minio-secret-crb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.minio.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret -subjects: - - kind: ServiceAccount - name: {{ .Values.controller.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := .Values.controller.serviceAccount }} -{{- $namespace := .Release.Namespace }} -{{- range $key := .Values.controller.workflowNamespaces }} - {{- if not (eq $key $namespace) }} - - kind: ServiceAccount - name: {{ $uiServiceAccount }} - namespace: {{ $key }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo/templates/workflow-controller-sa.yaml b/charts/argo/templates/workflow-controller-sa.yaml deleted file mode 100644 index 02d274da..00000000 --- a/charts/argo/templates/workflow-controller-sa.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.controller.serviceAccount }} - annotations: -{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }} diff --git a/charts/argo/templates/workflow-controller-service.yaml b/charts/argo/templates/workflow-controller-service.yaml deleted file mode 100644 index 7985a54c..00000000 --- a/charts/argo/templates/workflow-controller-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-{{ .Values.controller.name }} - labels: - app: {{ .Release.Name }}-{{ .Values.controller.name}} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.controller.serviceLabels }} - {{ toYaml .Values.controller.serviceLabels | nindent 4}} - {{- end }} - {{- if .Values.controller.serviceAnnotations }} - annotations: -{{ toYaml .Values.controller.serviceAnnotations | indent 4}}{{- end }} -spec: - ports: - {{- if .Values.controller.metricsConfig.enabled }} - - name: {{ .Values.controller.metricsServicePortName }} - port: {{ .Values.controller.metricsServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.metricsConfig.port }} - {{- end }} - {{- if .Values.controller.telemetryConfig.enabled }} - - name: {{ .Values.controller.telemetryServicePortName }} - port: {{ .Values.controller.telemetryServicePort }} - protocol: TCP - targetPort: {{ .Values.controller.telemetryConfig.port }} - {{- end }} - selector: - app: {{ .Release.Name }}-{{ .Values.controller.name }} - sessionAffinity: None - type: {{ .Values.controller.serviceType }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }}{{- end }} -{{- end -}} diff --git a/charts/argo/templates/workflow-crd.yaml b/charts/argo/templates/workflow-crd.yaml deleted file mode 100644 index 44a6fa98..00000000 --- a/charts/argo/templates/workflow-crd.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date - group: argoproj.io - names: - kind: Workflow - plural: workflows - shortNames: - - wf - scope: Namespaced - version: v1alpha1 -{{- end }} diff --git a/charts/argo/templates/workflow-rb.yaml b/charts/argo/templates/workflow-rb.yaml deleted file mode 100644 index 17785257..00000000 --- a/charts/argo/templates/workflow-rb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.workflow.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-workflow -{{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Release.Name }}-workflow -subjects: -- kind: ServiceAccount - name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} -{{- end }} diff --git a/charts/argo/templates/workflow-role.yaml b/charts/argo/templates/workflow-role.yaml deleted file mode 100644 index 37365f21..00000000 --- a/charts/argo/templates/workflow-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.workflow.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }}-workflow - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch -{{- end }} diff --git a/charts/argo/templates/workflow-sa.yaml b/charts/argo/templates/workflow-sa.yaml deleted file mode 100644 index 45d97cf0..00000000 --- a/charts/argo/templates/workflow-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.workflow.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.workflow.serviceAccount.name }} - {{- if .Values.workflow.namespace }} - namespace: {{ .Values.workflow.namespace }} - {{- end }} - {{- with .Values.workflow.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/argo/templates/workflow-template-crd.yaml b/charts/argo/templates/workflow-template-crd.yaml deleted file mode 100644 index 757fa098..00000000 --- a/charts/argo/templates/workflow-template-crd.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: WorkflowTemplate - plural: workflowtemplates - shortNames: - - wftmpl -{{- end }} diff --git a/charts/argocd-applicationset/.helmignore b/charts/argocd-applicationset/.helmignore index 0e8a0eb3..5bdaa3eb 100644 --- a/charts/argocd-applicationset/.helmignore +++ b/charts/argocd-applicationset/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +ci/ diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index ebb5ee1c..ba9b62cd 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,13 +2,16 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.3 -appVersion: "v0.1.0" +version: 1.4.0 +appVersion: "v0.2.0" home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png +icon: https://argocd-applicationset.readthedocs.io/en/stable/assets/logo.png keywords: - argoproj - appset - gitops maintainers: - name: maruina +annotations: + artifacthub.io/changes: | + - "[Added]: Configuration for Pod labels" diff --git a/charts/argocd-applicationset/README.md b/charts/argocd-applicationset/README.md index b200d9cf..1683c33b 100644 --- a/charts/argocd-applicationset/README.md +++ b/charts/argocd-applicationset/README.md @@ -10,6 +10,11 @@ This is a **community maintained** chart. This chart installs the [applicationse This chart currently installs the non-HA version of Argo CD ApplicationSet. +## Prerequisites + +- Helm v3.0.0+ +- The ApplicationSet controller **must** be installed into the same namespace as the Argo CD it is targetting. + ## Installing the Chart To install the chart with the release name `my-release`: @@ -23,10 +28,6 @@ NAME: my-release ... ``` -### Helm v3 Compatibility - -Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. - ### Testing Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing). @@ -38,38 +39,57 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/st ct install --namespace argocd ``` +## Notes on CRD Installation + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. + +You then can install the CRDs manually from `crds` folder or via the manifests from the upstream project repo: + +```console +kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref= + +# Eg. version v0.1.0 +kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref=v0.1.0 +``` + ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | -| args.metricsAddr | int | `8080` | The default metric address | -| args.probeBindAddr | int | `8081` | The default health check port | -| args.enableLeaderElection | bool | `false` | The default leader election setting | -| args.namespace | string | `argocd` | The default Argo CD repo namespace | -| args.argocdRepoServer | string | `argocd-repo-server:8081` | The default Argo CD repo server address | -| args.policy | string | `sync` | How application is synced between the generator and the cluster | +| args.argocdRepoServer | string | `"argocd-repo-server:8081"` | The default Argo CD repo server address | | args.debug | bool | `false` | Print debug logs | | args.dryRun | bool | `false` | Enable dry run mode | +| args.enableLeaderElection | bool | `false` | The default leader election setting | +| args.metricsAddr | string | `":8080"` | The default metric address | +| args.namespace | string | `"argocd"` | The default Argo CD repo namespace | +| args.policy | string | `"sync"` | How application is synced between the generator and the cluster | +| args.probeBindAddr | string | `":8081"` | The default health check port | +| extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| extraVolumes | list | `[]` | List of extra volumes to add | | fullnameOverride | string | `""` | Override the default fully qualified app name | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. | +| image.repository | string | `"quay.io/argoproj/argocd-applicationset"` | The image repository | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. | -| installCRDs | bool | `true` | Install Custom Resource Definition | +| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` | +| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume | | mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume | | mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume | -| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume | -| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` | | nameOverride | string | `""` | Provide a name in place of `argocd-applicationset` | | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | | podAnnotations | object | `{}` | Annotations for the controller pods | +| podLabels | object | `{}` | Labels for the controller pods | | podSecurityContext | object | `{}` | Pod Security Context | +| priorityClassName | string | `""` | If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. | | rbac.pspEnabled | bool | `true` | Enable Pod Security Policy | | replicaCount | int | `1` | The number of controller pods to run | | resources | object | `{}` | Resource limits and requests for the controller pods. | | securityContext | object | `{}` | Security Context | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/argocd-applicationset/README.md.gotmpl b/charts/argocd-applicationset/README.md.gotmpl new file mode 100644 index 00000000..62f1145e --- /dev/null +++ b/charts/argocd-applicationset/README.md.gotmpl @@ -0,0 +1,57 @@ +# Argo CD ApplicationSet Chart + +A Helm chart for Argo CD ApplicationSet, a controller to programmatically generate Argo CD Application. + +Source code can be found [here](https://github.com/argoproj-labs/applicationset/) + +## Additional Information + +This is a **community maintained** chart. This chart installs the [applicationset](https://github.com/argoproj-labs/applicationset) controller. + +This chart currently installs the non-HA version of Argo CD ApplicationSet. + +## Prerequisites + +- Helm v3.0.0+ +- The ApplicationSet controller **must** be installed into the same namespace as the Argo CD it is targetting. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install --name my-release argo/argocd-applicationset +NAME: my-release +... +``` + +### Testing + +Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing). + +```console +kind create cluster +kubectl create namespace argocd +kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml +ct install --namespace argocd +``` + +## Notes on CRD Installation + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. + +You then can install the CRDs manually from `crds` folder or via the manifests from the upstream project repo: + +```console +kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref= + +# Eg. version v0.1.0 +kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref=v0.1.0 +``` + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/charts/argocd-applicationset/ci/default-values.yaml b/charts/argocd-applicationset/ci/default-values.yaml index eb1b7aae..233dd8e2 100644 --- a/charts/argocd-applicationset/ci/default-values.yaml +++ b/charts/argocd-applicationset/ci/default-values.yaml @@ -4,8 +4,6 @@ replicaCount: 1 -installCRDs: false # this needs to be false with ct - image: # The image repository repository: quay.io/argocdapplicationset/argocd-applicationset diff --git a/charts/argocd-applicationset/ci/leader-election-values.yaml b/charts/argocd-applicationset/ci/leader-election-values.yaml index e7201ac1..39ec3078 100644 --- a/charts/argocd-applicationset/ci/leader-election-values.yaml +++ b/charts/argocd-applicationset/ci/leader-election-values.yaml @@ -2,5 +2,3 @@ args: enableLeaderElection: true replicaCount: 3 - -installCRDs: false diff --git a/charts/argocd-applicationset/crds/crd-applicationset.yaml b/charts/argocd-applicationset/crds/crd-applicationset.yaml index 734ce34a..9132148a 100644 --- a/charts/argocd-applicationset/crds/crd-applicationset.yaml +++ b/charts/argocd-applicationset/crds/crd-applicationset.yaml @@ -1,8 +1,10 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null name: applicationsets.argoproj.io spec: group: argoproj.io @@ -10,6 +12,9 @@ spec: kind: ApplicationSet listKind: ApplicationSetList plural: applicationsets + shortNames: + - appset + - appsets singular: applicationset scope: Namespaced versions: @@ -38,6 +43,538 @@ spec: items: description: ApplicationSetGenerator include list item info properties: + clusterDecisionResource: + description: DuckType defines a generator to match against clusters + registered with ArgoCD. + properties: + configMapRef: + description: ConfigMapRef is a ConfigMap with the duck type + definitions needed to retreive the data this + includes apiVersion(group/version), kind, matchKey and + validation settings Name is the resource name of the kind, + group and version, defined in the ConfigMapRef RequeueAfterSeconds + is how long before the duckType will be rechecked for + a change + type: string + labelSelector: + description: A label selector is a label query over a set + of resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. + A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + description: ApplicationSetTemplate represents argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents the + Argo CD application fields that may be used for Applications + generated from the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired application + state. Contains link to repository with application + definition and additional parameters link definition + revision. + properties: + destination: + description: Destination is a reference to the target + Kubernetes server and namespace + properties: + name: + description: Name is an alternate way of specifying + the target cluster by its symbolic name + type: string + namespace: + description: Namespace specifies the target + namespace for the application's resources. + The namespace will only be set for namespace-scoped + resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the + target cluster and must be set to the Kubernetes + control plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources + and their fields which should be ignored during + comparison + items: + description: ResourceIgnoreDifferences contains + resource filter and list of json paths which + should be ignored during comparison with live + state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) that relates + to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to the project + this application belongs to. The empty string + means that application belongs to the 'default' + project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits the number + of items kept in the application's revision history, + which is used for informational purposes as well + as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. + Setting to zero will store no history. This will + reduce storage used. Increasing will increase + the space used to store the history, so we do + not recommend increasing it. Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location + of the application's manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and + must be specified for applications sourced + from a Helm repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be + explicitly excluded from being used during + manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be + explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search + dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet + Top-level Arguments + items: + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to + scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file + parameter that's passed to helm template + during manifest generation + properties: + name: + description: Name is the name of the + Helm parameter + type: string + path: + description: Path is the path to the + file containing the values for the + Helm parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list of Helm + parameters which are passed to the helm + template command upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during + manifest generation + properties: + forceString: + description: ForceString determines + whether to tell Helm to interpret + booleans and numbers as strings + type: boolean + name: + description: Name is the name of the + Helm parameter + type: string + value: + description: Value is the value for + the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the + application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm + value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values + to be passed to helm template, typically + defined as a block + type: string + version: + description: Version is the Helm version + to use for templating (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific + options + properties: + environment: + description: Environment is a ksonnet application + environment name + type: string + parameters: + description: Parameters are a list of ksonnet + component parameter override values + items: + description: KsonnetParameter is a ksonnet + component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list + of additional annotations to add to rendered + manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies + whether to force applying common labels + to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize + image override specifications + items: + description: KustomizeImage represents + a Kustomize image definition in the + format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within + the Git repository, and is only valid for + applications sourced from Git. + type: string + plugin: + description: ConfigManagementPlugin holds config + management plugin specific options + properties: + env: + description: Env is a list of environment + variable entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the + variable, usually expressed in uppercase + type: string + value: + description: Value is the value of + the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application + manifests + type: string + targetRevision: + description: TargetRevision defines the revision + of the source to sync the application to. + In case of Git, this can be commit, tag, or + branch. If omitted, will equal to HEAD. In + case of Helm, this is a semver tag for the + Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when and how a + sync will be performed + properties: + automated: + description: Automated will keep an application + synced to the target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have + zero live resources (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to + delete resources from the cluster that + are not found in the sources anymore as + part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes whether + to revert resources back to their desired + state upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed sync retry + behavior + properties: + backoff: + description: Backoff controls how to backoff + on subsequent retries of failed syncs + properties: + duration: + description: Duration is the amount + to back off. Default unit is seconds, + but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply + the base duration after each failed + retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum + amount of time allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum number + of attempts for retrying a failed sync. + If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole + app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + description: Values contains key/value pairs which are passed + directly as parameters to the template + type: object + required: + - configMapRef + type: object clusters: description: ClusterGenerator defines a generator to match against clusters registered with ArgoCD. @@ -102,6 +639,10 @@ spec: additionalProperties: type: string type: object + finalizers: + items: + type: string + type: array labels: additionalProperties: type: string @@ -118,27 +659,29 @@ spec: revision. properties: destination: - description: Destination overrides the kubernetes - server and namespace defined in the environment - ksonnet app.yaml + description: Destination is a reference to the target + Kubernetes server and namespace properties: name: - description: Name of the destination cluster - which can be used instead of server (url) - field + description: Name is an alternate way of specifying + the target cluster by its symbolic name type: string namespace: - description: Namespace overrides the environment - namespace value in the ksonnet app.yaml + description: Namespace specifies the target + namespace for the application's resources. + The namespace will only be set for namespace-scoped + resources that have not set a value for .metadata.namespace type: string server: - description: Server overrides the environment - server value in the ksonnet app.yaml + description: Server specifies the URL of the + target cluster and must be set to the Kubernetes + control plane API type: string type: object ignoreDifferences: - description: IgnoreDifferences controls resources - fields which should be ignored during comparison + description: IgnoreDifferences is a list of resources + and their fields which should be ignored during + comparison items: description: ResourceIgnoreDifferences contains resource filter and list of json paths which @@ -147,6 +690,10 @@ spec: properties: group: type: string + jqPathExpressions: + items: + type: string + type: array jsonPointers: items: type: string @@ -158,12 +705,11 @@ spec: namespace: type: string required: - - jsonPointers - kind type: object type: array info: - description: Infos contains a list of useful information + description: Info contains a list of information (URLs, email addresses, and plain text) that relates to the application items: @@ -178,43 +724,58 @@ spec: type: object type: array project: - description: Project is a application project name. - Empty name means that application belongs to 'default' + description: Project is a reference to the project + this application belongs to. The empty string + means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: This limits this number of items kept - in the apps revision history. This should only - be changed in exceptional circumstances. Setting - to zero will store no history. This will reduce - storage used. Increasing will increase the space - used to store the history, so we do not recommend - increasing it. Default is 10. + description: RevisionHistoryLimit limits the number + of items kept in the application's revision history, + which is used for informational purposes as well + as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. + Setting to zero will store no history. This will + reduce storage used. Increasing will increase + the space used to store the history, so we do + not recommend increasing it. Default is 10. format: int64 type: integer source: description: Source is a reference to the location - ksonnet application definition + of the application's manifests or chart properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and + must be specified for applications sourced + from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern + to match paths against that should be + explicitly excluded from being used during + manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be + explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds - jsonnet specific options + description: Jsonnet holds options specific + to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet - variable + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation properties: code: type: boolean @@ -237,8 +798,9 @@ spec: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet - variable + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation properties: code: type: boolean @@ -253,6 +815,8 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to + scan a directory recursively for manifests type: boolean type: object helm: @@ -263,24 +827,28 @@ spec: to the helm template items: description: HelmFileParameter is a file - parameter to a helm template + parameter that's passed to helm template + during manifest generation properties: name: description: Name is the name of the - helm parameter + Helm parameter type: string path: - description: Path is the path value - for the helm parameter + description: Path is the path to the + file containing the values for the + Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to - the helm template + description: Parameters is a list of Helm + parameters which are passed to the helm + template command upon manifest generation items: description: HelmParameter is a parameter - to a helm template + that's passed to helm template during + manifest generation properties: forceString: description: ForceString determines @@ -289,17 +857,18 @@ spec: type: boolean name: description: Name is the name of the - helm parameter + Helm parameter type: string value: description: Value is the value for - the helm parameter + the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted - it will use the application name + description: ReleaseName is the Helm release + name to use. If omitted it will use the + application name type: string valueFiles: description: ValuesFiles is a list of Helm @@ -308,12 +877,13 @@ spec: type: string type: array values: - description: Values is Helm values, typically + description: Values specifies Helm values + to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version - to use for templating with + to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -350,50 +920,71 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional - kustomize commonAnnotations + description: CommonAnnotations is a list + of additional annotations to add to rendered + manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional - kustomize commonLabels + description: CommonLabels is a list of additional + labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies + whether to force applying common labels + to resources for Kustomize apps + type: boolean images: - description: Images are kustomize image - overrides + description: Images is a list of Kustomize + image override specifications items: + description: KustomizeImage represents + a Kustomize image definition in the + format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended - to resources for kustomize apps + to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended - to resources for kustomize apps + to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize - version + description: Version controls which version + of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within - the Git repository + the Git repository, and is only valid for + applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment + variable entries items: + description: EnvEntry represents an entry + in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the + variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of + the variable type: string required: - name @@ -404,20 +995,24 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of - the application manifests + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application + manifests type: string targetRevision: - description: TargetRevision defines the commit, - tag, or branch in which to sync the application - to. If omitted, will sync to HEAD + description: TargetRevision defines the revision + of the source to sync the application to. + In case of Git, this can be commit, tag, or + branch. If omitted, will equal to HEAD. In + case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL type: object syncPolicy: - description: SyncPolicy controls when a sync will - be performed + description: SyncPolicy controls when and how a + sync will be performed properties: automated: description: Automated will keep an application @@ -428,13 +1023,16 @@ spec: zero live resources (default: false)' type: boolean prune: - description: 'Prune will prune resources - automatically as part of automated sync - (default: false)' + description: 'Prune specifies whether to + delete resources from the cluster that + are not found in the sources anymore as + part of automated sync (default: false)' type: boolean selfHeal: - description: 'SelfHeal enables auto-syncing - if (default: false)' + description: 'SelfHeal specifes whether + to revert resources back to their desired + state upon modification in the cluster + (default: false)' type: boolean type: object retry: @@ -442,7 +1040,8 @@ spec: behavior properties: backoff: - description: Backoff is a backoff strategy + description: Backoff controls how to backoff + on subsequent retries of failed syncs properties: duration: description: Duration is the amount @@ -464,7 +1063,8 @@ spec: type: object limit: description: Limit is the maximum number - of attempts when retrying a container + of attempts for retrying a failed sync. + If set to 0, no retries will be performed. format: int64 type: integer type: object @@ -496,6 +1096,8 @@ spec: directories: items: properties: + exclude: + type: boolean path: type: string required: @@ -530,6 +1132,10 @@ spec: additionalProperties: type: string type: object + finalizers: + items: + type: string + type: array labels: additionalProperties: type: string @@ -546,27 +1152,29 @@ spec: revision. properties: destination: - description: Destination overrides the kubernetes - server and namespace defined in the environment - ksonnet app.yaml + description: Destination is a reference to the target + Kubernetes server and namespace properties: name: - description: Name of the destination cluster - which can be used instead of server (url) - field + description: Name is an alternate way of specifying + the target cluster by its symbolic name type: string namespace: - description: Namespace overrides the environment - namespace value in the ksonnet app.yaml + description: Namespace specifies the target + namespace for the application's resources. + The namespace will only be set for namespace-scoped + resources that have not set a value for .metadata.namespace type: string server: - description: Server overrides the environment - server value in the ksonnet app.yaml + description: Server specifies the URL of the + target cluster and must be set to the Kubernetes + control plane API type: string type: object ignoreDifferences: - description: IgnoreDifferences controls resources - fields which should be ignored during comparison + description: IgnoreDifferences is a list of resources + and their fields which should be ignored during + comparison items: description: ResourceIgnoreDifferences contains resource filter and list of json paths which @@ -575,6 +1183,10 @@ spec: properties: group: type: string + jqPathExpressions: + items: + type: string + type: array jsonPointers: items: type: string @@ -586,12 +1198,11 @@ spec: namespace: type: string required: - - jsonPointers - kind type: object type: array info: - description: Infos contains a list of useful information + description: Info contains a list of information (URLs, email addresses, and plain text) that relates to the application items: @@ -606,43 +1217,58 @@ spec: type: object type: array project: - description: Project is a application project name. - Empty name means that application belongs to 'default' + description: Project is a reference to the project + this application belongs to. The empty string + means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: This limits this number of items kept - in the apps revision history. This should only - be changed in exceptional circumstances. Setting - to zero will store no history. This will reduce - storage used. Increasing will increase the space - used to store the history, so we do not recommend - increasing it. Default is 10. + description: RevisionHistoryLimit limits the number + of items kept in the application's revision history, + which is used for informational purposes as well + as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. + Setting to zero will store no history. This will + reduce storage used. Increasing will increase + the space used to store the history, so we do + not recommend increasing it. Default is 10. format: int64 type: integer source: description: Source is a reference to the location - ksonnet application definition + of the application's manifests or chart properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and + must be specified for applications sourced + from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern + to match paths against that should be + explicitly excluded from being used during + manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be + explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds - jsonnet specific options + description: Jsonnet holds options specific + to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet - variable + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation properties: code: type: boolean @@ -665,8 +1291,9 @@ spec: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet - variable + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation properties: code: type: boolean @@ -681,6 +1308,8 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to + scan a directory recursively for manifests type: boolean type: object helm: @@ -691,24 +1320,28 @@ spec: to the helm template items: description: HelmFileParameter is a file - parameter to a helm template + parameter that's passed to helm template + during manifest generation properties: name: description: Name is the name of the - helm parameter + Helm parameter type: string path: - description: Path is the path value - for the helm parameter + description: Path is the path to the + file containing the values for the + Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to - the helm template + description: Parameters is a list of Helm + parameters which are passed to the helm + template command upon manifest generation items: description: HelmParameter is a parameter - to a helm template + that's passed to helm template during + manifest generation properties: forceString: description: ForceString determines @@ -717,17 +1350,18 @@ spec: type: boolean name: description: Name is the name of the - helm parameter + Helm parameter type: string value: description: Value is the value for - the helm parameter + the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted - it will use the application name + description: ReleaseName is the Helm release + name to use. If omitted it will use the + application name type: string valueFiles: description: ValuesFiles is a list of Helm @@ -736,12 +1370,13 @@ spec: type: string type: array values: - description: Values is Helm values, typically + description: Values specifies Helm values + to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version - to use for templating with + to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -778,50 +1413,71 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional - kustomize commonAnnotations + description: CommonAnnotations is a list + of additional annotations to add to rendered + manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional - kustomize commonLabels + description: CommonLabels is a list of additional + labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies + whether to force applying common labels + to resources for Kustomize apps + type: boolean images: - description: Images are kustomize image - overrides + description: Images is a list of Kustomize + image override specifications items: + description: KustomizeImage represents + a Kustomize image definition in the + format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended - to resources for kustomize apps + to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended - to resources for kustomize apps + to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize - version + description: Version controls which version + of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within - the Git repository + the Git repository, and is only valid for + applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment + variable entries items: + description: EnvEntry represents an entry + in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the + variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of + the variable type: string required: - name @@ -832,20 +1488,24 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of - the application manifests + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application + manifests type: string targetRevision: - description: TargetRevision defines the commit, - tag, or branch in which to sync the application - to. If omitted, will sync to HEAD + description: TargetRevision defines the revision + of the source to sync the application to. + In case of Git, this can be commit, tag, or + branch. If omitted, will equal to HEAD. In + case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL type: object syncPolicy: - description: SyncPolicy controls when a sync will - be performed + description: SyncPolicy controls when and how a + sync will be performed properties: automated: description: Automated will keep an application @@ -856,13 +1516,16 @@ spec: zero live resources (default: false)' type: boolean prune: - description: 'Prune will prune resources - automatically as part of automated sync - (default: false)' + description: 'Prune specifies whether to + delete resources from the cluster that + are not found in the sources anymore as + part of automated sync (default: false)' type: boolean selfHeal: - description: 'SelfHeal enables auto-syncing - if (default: false)' + description: 'SelfHeal specifes whether + to revert resources back to their desired + state upon modification in the cluster + (default: false)' type: boolean type: object retry: @@ -870,7 +1533,8 @@ spec: behavior properties: backoff: - description: Backoff is a backoff strategy + description: Backoff controls how to backoff + on subsequent retries of failed syncs properties: duration: description: Duration is the amount @@ -892,7 +1556,8 @@ spec: type: object limit: description: Limit is the maximum number - of attempts when retrying a container + of attempts for retrying a failed sync. + If set to 0, no retries will be performed. format: int64 type: integer type: object @@ -921,23 +1586,7 @@ spec: properties: elements: items: - description: ListGeneratorElement include cluster and - url info - properties: - cluster: - type: string - url: - type: string - values: - additionalProperties: - type: string - description: Values contains key/value pairs which - are passed directly as parameters to the template - type: object - required: - - cluster - - url - type: object + x-kubernetes-preserve-unknown-fields: true type: array template: description: ApplicationSetTemplate represents argocd ApplicationSpec @@ -951,6 +1600,10 @@ spec: additionalProperties: type: string type: object + finalizers: + items: + type: string + type: array labels: additionalProperties: type: string @@ -967,27 +1620,29 @@ spec: revision. properties: destination: - description: Destination overrides the kubernetes - server and namespace defined in the environment - ksonnet app.yaml + description: Destination is a reference to the target + Kubernetes server and namespace properties: name: - description: Name of the destination cluster - which can be used instead of server (url) - field + description: Name is an alternate way of specifying + the target cluster by its symbolic name type: string namespace: - description: Namespace overrides the environment - namespace value in the ksonnet app.yaml + description: Namespace specifies the target + namespace for the application's resources. + The namespace will only be set for namespace-scoped + resources that have not set a value for .metadata.namespace type: string server: - description: Server overrides the environment - server value in the ksonnet app.yaml + description: Server specifies the URL of the + target cluster and must be set to the Kubernetes + control plane API type: string type: object ignoreDifferences: - description: IgnoreDifferences controls resources - fields which should be ignored during comparison + description: IgnoreDifferences is a list of resources + and their fields which should be ignored during + comparison items: description: ResourceIgnoreDifferences contains resource filter and list of json paths which @@ -996,6 +1651,10 @@ spec: properties: group: type: string + jqPathExpressions: + items: + type: string + type: array jsonPointers: items: type: string @@ -1007,12 +1666,11 @@ spec: namespace: type: string required: - - jsonPointers - kind type: object type: array info: - description: Infos contains a list of useful information + description: Info contains a list of information (URLs, email addresses, and plain text) that relates to the application items: @@ -1027,43 +1685,58 @@ spec: type: object type: array project: - description: Project is a application project name. - Empty name means that application belongs to 'default' + description: Project is a reference to the project + this application belongs to. The empty string + means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: This limits this number of items kept - in the apps revision history. This should only - be changed in exceptional circumstances. Setting - to zero will store no history. This will reduce - storage used. Increasing will increase the space - used to store the history, so we do not recommend - increasing it. Default is 10. + description: RevisionHistoryLimit limits the number + of items kept in the application's revision history, + which is used for informational purposes as well + as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. + Setting to zero will store no history. This will + reduce storage used. Increasing will increase + the space used to store the history, so we do + not recommend increasing it. Default is 10. format: int64 type: integer source: description: Source is a reference to the location - ksonnet application definition + of the application's manifests or chart properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and + must be specified for applications sourced + from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern + to match paths against that should be + explicitly excluded from being used during + manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be + explicitly included during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds - jsonnet specific options + description: Jsonnet holds options specific + to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet - variable + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation properties: code: type: boolean @@ -1086,8 +1759,9 @@ spec: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet - variable + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation properties: code: type: boolean @@ -1102,6 +1776,8 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to + scan a directory recursively for manifests type: boolean type: object helm: @@ -1112,24 +1788,28 @@ spec: to the helm template items: description: HelmFileParameter is a file - parameter to a helm template + parameter that's passed to helm template + during manifest generation properties: name: description: Name is the name of the - helm parameter + Helm parameter type: string path: - description: Path is the path value - for the helm parameter + description: Path is the path to the + file containing the values for the + Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to - the helm template + description: Parameters is a list of Helm + parameters which are passed to the helm + template command upon manifest generation items: description: HelmParameter is a parameter - to a helm template + that's passed to helm template during + manifest generation properties: forceString: description: ForceString determines @@ -1138,17 +1818,18 @@ spec: type: boolean name: description: Name is the name of the - helm parameter + Helm parameter type: string value: description: Value is the value for - the helm parameter + the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted - it will use the application name + description: ReleaseName is the Helm release + name to use. If omitted it will use the + application name type: string valueFiles: description: ValuesFiles is a list of Helm @@ -1157,12 +1838,13 @@ spec: type: string type: array values: - description: Values is Helm values, typically + description: Values specifies Helm values + to be passed to helm template, typically defined as a block type: string version: description: Version is the Helm version - to use for templating with + to use for templating (either "2" or "3") type: string type: object ksonnet: @@ -1199,50 +1881,71 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional - kustomize commonAnnotations + description: CommonAnnotations is a list + of additional annotations to add to rendered + manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional - kustomize commonLabels + description: CommonLabels is a list of additional + labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies + whether to force applying common labels + to resources for Kustomize apps + type: boolean images: - description: Images are kustomize image - overrides + description: Images is a list of Kustomize + image override specifications items: + description: KustomizeImage represents + a Kustomize image definition in the + format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended - to resources for kustomize apps + to resources for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended - to resources for kustomize apps + to resources for Kustomize apps type: string version: - description: Version contains optional Kustomize - version + description: Version controls which version + of Kustomize to use for rendering manifests type: string type: object path: description: Path is a directory path within - the Git repository + the Git repository, and is only valid for + applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment + variable entries items: + description: EnvEntry represents an entry + in the application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the + variable, usually expressed in uppercase type: string value: - description: the value + description: Value is the value of + the variable type: string required: - name @@ -1253,20 +1956,24 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of - the application manifests + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application + manifests type: string targetRevision: - description: TargetRevision defines the commit, - tag, or branch in which to sync the application - to. If omitted, will sync to HEAD + description: TargetRevision defines the revision + of the source to sync the application to. + In case of Git, this can be commit, tag, or + branch. If omitted, will equal to HEAD. In + case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL type: object syncPolicy: - description: SyncPolicy controls when a sync will - be performed + description: SyncPolicy controls when and how a + sync will be performed properties: automated: description: Automated will keep an application @@ -1277,13 +1984,16 @@ spec: zero live resources (default: false)' type: boolean prune: - description: 'Prune will prune resources - automatically as part of automated sync - (default: false)' + description: 'Prune specifies whether to + delete resources from the cluster that + are not found in the sources anymore as + part of automated sync (default: false)' type: boolean selfHeal: - description: 'SelfHeal enables auto-syncing - if (default: false)' + description: 'SelfHeal specifes whether + to revert resources back to their desired + state upon modification in the cluster + (default: false)' type: boolean type: object retry: @@ -1291,7 +2001,8 @@ spec: behavior properties: backoff: - description: Backoff is a backoff strategy + description: Backoff controls how to backoff + on subsequent retries of failed syncs properties: duration: description: Duration is the amount @@ -1313,7 +2024,8 @@ spec: type: object limit: description: Limit is the maximum number - of attempts when retrying a container + of attempts for retrying a failed sync. + If set to 0, no retries will be performed. format: int64 type: integer type: object @@ -1336,18 +2048,3889 @@ spec: required: - elements type: object + matrix: + description: MatrixGenerator include Other generators + properties: + generators: + items: + description: ApplicationSetBaseGenerator include list + item info CRD dosn't support recursive types so we need + a different type for the matrix generator https://github.com/kubernetes-sigs/controller-tools/issues/477 + properties: + clusterDecisionResource: + description: DuckType defines a generator to match + against clusters registered with ArgoCD. + properties: + configMapRef: + description: ConfigMapRef is a ConfigMap with + the duck type definitions needed to retreive + the data this includes apiVersion(group/version), + kind, matchKey and validation settings Name + is the resource name of the kind, group and + version, defined in the ConfigMapRef RequeueAfterSeconds + is how long before the duckType will be rechecked + for a change + type: string + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + description: ApplicationSetTemplate represents + argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents + the Argo CD application fields that may + be used for Applications generated from + the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired + application state. Contains link to repository + with application definition and additional + parameters link definition revision. + properties: + destination: + description: Destination is a reference + to the target Kubernetes server and + namespace + properties: + name: + description: Name is an alternate + way of specifying the target cluster + by its symbolic name + type: string + namespace: + description: Namespace specifies the + target namespace for the application's + resources. The namespace will only + be set for namespace-scoped resources + that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the + URL of the target cluster and must + be set to the Kubernetes control + plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list + of resources and their fields which + should be ignored during comparison + items: + description: ResourceIgnoreDifferences + contains resource filter and list + of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) + that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to + the project this application belongs + to. The empty string means that application + belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits + the number of items kept in the application's + revision history, which is used for + informational purposes as well as for + rollbacks to previous versions. This + should only be changed in exceptional + circumstances. Setting to zero will + store no history. This will reduce storage + used. Increasing will increase the space + used to store the history, so we do + not recommend increasing it. Default + is 10. + format: int64 + type: integer + source: + description: Source is a reference to + the location of the application's manifests + or chart + properties: + chart: + description: Chart is a Helm chart + name, and must be specified for + applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains + a glob pattern to match paths + against that should be explicitly + excluded from being used during + manifest generation + type: string + include: + description: Include contains + a glob pattern to match paths + against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options + specific to Jsonnet + properties: + extVars: + description: ExtVars is a + list of Jsonnet External + Variables + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library + search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list + of Jsonnet Top-level Arguments + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies + whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific + options + properties: + fileParameters: + description: FileParameters are + file parameters to the helm + template + items: + description: HelmFileParameter + is a file parameter that's + passed to helm template during + manifest generation + properties: + name: + description: Name is the + name of the Helm parameter + type: string + path: + description: Path is the + path to the file containing + the values for the Helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list + of Helm parameters which are + passed to the helm template + command upon manifest generation + items: + description: HelmParameter is + a parameter that's passed + to helm template during manifest + generation + properties: + forceString: + description: ForceString + determines whether to + tell Helm to interpret + booleans and numbers as + strings + type: boolean + name: + description: Name is the + name of the Helm parameter + type: string + value: + description: Value is the + value for the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the + Helm release name to use. If + omitted it will use the application + name + type: string + valueFiles: + description: ValuesFiles is a + list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies + Helm values to be passed to + helm template, typically defined + as a block + type: string + version: + description: Version is the Helm + version to use for templating + (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet + specific options + properties: + environment: + description: Environment is a + ksonnet application environment + name + type: string + parameters: + description: Parameters are a + list of ksonnet component parameter + override values + items: + description: KsonnetParameter + is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize + specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations + is a list of additional annotations + to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a + list of additional labels to + add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations + specifies whether to force applying + common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels + specifies whether to force applying + common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list + of Kustomize image override + specifications + items: + description: KustomizeImage + represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix + appended to resources for Kustomize + apps + type: string + nameSuffix: + description: NameSuffix is a suffix + appended to resources for Kustomize + apps + type: string + version: + description: Version controls + which version of Kustomize to + use for rendering manifests + type: string + type: object + path: + description: Path is a directory path + within the Git repository, and is + only valid for applications sourced + from Git. + type: string + plugin: + description: ConfigManagementPlugin + holds config management plugin specific + options + properties: + env: + description: Env is a list of + environment variable entries + items: + description: EnvEntry represents + an entry in the application's + environment + properties: + name: + description: Name is the + name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the + value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to + the repository (Git or Helm) that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines + the revision of the source to sync + the application to. In case of Git, + this can be commit, tag, or branch. + If omitted, will equal to HEAD. + In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when + and how a sync will be performed + properties: + automated: + description: Automated will keep an + application synced to the target + revision + properties: + allowEmpty: + description: 'AllowEmpty allows + apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies + whether to delete resources + from the cluster that are not + found in the sources anymore + as part of automated sync (default: + false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes + whether to revert resources + back to their desired state + upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed + sync retry behavior + properties: + backoff: + description: Backoff controls + how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the + amount to back off. Default + unit is seconds, but could + also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor + to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is + the maximum amount of time + allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum + number of attempts for retrying + a failed sync. If set to 0, + no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to + specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + description: Values contains key/value pairs which + are passed directly as parameters to the template + type: object + required: + - configMapRef + type: object + clusters: + description: ClusterGenerator defines a generator + to match against clusters registered with ArgoCD. + properties: + selector: + description: Selector defines a label selector + to match against all clusters registered with + ArgoCD. Clusters today are stored as Kubernetes + Secrets, thus the Secret labels will be used + for matching the selector. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + template: + description: ApplicationSetTemplate represents + argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents + the Argo CD application fields that may + be used for Applications generated from + the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired + application state. Contains link to repository + with application definition and additional + parameters link definition revision. + properties: + destination: + description: Destination is a reference + to the target Kubernetes server and + namespace + properties: + name: + description: Name is an alternate + way of specifying the target cluster + by its symbolic name + type: string + namespace: + description: Namespace specifies the + target namespace for the application's + resources. The namespace will only + be set for namespace-scoped resources + that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the + URL of the target cluster and must + be set to the Kubernetes control + plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list + of resources and their fields which + should be ignored during comparison + items: + description: ResourceIgnoreDifferences + contains resource filter and list + of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) + that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to + the project this application belongs + to. The empty string means that application + belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits + the number of items kept in the application's + revision history, which is used for + informational purposes as well as for + rollbacks to previous versions. This + should only be changed in exceptional + circumstances. Setting to zero will + store no history. This will reduce storage + used. Increasing will increase the space + used to store the history, so we do + not recommend increasing it. Default + is 10. + format: int64 + type: integer + source: + description: Source is a reference to + the location of the application's manifests + or chart + properties: + chart: + description: Chart is a Helm chart + name, and must be specified for + applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains + a glob pattern to match paths + against that should be explicitly + excluded from being used during + manifest generation + type: string + include: + description: Include contains + a glob pattern to match paths + against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options + specific to Jsonnet + properties: + extVars: + description: ExtVars is a + list of Jsonnet External + Variables + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library + search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list + of Jsonnet Top-level Arguments + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies + whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific + options + properties: + fileParameters: + description: FileParameters are + file parameters to the helm + template + items: + description: HelmFileParameter + is a file parameter that's + passed to helm template during + manifest generation + properties: + name: + description: Name is the + name of the Helm parameter + type: string + path: + description: Path is the + path to the file containing + the values for the Helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list + of Helm parameters which are + passed to the helm template + command upon manifest generation + items: + description: HelmParameter is + a parameter that's passed + to helm template during manifest + generation + properties: + forceString: + description: ForceString + determines whether to + tell Helm to interpret + booleans and numbers as + strings + type: boolean + name: + description: Name is the + name of the Helm parameter + type: string + value: + description: Value is the + value for the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the + Helm release name to use. If + omitted it will use the application + name + type: string + valueFiles: + description: ValuesFiles is a + list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies + Helm values to be passed to + helm template, typically defined + as a block + type: string + version: + description: Version is the Helm + version to use for templating + (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet + specific options + properties: + environment: + description: Environment is a + ksonnet application environment + name + type: string + parameters: + description: Parameters are a + list of ksonnet component parameter + override values + items: + description: KsonnetParameter + is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize + specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations + is a list of additional annotations + to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a + list of additional labels to + add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations + specifies whether to force applying + common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels + specifies whether to force applying + common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list + of Kustomize image override + specifications + items: + description: KustomizeImage + represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix + appended to resources for Kustomize + apps + type: string + nameSuffix: + description: NameSuffix is a suffix + appended to resources for Kustomize + apps + type: string + version: + description: Version controls + which version of Kustomize to + use for rendering manifests + type: string + type: object + path: + description: Path is a directory path + within the Git repository, and is + only valid for applications sourced + from Git. + type: string + plugin: + description: ConfigManagementPlugin + holds config management plugin specific + options + properties: + env: + description: Env is a list of + environment variable entries + items: + description: EnvEntry represents + an entry in the application's + environment + properties: + name: + description: Name is the + name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the + value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to + the repository (Git or Helm) that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines + the revision of the source to sync + the application to. In case of Git, + this can be commit, tag, or branch. + If omitted, will equal to HEAD. + In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when + and how a sync will be performed + properties: + automated: + description: Automated will keep an + application synced to the target + revision + properties: + allowEmpty: + description: 'AllowEmpty allows + apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies + whether to delete resources + from the cluster that are not + found in the sources anymore + as part of automated sync (default: + false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes + whether to revert resources + back to their desired state + upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed + sync retry behavior + properties: + backoff: + description: Backoff controls + how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the + amount to back off. Default + unit is seconds, but could + also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor + to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is + the maximum amount of time + allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum + number of attempts for retrying + a failed sync. If set to 0, + no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to + specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + description: Values contains key/value pairs which + are passed directly as parameters to the template + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + description: ApplicationSetTemplate represents + argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents + the Argo CD application fields that may + be used for Applications generated from + the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired + application state. Contains link to repository + with application definition and additional + parameters link definition revision. + properties: + destination: + description: Destination is a reference + to the target Kubernetes server and + namespace + properties: + name: + description: Name is an alternate + way of specifying the target cluster + by its symbolic name + type: string + namespace: + description: Namespace specifies the + target namespace for the application's + resources. The namespace will only + be set for namespace-scoped resources + that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the + URL of the target cluster and must + be set to the Kubernetes control + plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list + of resources and their fields which + should be ignored during comparison + items: + description: ResourceIgnoreDifferences + contains resource filter and list + of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) + that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to + the project this application belongs + to. The empty string means that application + belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits + the number of items kept in the application's + revision history, which is used for + informational purposes as well as for + rollbacks to previous versions. This + should only be changed in exceptional + circumstances. Setting to zero will + store no history. This will reduce storage + used. Increasing will increase the space + used to store the history, so we do + not recommend increasing it. Default + is 10. + format: int64 + type: integer + source: + description: Source is a reference to + the location of the application's manifests + or chart + properties: + chart: + description: Chart is a Helm chart + name, and must be specified for + applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains + a glob pattern to match paths + against that should be explicitly + excluded from being used during + manifest generation + type: string + include: + description: Include contains + a glob pattern to match paths + against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options + specific to Jsonnet + properties: + extVars: + description: ExtVars is a + list of Jsonnet External + Variables + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library + search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list + of Jsonnet Top-level Arguments + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies + whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific + options + properties: + fileParameters: + description: FileParameters are + file parameters to the helm + template + items: + description: HelmFileParameter + is a file parameter that's + passed to helm template during + manifest generation + properties: + name: + description: Name is the + name of the Helm parameter + type: string + path: + description: Path is the + path to the file containing + the values for the Helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list + of Helm parameters which are + passed to the helm template + command upon manifest generation + items: + description: HelmParameter is + a parameter that's passed + to helm template during manifest + generation + properties: + forceString: + description: ForceString + determines whether to + tell Helm to interpret + booleans and numbers as + strings + type: boolean + name: + description: Name is the + name of the Helm parameter + type: string + value: + description: Value is the + value for the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the + Helm release name to use. If + omitted it will use the application + name + type: string + valueFiles: + description: ValuesFiles is a + list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies + Helm values to be passed to + helm template, typically defined + as a block + type: string + version: + description: Version is the Helm + version to use for templating + (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet + specific options + properties: + environment: + description: Environment is a + ksonnet application environment + name + type: string + parameters: + description: Parameters are a + list of ksonnet component parameter + override values + items: + description: KsonnetParameter + is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize + specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations + is a list of additional annotations + to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a + list of additional labels to + add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations + specifies whether to force applying + common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels + specifies whether to force applying + common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list + of Kustomize image override + specifications + items: + description: KustomizeImage + represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix + appended to resources for Kustomize + apps + type: string + nameSuffix: + description: NameSuffix is a suffix + appended to resources for Kustomize + apps + type: string + version: + description: Version controls + which version of Kustomize to + use for rendering manifests + type: string + type: object + path: + description: Path is a directory path + within the Git repository, and is + only valid for applications sourced + from Git. + type: string + plugin: + description: ConfigManagementPlugin + holds config management plugin specific + options + properties: + env: + description: Env is a list of + environment variable entries + items: + description: EnvEntry represents + an entry in the application's + environment + properties: + name: + description: Name is the + name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the + value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to + the repository (Git or Helm) that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines + the revision of the source to sync + the application to. In case of Git, + this can be commit, tag, or branch. + If omitted, will equal to HEAD. + In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when + and how a sync will be performed + properties: + automated: + description: Automated will keep an + application synced to the target + revision + properties: + allowEmpty: + description: 'AllowEmpty allows + apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies + whether to delete resources + from the cluster that are not + found in the sources anymore + as part of automated sync (default: + false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes + whether to revert resources + back to their desired state + upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed + sync retry behavior + properties: + backoff: + description: Backoff controls + how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the + amount to back off. Default + unit is seconds, but could + also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor + to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is + the maximum amount of time + allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum + number of attempts for retrying + a failed sync. If set to 0, + no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to + specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - repoURL + - revision + type: object + list: + description: ListGenerator include items info + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + template: + description: ApplicationSetTemplate represents + argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents + the Argo CD application fields that may + be used for Applications generated from + the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired + application state. Contains link to repository + with application definition and additional + parameters link definition revision. + properties: + destination: + description: Destination is a reference + to the target Kubernetes server and + namespace + properties: + name: + description: Name is an alternate + way of specifying the target cluster + by its symbolic name + type: string + namespace: + description: Namespace specifies the + target namespace for the application's + resources. The namespace will only + be set for namespace-scoped resources + that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the + URL of the target cluster and must + be set to the Kubernetes control + plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list + of resources and their fields which + should be ignored during comparison + items: + description: ResourceIgnoreDifferences + contains resource filter and list + of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) + that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to + the project this application belongs + to. The empty string means that application + belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits + the number of items kept in the application's + revision history, which is used for + informational purposes as well as for + rollbacks to previous versions. This + should only be changed in exceptional + circumstances. Setting to zero will + store no history. This will reduce storage + used. Increasing will increase the space + used to store the history, so we do + not recommend increasing it. Default + is 10. + format: int64 + type: integer + source: + description: Source is a reference to + the location of the application's manifests + or chart + properties: + chart: + description: Chart is a Helm chart + name, and must be specified for + applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains + a glob pattern to match paths + against that should be explicitly + excluded from being used during + manifest generation + type: string + include: + description: Include contains + a glob pattern to match paths + against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options + specific to Jsonnet + properties: + extVars: + description: ExtVars is a + list of Jsonnet External + Variables + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library + search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list + of Jsonnet Top-level Arguments + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies + whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific + options + properties: + fileParameters: + description: FileParameters are + file parameters to the helm + template + items: + description: HelmFileParameter + is a file parameter that's + passed to helm template during + manifest generation + properties: + name: + description: Name is the + name of the Helm parameter + type: string + path: + description: Path is the + path to the file containing + the values for the Helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list + of Helm parameters which are + passed to the helm template + command upon manifest generation + items: + description: HelmParameter is + a parameter that's passed + to helm template during manifest + generation + properties: + forceString: + description: ForceString + determines whether to + tell Helm to interpret + booleans and numbers as + strings + type: boolean + name: + description: Name is the + name of the Helm parameter + type: string + value: + description: Value is the + value for the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the + Helm release name to use. If + omitted it will use the application + name + type: string + valueFiles: + description: ValuesFiles is a + list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies + Helm values to be passed to + helm template, typically defined + as a block + type: string + version: + description: Version is the Helm + version to use for templating + (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet + specific options + properties: + environment: + description: Environment is a + ksonnet application environment + name + type: string + parameters: + description: Parameters are a + list of ksonnet component parameter + override values + items: + description: KsonnetParameter + is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize + specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations + is a list of additional annotations + to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a + list of additional labels to + add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations + specifies whether to force applying + common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels + specifies whether to force applying + common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list + of Kustomize image override + specifications + items: + description: KustomizeImage + represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix + appended to resources for Kustomize + apps + type: string + nameSuffix: + description: NameSuffix is a suffix + appended to resources for Kustomize + apps + type: string + version: + description: Version controls + which version of Kustomize to + use for rendering manifests + type: string + type: object + path: + description: Path is a directory path + within the Git repository, and is + only valid for applications sourced + from Git. + type: string + plugin: + description: ConfigManagementPlugin + holds config management plugin specific + options + properties: + env: + description: Env is a list of + environment variable entries + items: + description: EnvEntry represents + an entry in the application's + environment + properties: + name: + description: Name is the + name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the + value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to + the repository (Git or Helm) that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines + the revision of the source to sync + the application to. In case of Git, + this can be commit, tag, or branch. + If omitted, will equal to HEAD. + In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when + and how a sync will be performed + properties: + automated: + description: Automated will keep an + application synced to the target + revision + properties: + allowEmpty: + description: 'AllowEmpty allows + apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies + whether to delete resources + from the cluster that are not + found in the sources anymore + as part of automated sync (default: + false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes + whether to revert resources + back to their desired state + upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed + sync retry behavior + properties: + backoff: + description: Backoff controls + how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the + amount to back off. Default + unit is seconds, but could + also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor + to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is + the maximum amount of time + allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum + number of attempts for retrying + a failed sync. If set to 0, + no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to + specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - elements + type: object + scmProvider: + description: SCMProviderGenerator defines a generator + that scrapes a SCMaaS API to find candidate repos. + properties: + cloneProtocol: + description: Which protocol to use for the SCM + URL. Default is provider-specific but ssh if + possible. Not all providers necessarily support + all protocols. + type: string + filters: + description: Filters for which repos should be + considered. + items: + description: SCMProviderGeneratorFilter is a + single repository filter. If multiple filter + types are set on a single struct, they will + be AND'd together. All filters must pass for + a repo to be included. + properties: + branchMatch: + description: A regex which must match the + branch name. + type: string + labelMatch: + description: A regex which must match at + least one label. + type: string + pathsExist: + description: An array of paths, all of which + must exist. + items: + type: string + type: array + repositoryMatch: + description: A regex for repo names. + type: string + type: object + type: array + github: + description: Which provider to use and config + for it. + properties: + allBranches: + description: Scan all branches instead of + just the default branch. + type: boolean + api: + description: The GitHub API URL to talk to. + If blank, use https://api.github.com/. + type: string + organization: + description: GitHub org to scan. Required. + type: string + tokenRef: + description: Authentication token reference. + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + description: SCMProviderGeneratorGitlab defines + a connection info specific to Gitlab. + properties: + allBranches: + description: Scan all branches instead of + just the default branch. + type: boolean + api: + description: The Gitlab API URL to talk to. + type: string + group: + description: Gitlab group to scan. Required. You + can use either the project id (recommended) + or the full namespaced path. + type: string + includeSubgroups: + description: Recurse through subgroups (true) + or scan only the base group (false). Defaults + to "false" + type: boolean + tokenRef: + description: Authentication token reference. + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + description: Standard parameters. + format: int64 + type: integer + template: + description: ApplicationSetTemplate represents + argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents + the Argo CD application fields that may + be used for Applications generated from + the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired + application state. Contains link to repository + with application definition and additional + parameters link definition revision. + properties: + destination: + description: Destination is a reference + to the target Kubernetes server and + namespace + properties: + name: + description: Name is an alternate + way of specifying the target cluster + by its symbolic name + type: string + namespace: + description: Namespace specifies the + target namespace for the application's + resources. The namespace will only + be set for namespace-scoped resources + that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the + URL of the target cluster and must + be set to the Kubernetes control + plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list + of resources and their fields which + should be ignored during comparison + items: + description: ResourceIgnoreDifferences + contains resource filter and list + of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) + that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to + the project this application belongs + to. The empty string means that application + belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits + the number of items kept in the application's + revision history, which is used for + informational purposes as well as for + rollbacks to previous versions. This + should only be changed in exceptional + circumstances. Setting to zero will + store no history. This will reduce storage + used. Increasing will increase the space + used to store the history, so we do + not recommend increasing it. Default + is 10. + format: int64 + type: integer + source: + description: Source is a reference to + the location of the application's manifests + or chart + properties: + chart: + description: Chart is a Helm chart + name, and must be specified for + applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains + a glob pattern to match paths + against that should be explicitly + excluded from being used during + manifest generation + type: string + include: + description: Include contains + a glob pattern to match paths + against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options + specific to Jsonnet + properties: + extVars: + description: ExtVars is a + list of Jsonnet External + Variables + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library + search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list + of Jsonnet Top-level Arguments + items: + description: JsonnetVar + represents a variable + to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies + whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific + options + properties: + fileParameters: + description: FileParameters are + file parameters to the helm + template + items: + description: HelmFileParameter + is a file parameter that's + passed to helm template during + manifest generation + properties: + name: + description: Name is the + name of the Helm parameter + type: string + path: + description: Path is the + path to the file containing + the values for the Helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list + of Helm parameters which are + passed to the helm template + command upon manifest generation + items: + description: HelmParameter is + a parameter that's passed + to helm template during manifest + generation + properties: + forceString: + description: ForceString + determines whether to + tell Helm to interpret + booleans and numbers as + strings + type: boolean + name: + description: Name is the + name of the Helm parameter + type: string + value: + description: Value is the + value for the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the + Helm release name to use. If + omitted it will use the application + name + type: string + valueFiles: + description: ValuesFiles is a + list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies + Helm values to be passed to + helm template, typically defined + as a block + type: string + version: + description: Version is the Helm + version to use for templating + (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet + specific options + properties: + environment: + description: Environment is a + ksonnet application environment + name + type: string + parameters: + description: Parameters are a + list of ksonnet component parameter + override values + items: + description: KsonnetParameter + is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize + specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations + is a list of additional annotations + to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a + list of additional labels to + add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations + specifies whether to force applying + common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels + specifies whether to force applying + common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list + of Kustomize image override + specifications + items: + description: KustomizeImage + represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix + appended to resources for Kustomize + apps + type: string + nameSuffix: + description: NameSuffix is a suffix + appended to resources for Kustomize + apps + type: string + version: + description: Version controls + which version of Kustomize to + use for rendering manifests + type: string + type: object + path: + description: Path is a directory path + within the Git repository, and is + only valid for applications sourced + from Git. + type: string + plugin: + description: ConfigManagementPlugin + holds config management plugin specific + options + properties: + env: + description: Env is a list of + environment variable entries + items: + description: EnvEntry represents + an entry in the application's + environment + properties: + name: + description: Name is the + name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the + value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to + the repository (Git or Helm) that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines + the revision of the source to sync + the application to. In case of Git, + this can be commit, tag, or branch. + If omitted, will equal to HEAD. + In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when + and how a sync will be performed + properties: + automated: + description: Automated will keep an + application synced to the target + revision + properties: + allowEmpty: + description: 'AllowEmpty allows + apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies + whether to delete resources + from the cluster that are not + found in the sources anymore + as part of automated sync (default: + false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes + whether to revert resources + back to their desired state + upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed + sync retry behavior + properties: + backoff: + description: Backoff controls + how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the + amount to back off. Default + unit is seconds, but could + also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor + to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is + the maximum amount of time + allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum + number of attempts for retrying + a failed sync. If set to 0, + no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to + specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object + type: object + type: array + template: + description: ApplicationSetTemplate represents argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents the + Argo CD application fields that may be used for Applications + generated from the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired application + state. Contains link to repository with application + definition and additional parameters link definition + revision. + properties: + destination: + description: Destination is a reference to the target + Kubernetes server and namespace + properties: + name: + description: Name is an alternate way of specifying + the target cluster by its symbolic name + type: string + namespace: + description: Namespace specifies the target + namespace for the application's resources. + The namespace will only be set for namespace-scoped + resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the + target cluster and must be set to the Kubernetes + control plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources + and their fields which should be ignored during + comparison + items: + description: ResourceIgnoreDifferences contains + resource filter and list of json paths which + should be ignored during comparison with live + state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) that relates + to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to the project + this application belongs to. The empty string + means that application belongs to the 'default' + project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits the number + of items kept in the application's revision history, + which is used for informational purposes as well + as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. + Setting to zero will store no history. This will + reduce storage used. Increasing will increase + the space used to store the history, so we do + not recommend increasing it. Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location + of the application's manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and + must be specified for applications sourced + from a Helm repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be + explicitly excluded from being used during + manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be + explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search + dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet + Top-level Arguments + items: + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to + scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file + parameter that's passed to helm template + during manifest generation + properties: + name: + description: Name is the name of the + Helm parameter + type: string + path: + description: Path is the path to the + file containing the values for the + Helm parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list of Helm + parameters which are passed to the helm + template command upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during + manifest generation + properties: + forceString: + description: ForceString determines + whether to tell Helm to interpret + booleans and numbers as strings + type: boolean + name: + description: Name is the name of the + Helm parameter + type: string + value: + description: Value is the value for + the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the + application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm + value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values + to be passed to helm template, typically + defined as a block + type: string + version: + description: Version is the Helm version + to use for templating (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific + options + properties: + environment: + description: Environment is a ksonnet application + environment name + type: string + parameters: + description: Parameters are a list of ksonnet + component parameter override values + items: + description: KsonnetParameter is a ksonnet + component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list + of additional annotations to add to rendered + manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies + whether to force applying common labels + to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize + image override specifications + items: + description: KustomizeImage represents + a Kustomize image definition in the + format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within + the Git repository, and is only valid for + applications sourced from Git. + type: string + plugin: + description: ConfigManagementPlugin holds config + management plugin specific options + properties: + env: + description: Env is a list of environment + variable entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the + variable, usually expressed in uppercase + type: string + value: + description: Value is the value of + the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application + manifests + type: string + targetRevision: + description: TargetRevision defines the revision + of the source to sync the application to. + In case of Git, this can be commit, tag, or + branch. If omitted, will equal to HEAD. In + case of Helm, this is a semver tag for the + Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when and how a + sync will be performed + properties: + automated: + description: Automated will keep an application + synced to the target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have + zero live resources (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to + delete resources from the cluster that + are not found in the sources anymore as + part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes whether + to revert resources back to their desired + state upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed sync retry + behavior + properties: + backoff: + description: Backoff controls how to backoff + on subsequent retries of failed syncs + properties: + duration: + description: Duration is the amount + to back off. Default unit is seconds, + but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply + the base duration after each failed + retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum + amount of time allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum number + of attempts for retrying a failed sync. + If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole + app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + scmProvider: + description: SCMProviderGenerator defines a generator that scrapes + a SCMaaS API to find candidate repos. + properties: + cloneProtocol: + description: Which protocol to use for the SCM URL. Default + is provider-specific but ssh if possible. Not all providers + necessarily support all protocols. + type: string + filters: + description: Filters for which repos should be considered. + items: + description: SCMProviderGeneratorFilter is a single repository + filter. If multiple filter types are set on a single + struct, they will be AND'd together. All filters must + pass for a repo to be included. + properties: + branchMatch: + description: A regex which must match the branch name. + type: string + labelMatch: + description: A regex which must match at least one + label. + type: string + pathsExist: + description: An array of paths, all of which must + exist. + items: + type: string + type: array + repositoryMatch: + description: A regex for repo names. + type: string + type: object + type: array + github: + description: Which provider to use and config for it. + properties: + allBranches: + description: Scan all branches instead of just the default + branch. + type: boolean + api: + description: The GitHub API URL to talk to. If blank, + use https://api.github.com/. + type: string + organization: + description: GitHub org to scan. Required. + type: string + tokenRef: + description: Authentication token reference. + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + description: SCMProviderGeneratorGitlab defines a connection + info specific to Gitlab. + properties: + allBranches: + description: Scan all branches instead of just the default + branch. + type: boolean + api: + description: The Gitlab API URL to talk to. + type: string + group: + description: Gitlab group to scan. Required. You can + use either the project id (recommended) or the full + namespaced path. + type: string + includeSubgroups: + description: Recurse through subgroups (true) or scan + only the base group (false). Defaults to "false" + type: boolean + tokenRef: + description: Authentication token reference. + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + description: Standard parameters. + format: int64 + type: integer + template: + description: ApplicationSetTemplate represents argocd ApplicationSpec + properties: + metadata: + description: ApplicationSetTemplateMeta represents the + Argo CD application fields that may be used for Applications + generated from the ApplicationSet (based on metav1.ObjectMeta) + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: ApplicationSpec represents desired application + state. Contains link to repository with application + definition and additional parameters link definition + revision. + properties: + destination: + description: Destination is a reference to the target + Kubernetes server and namespace + properties: + name: + description: Name is an alternate way of specifying + the target cluster by its symbolic name + type: string + namespace: + description: Namespace specifies the target + namespace for the application's resources. + The namespace will only be set for namespace-scoped + resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the + target cluster and must be set to the Kubernetes + control plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources + and their fields which should be ignored during + comparison + items: + description: ResourceIgnoreDifferences contains + resource filter and list of json paths which + should be ignored during comparison with live + state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information + (URLs, email addresses, and plain text) that relates + to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to the project + this application belongs to. The empty string + means that application belongs to the 'default' + project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits the number + of items kept in the application's revision history, + which is used for informational purposes as well + as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. + Setting to zero will store no history. This will + reduce storage used. Increasing will increase + the space used to store the history, so we do + not recommend increasing it. Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location + of the application's manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and + must be specified for applications sourced + from a Helm repo. + type: string + directory: + description: Directory holds path/directory + specific options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be + explicitly excluded from being used during + manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be + explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search + dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet + Top-level Arguments + items: + description: JsonnetVar represents + a variable to be passed to jsonnet + during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to + scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file + parameter that's passed to helm template + during manifest generation + properties: + name: + description: Name is the name of the + Helm parameter + type: string + path: + description: Path is the path to the + file containing the values for the + Helm parameter + type: string + type: object + type: array + parameters: + description: Parameters is a list of Helm + parameters which are passed to the helm + template command upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during + manifest generation + properties: + forceString: + description: ForceString determines + whether to tell Helm to interpret + booleans and numbers as strings + type: boolean + name: + description: Name is the name of the + Helm parameter + type: string + value: + description: Value is the value for + the Helm parameter + type: string + type: object + type: array + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the + application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm + value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values + to be passed to helm template, typically + defined as a block + type: string + version: + description: Version is the Helm version + to use for templating (either "2" or "3") + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific + options + properties: + environment: + description: Environment is a ksonnet application + environment name + type: string + parameters: + description: Parameters are a list of ksonnet + component parameter override values + items: + description: KsonnetParameter is a ksonnet + component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list + of additional annotations to add to rendered + manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies + whether to force applying common labels + to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize + image override specifications + items: + description: KustomizeImage represents + a Kustomize image definition in the + format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within + the Git repository, and is only valid for + applications sourced from Git. + type: string + plugin: + description: ConfigManagementPlugin holds config + management plugin specific options + properties: + env: + description: Env is a list of environment + variable entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the + variable, usually expressed in uppercase + type: string + value: + description: Value is the value of + the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application + manifests + type: string + targetRevision: + description: TargetRevision defines the revision + of the source to sync the application to. + In case of Git, this can be commit, tag, or + branch. If omitted, will equal to HEAD. In + case of Helm, this is a semver tag for the + Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when and how a + sync will be performed + properties: + automated: + description: Automated will keep an application + synced to the target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have + zero live resources (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to + delete resources from the cluster that + are not found in the sources anymore as + part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifes whether + to revert resources back to their desired + state upon modification in the cluster + (default: false)' + type: boolean + type: object + retry: + description: Retry controls failed sync retry + behavior + properties: + backoff: + description: Backoff controls how to backoff + on subsequent retries of failed syncs + properties: + duration: + description: Duration is the amount + to back off. Default unit is seconds, + but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply + the base duration after each failed + retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum + amount of time allowed for the backoff + strategy + type: string + type: object + limit: + description: Limit is the maximum number + of attempts for retrying a failed sync. + If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole + app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object type: object type: array syncPolicy: description: ApplicationSetSyncPolicy configures how generated Applications will relate to their ApplicationSet. properties: - skipPrune: - description: SkipPrune will disable the default behavior which - will delete Applications that are no longer being generated - for the ApplicationSet which created them, or the ApplicationSet - itself is deleted. If SkipPrune is set to true, these Applications - will be orphaned but continue to exist. + preserveResourcesOnDeletion: + description: PreserveResourcesOnDeletion will preserve resources + on deletion. If PreserveResourcesOnDeletion is set to true, + these Applications will not be deleted. type: boolean type: object template: @@ -1362,6 +5945,10 @@ spec: additionalProperties: type: string type: object + finalizers: + items: + type: string + type: array labels: additionalProperties: type: string @@ -1377,25 +5964,27 @@ spec: additional parameters link definition revision. properties: destination: - description: Destination overrides the kubernetes server and - namespace defined in the environment ksonnet app.yaml + description: Destination is a reference to the target Kubernetes + server and namespace properties: name: - description: Name of the destination cluster which can - be used instead of server (url) field + description: Name is an alternate way of specifying the + target cluster by its symbolic name type: string namespace: - description: Namespace overrides the environment namespace - value in the ksonnet app.yaml + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: - description: Server overrides the environment server value - in the ksonnet app.yaml + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: - description: IgnoreDifferences controls resources fields which - should be ignored during comparison + description: IgnoreDifferences is a list of resources and + their fields which should be ignored during comparison items: description: ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored @@ -1403,6 +5992,10 @@ spec: properties: group: type: string + jqPathExpressions: + items: + type: string + type: array jsonPointers: items: type: string @@ -1414,13 +6007,12 @@ spec: namespace: type: string required: - - jsonPointers - kind type: object type: array info: - description: Infos contains a list of useful information (URLs, - email addresses, and plain text) that relates to the application + description: Info contains a list of information (URLs, email + addresses, and plain text) that relates to the application items: properties: name: @@ -1433,39 +6025,51 @@ spec: type: object type: array project: - description: Project is a application project name. Empty - name means that application belongs to 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs + to the 'default' project. type: string revisionHistoryLimit: - description: This limits this number of items kept in the - apps revision history. This should only be changed in exceptional - circumstances. Setting to zero will store no history. This - will reduce storage used. Increasing will increase the space - used to store the history, so we do not recommend increasing - it. Default is 10. + description: RevisionHistoryLimit limits the number of items + kept in the application's revision history, which is used + for informational purposes as well as for rollbacks to previous + versions. This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce + storage used. Increasing will increase the space used to + store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: - description: Source is a reference to the location ksonnet - application definition + description: Source is a reference to the location of the + application's manifests or chart properties: chart: - description: Chart is a Helm chart name + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. type: string directory: description: Directory holds path/directory specific options properties: exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation type: string jsonnet: - description: ApplicationSourceJsonnet holds jsonnet - specific options + description: Jsonnet holds options specific to Jsonnet properties: extVars: description: ExtVars is a list of Jsonnet External Variables items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1487,7 +6091,8 @@ spec: description: TLAS is a list of Jsonnet Top-level Arguments items: - description: JsonnetVar is a jsonnet variable + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation properties: code: type: boolean @@ -1502,6 +6107,8 @@ spec: type: array type: object recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests type: boolean type: object helm: @@ -1512,23 +6119,25 @@ spec: the helm template items: description: HelmFileParameter is a file parameter - to a helm template + that's passed to helm template during manifest + generation properties: name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string path: - description: Path is the path value for the - helm parameter + description: Path is the path to the file containing + the values for the Helm parameter type: string type: object type: array parameters: - description: Parameters are parameters to the helm - template + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation items: - description: HelmParameter is a parameter to a helm - template + description: HelmParameter is a parameter that's + passed to helm template during manifest generation properties: forceString: description: ForceString determines whether @@ -1536,17 +6145,17 @@ spec: as strings type: boolean name: - description: Name is the name of the helm parameter + description: Name is the name of the Helm parameter type: string value: - description: Value is the value for the helm + description: Value is the value for the Helm parameter type: string type: object type: array releaseName: - description: The Helm release name. If omitted it - will use the application name + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name type: string valueFiles: description: ValuesFiles is a list of Helm value files @@ -1555,12 +6164,12 @@ spec: type: string type: array values: - description: Values is Helm values, typically defined - as a block + description: Values specifies Helm values to be passed + to helm template, typically defined as a block type: string version: description: Version is the Helm version to use for - templating with + templating (either "2" or "3") type: string type: object ksonnet: @@ -1595,47 +6204,67 @@ spec: commonAnnotations: additionalProperties: type: string - description: CommonAnnotations adds additional kustomize - commonAnnotations + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests type: object commonLabels: additionalProperties: type: string - description: CommonLabels adds additional kustomize - commonLabels + description: CommonLabels is a list of additional + labels to add to rendered manifests type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean images: - description: Images are kustomize image overrides + description: Images is a list of Kustomize image override + specifications items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: type: string type: array namePrefix: description: NamePrefix is a prefix appended to resources - for kustomize apps + for Kustomize apps type: string nameSuffix: description: NameSuffix is a suffix appended to resources - for kustomize apps + for Kustomize apps type: string version: - description: Version contains optional Kustomize version + description: Version controls which version of Kustomize + to use for rendering manifests type: string type: object path: - description: Path is a directory path within the Git repository + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. type: string plugin: description: ConfigManagementPlugin holds config management plugin specific options properties: env: + description: Env is a list of environment variable + entries items: + description: EnvEntry represents an entry in the + application's environment properties: name: - description: the name, usually uppercase + description: Name is the name of the variable, + usually expressed in uppercase type: string value: - description: the value + description: Value is the value of the variable type: string required: - name @@ -1646,19 +6275,22 @@ spec: type: string type: object repoURL: - description: RepoURL is the repository URL of the application - manifests + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the commit, tag, or - branch in which to sync the application to. If omitted, - will sync to HEAD + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL type: object syncPolicy: - description: SyncPolicy controls when a sync will be performed + description: SyncPolicy controls when and how a sync will + be performed properties: automated: description: Automated will keep an application synced @@ -1669,19 +6301,22 @@ spec: resources (default: false)' type: boolean prune: - description: 'Prune will prune resources automatically - as part of automated sync (default: false)' + description: 'Prune specifies whether to delete resources + from the cluster that are not found in the sources + anymore as part of automated sync (default: false)' type: boolean selfHeal: - description: 'SelfHeal enables auto-syncing if (default: - false)' + description: 'SelfHeal specifes whether to revert + resources back to their desired state upon modification + in the cluster (default: false)' type: boolean type: object retry: description: Retry controls failed sync retry behavior properties: backoff: - description: Backoff is a backoff strategy + description: Backoff controls how to backoff on subsequent + retries of failed syncs properties: duration: description: Duration is the amount to back off. @@ -1700,7 +6335,8 @@ spec: type: object limit: description: Limit is the maximum number of attempts - when retrying a container + for retrying a failed sync. If set to 0, no retries + will be performed. format: int64 type: integer type: object diff --git a/charts/argocd-applicationset/templates/_helpers.tpl b/charts/argocd-applicationset/templates/_helpers.tpl index 4d0e98b5..e86139e1 100644 --- a/charts/argocd-applicationset/templates/_helpers.tpl +++ b/charts/argocd-applicationset/templates/_helpers.tpl @@ -40,7 +40,6 @@ helm.sh/chart: {{ include "argo-applicationset.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/name: {{ include "argo-applicationset.name" . }} app.kubernetes.io/part-of: argo-cd-applicationset app.kubernetes.io/component: controller {{- end }} diff --git a/charts/argocd-applicationset/templates/crds.yaml b/charts/argocd-applicationset/templates/crds.yaml deleted file mode 100644 index 45ab72d4..00000000 --- a/charts/argocd-applicationset/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/argocd-applicationset/templates/deployment.yaml b/charts/argocd-applicationset/templates/deployment.yaml index d2cd345c..a577854b 100644 --- a/charts/argocd-applicationset/templates/deployment.yaml +++ b/charts/argocd-applicationset/templates/deployment.yaml @@ -17,6 +17,9 @@ spec: {{- end }} labels: {{- include "argo-applicationset.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -50,6 +53,8 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: + - mountPath: /tmp + name: tmp-dir {{- if .Values.mountSSHKnownHostsVolume }} - mountPath: /app/config/ssh name: ssh-known-hosts @@ -66,7 +71,12 @@ spec: - mountPath: /app/config/gpg/keys name: gpg-keyring {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} volumes: + - emptyDir: {} + name: tmp-dir {{- if .Values.mountSSHKnownHostsVolume }} - configMap: name: argocd-ssh-known-hosts-cm @@ -86,6 +96,9 @@ spec: - emptyDir: {} name: gpg-keyring {{- end }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -98,3 +111,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/charts/argocd-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml index f7be897d..5c9f8225 100644 --- a/charts/argocd-applicationset/values.yaml +++ b/charts/argocd-applicationset/values.yaml @@ -2,49 +2,66 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- The number of controller pods to run replicaCount: 1 -installCRDs: true - image: - # The image repository - repository: quay.io/argocdapplicationset/argocd-applicationset - # Image pull policy + # -- The image repository + repository: quay.io/argoproj/argocd-applicationset + # -- Image pull policy pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + # -- Overrides the image tag whose default is the chart appVersion. tag: "" args: + # -- The default metric address metricsAddr: :8080 + # -- The default health check port probeBindAddr: :8081 + # -- The default leader election setting enableLeaderElection: false + # -- The default Argo CD repo namespace namespace: argocd + # -- The default Argo CD repo server address argocdRepoServer: argocd-repo-server:8081 + # -- How application is synced between the generator and the cluster policy: sync + # -- Print debug logs debug: false + # -- Enable dry run mode dryRun: false +# -- If defined, uses a Secret to pull an image from a private Docker registry or repository. imagePullSecrets: [] +# -- Provide a name in place of `argocd-applicationset` nameOverride: "" +# -- Override the default fully qualified app name fullnameOverride: "" serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" +# -- Annotations for the controller pods podAnnotations: {} +# -- Labels for the controller pods +podLabels: {} + rbac: + # -- Enable Pod Security Policy pspEnabled: true +# -- Pod Security Context podSecurityContext: {} # fsGroup: 2000 +# -- Security Context securityContext: {} # capabilities: # drop: @@ -53,6 +70,7 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +# -- Resource limits and requests for the controller pods. resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -65,13 +83,33 @@ resources: {} # cpu: 100m # memory: 128Mi +# -- [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) nodeSelector: {} +# -- [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) tolerations: [] +# -- [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) affinity: {} +# -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. +priorityClassName: "" + +# -- Mount the `argocd-ssh-known-hosts-cm` volume mountSSHKnownHostsVolume: true +# -- Mount the `argocd-tls-certs-cm` volume mountTLSCertsVolume: true +# -- Mount the `argocd-gpg-keys-cm` volume mountGPGKeysVolume: false +# -- Mount an emptyDir volume for `gpg-keyring` mountGPGKeyringVolume: true + +# -- List of extra mounts to add (normally used with extraVolumes) +extraVolumeMounts: [] + # - mountPath: /tmp/foobar + # name: foobar + +# -- List of extra volumes to add +extraVolumes: [] + # - name: foobar + # emptyDir: {} diff --git a/charts/argo-ci/.helmignore b/charts/argocd-image-updater/.helmignore similarity index 95% rename from charts/argo-ci/.helmignore rename to charts/argocd-image-updater/.helmignore index f0c13194..0e8a0eb3 100644 --- a/charts/argo-ci/.helmignore +++ b/charts/argocd-image-updater/.helmignore @@ -14,8 +14,10 @@ *.swp *.bak *.tmp +*.orig *~ # Various IDEs .project .idea/ *.tmproj +.vscode/ diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml new file mode 100644 index 00000000..1ace2616 --- /dev/null +++ b/charts/argocd-image-updater/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: argocd-image-updater +description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD +type: application +version: 0.1.0 +appVersion: v0.10.1 +home: https://github.com/argoproj-labs/argocd-image-updater +icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png +keywords: + - argoproj + - argocd + - gitops +maintainers: + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/changes: | + - "[Added]: First chart release" diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md new file mode 100644 index 00000000..d3440dd6 --- /dev/null +++ b/charts/argocd-image-updater/README.md @@ -0,0 +1,86 @@ +# argocd-image-updater + +A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Installation + +```console +helm repo add argo https://argoproj.github.io/argo-helm +helm install argocd-image-updater argo/argocd-image-updater +``` + +You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). + +## TODO + +- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something. + +## Prerequisites + +* Helm v3.0.0+ + +## Configuration options + +In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). + +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: + +```yaml +config: + argocd: + grpcWeb: false + serverAddress: "http://argocd.argo" + insecure: true + plaintext: true +``` + +Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. + +### Registries + +ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): + +- Docker Hub +- Google Container Registry +- RedHat Quay +- GitHub Container Registry +- GitHub Docker Packages + +If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. + +The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Kubernetes affinity settings for the deployment | +| config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | +| config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. | +| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. | +| config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | +| config.logLevel | string | `"info"` | ArgoCD Image Update log level | +| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | +| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in config.argocd | +| fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | +| image.pullPolicy | string | `"Always"` | Default image pull policy | +| image.repository | string | `"argoprojlabs/argocd-image-updater"` | Default image repository | +| image.tag | string | `"v0.10.1"` | Default image tag | +| imagePullSecrets | list | `[]` | ImagePullSecrets for the image updater deployment | +| nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | +| nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | +| podAnnotations | object | `{}` | Pod Annotations for the deployment | +| podSecurityContext | object | `{}` | Pod security context settings for the deployment | +| rbac.enabled | bool | `true` | Enable RBAC creation | +| replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. | +| resources | object | `{}` | Pod memory and cpu resource settings for the deployment | +| securityContext | object | `{}` | Security context settings for the deployment | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| tolerations | list | `[]` | Kubernetes toleration settings for the deployment | diff --git a/charts/argocd-image-updater/README.md.gotmpl b/charts/argocd-image-updater/README.md.gotmpl new file mode 100644 index 00000000..eab46779 --- /dev/null +++ b/charts/argocd-image-updater/README.md.gotmpl @@ -0,0 +1,58 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Installation + +```console +helm repo add argo https://argoproj.github.io/argo-helm +helm install argocd-image-updater argo/argocd-image-updater +``` + +You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). + +## TODO + +- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something. + +## Prerequisites + +* Helm v3.0.0+ + +## Configuration options + +In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). + +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: + +```yaml +config: + argocd: + grpcWeb: false + serverAddress: "http://argocd.argo" + insecure: true + plaintext: true +``` + +Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. + +### Registries + +ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): + +- Docker Hub +- Google Container Registry +- RedHat Quay +- GitHub Container Registry +- GitHub Docker Packages + +If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. + +The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. + +{{ template "chart.valuesSection" . }} diff --git a/charts/argocd-image-updater/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl new file mode 100644 index 00000000..5c0be1da --- /dev/null +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "argocd-image-updater.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argocd-image-updater.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argocd-image-updater.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "argocd-image-updater.labels" -}} +helm.sh/chart: {{ include "argocd-image-updater.chart" . }} +{{ include "argocd-image-updater.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argocd-image-updater.selectorLabels" -}} +app.kubernetes.io/name: {{ include "argocd-image-updater.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "argocd-image-updater.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "argocd-image-updater.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml new file mode 100644 index 00000000..dab468a2 --- /dev/null +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: argocd-image-updater-config +data: + registries.conf: | + {{- with .Values.config.registries }} + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml new file mode 100644 index 00000000..cfc350ec --- /dev/null +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argocd-image-updater.fullname" . }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "argocd-image-updater.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argocd-image-updater.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + command: + - /usr/local/bin/argocd-image-updater + - run + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: ARGOCD_GRPC_WEB + value: {{ .Values.config.argocd.grpcWeb | quote }} + - name: ARGOCD_SERVER + value: {{ .Values.config.argocd.serverAddress }} + - name: ARGOCD_INSECURE + value: {{ .Values.config.argocd.insecure | quote }} + - name: ARGOCD_PLAINTEXT + value: {{ .Values.config.argocd.plaintext | quote }} + - name: ARGOCD_TOKEN + valueFrom: + secretKeyRef: + key: argocd.token + name: argocd-image-updater-secret + optional: true + - name: IMAGE_UPDATER_LOGLEVEL + value: {{ .Values.config.logLevel }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - mountPath: /app/config + name: registries-conf + volumes: + - configMap: + items: + - key: registries.conf + path: registries.conf + name: argocd-image-updater-config + name: registries-conf + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml new file mode 100644 index 00000000..cb508a43 --- /dev/null +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -0,0 +1,48 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{ include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} +rules: + - apiGroups: + - '' + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{ include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml new file mode 100644 index 00000000..c208ee69 --- /dev/null +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "argocd-image-updater.serviceAccountName" . }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml new file mode 100644 index 00000000..f939137c --- /dev/null +++ b/charts/argocd-image-updater/values.yaml @@ -0,0 +1,102 @@ +# -- Replica count for the deployment. It is not advised to run more than one replica. +replicaCount: 1 +image: + # -- Default image repository + repository: argoprojlabs/argocd-image-updater + # -- Default image pull policy + pullPolicy: Always + # -- Default image tag + tag: v0.10.1 + +# -- ImagePullSecrets for the image updater deployment +imagePullSecrets: [] +# -- Global name (argocd-image-updater.name in _helpers.tpl) override +nameOverride: "" +# -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override +fullnameOverride: "" + +# -- Extra arguments for argocd-image-updater not defined in config.argocd +extraArgs: [] + # - --disable-kubernetes + # - --dry-run + # - --health-port 8080 + # - --interval 2m + # - --kubeconfig ~/.kube/config + # - --match-application-name staging-* + # - --max-concurrency 5 + # - --once + # - --registries-conf-path /app/config/registries.conf + +config: + # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + argocd: + # -- Use the gRPC-web protocol to connect to the Argo CD API + grpcWeb: true + # -- Connect to the Argo CD API server at server address + serverAddress: "" + # -- If specified, the certificate of the Argo CD API server is not verified. + insecure: false + # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. + plaintext: false + + # -- ArgoCD Image Update log level + logLevel: "info" + + # -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) + registries: [] + # - name: Docker Hub + # api_url: https://registry-1.docker.io + # ping: yes + # credentials: secret:foo/bar#creds + # defaultns: library + # - name: Google Container Registry + # api_url: https://gcr.io + # prefix: gcr.io + # ping: no + # credentials: pullsecret:foo/bar + # - name: RedHat Quay + # api_url: https://quay.io + # ping: no + # prefix: quay.io + # credentials: env:REGISTRY_SECRET + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- Pod Annotations for the deployment +podAnnotations: {} + +# -- Pod security context settings for the deployment +podSecurityContext: {} + # fsGroup: 2000 + +# -- Security context settings for the deployment +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +rbac: + # -- Enable RBAC creation + enabled: true + +# -- Pod memory and cpu resource settings for the deployment +resources: {} + +# -- Kubernetes nodeSelector settings for the deployment +nodeSelector: {} + +# -- Kubernetes toleration settings for the deployment +tolerations: [] + +# -- Kubernetes affinity settings for the deployment +affinity: {} diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 12c03d53..fe9b6f45 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,9 +3,9 @@ appVersion: 1.1.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.2.0 +version: 1.5.0 home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png +icon: https://argocd-notifications.readthedocs.io/en/stable/assets/logo.png keywords: - argoproj - argocd @@ -13,3 +13,6 @@ keywords: maintainers: - name: alexmt - name: andyfeller +annotations: + artifacthub.io/changes: | + - "[Added]: Configuration for Pod labels" diff --git a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml index badee60f..f888811c 100644 --- a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} labels: {{- include "argocd-notifications.bots.slack.labels" . | nindent 4 }} + {{- with .Values.bots.slack.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{ end }} {{ end }} diff --git a/charts/argocd-notifications/templates/configmap.yaml b/charts/argocd-notifications/templates/configmap.yaml index 442234bc..7b5186c0 100644 --- a/charts/argocd-notifications/templates/configmap.yaml +++ b/charts/argocd-notifications/templates/configmap.yaml @@ -2,12 +2,15 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "argocd-notifications.name" . }}-cm + name: argocd-notifications-cm labels: {{- include "argocd-notifications.labels" . | nindent 4 }} data: context: | argocdUrl: {{ .Values.argocdUrl | quote }} + {{- with .Values.context }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.notifiers }} {{- toYaml . | nindent 2 }} {{- end }} @@ -21,4 +24,4 @@ data: {{- with .Values.triggers }} {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argocd-notifications/templates/deployment.yaml b/charts/argocd-notifications/templates/deployment.yaml index 0e18f698..f1d9ab5e 100644 --- a/charts/argocd-notifications/templates/deployment.yaml +++ b/charts/argocd-notifications/templates/deployment.yaml @@ -20,6 +20,9 @@ spec: {{- end }} labels: {{- include "argocd-notifications.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/charts/argocd-notifications/templates/secret.yaml b/charts/argocd-notifications/templates/secret.yaml index 11cf4c78..e912eef7 100644 --- a/charts/argocd-notifications/templates/secret.yaml +++ b/charts/argocd-notifications/templates/secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "argocd-notifications.name" . }}-secret + name: argocd-notifications-secret labels: {{- include "argocd-notifications.labels" . | nindent 4 }} type: Opaque diff --git a/charts/argocd-notifications/templates/service-metrics.yaml b/charts/argocd-notifications/templates/service-metrics.yaml index 5645a4d3..aea5d90e 100644 --- a/charts/argocd-notifications/templates/service-metrics.yaml +++ b/charts/argocd-notifications/templates/service-metrics.yaml @@ -5,6 +5,13 @@ metadata: name: {{ include "argocd-notifications.name" . }}-metrics labels: {{- include "argocd-notifications.metrics.labels" . | nindent 4 }} + {{- with .Values.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: {{- include "argocd-notifications.selectorLabels" . | nindent 4 }} diff --git a/charts/argocd-notifications/templates/serviceaccount.yaml b/charts/argocd-notifications/templates/serviceaccount.yaml index 591d13bd..418b6800 100644 --- a/charts/argocd-notifications/templates/serviceaccount.yaml +++ b/charts/argocd-notifications/templates/serviceaccount.yaml @@ -5,4 +5,8 @@ metadata: name: {{ include "argocd-notifications.serviceAccountName" . }} labels: {{- include "argocd-notifications.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index ace4c84e..6eeb97a0 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -19,6 +19,11 @@ nodeSelector: {} updateStrategy: type: Recreate +context: + # Add custom values into context + # region: east + # environmentName: staging + secret: # Whether helm chart creates controller secret create: true @@ -47,6 +52,9 @@ extraArgs: [] metrics: enabled: false port: 9001 + service: + annotations: {} + labels: {} serviceMonitor: enabled: false additionalLabels: {} @@ -65,6 +73,8 @@ notifiers: podAnnotations: {} +podLabels: {} + ## Pod Security Context securityContext: runAsNonRoot: true @@ -88,6 +98,8 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-controller + annotations: {} + cm: # Whether helm chart creates controller config map create: true @@ -336,6 +348,10 @@ triggers: # send: # - app-sync-succeeded # when: app.status.operationState.phase in ['Succeeded'] + # + # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers + # defaultTriggers: | + # - on-sync-status-unknown bots: # For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/ @@ -366,6 +382,8 @@ bots: # If not set and create is true, a name is generated using the fullname template name: argocd-notifications-bot + annotations: {} + resources: {} # limits: # cpu: 100m diff --git a/scripts/lint.sh b/scripts/lint.sh index 8f084c5b..2a4e8c9f 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -1,19 +1,17 @@ #!/bin/bash +# This script runs the chart-testing tool locally. It simulates the linting that is also done by the github action. Run this without any errors before pushing. +# Reference: https://github.com/helm/chart-testing set -eux SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - name=$(basename $dir) - echo "Running Helm linting for $name" - docker run \ - -v "$SRCROOT:/workdir" \ - gcr.io/kubernetes-charts-ci/test-image:v3.1.0 \ - ct \ - lint \ - --config .circleci/chart-testing.yaml \ - --lint-conf .circleci/lintconf.yaml \ - --charts "/workdir/charts/${name}" -done +echo -e "\n-- Linting all Helm Charts --\n" +docker run \ + -v "$SRCROOT:/workdir" \ + --entrypoint /bin/sh \ + quay.io/helmpack/chart-testing:v3.3.1 \ + -c cd /workdir \ + ct lint \ + --config .github/configs/ct-lint.yaml \ + --lint-conf .github/configs/lintconf.yaml \ + --debug diff --git a/scripts/publish.sh b/scripts/publish.sh deleted file mode 100755 index 025ba5d9..00000000 --- a/scripts/publish.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -set -eux - -SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" -GIT_PUSH=${GIT_PUSH:-false} - -rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output - -helm repo add argoproj https://argoproj.github.io/argo-helm - -for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - rm -rf $dir/charts - - name=$(basename $dir) - - if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ] - then - echo "Processing chart dependencies" - helm --debug dep build $dir - # Bug with Helm subcharts with hyphen on them - # https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684 - if [ "$name" == "argo-cd" ] - then - echo "Restore ArgoCD RedisHA subchart" - tar -C $dir/charts -xf $dir/charts/redis-ha-*.tgz - fi - fi - - echo "Processing $dir" - helm --debug package $dir -done - -cp $SRCROOT/*.tgz output/ -cd $SRCROOT/output && helm repo index . - -cd $SRCROOT/output && git status - -if [ "$GIT_PUSH" == "true" ] -then - cd $SRCROOT/output && git add . && git commit -m "Publish charts" && git push git@github.com:argoproj/argo-helm.git gh-pages -fi