Merge branch 'main' into dependabot/github_actions/helm/chart-releaser-action-1.5.0

2023-01-11 07:37:12 +01:00 · 2023-01-11 07:37:12 +01:00 · e67927046e
commit e67927046e
parent 33d96ff888 136d8c4fca
21 changed files with 208 additions and 160 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.5.5
+appVersion: v2.5.6
 kubeVersion: ">=1.22.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.16.14
+version: 5.17.1
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -23,6 +23,4 @@ dependencies:
    condition: redis-ha.enabled
 annotations:
  artifacthub.io/changes: |
-    - "[Docs]: Added sample how to provide K8s credentials plugin"
+    - "[Changed]: Update Argo CD to v2.5.6"
    - "[Docs]: Added sample how to provide Argo config management plugin"
    - "[Docs]: Removed samples that injects tools into incorrect controllers"
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -362,7 +362,8 @@ NAME: my-release
 | crds.annotations | object | `{}` | Annotations to be added to all CRDs |
 | crds.install | bool | `true` | Install and upgrade CRDs |
 | crds.keep | bool | `true` | Keep CRDs on chart uninstall |
-| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds |
+| createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources |
 | createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. |
 | extraObjects | list | `[]` | Array of extra K8s manifests to deploy |
 | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
@ -451,7 +452,6 @@ NAME: my-release
 |-----|------|---------|-------------|
 | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
 | controller.args | object | `{}` | DEPRECATED - Application controller commandline flags |
 | controller.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments |
 | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
 | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
 | controller.containerPort | int | `8082` | Application controller listening port |
@ -529,7 +529,6 @@ NAME: my-release
 | repoServer.certificateSecret.enabled | bool | `false` | Create argocd-repo-server-tls secret |
 | repoServer.certificateSecret.key | string | `""` | Certificate private key |
 | repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret |
 | repoServer.clusterAdminAccess.enabled | bool | `false` | Enable RBAC for local cluster deployments |
 | repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource |
 | repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource |
 | repoServer.containerPort | int | `8081` | Configures the repo server port |
@ -631,7 +630,6 @@ NAME: my-release
 | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret |
 | server.certificateSecret.key | string | `""` | Private Key of the certificate |
 | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret |
 | server.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments |
 | server.containerPort | int | `8080` | Configures the server port |
 | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
 | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment |
@ -972,6 +970,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller |
 | applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller |
 | applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
 | applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod |
 | applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller |
 | applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | applicationSet.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
@ -1065,6 +1064,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment |
 | notifications.enabled | bool | `true` | Enable notifications controller |
 | notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller |
 | notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod |
 | notifications.extraEnv | list | `[]` | Additional container environment variables |
 | notifications.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the notifications controller |
 | notifications.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) |
@ -1073,6 +1073,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | notifications.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the notifications controller |
 | notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller |
 | notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod |
 | notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` |
 | notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` |
 | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server |
--- a/charts/argo-cd/templates/NOTES.txt
+++ b/charts/argo-cd/templates/NOTES.txt
@ -52,6 +52,18 @@ DEPRECATED option configs.gpgKeys - Use config.gpg.keys
 {{- if .Values.configs.gpgKeysAnnotations }}
 DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
 {{- end }}
 {{- if hasKey .Values "createAggregateRoles" }}
 DEPRECATED option createAggregateRoles - Use global.rbac.aggregatedRoles
 {{- end }}
 {{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }}
 DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles
 {{- end }}
 {{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }}
 DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
 {{- end }}
 {{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }}
 DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
 {{- end }}
 {{- if .Values.controller.service }}
 REMOVED option controller.service - Use controller.metrics
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
@ -1,23 +1,24 @@
-{{- if .Values.controller.clusterAdminAccess.enabled }}
+{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ template "argo-cd.controller.fullname" . }}
+  name: {{ include "argo-cd.controller.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
  {{- if .Values.controller.clusterRoleRules.enabled }}
-  {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 0 }}
+    {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
  {{- else }}
- apiGroups:
+  - apiGroups:
-  - '*'
+    - '*'
-  resources:
+    resources:
-  - '*'
+    - '*'
-  verbs:
+    verbs:
-  - '*'
+    - '*'
- nonResourceURLs:
+  - nonResourceURLs:
-  - '*'
+    - '*'
-  verbs:
+    verbs:
-  - '*'
+    - '*'
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
@ -1,16 +1,17 @@
-{{- if .Values.controller.clusterAdminAccess.enabled }}
+{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "argo-cd.controller.fullname" . }}
+  name: {{ include "argo-cd.controller.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ template "argo-cd.controller.fullname" . }}
+  name: {{ include "argo-cd.controller.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "argo-cd.controllerServiceAccountName" . }}
+  name: {{ include "argo-cd.controllerServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
-{{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -257,7 +257,11 @@ spec:
        - mountPath: /home/argocd
          name: argocd-home
      {{- with .Values.controller.extraContainers }}
-        {{- toYaml . | nindent 6 }}
+        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.controller.initContainers }}
      initContainers:
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.controller.nodeSelector }}
      nodeSelector:
@ -304,10 +308,6 @@ spec:
            path: tls.key
          - key: ca.crt
            path: ca.crt
      {{- with .Values.controller.initContainers }}
      initContainers:
        {{- toYaml . | nindent 6 }}
      {{- end }}
      {{- with .Values.controller.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
@ -125,8 +125,12 @@ spec:
            - mountPath: /tmp
              name: tmp
        {{- with .Values.applicationSet.extraContainers }}
-          {{- toYaml . | nindent 8 }}
+          {{- tpl (toYaml .) $ | nindent 8 }}
        {{- end }}
      {{- with .Values.applicationSet.initContainers }}
      initContainers:
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.applicationSet.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
--- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml
@ -81,12 +81,39 @@ spec:
            {{- with .Values.notifications.extraVolumeMounts }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
        {{- with .Values.notifications.extraContainers }}
          {{- tpl (toYaml . ) $ | nindent 8 }}
        {{- end }}
      {{- with .Values.notifications.initContainers }}
      initContainers:
        {{- tpl (toYaml . ) $ | nindent 8 }}
      {{- end }}
      {{- with .Values.notifications.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.notifications.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.notifications.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.notifications.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      volumes:
-        - configMap:
+        {{- with .Values.notifications.extraVolumes }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: tls-certs
          configMap:
            name: argocd-tls-certs-cm
          name: tls-certs
        - name: argocd-repo-server-tls
          secret:
            secretName: argocd-repo-server-tls
            optional: true
            items:
            - key: tls.crt
              path: tls.crt
@ -94,24 +121,4 @@ spec:
              path: tls.key
            - key: ca.crt
              path: ca.crt
            optional: true
            secretName: argocd-repo-server-tls
        {{- with .Values.notifications.extraVolumes }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.notifications.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.notifications.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.notifications.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.notifications.priorityClassName }}
      priorityClassName: {{ . }}
    {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
@ -1,23 +1,24 @@
-{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }}
+{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ template "argo-cd.repoServer.fullname" . }}
+  name: {{ include "argo-cd.repoServer.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 rules:
  {{- if .Values.repoServer.clusterRoleRules.enabled }}
-  {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 0 }}
+    {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
  {{- else }}
- apiGroups:
+  - apiGroups:
-  - '*'
+    - '*'
-  resources:
+    resources:
-  - '*'
+    - '*'
-  verbs:
+    verbs:
-  - '*'
+    - '*'
- nonResourceURLs:
+  - nonResourceURLs:
-  - '*'
+    - '*'
-  verbs:
+    verbs:
-  - '*'
+    - '*'
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
@ -1,16 +1,17 @@
-{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }}
+{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "argo-cd.repoServer.fullname" . }}
+  name: {{ include "argo-cd.repoServer.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ template "argo-cd.repoServer.fullname" . }}
+  name: {{ include "argo-cd.repoServer.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "argo-cd.repoServerServiceAccountName" . }}
+  name: {{ include "argo-cd.repoServerServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -264,7 +264,30 @@ spec:
        securityContext:
          {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
      {{- with .Values.repoServer.extraContainers }}
-        {{- toYaml . | nindent 6 }}
+        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      initContainers:
      - command:
        - cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        name: copyutil
        {{- with .Values.repoServer.resources }}
        resources:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
      {{- with .Values.repoServer.initContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.repoServer.nodeSelector }}
      nodeSelector:
@ -328,29 +351,6 @@ spec:
            path: tls.key
          - key: ca.crt
            path: ca.crt
      initContainers:
      - command:
        - cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        name: copyutil
        {{- with .Values.repoServer.resources }}
        resources:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
      {{- with .Values.repoServer.initContainers }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
      {{- with .Values.repoServer.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
@ -1,4 +1,5 @@
-{{- if .Values.server.clusterAdminAccess.enabled }}
+{{- $config := .Values.server.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
@ -1,16 +1,17 @@
-{{- if .Values.server.clusterAdminAccess.enabled }}
+{{- $config := .Values.server.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "argo-cd.server.fullname" . }}
+  name: {{ include "argo-cd.server.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ template "argo-cd.server.fullname" . }}
+  name: {{ include "argo-cd.server.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "argo-cd.serverServiceAccountName" . }}
+  name: {{ include "argo-cd.serverServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
-{{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -319,9 +319,6 @@ spec:
        lifecycle:
          {{- toYaml . | nindent 10 }}
        {{- end }}
      {{- with .Values.server.extraContainers }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
      {{- if .Values.server.extensions.enabled }}
      - name: argocd-extensions
        image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }}
@ -336,6 +333,13 @@ spec:
          - name: tmp
            mountPath: /tmp
      {{- end }}
      {{- with .Values.server.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.server.initContainers }}
      initContainers:
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.server.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@ -406,10 +410,6 @@ spec:
            path: tls.crt
          - key: ca.crt
            path: ca.crt
      {{- with .Values.server.initContainers }}
      initContainers:
        {{- toYaml . | nindent 6 }}
      {{- end }}
      {{- with .Values.server.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -43,27 +43,6 @@ spec:
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      initContainers:
      - name: copyutil
        image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
        command:
        - cp
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
        volumeMounts:
        - mountPath: /shared
          name: static-files
        - mountPath: /tmp
          name: dexconfig
        resources:
          {{- toYaml .Values.dex.resources | nindent 10 }}
        securityContext:
          {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
      {{- with .Values.dex.initContainers }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
      containers:
      - name: {{ .Values.dex.name }}
        image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
@ -136,7 +115,28 @@ spec:
        - name: argocd-dex-server-tls
          mountPath: /tls
      {{- with .Values.dex.extraContainers }}
-        {{- toYaml . | nindent 6 }}
+        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      initContainers:
      - name: copyutil
        image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
        command:
        - cp
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
        volumeMounts:
        - mountPath: /shared
          name: static-files
        - mountPath: /tmp
          name: dexconfig
        resources:
          {{- toYaml .Values.dex.resources | nindent 10 }}
        securityContext:
          {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
      {{- with .Values.dex.initContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.dex.nodeSelector }}
      nodeSelector:
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -41,10 +41,6 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }}
      {{- with .Values.redis.initContainers }}
      initContainers:
        {{- toYaml . | nindent 6 }}
      {{- end }}
      containers:
      - name: {{ .Values.redis.name }}
        image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
@ -96,7 +92,11 @@ spec:
          {{- toYaml .Values.redis.metrics.containerSecurityContext | nindent 10 }}
      {{- end }}
      {{- with .Values.redis.extraContainers }}
-        {{- toYaml . | nindent 6 }}
+        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.redis.initContainers }}
      initContainers:
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.redis.nodeSelector }}
      nodeSelector:
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -19,9 +19,12 @@ apiVersionOverrides:
  # -- String to override apiVersion of autoscaling rendered by this helm chart
  autoscaling: "" # autoscaling/v2
-# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds
+# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
 ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
 createAggregateRoles: false
 # -- Create cluster roles for cluster-wide installation.
 ## Used when you manage applications in the same cluster where Argo CD runs
 createClusterRoles: true
 openshift:
  # -- enables using arbitrary uid for argo repo server
@ -436,6 +439,7 @@ configs:
  #  }
 # -- Array of extra K8s manifests to deploy
 ## Note: Supports use of custom Helm templates
 extraObjects: []
  # - apiVersion: secrets-store.csi.x-k8s.io/v1
  #   kind: SecretProviderClass
@ -535,12 +539,14 @@ controller:
  #     name: secret-name
  # -- Additional containers to be added to the application controller pod
  ## Note: Supports use of custom Helm templates
  extraContainers: []
  # -- Init containers to add to the application controller pod
  ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
  ## you could use this (and the same in the server pod) to provide such executable
  ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
  ## Note: Supports use of custom Helm templates
  initContainers: []
  #  - name: download-tools
  #    image: alpine:3
@ -718,11 +724,6 @@ controller:
    #   additionalLabels: {}
    #   annotations: {}
  ## Enable if you would like to grant rights to Argo CD to deploy to the local Kubernetes cluster.
  clusterAdminAccess:
    # -- Enable RBAC for local cluster deployments
    enabled: true
  ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
  ## Defaults to off
  clusterRoleRules:
@ -829,9 +830,11 @@ dex:
  #     name: secret-name
  # -- Additional containers to be added to the dex pod
  ## Note: Supports use of custom Helm templates
  extraContainers: []
  # -- Init containers to add to the dex pod
  ## Note: Supports use of custom Helm templates
  initContainers: []
  # -- Additional volumeMounts to the dex main container
@ -1014,9 +1017,11 @@ redis:
  #     name: secret-name
  # -- Additional containers to be added to the redis pod
  ## Note: Supports use of custom Helm templates
  extraContainers: []
  # -- Init containers to add to the redis pod
  ## Note: Supports use of custom Helm templates
  initContainers: []
  # -- Additional volumeMounts to the redis container
@ -1355,7 +1360,7 @@ server:
    #    memory: 64Mi
  # -- Additional containers to be added to the server pod
-  ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
+  ## Note: Supports use of custom Helm templates
  extraContainers: []
  # - name: my-sidecar
  #   image: nginx:latest
@ -1732,12 +1737,6 @@ server:
    # -- Termination policy of Openshift Route
    termination_policy: None
  ## Enable Admin ClusterRole resources.
  ## Enable if you would like to grant rights to Argo CD to deploy to the local Kubernetes cluster.
  clusterAdminAccess:
    # -- Enable RBAC for local cluster deployments
    enabled: true
  GKEbackendConfig:
    # -- Enable BackendConfig custom resource for Google Kubernetes Engine
    enabled: false
@ -1854,11 +1853,13 @@ repoServer:
  # -- Additional containers to be added to the repo server pod
  ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
  ## Note: Supports use of custom Helm templates
  extraContainers: []
  # - name: cmp
  #   # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server
  #   command: [/var/run/argocd/argocd-cmp-server]
-  #   image: busybox # This can be off-the-shelf or custom-built image
+  #   # This can be off-the-shelf or custom-built image
  #   image: busybox
  #   securityContext:
  #     runAsNonRoot: true
  #     runAsUser: 999
@ -2031,11 +2032,6 @@ repoServer:
      # -- Prometheus ServiceMonitor annotations
      annotations: {}
  ## Enable Admin ClusterRole resources.
  ## Enable if you would like to grant cluster rights to Argo CD repo server.
  clusterAdminAccess:
    # -- Enable RBAC for local cluster deployments
    enabled: false
  ## Enable Custom Rules for the Repo server's Cluster Role resource
  ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
  ## Defaults to off
@ -2147,8 +2143,13 @@ applicationSet:
    #     name: secret-name
  # -- Additional containers to be added to the ApplicationSet controller pod
  ## Note: Supports use of custom Helm templates
  extraContainers: []
  # -- Init containers to add to the ApplicationSet controller pod
  ## Note: Supports use of custom Helm templates
  initContainers: []
  # -- List of extra mounts to add (normally used with extraVolumes)
  extraVolumeMounts: []
@ -2395,6 +2396,14 @@ notifications:
    # - secretRef:
    #     name: secret-name
  # -- Additional containers to be added to the notifications controller pod
  ## Note: Supports use of custom Helm templates
  extraContainers: []
  # -- Init containers to add to the notifications controller pod
  ## Note: Supports use of custom Helm templates
  initContainers: []
  # -- List of extra mounts to add (normally used with extraVolumes)
  extraVolumeMounts: []
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v3.4.4
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.22.7
+version: 0.22.8
 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -13,4 +13,4 @@ maintainers:
    url: https://argoproj.github.io/
 annotations:
  artifacthub.io/changes: |
-    - "[Added]: Support podGCDeleteDelayDuration and podGCGracePeriodSeconds"
+    - "[Added]: Helm helper function to allow image registry to be absent"
--- a/charts/argo-workflows/templates/_helpers.tpl
+++ b/charts/argo-workflows/templates/_helpers.tpl
@ -142,3 +142,14 @@ Return the default Argo Workflows app version
 {{- define "argo-workflows.defaultTag" -}}
  {{- default .Chart.AppVersion .Values.images.tag }}
 {{- end -}}
 {{/*
 Return full image name including or excluding registry based on existence
 */}}
 {{- define "argo-workflows.image" -}}
 {{- if and .image.registry .image.repository -}}
  {{ .image.registry }}/{{ .image.repository }}
 {{- else -}}
  {{ .image.repository }}
 {{- end -}}
 {{- end -}}
--- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
@ -34,14 +34,14 @@ spec:
      {{- end }}
      containers:
        - name: controller
-          image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}"
+          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}"
          imagePullPolicy: {{ .Values.images.pullPolicy }}
          command: [ "workflow-controller" ]
          args:
          - "--configmap"
          - "{{ template "argo-workflows.controller.fullname" . }}-configmap"
          - "--executor-image"
-          - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
+          - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
          - "--loglevel"
          - "{{ .Values.controller.logging.level }}"
          - "--gloglevel"
--- a/charts/argo-workflows/templates/server/server-deployment.yaml
+++ b/charts/argo-workflows/templates/server/server-deployment.yaml
@ -35,7 +35,7 @@ spec:
      {{- end }}
      containers:
        - name: argo-server
-          image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}"
+          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}"
          imagePullPolicy: {{ .Values.images.pullPolicy }}
          securityContext:
            {{- toYaml .Values.server.securityContext | nindent 12 }}