Merge branch 'master' into update-argocd-notifications-v1.1.0

charts/argo-applicationset/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: argocd-applicationset
 description: A Helm chart for installing ArgoCD ApplicationSet
 type: application
-version: 0.1.0
-appVersion: "v0.1.0-prerelease"
+version: 0.1.2
+appVersion: "v0.1.0"
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:

charts/argo-applicationset/README.md

@@ -27,6 +27,17 @@ NAME: my-release
 
 Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
 
+### Testing
+
+Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing).
+
+```console
+kind create cluster
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+ct install --namespace argocd
+```
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -46,6 +57,10 @@ Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings
 | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
 | installCRDs | bool | `true` | Install Custom Resource Definition |
+| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume |
+| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume |
+| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume |
+| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` |
 | nameOverride | string | `""` | Provide a name in place of `argo-applicationset` |
 | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
 | podAnnotations | object | `{}` | Annotations for the controller pods |

charts/argo-applicationset/ci/default-values.yaml

@@ -0,0 +1,77 @@
+# Default values for argo-applicationset.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+installCRDs: false # this needs to be false with ct
+
+image:
+  # The image repository
+  repository: quay.io/argocdapplicationset/argocd-applicationset
+  # Image pull policy
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+args:
+  metricsAddr: :8080
+  probeBindAddr: :8081
+  enableLeaderElection: false
+  namespace: argocd
+  argocdRepoServer: argocd-repo-server:8081
+  policy: sync
+  debug: false
+  dryRun: false
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+rbac:
+  pspEnabled: true
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+mountSSHKnownHostsVolume: true
+mountTLSCertsVolume: true
+mountGPGKeysVolume: false
+mountGPGKeyringVolume: true

charts/argo-applicationset/ci/leader-election-values.yaml

@@ -0,0 +1,6 @@
+args:
+  enableLeaderElection: true
+
+replicaCount: 3
+
+installCRDs: false

charts/argo-applicationset/templates/deployment.yaml

@@ -49,6 +49,43 @@ spec:
               protocol: TCP
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            {{- if .Values.mountSSHKnownHostsVolume }}
+            - mountPath: /app/config/ssh
+              name: ssh-known-hosts
+            {{- end }}
+            {{- if .Values.mountTLSCertsVolume }}
+            - mountPath: /app/config/tls
+              name: tls-certs
+            {{- end }}
+            {{- if .Values.mountGPGKeysVolume }}
+            - mountPath: /app/config/gpg/source
+              name: gpg-keys
+            {{- end }}
+            {{- if .Values.mountGPGKeyringVolume }}
+            - mountPath: /app/config/gpg/keys
+              name: gpg-keyring
+            {{- end }}
+      volumes:
+      {{- if .Values.mountSSHKnownHostsVolume }}
+      - configMap:
+          name: argocd-ssh-known-hosts-cm
+        name: ssh-known-hosts
+      {{- end }}
+      {{- if .Values.mountTLSCertsVolume }}
+      - configMap:
+          name: argocd-tls-certs-cm
+        name: tls-certs
+      {{- end }}
+      {{- if .Values.mountGPGKeysVolume }}
+      - configMap:
+          name: argocd-gpg-keys-cm
+        name: gpg-keys
+      {{- end }}
+      {{- if .Values.mountGPGKeyringVolume }}
+      - emptyDir: {}
+        name: gpg-keyring
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/argo-applicationset/templates/rbac.yaml

@@ -6,73 +6,81 @@ metadata:
     {{- include "argo-applicationset.labels" . | nindent 4 }}
 rules:
   - apiGroups:
-      - argoproj.io
+    - argoproj.io
     resources:
-      - applications
-      - applicationsets
-      - applicationsets/finalizers
-    verbs:
-      - create
-      - delete
-      - get
-      - list
-      - patch
-      - update
-      - watch
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - applicationsets/status
-    verbs:
-      - get
-      - patch
-      - update
-  - apiGroups:
-      - ''
-    resources:
-      - events
-    verbs:
-      - create
-      - delete
-      - get
-      - list
-      - patch
-      - update
-      - watch
-  - apiGroups:
-      - ''
-    resources:
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-    - ''
-    resources:
-    - configmaps
+    - applications
+    - appprojects
+    - applicationsets
+    - applicationsets/finalizers
     verbs:
+    - create
+    - delete
     - get
     - list
-    - watch
-    - create
-    - update
     - patch
-    - delete
+    - update
+    - watch
   - apiGroups:
-    - ''
+    - argoproj.io
     resources:
-    - configmaps/status
+    - applicationsets/status
     verbs:
     - get
-    - update
     - patch
+    - update
   - apiGroups:
-    - ''
+    - ""
     resources:
     - events
     verbs:
     - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - secrets
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - configmaps
+    verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  - apiGroups:
+    - apps
+    - extensions
+    resources:
+    - deployments
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

charts/argo-applicationset/values.yaml

@@ -70,3 +70,8 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+mountSSHKnownHostsVolume: true
+mountTLSCertsVolume: true
+mountGPGKeysVolume: false
+mountGPGKeyringVolume: true

charts/argo-cd/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
   repository: https://dandydeveloper.github.io/charts/
-  version: 4.10.1
-digest: sha256:e1e0526ad009ecc065df937b48c4e0e5877e5194242c7888b1dc4467775f2663
-generated: "2021-04-01T08:36:01.324672-07:00"
+  version: 4.10.4
+digest: sha256:e36321520ffd6f91962b0bcfeae947a86983d6b6d273eb616f08425e2b8ab9c2
+generated: "2021-04-14T13:41:16.151666-07:00"

charts/argo-cd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.0
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 3.0.0
+version: 3.1.1
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
@@ -16,6 +16,6 @@ maintainers:
   - name: seanson
 dependencies:
   - name: redis-ha
-    version: 4.10.1
+    version: 4.10.4
     repository: https://dandydeveloper.github.io/charts/
     condition: redis-ha.enabled

charts/argo-cd/README.md

@@ -80,6 +80,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
 | nameOverride | Provide a name in place of `argocd` | `"argocd"` |
 | installCRDs | Install CRDs if you are using Helm2. | `true` |
+| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
 | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
 | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
 | configs.secret.annotations | Annotations for argocd-secret | `{}` |

charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml

@@ -0,0 +1,23 @@
+{{- range .Values.configs.clusterCredentials }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
+    argocd.argoproj.io/secret-type: cluster
+  {{- with .annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+type: Opaque
+stringData:
+  name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
+  server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
+  {{- with .namespaces }}
+  namespaces: {{ . }}
+  {{- end }}
+  config: |
+    {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -872,6 +872,29 @@ repoServer:
 
 ## Argo Configs
 configs:
+  ## External Cluster Credentials
+  ## reference:
+  ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters
+  ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials
+  clusterCredentials: []
+    # - name: mycluster
+    #   server: https://mycluster.com
+    #   annotations: {}
+    #   config:
+    #     bearerToken: "<authentication token>"
+    #     tlsClientConfig:
+    #       insecure: false
+    #       caData: "<base64 encoded certificate>"
+    # - name: mycluster2
+    #   server: https://mycluster2.com
+    #   annotations: {}
+    #   namespaces: namespace1,namespace2
+    #   config:
+    #     bearerToken: "<authentication token>"
+    #     tlsClientConfig:
+    #       insecure: false
+    #       caData: "<base64 encoded certificate>"
+
   knownHostsAnnotations: {}
   knownHosts:
     data: