From 4b9c2817115ff40de74f231cc3c8202809897db9 Mon Sep 17 00:00:00 2001 From: Matteo Ruina Date: Tue, 13 Apr 2021 14:59:29 +0200 Subject: [PATCH 1/4] fix(argo-applicationset): Fix deployment issue with AppSet v0.1.0 (#650) * fix: Add supports for private repos configured using SSH Signed-off-by: Matteo Ruina * fix(argo-applicationset): Allow to select with volumes to mount Signed-off-by: Matteo Ruina * Fix RBAC rules Signed-off-by: Matteo Ruina * Fix linting issue Signed-off-by: Matteo Ruina * Fix chart version Signed-off-by: Matteo Ruina Co-authored-by: Jonathan West --- charts/argo-applicationset/Chart.yaml | 4 +- charts/argo-applicationset/README.md | 4 + .../templates/deployment.yaml | 37 +++++++++ .../argo-applicationset/templates/rbac.yaml | 81 ++++++++----------- charts/argo-applicationset/values.yaml | 5 ++ 5 files changed, 81 insertions(+), 50 deletions(-) diff --git a/charts/argo-applicationset/Chart.yaml b/charts/argo-applicationset/Chart.yaml index 6973c1c1..19f9e7fd 100644 --- a/charts/argo-applicationset/Chart.yaml +++ b/charts/argo-applicationset/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.0 -appVersion: "v0.1.0-prerelease" +version: 0.1.1 +appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-applicationset/README.md b/charts/argo-applicationset/README.md index 5cc51a1a..efebc869 100644 --- a/charts/argo-applicationset/README.md +++ b/charts/argo-applicationset/README.md @@ -46,6 +46,10 @@ Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. | | installCRDs | bool | `true` | Install Custom Resource Definition | +| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume | +| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume | +| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume | +| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` | | nameOverride | string | `""` | Provide a name in place of `argo-applicationset` | | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | | podAnnotations | object | `{}` | Annotations for the controller pods | diff --git a/charts/argo-applicationset/templates/deployment.yaml b/charts/argo-applicationset/templates/deployment.yaml index 10ebe70f..d2cd345c 100644 --- a/charts/argo-applicationset/templates/deployment.yaml +++ b/charts/argo-applicationset/templates/deployment.yaml @@ -49,6 +49,43 @@ spec: protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + {{- if .Values.mountSSHKnownHostsVolume }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + {{- end }} + {{- if .Values.mountTLSCertsVolume }} + - mountPath: /app/config/tls + name: tls-certs + {{- end }} + {{- if .Values.mountGPGKeysVolume }} + - mountPath: /app/config/gpg/source + name: gpg-keys + {{- end }} + {{- if .Values.mountGPGKeyringVolume }} + - mountPath: /app/config/gpg/keys + name: gpg-keyring + {{- end }} + volumes: + {{- if .Values.mountSSHKnownHostsVolume }} + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + {{- end }} + {{- if .Values.mountTLSCertsVolume }} + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + {{- end }} + {{- if .Values.mountGPGKeysVolume }} + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + {{- end }} + {{- if .Values.mountGPGKeyringVolume }} + - emptyDir: {} + name: gpg-keyring + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-applicationset/templates/rbac.yaml b/charts/argo-applicationset/templates/rbac.yaml index 8610a2f3..a70179ea 100644 --- a/charts/argo-applicationset/templates/rbac.yaml +++ b/charts/argo-applicationset/templates/rbac.yaml @@ -6,73 +6,58 @@ metadata: {{- include "argo-applicationset.labels" . | nindent 4 }} rules: - apiGroups: - - argoproj.io + - argoproj.io resources: - - applications - - applicationsets - - applicationsets/finalizers + - applications + - appprojects + - applicationsets + - applicationsets/finalizers verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - - argoproj.io + - argoproj.io resources: - - applicationsets/status + - applicationsets/status verbs: - - get - - patch - - update + - get + - patch + - update - apiGroups: - - '' + - "" resources: - - events + - events verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - '' + - "" resources: + - secrets - configmaps verbs: - get - list - watch - - create - - update - - patch - - delete - apiGroups: - - '' + - apps + - extensions resources: - - configmaps/status + - deployments verbs: - get - - update - - patch - - apiGroups: - - '' - resources: - - events - verbs: - - create + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/argo-applicationset/values.yaml b/charts/argo-applicationset/values.yaml index 9a69f216..f7be897d 100644 --- a/charts/argo-applicationset/values.yaml +++ b/charts/argo-applicationset/values.yaml @@ -70,3 +70,8 @@ nodeSelector: {} tolerations: [] affinity: {} + +mountSSHKnownHostsVolume: true +mountTLSCertsVolume: true +mountGPGKeysVolume: false +mountGPGKeyringVolume: true From 84120e6da3f451a375a9be7fe2e72ba02e063703 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 14 Apr 2021 03:10:04 +0200 Subject: [PATCH 2/4] feat(argo-cd): Add ability to handle cluster credentials (#632) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argo-cd): Add ability to handle cluster credentials Signed-off-by: Marco Kilchhofer * Apply review changes Co-authored-by: Oliver Bähler Signed-off-by: Marco Kilchhofer * fix: use stringData in cluster secret Signed-off-by: Marco Kilchhofer Co-authored-by: Oliver Bähler Co-authored-by: Spencer Gilbert --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/README.md | 1 + .../argocd-configs/cluster-secrets.yaml | 23 +++++++++++++++++++ charts/argo-cd/values.yaml | 23 +++++++++++++++++++ 4 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2320a609..d115b875 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.0.0 +version: 3.1.0 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 22806038..d94003d7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -80,6 +80,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | | installCRDs | Install CRDs if you are using Helm2. | `true` | +| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | | configs.secret.annotations | Annotations for argocd-secret | `{}` | diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml new file mode 100644 index 00000000..a4190768 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -0,0 +1,23 @@ +{{- range .Values.configs.clusterCredentials }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + labels: + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + argocd.argoproj.io/secret-type: cluster + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +stringData: + name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} + server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} + {{- with .namespaces }} + namespaces: {{ . }} + {{- end }} + config: | + {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a7e84181..1b7c2682 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -872,6 +872,29 @@ repoServer: ## Argo Configs configs: + ## External Cluster Credentials + ## reference: + ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters + ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials + clusterCredentials: [] + # - name: mycluster + # server: https://mycluster.com + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # - name: mycluster2 + # server: https://mycluster2.com + # annotations: {} + # namespaces: namespace1,namespace2 + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + knownHostsAnnotations: {} knownHosts: data: From f007e1a9c3e1246a1d052e31aff9e4a7e41c2dd8 Mon Sep 17 00:00:00 2001 From: Matteo Ruina Date: Wed, 14 Apr 2021 21:06:45 +0200 Subject: [PATCH 3/4] fix(argo-applicationset): Fix leader election rbac (#674) * fix(argo-applicationset): Fix leader election rbac * fix(argo-applicationset): Add tests * Use defaults volume mount flags Signed-off-by: Matteo Ruina --- charts/argo-applicationset/Chart.yaml | 2 +- charts/argo-applicationset/README.md | 11 +++ .../ci/default-values.yaml | 77 +++++++++++++++++++ .../ci/leader-election-values.yaml | 6 ++ .../argo-applicationset/templates/rbac.yaml | 25 +++++- 5 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 charts/argo-applicationset/ci/default-values.yaml create mode 100644 charts/argo-applicationset/ci/leader-election-values.yaml diff --git a/charts/argo-applicationset/Chart.yaml b/charts/argo-applicationset/Chart.yaml index 19f9e7fd..c467c3c6 100644 --- a/charts/argo-applicationset/Chart.yaml +++ b/charts/argo-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 0.1.1 +version: 0.1.2 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png diff --git a/charts/argo-applicationset/README.md b/charts/argo-applicationset/README.md index efebc869..316bd8ce 100644 --- a/charts/argo-applicationset/README.md +++ b/charts/argo-applicationset/README.md @@ -27,6 +27,17 @@ NAME: my-release Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. +### Testing + +Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing). + +```console +kind create cluster +kubectl create namespace argocd +kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml +ct install --namespace argocd +``` + ## Values | Key | Type | Default | Description | diff --git a/charts/argo-applicationset/ci/default-values.yaml b/charts/argo-applicationset/ci/default-values.yaml new file mode 100644 index 00000000..eb1b7aae --- /dev/null +++ b/charts/argo-applicationset/ci/default-values.yaml @@ -0,0 +1,77 @@ +# Default values for argo-applicationset. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +installCRDs: false # this needs to be false with ct + +image: + # The image repository + repository: quay.io/argocdapplicationset/argocd-applicationset + # Image pull policy + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +args: + metricsAddr: :8080 + probeBindAddr: :8081 + enableLeaderElection: false + namespace: argocd + argocdRepoServer: argocd-repo-server:8081 + policy: sync + debug: false + dryRun: false + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +rbac: + pspEnabled: true + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +mountSSHKnownHostsVolume: true +mountTLSCertsVolume: true +mountGPGKeysVolume: false +mountGPGKeyringVolume: true diff --git a/charts/argo-applicationset/ci/leader-election-values.yaml b/charts/argo-applicationset/ci/leader-election-values.yaml new file mode 100644 index 00000000..e7201ac1 --- /dev/null +++ b/charts/argo-applicationset/ci/leader-election-values.yaml @@ -0,0 +1,6 @@ +args: + enableLeaderElection: true + +replicaCount: 3 + +installCRDs: false diff --git a/charts/argo-applicationset/templates/rbac.yaml b/charts/argo-applicationset/templates/rbac.yaml index a70179ea..1181e3d2 100644 --- a/charts/argo-applicationset/templates/rbac.yaml +++ b/charts/argo-applicationset/templates/rbac.yaml @@ -44,11 +44,22 @@ rules: - "" resources: - secrets - - configmaps verbs: - get - list - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - apps - extensions @@ -58,6 +69,18 @@ rules: - get - list - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding From 49211390fd8db0e4c903a63a2f1fcc23780510e6 Mon Sep 17 00:00:00 2001 From: Scott Cabrinha Date: Wed, 14 Apr 2021 14:08:01 -0700 Subject: [PATCH 4/4] fix: Update redis-ha helm chart to 4.10.4 (#676) Signed-off-by: Scott Cabrinha --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 646d7e56..497aa297 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.10.1 -digest: sha256:e1e0526ad009ecc065df937b48c4e0e5877e5194242c7888b1dc4467775f2663 -generated: "2021-04-01T08:36:01.324672-07:00" + version: 4.10.4 +digest: sha256:e36321520ffd6f91962b0bcfeae947a86983d6b6d273eb616f08425e2b8ab9c2 +generated: "2021-04-14T13:41:16.151666-07:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d115b875..d3c33558 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.0 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.1.0 +version: 3.1.1 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: @@ -16,6 +16,6 @@ maintainers: - name: seanson dependencies: - name: redis-ha - version: 4.10.1 + version: 4.10.4 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled