.argo/argo-checkout.yaml

@@ -0,0 +1,21 @@
+---
+type: container
+version: 1
+name: argo-checkout
+description: Checks out a source repository to /src
+resources:
+  mem_mib: 500
+  cpu_cores: 0.1
+image: argoproj/argoscm:v2.0
+command: ["axscm"]
+args: ["clone", "%%inputs.parameters.REPO%%", "/src", "--commit", "%%inputs.parameters.COMMIT%%"]
+inputs:
+  parameters:
+    COMMIT:
+      default: "%%session.commit%%"
+    REPO:
+      default: "%%session.repo%%"
+outputs:
+  artifacts:
+    CODE:
+      path: /src

.argo/publish.yaml

@@ -0,0 +1,58 @@
+---
+type: workflow
+version: 1
+name: Publish Charts
+inputs:
+  parameters:
+    COMMIT:
+      default: "%%session.commit%%"
+    REPO:
+      default: "%%session.repo%%"
+steps:
+- CHECKOUT:
+    template: argo-checkout
+- PREPARE:
+    image: hypnoglow/kubernetes-helm:v2.6.1
+    resources:
+      mem_mib: 500
+      cpu_cores: 0.1
+    command: ["sh", "-c"]
+    args: [cd /src && helm init --client-only && ./scripts/publish.sh]
+    inputs:
+      artifacts:
+        CODE:
+          from: "%%steps.CHECKOUT.outputs.artifacts.CODE%%"
+          path: /src
+    outputs:
+      artifacts:
+        CODE:
+          path: /src/output
+- PUBLISH:
+    image: argoproj/argoscm:v2.0
+    command: ["sh", "-c"]
+    args: [
+      axscm clone %%inputs.parameters.REPO%% --commit gh-pages /src && cd /src && cp -r /output/* . &&
+      git add . && git commit -m "Build on `date`" &&
+      axscm clone %%inputs.parameters.REPO%% /src --commit gh-pages --merge=gh-pages --push]
+    resources:
+      mem_mib: 500
+      cpu_cores: 0.1
+    inputs:
+      artifacts:
+        CODE:
+          from: "%%steps.PREPARE.outputs.artifacts.CODE%%"
+          path: /output
+
+---
+type: policy
+version: 1
+name: Publish Charts Policy
+template: Publish Charts
+notifications:
+- when:
+  - on_failure
+  whom:
+  - committer
+  - author
+when:
+- event: on_push

.circleci/chart-testing.yaml

@@ -0,0 +1,4 @@
+chart-repos:
+  - argo=https://argoproj.github.io/argo-helm
+  - minio=https://helm.min.io/
+  - dandydeveloper=https://dandydeveloper.github.io/charts/

.circleci/config.yml

@@ -0,0 +1,41 @@
+version: 2.1
+jobs:
+  lint:
+    docker:
+      - image: quay.io/helmpack/chart-testing:v3.3.1
+    steps:
+      - checkout
+      - run: helm repo add stable https://charts.helm.sh/stable
+      - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
+  # Technically this only needs to be run on master, but it's good to have it run on every PR
+  # so that it is regularly tested.
+  publish:
+    docker:
+      # We just need an image with `helm` on it. Handily we know of one already.
+      - image: quay.io/helmpack/chart-testing:v3.3.1
+    steps:
+      # install the additional keys needed to push to GitHub. Alex Collins owns these keys.
+      - add_ssh_keys
+      - run: git config --global user.email "nobody@circleci.com"
+      - run: git config --global user.name "Circle CI Build"
+      - checkout
+      - run: helm repo add stable https://charts.helm.sh/stable
+      - run: helm repo add minio https://helm.min.io/
+      - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
+      # Only actually publish charts on master.
+      - run: |
+          set -x
+          if [ "$CIRCLE_BRANCH" = "master" ]; then
+            export GIT_PUSH=true
+          else 
+            export GIT_PUSH=false
+          fi
+          sh ./scripts/publish.sh
+workflows:
+  version: 2
+  workflow:
+    jobs:
+      - lint
+      - publish:
+          requires:
+            - lint

.clomonitor.yml

@@ -1,27 +0,0 @@
-# CLOMonitor metadata file
-# This file must be located at the root of the repository
-
-# Checks exemptions
-exemptions:
-  - check: dependency_update_tool
-    reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI)
-  - check: sbom
-    reason: "Tracking Helm dependencies is not yet a stable practice."
-  - check: self_assessment
-    reason: "Refer to self assessments supplied by the codebases Argo Helm supports."
-  - check: signed_releases
-    reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only."
-  - check: license_scanning
-    reason: "Temporary exemption: pending response from CNCF Service Desk"
-
-# TODO:
-# License scanning information
-# licenseScanning:
-  # URL with the repository's license scanning results
-  #
-  # CLOMonitor can extract license scanning results from FOSSA and Snyk badges
-  # in the repository README.md file automatically. If your repository uses a
-  # different scanning solution, this url can be set to pass the corresponding
-  # check.
-  # url: https://license-scanning-results.url
-

.editorconfig

@@ -1,4 +0,0 @@
-[*.{md,md.gotmpl}]
-indent_style = space
-indent_size = 4
-trim_trailing_whitespace = false

.github/CODEOWNERS

@@ -1,6 +0,0 @@
-* @mkilchhofer @jmeridth @yu-croco
-
-/charts/argo-workflows/        @vladlosev @jmeridth @yu-croco @tico24
-/charts/argo-cd/               @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24
-/charts/argo-events/           @pdrastil @jmeridth @tico24 @yu-croco
-/charts/argo-rollouts/         @jmeridth @yu-croco

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -1,69 +0,0 @@
----
-name: Bug report
-description: Create a report to help us improve
-labels:
-- bug
-body:
-- type: textarea
-  attributes:
-    label: Describe the bug
-    description: A clear and concise description of what the bug is.
-  validations:
-    required: true
-
-- type: dropdown
-  attributes:
-    label: Related helm chart
-    description: You may select more than one.
-    multiple: true
-    options:
-      - argo-cd
-      - argo-events
-      - argo-rollouts
-      - argo-workflows
-      - argocd-image-updater
-      - argocd-apps
-      - other
-  validations:
-    required: true
-
-- type: input
-  attributes:
-    label: Helm chart version
-    description: Version of the Helm chart this issue relates to
-    placeholder: e.g. 0.16.2
-  validations:
-    required: true
-
-- type: textarea
-  attributes:
-    label: To Reproduce
-    description: Steps to reproduce the behavior
-    placeholder: |
-      1. Go to '...'
-      2. Click on '....'
-      3. Scroll down to '....'
-      4. See error
-  validations:
-    required: true
-
-- type: textarea
-  attributes:
-    label: Expected behavior
-    description: A clear and concise description of what you expected to happen.
-  validations:
-    required: true
-
-- type: textarea
-  attributes:
-    label: Screenshots
-    description: If applicable, add screenshots to help explain your problem.
-  validations:
-    required: false
-
-- type: textarea
-  attributes:
-    label: Additional context
-    description: Add any other context about the problem here.
-  validations:
-    required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -1,9 +0,0 @@
-blank_issues_enabled: false
-
-contact_links:
-  - name: Ask a question
-    url: https://github.com/argoproj/argo-helm/discussions/new
-    about: Ask a question or start a discussion about our community Helm Charts
-  - name: Chat on Slack
-    url: https://argoproj.github.io/community/join-slack
-    about: Maybe chatting with the community can help

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -1,51 +0,0 @@
----
-name: Feature request
-description: Suggest an idea for this project
-labels:
-- enhancement
-body:
-- type: textarea
-  attributes:
-    label: Is your feature request related to a problem?
-    description: A clear and concise description of what the problem is. Please describe.
-    placeholder: |
-      Ex. I'm always frustrated when [...]
-  validations:
-    required: false
-
-- type: dropdown
-  attributes:
-    label: Related helm chart
-    description: You may select more than one.
-    multiple: true
-    options:
-      - argo-cd
-      - argo-events
-      - argo-rollouts
-      - argo-workflows
-      - argocd-image-updater
-      - argocd-apps
-      - other
-  validations:
-    required: true
-
-- type: textarea
-  attributes:
-    label: Describe the solution you'd like
-    description: A clear and concise description of what you want to happen.
-  validations:
-    required: true
-
-- type: textarea
-  attributes:
-    label: Describe alternatives you've considered
-    description: A clear and concise description of any alternative solutions or features you've considered.
-  validations:
-    required: false
-
-- type: textarea
-  attributes:
-    label: Additional context
-    description: Add any other context or screenshots about the feature request here.
-  validations:
-    required: false

.github/configs/cr.yaml

@@ -1,12 +0,0 @@
-## Reference: https://github.com/helm/chart-releaser
-index-path: "./index.yaml"
-
-# PGP signing
-sign: true
-key: Argo Helm maintainers
-# keyring:          # Set via env variable CR_KEYRING
-# passphrase-file:  # Set via env variable CR_PASSPHRASE_FILE
-
-# Enable automatic generation of release notes using GitHubs release notes generator.
-# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
-generate-release-notes: true

.github/configs/ct-install.yaml

@@ -1,15 +0,0 @@
-## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
-# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
-# Only Used for the CT Install Stage
-remote: origin
-target-branch: main
-chart-dirs:
-  - charts
-chart-repos:
-  - dandydeveloper=https://dandydeveloper.github.io/charts/
-helm-extra-args: "--timeout 600s"  
-validate-chart-schema: false
-validate-maintainers: true
-validate-yaml: true
-exclude-deprecated: true
-excluded-charts: []

.github/configs/ct-lint.yaml

@@ -1,14 +0,0 @@
-## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
-# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
-# Only Used for the CT Lint Stage
-remote: origin
-target-branch: main
-chart-dirs:
-  - charts
-chart-repos:
-  - dandydeveloper=https://dandydeveloper.github.io/charts/
-validate-chart-schema: false
-validate-maintainers: true
-validate-yaml: true
-exclude-deprecated: true
-excluded-charts: []

.github/configs/kind-config.yaml

@@ -1,7 +0,0 @@
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-nodes:
-  - role: control-plane
-  - role: worker
-  - role: worker
-  - role: worker

.github/configs/labeler.yaml

@@ -1,23 +0,0 @@
-argo-cd:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-cd/**
-
-argo-events:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-events/**
-
-argo-rollouts:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-rollouts/**
-
-argo-workflows:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-workflows/**
-
-argocd-image-updater:
-  - changed-files:
-      - any-glob-to-any-file: charts/argocd-image-updater/**
-
-argocd-apps:
-  - changed-files:
-      - any-glob-to-any-file: charts/argocd-apps/**

.github/configs/renovate-config.js

@@ -1,8 +0,0 @@
-module.exports = {
-    platform: 'github',
-    // This ensures that the gitAuthor and gitSignOff fields match
-    gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>',
-    autodiscover: false,
-    allowPostUpgradeCommandTemplating: true,
-    allowedPostUpgradeCommands: [".*"],
-  };

.github/dependabot.yml

@@ -1,16 +0,0 @@
-## Reference: https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: weekly
-      day: "saturday"
-    commit-message:
-      prefix: "chore(deps)"
-    groups:
-      dependencies:
-        applies-to: version-updates
-        update-types:
-          - "minor"
-          - "patch"

.github/pull_request_template.md

@@ -1,16 +1,13 @@
-<!--
 Note on DCO:
 
 If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the *Details* link next to the DCO action for instructions on how to resolve this.
--->
 
 Checklist:
 
-* [ ] I have bumped the chart version according to [versioning](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#versioning)
-* [ ] I have updated the documentation according to [documentation](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#documentation)
-* [ ] I have updated the chart changelog with all the changes that come with this pull request according to [changelog](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog).
+* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning.
 * [ ] Any new values are backwards compatible and/or have sensible default.
-* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md).
-* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/stable/developer-guide/ci/)).
+* [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md).
+* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo).
+* [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)).
 
-<!-- Changes are automatically published when merged to `main`. They are not published on branches. -->
+Changes are automatically published when merged to `master`. They are not published on branches.

.github/stale.yaml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

.github/stale.yml

@@ -0,0 +1 @@
+# See https://github.com/probot/stale

.github/workflows/lint-and-test.yml

@@ -1,101 +0,0 @@
-## Reference: https://github.com/helm/chart-testing-action
-name: Linting and Testing
-on: pull_request
-
-permissions:
-  contents: read
-
-jobs:
-  linter-artifacthub:
-    runs-on: ubuntu-latest
-    container:
-      image: public.ecr.aws/artifacthub/ah:v1.14.0
-      options: --user 1001
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Run ah lint
-        working-directory: ./charts
-        run: ah lint
-
-  chart-test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
-        with:
-          version: v3.10.1 # Also update in publish.yaml
-
-      - name: Set up python
-        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
-        with:
-          python-version: 3.9
-
-      - name: Setup Chart Linting
-        id: lint
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
-        with:
-          # Note: Also update in scripts/lint.sh
-          version: v3.11.0
-
-      - name: List changed charts
-        id: list-changed
-        run: |
-          ## If executed with debug this won't work anymore.
-          changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
-          charts=$(echo "$changed" | tr '\n' ' ' | xargs)
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> $GITHUB_OUTPUT
-            echo "changed_charts=$charts" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Run chart-testing (lint)
-        run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
-
-      - name: Run docs-testing (helm-docs)
-        id: helm-docs
-        run: |
-          ./scripts/helm-docs.sh
-          if [[ $(git diff --stat) != '' ]]; then
-            echo -e '\033[0;31mDocumentation outdated!\033[0m ❌'
-            git diff --color
-            exit 1
-          else
-            echo -e '\033[0;32mDocumentation up to date\033[0m ✔'
-          fi
-
-      - name: Create kind cluster
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
-        if: steps.list-changed.outputs.changed == 'true'
-        with:
-          config: .github/configs/kind-config.yaml
-      - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions
-        if: |
-          contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') ||
-          contains(steps.list-changed.outputs.changed_charts, 'argocd-apps')
-        run: |
-          helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
-          helm dependency build charts/argo-cd/
-          helm template charts/argo-cd/ --set server.extensions.enabled=true -s templates/crds/* | kubectl apply -f -
-
-      - name: Skip HPA tests of ArgoCD
-        if: contains(steps.list-changed.outputs.changed_charts, 'argo-cd')
-        run: |
-          ## Metrics API not available in kind cluster
-          rm charts/argo-cd/ci/ha-autoscaling-values.yaml
-
-      - name: Create an external redis for ArgoCD externalRedis feature
-        if: contains(steps.list-changed.outputs.changed_charts, 'argo-cd')
-        run: |
-          kubectl create namespace redis
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-          helm install redis bitnami/redis --wait --namespace redis --set auth.password=argocd --set architecture=standalone
-
-      - name: Run chart-testing (install)
-        run: ct install --config ./.github/configs/ct-install.yaml
-        if: steps.list-changed.outputs.changed == 'true'

.github/workflows/pr-sizing.yml

@@ -1,30 +0,0 @@
-## Reference: https://github.com/pascalgn/size-label-action
-name: 'PR Labeling'
-
-on: 
-  pull_request_target:
-    types:
-      - opened
-      - synchronize
-      - reopened
-
-permissions:
-  contents: read
-  pull-requests: write
-
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
-        with:
-          configuration-path: ".github/configs/labeler.yaml"
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
-          sync-labels: true
-
-  size-label:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/pr-title.yml

@@ -1,37 +0,0 @@
-## Reference: https://github.com/amannn/action-semantic-pull-request
-name: "Lint PR"
-
-on:
-  pull_request_target:
-    types:
-      - opened
-      - edited
-      - synchronize
-
-permissions:
-  contents: read
-
-jobs:
-  main:
-    permissions:
-      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
-      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          # Configure which scopes are allowed.
-          scopes: |
-            argo-cd
-            argo-events
-            argo-rollouts
-            argo-workflows
-            argocd-image-updater
-            argocd-apps
-            deps
-            github
-          # Configure that a scope must always be provided.
-          requireScope: true

.github/workflows/publish.yml

@@ -1,83 +0,0 @@
-## Reference: https://github.com/helm/chart-releaser-action
-name: Chart Publish
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - "charts/**"
-
-permissions:
-  contents: read
-
-jobs:
-  publish:
-    if: github.repository == 'argoproj/argo-helm'
-    permissions:
-      contents: write  # for helm/chart-releaser-action to push chart release and create a release
-      packages: write  # to push OCI chart package to GitHub Registry
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Install Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
-        with:
-          version: v3.10.1 # Also update in lint-and-test.yaml
-
-      - name: Add dependency chart repos
-        run: |
-          helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
-
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-      ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases.
-      - name: Fetch current Chart Index
-        run: |
-          git checkout origin/gh-pages index.yaml
-
-      # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key
-      # in ASCII-armored format. To export a (new) key, run this command:
-      # `gpg --armor --export-secret-key <my key>`
-      - name: Prepare PGP key
-        run: |
-          IFS=""
-          echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg
-          echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt
-
-          # Tell chart-releaser-action where to find the key and its passphrase
-          echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
-          echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
-        env:
-          PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}"
-          PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
-
-      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
-        with:
-          config: "./.github/configs/cr.yaml"
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Login to GHCR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Push chart to GHCR
-        run: |
-          shopt -s nullglob
-          for pkg in .cr-release-packages/*.tgz; do
-            if [ -z "${pkg:-}" ]; then
-              break
-            fi
-            helm push "${pkg}" oci://ghcr.io/${{ github.repository }}
-          done

.github/workflows/renovate.yaml

@@ -1,38 +0,0 @@
-name: Renovate
-on:
-  # The "*" (#42, asterisk) character has special semantics in YAML, so this
-  # string has to be quoted.
-  schedule:
-    - cron: '0 * * * *'
-  # Manual trigger is also possible
-  workflow_dispatch: {}
-
-permissions:
-  contents: read
-
-jobs:
-  renovate:
-    if: github.repository == 'argoproj/argo-helm'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get token
-        uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5
-        id: get_token
-        with:
-          app-id: ${{ vars.RENOVATE_APP_ID }}
-          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Self-hosted Renovate
-        uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13
-        with:
-          configurationFile: .github/configs/renovate-config.js
-          # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
-          renovate-version: 39.153.2
-          token: '${{ steps.get_token.outputs.token }}'
-          mount-docker-socket: true
-        env:
-          LOG_LEVEL: 'debug'
-          RENOVATE_REPOSITORIES: '${{ github.repository }}'

.github/workflows/scorecard.yml

@@ -1,73 +0,0 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecard supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-  schedule:
-    - cron: '21 6 * * 6'
-  push:
-    branches: [ "main" ]
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    if: github.repository_owner == 'argoproj'
-    name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
-      id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecard on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
-        with:
-          sarif_file: results.sarif

.github/workflows/stale.yml

@@ -1,38 +1,19 @@
-## Reference: https://github.com/actions/stale
 name: Mark stale issues and pull requests
+
 on:
   schedule:
   - cron: "30 1 * * *"
 
-permissions:
-  contents: read
-
 jobs:
   stale:
-    permissions:
-      issues: write  # for actions/stale to close stale issues
-      pull-requests: write  # for actions/stale to close stale PRs
+
     runs-on: ubuntu-latest
+
     steps:
-    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+    - uses: actions/stale@v3
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
-        # Number of days of inactivity before an issue becomes stale
-        days-before-stale: 60
-        # Number of days of inactivity before a stale issue is closed
-        days-before-close: 7
-        # Issues with these labels will never be considered stale
-        exempt-issue-labels: "on-hold,pinned,security"
-        exempt-pr-labels: "on-hold,pinned,security"
-        # Comment to post when marking an issue as stale.
-        stale-issue-message: >
-          This issue has been automatically marked as stale because it has not had
-          recent activity. It will be closed if no further activity occurs. Thank you
-          for your contributions.
-        stale-pr-message: >
-          This pull request has been automatically marked as stale because it has not had
-          recent activity. It will be closed if no further activity occurs. Thank you
-          for your contributions.
-        # Label to use when marking an issue as stale
+        stale-issue-message: 'Stale issue message'
+        stale-pr-message: 'Stale pull request message'
         stale-issue-label: 'no-issue-activity'
         stale-pr-label: 'no-pr-activity'

CODEOWNERS

@@ -0,0 +1,16 @@
+# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+# Argo Workflows
+/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
+
+# Argo CD
+/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler
+
+# Argo Events
+/charts/argo-events @jbehling @VaibhavPage @oliverbaehler
+
+# Argo Rollouts
+/charts/argo-rollouts @cabrinha @oliverbaehler
+
+# Argo CD Notifications
+/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler

CODE_OF_CONDUCT.md

@@ -1,9 +0,0 @@
-# Code of Conduct
-
-We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).  Please reference the link for details.
-
-## TL;DR (too long didn't read)
-
-Be kind
-
-Your participation is at the discression of the maintainers of this project.

CONTRIBUTING.md

@@ -2,156 +2,36 @@
 
 Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently.
 
-## Pull Requests
-
-All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project.
-
-### Pull Request Title Linting
-
-We lint the title of your pull request to ensure it follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification.  This is done using GitHub actions and the [action-semantic-pull-request](.github/workflows/pr-title.yml) workflow. We require the scope of the change to be included in the title.  The scope should be the name of the chart you are changing.  For example, if you are changing the `argo-cd` chart, the title of your pull request should be `fix(argo-cd): Fix typo in values.yaml`.
-
-## Documentation
-
-The documentation for each chart is generated with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation.
-
-We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges):
-
-```shell
-./scripts/helm-docs.sh
-```
-
-> **Note**
-> When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file.
-
-### Updating a chart README.md
-
-When updating the `README.md.gotmpl` inside a chart directory you must to run the `helm-docs` script to generate the updated `README.md` file. To reiterate, you should not edit the `README.md` file manually.  It will be generated by the following command:
-
-```shell
-./scripts/helm-docs.sh
-```
-
-> **Note**
-> If you see changes to unrelated chart `README.md` files you may have accidentally updated a `README.md.gotmpl` file in another chart's folder unintentionally or someone else failed to run this script.  Please revert those changes if you do not intend them to be a part of your pull request.
-
-## Versioning
-
-Each chart's version follows the [semver standard](https://semver.org/).
-
-New charts should start at version `1.0.0`, if it's considered stable. If it isn't considered stable, it must be released as `prerelease`.
-
-Any breaking changes to a chart (backwards incompatible) require:
-
-* Bump of the current Major version of the chart
-* State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl`
-
-### New Application Versions
-
-Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release.
-
-When selecting new application versions ensure you make the following changes:
-
-* `values.yaml`: Bump all instances of the container image version
-* `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version`
-
-Please ensure chart version changes adhere to semantic versioning standards:
-
-* Major: Large chart rewrites, major non-backwards compatible or destructive changes
-* Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes
-* Patch: App version patch updates, backwards compatible optional chart features
-
-### Immutability
-
-Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error.
-
-### Chart Versioning
-
-Currently we require a chart version bump for every change to a chart, including updating information for older versions.  This may change in the future.
-
-### Artifact Hub Annotations
-
-Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub.
-
-* [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/)
-
-#### Changelog
-
-We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release.
-
-Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file).
-
-A new `artifacthub.io/changes` needs to be written covering only the changes since the previous release.
-
-Each change requires a new bullet point following the pattern. See more information [Artifact Hub annotations in Helm Chart.yaml file](https://artifacthub.io/docs/topics/annotations/helm/).
-
-```yaml
-- kind: {type}
-  description: {description}
-```
-
-You can use the following template:
-
-```yaml
-name: argo-cd
-version: 5.19.12
-...
-annotations:
-  artifacthub.io/changes: |
-    - kind: added
-      description: Something New was added
-    - kind: changed
-      description: Changed Something within this chart
-    - kind: changed
-      description: Changed Something else within this chart
-    - kind: deprecated
-      description: Something deprecated
-    - kind: removed
-      description: Something was removed
-    - kind: fixed
-      description: Something was fixed
-    - kind: security
-      description: Some Security Patch was included
-```
-
-## Testing
-
-### Testing Argo Workflows Changes
+## Testing Argo Workflows Changes
 
 Minimally:
 
-```shell
-helm install charts/argo-workflows -n argo
+```
+helm install charts/argo -n argo
 argo version
 ```
 
-Follow [these](https://argo-workflows.readthedocs.io/en/stable/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow.
+Follow this instructions for running a hello world workflow.
 
-### Testing Argo CD Changes
+## Testing Argo CD Changes
 
 Clean-up:
 
-```shell
+```
 helm delete argo-cd --purge
 kubectl delete crd -l app.kubernetes.io/part-of=argocd
 ```
 
-Pre-requisites:
-
-```shell
-helm repo add redis-ha https://dandydeveloper.github.io/charts/
-helm dependency update
-```
-
 Minimally:
 
-```shell
-helm install argocd  argo/argo-cd  -n argocd --create-namespace
+```
+helm install charts/argo-cd --namespace argocd -n argo-cd
 kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
 ```
 
 In a new terminal:
 
-```shell
+```
 argocd version --server localhost:8080 --insecure
 # reset password to 'Password1!'
 kubectl -n argocd patch secret argocd-secret \
@@ -166,25 +46,55 @@ argocd login localhost:8080 --username admin --password 'Password1!'
 
 Create and sync app:
 
-```shell
+```
 argocd app create guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --path guestbook --project default --repo https://github.com/argoproj/argocd-example-apps.git
 argocd app sync guestbook
 ```
 
-### Testing Charts
+## Testing Argo CD Notification Changes
+
+Thorough testing of argocd-notifications would require one or more notification services (Slack, OpsGenie, etc), however
+minimal testing mostly consists of successful Helm chart installation and the argocd-notifications controller having
+access to the `Application` resources in the same namespace that Argo CD is installed.
+
+```
+helm install argocd-notifications charts/argocd-notifications --namespace argocd
+```
+
+## New Application Versions
+
+When raising application versions ensure you make the following changes:
+
+- `values.yaml`: Bump all instances of the container image version
+- `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version`
+
+Please ensure chart version changes adhere to semantic versioning standards:
+
+- Patch: App version patch updates, backwards compatible optional chart features
+- Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes
+- Major: Large chart rewrites, major non-backwards compatible or destructive changes
+
+## Testing Charts
 
 As part of the Continuous Integration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool.
 
-The checks for Chart Testing are stricter than the standard Helm requirements. For example, fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
+The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
 
-Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml)
+Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml)
 
 The linting can be invoked manually with the following command:
 
-```shell
+```
 ./scripts/lint.sh
 ```
 
 ## Publishing Changes
 
-Changes are automatically publish whenever a commit is merged to the `main` branch by the CI job (see `./.github/workflows/publish.yml`).
+Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this:
+
+```
+GIT_PUSH=true ./scripts/publish.sh
+```
+
+Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch.
+Write access to https://github.com/argoproj/argo-helm.git is required to publish changes.

EMERITUS.md

@@ -1,14 +0,0 @@
-# Emeritus Approvers
-
-These are the people who have been approvers in the past, and have since retired from the role.
-
-We thank them for their service to the project.
-
-| Emeritus | GitHub ID |
-| -------- | --------- |
-| Oliver Bähler | [oliverbaehler](https://github.com/oliverbaehler) |
-| Stefan Sedich | [stefansedich](https://github.com/stefansedich) |
-| Pablo Osinaga | [paguos](https://github.com/paguos) |
-| Yann Soubeyrand | [yann-soubeyrand](https://github.com/yann-soubeyrand) |
-| David J. M. Karlsen | [davidkarlsen](https://github.com/davidkarlsen) |
-| John Behling | [jbehling](https://github.com/jbehling) |

OWNERS

@@ -0,0 +1,9 @@
+owners:
+- alexec
+- alexmt
+- jessesuen
+
+approvers:
+- alexec
+- alexmt
+- jessesuen

README.md

@@ -1,104 +1,7 @@
 # Argo Helm Charts
 
-[![Slack](https://img.shields.io/badge/slack-%23argo--helm--charts-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
-[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo)
-[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm)
-[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7942/badge)](https://www.bestpractices.dev/projects/7942)
+Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command:
 
-Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command:
-
-```bash
+```
 helm repo add argo https://argoproj.github.io/argo-helm
 ```
-
-## Contributing
-
-We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details.
-
-### Custom resource definitions
-
-Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of the main four charts (argo-cd, argo-workflows, argo-events, argo-rollouts) by using `--set crds.install=false` when installing the chart.
-
-Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `<chart>/templates` to address this design decision.
-
-If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
-
-Example:
-
-```bash
-kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVersion>"
-
-# Eg. version v2.4.9
-kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
-```
-
-### Security Policy
-
-Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues.
-
-### Changelog
-
-Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog).
-
-## Charts use Helm "Capabilities"
-
-Our charts make use of the Helm built-in object "Capabilities":
-> This provides information about what capabilities the Kubernetes cluster supports.  
-> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/*
-
-Today we use:
-
-- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster
-- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1")
-
-If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster.
-
-For this you need to pass the `--api-versions` parameter to the `helm template` command:
-
-```bash
-helm template argocd \
-  oci://ghcr.io/argoproj/argo-helm/argo-cd \
-  --api-versions monitoring.coreos.com/v1 \
-  --values my-argocd-values.yaml
-```
-
-If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options.
-
-Example with Kustomize:
-
-```yaml
-# kustomization.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-helmCharts:
-- name: argo-cd
-  repo: oci://ghcr.io/argoproj/argo-helm
-  version: x.y.z
-  releaseName: argocd
-  apiVersions:
-  - monitoring.coreos.com/v1
-  valuesFile: my-argocd-values.yaml
-```
-
-Example with helmfile:
-
-```yaml
-# helmfile.yaml
-repositories:
-  - name: argo
-    url: https://argoproj.github.io/argo-helm
-
-apiVersions:
-  - monitoring.coreos.com/v1
-
-releases:
-  - name: argocd
-    namespace: argocd
-    chart: argo/argo-cd
-    values:
-      - my-argocd-values.yaml
-```

SECURITY-INSIGHTS.yml

@@ -1,38 +0,0 @@
-header:
-  schema-version: '1.0.0'
-  expiration-date: '2024-11-04T10:00:00.000Z'
-  project-url: https://github.com/argoproj/argo-helm
-project-lifecycle:
-  status: active
-  bug-fixes-only: false
-  core-maintainers:
-  - https://github.com/mkilchhofer
-  - https://github.com/jmeridth
-contribution-policy:
-  accepts-pull-requests: true
-  accepts-automated-pull-requests: true
-  automated-tools-list:
-    - automated-tool: dependabot
-      action: allowed
-      path:
-        - /
-  contributing-policy: https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md
-  code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
-distribution-points:
-  - https://argoproj.github.io/argo-helm
-  - https://artifacthub.io/packages/search?org=argoproj&repo=argo
-security-contacts:
-  - type: website
-    value: https://github.com/argoproj/argo-helm/security/advisories/new
-    primary: true
-vulnerability-reporting:
-  accepts-vulnerability-reports: true
-  email-contact: cncf-argo-maintainers@lists.cncf.io
-  security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
-  comment: |
-    Our preferred contact method related to vulnerabilities is the Security tab on GitHub.
-    Click the button "Report a vulnerability" to open the advisory form.
-    Please refer to the security policy for reporting information prior to using the email contact.
-dependencies:
-  env-dependencies-policy:
-    policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions

SECURITY.md

@@ -1,21 +0,0 @@
-# Security Policy
-
-## Supported Versions and Upstream Reporting
-
-Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy document to find out how to report the security issue.
-
-* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
-* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)
-* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md)
-* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md)
-* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md)
-
-## Reporting a Vulnerability for Argo Helm Charts
-
-We have enabled the ability to privately report security issues through the  Security tab above.
-
-[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that
-
-A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation.
-
-Thank you for helping to ensure this code stays secure.

charts/argo-applicationset/.helmignore

@@ -21,5 +21,3 @@
 .idea/
 *.tmproj
 .vscode/
-ci/
-*.gotmpl

charts/argo-applicationset/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: argocd-applicationset
+description: A Helm chart for installing ArgoCD ApplicationSet
+type: application
+version: 0.1.1
+appVersion: "v0.1.0"
+home: https://github.com/argoproj/argo-helm
+icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
+keywords:
+  - argoproj
+  - appset
+  - gitops
+maintainers:
+  - name: maruina

charts/argo-applicationset/README.md

@@ -0,0 +1,64 @@
+# Argo CD ApplicationSet Chart
+
+A Helm chart for Argo CD ApplicationSet, a controller to programmatically generate Argo CD Application.
+
+Source code can be found [here](https://github.com/argoproj-labs/applicationset/)
+
+## Additional Information
+
+This is a **community maintained** chart. This chart installs the [applicationset](https://github.com/argoproj-labs/applicationset) controller.
+
+This chart currently installs the non-HA version of Argo CD ApplicationSet.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm repo add argo https://argoproj.github.io/argo-helm
+"argo" has been added to your repositories
+
+$ helm install --name my-release argo/argo-applicationset
+NAME: my-release
+...
+```
+
+### Helm v3 Compatibility
+
+Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) |
+| args.metricsAddr | int | `8080` | The default metric address |
+| args.probeBindAddr | int | `8081` | The default health check port |
+| args.enableLeaderElection | bool | `false` | The default leader election setting |
+| args.namespace | string | `argocd` | The default Argo CD repo namespace |
+| args.argocdRepoServer | string | `argocd-repo-server:8081` | The default Argo CD repo server address |
+| args.policy | string | `sync` | How application is synced between the generator and the cluster |
+| args.debug | bool | `false` | Print debug logs |
+| args.dryRun | bool | `false` | Enable dry run mode |
+| fullnameOverride | string | `""` | Override the default fully qualified app name |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
+| installCRDs | bool | `true` | Install Custom Resource Definition |
+| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume |
+| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume |
+| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume |
+| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` |
+| nameOverride | string | `""` | Provide a name in place of `argo-applicationset` |
+| nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
+| podAnnotations | object | `{}` | Annotations for the controller pods |
+| podSecurityContext | object | `{}` | Pod Security Context |
+| rbac.pspEnabled | bool | `true` | Enable Pod Security Policy |
+| replicaCount | int | `1` | The number of controller pods to run |
+| resources | object | `{}` | Resource limits and requests for the controller pods. |
+| securityContext | object | `{}` | Security Context |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use.  If not set and create is true, a name is generated using the fullname template |
+| tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |

charts/argo-applicationset/templates/_helpers.tpl

@@ -1,8 +1,7 @@
-{{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "argocd-image-updater.name" -}}
+{{- define "argo-applicationset.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -11,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "argocd-image-updater.fullname" -}}
+{{- define "argo-applicationset.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -24,46 +23,42 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 
-{{/*
-Override .Release.Namespace 
-*/}}
-{{- define "argocd-image-updater.namespace" -}}
-{{- default .Release.Namespace .Values.namespaceOverride }}
-{{- end }}
-
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "argocd-image-updater.chart" -}}
+{{- define "argo-applicationset.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "argocd-image-updater.labels" -}}
-helm.sh/chart: {{ include "argocd-image-updater.chart" . }}
-{{ include "argocd-image-updater.selectorLabels" . }}
+{{- define "argo-applicationset.labels" -}}
+helm.sh/chart: {{ include "argo-applicationset.chart" . }}
+{{ include "argo-applicationset.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | trunc 63 | quote }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
+app.kubernetes.io/part-of: argo-cd-applicationset
+app.kubernetes.io/component: controller
 {{- end }}
 
 {{/*
 Selector labels
 */}}
-{{- define "argocd-image-updater.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "argocd-image-updater.name" . }}
+{{- define "argo-applicationset.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "argocd-image-updater.serviceAccountName" -}}
+{{- define "argo-applicationset.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "argocd-image-updater.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "argo-applicationset.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

charts/argo-applicationset/templates/crds.yaml

@@ -0,0 +1,6 @@
+{{- if .Values.installCRDs }}
+{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
+{{ $.Files.Get $path }}
+---
+{{- end }}
+{{- end }}

charts/argo-applicationset/templates/deployment.yaml

@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "argo-applicationset.fullname" . }}
+  labels:
+    {{- include "argo-applicationset.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "argo-applicationset.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "argo-applicationset.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "argo-applicationset.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          command:
+            - applicationset-controller
+            - --metrics-addr={{ .Values.args.metricsAddr }}
+            - --probe-addr={{ .Values.args.probeBindAddr }}
+            {{- if or (gt ( .Values.replicaCount | int64) 1) .Values.args.enableLeaderElection }}
+            - --enable-leader-election=true
+            {{- end }}
+            - --namespace={{ .Values.args.namespace }}
+            - --argocd-repo-server={{ .Values.args.argocdRepoServer }}
+            - --policy={{ .Values.args.policy }}
+            - --debug={{ .Values.args.debug }}
+            - --dry-run={{ .Values.args.dryRun }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ (split ":" .Values.args.probeBindAddr)._1 }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            {{- if .Values.mountSSHKnownHostsVolume }}
+            - mountPath: /app/config/ssh
+              name: ssh-known-hosts
+            {{- end }}
+            {{- if .Values.mountTLSCertsVolume }}
+            - mountPath: /app/config/tls
+              name: tls-certs
+            {{- end }}
+            {{- if .Values.mountGPGKeysVolume }}
+            - mountPath: /app/config/gpg/source
+              name: gpg-keys
+            {{- end }}
+            {{- if .Values.mountGPGKeyringVolume }}
+            - mountPath: /app/config/gpg/keys
+              name: gpg-keyring
+            {{- end }}
+      volumes:
+      {{- if .Values.mountSSHKnownHostsVolume }}
+      - configMap:
+          name: argocd-ssh-known-hosts-cm
+        name: ssh-known-hosts
+      {{- end }}
+      {{- if .Values.mountTLSCertsVolume }}
+      - configMap:
+          name: argocd-tls-certs-cm
+        name: tls-certs
+      {{- end }}
+      {{- if .Values.mountGPGKeysVolume }}
+      - configMap:
+          name: argocd-gpg-keys-cm
+        name: gpg-keys
+      {{- end }}
+      {{- if .Values.mountGPGKeyringVolume }}
+      - emptyDir: {}
+        name: gpg-keyring
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/argo-applicationset/templates/psp.yaml

@@ -0,0 +1,57 @@
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "argo-applicationset.fullname" . }}
+  labels:
+    {{- include "argo-applicationset.labels" . | nindent 4 }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: false
+  hostIPC: false
+  hostNetwork: false
+  hostPID: false
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: false
+  allowedCapabilities:
+    - '*'
+  fsGroup:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - '*'
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "argo-applicationset.fullname" . }}-psp
+  labels:
+    {{- include "argo-applicationset.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames:
+      - {{ template "argo-applicationset.fullname" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "argo-applicationset.fullname" . }}-psp
+  labels:
+    {{- include "argo-applicationset.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "argo-applicationset.fullname" . }}-psp
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "argo-applicationset.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/argo-applicationset/templates/rbac.yaml

@@ -1,15 +1,15 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  name: {{ include "argo-applicationset.fullname" . }}
   labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
+    {{- include "argo-applicationset.labels" . | nindent 4 }}
 rules:
   - apiGroups:
     - argoproj.io
     resources:
     - applications
+    - appprojects
     - applicationsets
     - applicationsets/finalizers
     verbs:
@@ -28,40 +28,23 @@ rules:
     - get
     - patch
     - update
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - appprojects
-    verbs:
-    - get
-    - list
-    - watch
   - apiGroups:
     - ""
     resources:
     - events
     verbs:
     - create
-    - get
-    - list
-    - patch
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - configmaps
-    verbs:
-    - create
-    - update
     - delete
     - get
     - list
     - patch
+    - update
     - watch
   - apiGroups:
     - ""
     resources:
     - secrets
+    - configmaps
     verbs:
     - get
     - list
@@ -75,15 +58,17 @@ rules:
     - get
     - list
     - watch
-  - apiGroups:
-    - coordination.k8s.io
-    resources:
-    - leases
-    verbs:
-    - create
-    - delete
-    - get
-    - list
-    - patch
-    - update
-    - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "argo-applicationset.fullname" . }}
+  labels:
+    {{- include "argo-applicationset.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "argo-applicationset.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "argo-applicationset.serviceAccountName" . }}

charts/argo-applicationset/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "argo-applicationset.serviceAccountName" . }}
+  labels:
+    {{- include "argo-applicationset.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/argo-applicationset/values.yaml

@@ -0,0 +1,77 @@
+# Default values for argo-applicationset.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+installCRDs: true
+
+image:
+  # The image repository
+  repository: quay.io/argocdapplicationset/argocd-applicationset
+  # Image pull policy
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+args:
+  metricsAddr: :8080
+  probeBindAddr: :8081
+  enableLeaderElection: false
+  namespace: argocd
+  argocdRepoServer: argocd-repo-server:8081
+  policy: sync
+  debug: false
+  dryRun: false
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+rbac:
+  pspEnabled: true
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+mountSSHKnownHostsVolume: true
+mountTLSCertsVolume: true
+mountGPGKeysVolume: false
+mountGPGKeyringVolume: true

charts/argo-cd/.helmignore

@@ -1,4 +1,2 @@
 /*.tgz
 output
-ci/
-*.gotmpl

charts/argo-cd/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
   repository: https://dandydeveloper.github.io/charts/
-  version: 4.29.4
-digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
-generated: "2024-11-13T09:07:36.494128+09:00"
+  version: 4.10.1
+digest: sha256:e1e0526ad009ecc065df937b48c4e0e5877e5194242c7888b1dc4467775f2663
+generated: "2021-04-01T08:36:01.324672-07:00"

charts/argo-cd/Chart.yaml

@@ -1,30 +1,21 @@
 apiVersion: v2
-appVersion: v2.14.2
-kubeVersion: ">=1.25.0-0"
+appVersion: 2.0.0
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.8.3
+version: 3.1.0
 home: https://github.com/argoproj/argo-helm
-icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
-sources:
-  - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
-  - https://github.com/argoproj/argo-cd
+icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
   - argoproj
   - argocd
   - gitops
 maintainers:
-  - name: argoproj
-    url: https://argoproj.github.io/
+  - name: alexec
+  - name: alexmt
+  - name: jessesuen
+  - name: seanson
 dependencies:
   - name: redis-ha
-    version: 4.29.4
+    version: 4.10.1
     repository: https://dandydeveloper.github.io/charts/
     condition: redis-ha.enabled
-annotations:
-  artifacthub.io/signKey: |
-    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
-    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
-  artifacthub.io/changes: |
-    - kind: changed
-      description: Bump dex version to v2.42.0

charts/argo-cd/README.md.gotmpl

@@ -1,863 +0,0 @@
-# Argo CD Chart
-
-A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
-
-Source code can be found here:
-
-{{ template "chart.sourcesList" . }}
-
-This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes.
-
-The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
-
-If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
-For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
-
-## High Availability
-
-This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections.
-Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail.
-
-> **Warning:**
-> You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes.
-
-### HA mode with autoscaling
-
-```yaml
-redis-ha:
-  enabled: true
-
-controller:
-  replicas: 1
-
-server:
-  autoscaling:
-    enabled: true
-    minReplicas: 2
-
-repoServer:
-  autoscaling:
-    enabled: true
-    minReplicas: 2
-
-applicationSet:
-  replicas: 2
-```
-
-### HA mode without autoscaling
-
-```yaml
-redis-ha:
-  enabled: true
-
-controller:
-  replicas: 1
-
-server:
-  replicas: 2
-
-repoServer:
-  replicas: 2
-
-applicationSet:
-  replicas: 2
-```
-
-## Ingress configuration
-
-Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples
-below corespond to their respective sections.
-
-### SSL-Passthrough
-
-The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place.
-
-```yaml
-global:
-  domain: argocd.example.com
-
-certificate:
-  enabled: true
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-    tls: true
-```
-
-### SSL Termination at Ingress Controller
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-    extraTls:
-      - hosts:
-        - argocd.example.com
-        # Based on the ingress controller used secret might be optional
-        secretName: wildcard-tls
-```
-
-> **Note:**
-> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section.
-
-### Multiple ingress resources for gRPC protocol support
-
-Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour).
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: contour-internal
-    extraTls:
-      - hosts:
-        - argocd.example.com
-        secretName: wildcard-tls
-
-   ingressGrpc:
-     enabled: true
-     ingressClassName: contour-internal
-     extraTls:
-      - hosts:
-        - grpc.argocd.example.com
-        secretName: wildcard-tls
-```
-
-### Multiple ingress domains
-
-```yaml
-global:
-  domain: argocd.example.com
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      cert-manager.io/cluster-issuer: "<my-issuer>"
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-    tls: true
-    extraHosts:
-      - name: argocd-alias.example.com
-        path: /
-```
-
-### AWS Application Load Balancer
-
-Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode).
-The provided example assumes you are using TLS off-loading via AWS ACM service.
-
-> **Note:**
-> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section.
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  ingress:
-    enabled: true
-    controller: aws
-    ingressClassName: alb
-    annotations:
-      alb.ingress.kubernetes.io/scheme: internal
-      alb.ingress.kubernetes.io/target-type: ip
-      alb.ingress.kubernetes.io/backend-protocol: HTTP
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
-      alb.ingress.kubernetes.io/ssl-redirect: '443'
-    aws:
-      serviceType: ClusterIP # <- Used with target-type: ip
-      backendProtocolVersion: GRPC
-```
-
-### GKE Application Load Balancer
-
-The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations
-automatically if you provide configuration for GKE resources.
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  service:
-    annotations:
-      cloud.google.com/neg: '{"ingress": true}'
-      cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
-
-  ingress:
-    enabled: true
-    controller: gke
-    gke:
-      backendConfig:
-        healthCheck:
-          checkIntervalSec: 30
-          timeoutSec: 5
-          healthyThreshold: 1
-          unhealthyThreshold: 2
-          type: HTTP
-          requestPath: /healthz
-          port: 8080
-      frontendConfig:
-        redirectToHttps:
-          enabled: true  
-      managedCertificate:
-        enabled: true
-```
-
-
-## Synchronizing Changes from Original Repository
-
-In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
-
-When installing Argo CD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`.
-
-To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`:
-
-https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket
-
-Or you clone the repository and do a local `git-diff`:
-
-```bash
-git clone https://github.com/argoproj/argo-cd.git
-cd argo-cd
-git diff v1.8.7 v2.0.0 -- manifests/install.yaml
-```
-
-Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds).
-
-### Custom resource definitions
-
-Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart.
-
-Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `<chart>/templates` to address this design decision.
-
-If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
-
-```bash
-kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVersion>"
-
-# Eg. version v2.4.9
-kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
-```
-
-## Changelog
-
-For full list of changes please check ArtifactHub [changelog].
-
-Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
-
-### 7.0.0
-
-We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
-If you used the value, please migrate like below.
-
-```yaml
-# before
-configs:
-  clusterCredentials:
-    - mycluster:
-      server: https://mycluster.example.com
-      labels: {}
-      annotations: {}
-      # ...
-
-# after
-configs:
-  clusterCredentials:
-    mycluster:
-      server: https://mycluster.example.com
-      labels: {}
-      annotations: {}
-      # ...
-```
-
-### 6.10.0
-
-This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
-
-#### How to rotate Redis secret?
-
-Upstream steps in the [FAQ] are not enough, since we chose a different approach.
-(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
-
-Steps to rotate the secret when using the helm chart (bold step is additional to upstream):
-* Delete `argocd-redis` secret in the namespace where Argo CD is installed. 
-  ```bash
-  kubectl delete secret argocd-redis -n <argocd namespace>
-  ```
-* **Perform a helm upgrade**
-  ```bash
-  helm upgrade argocd argo/argo-cd --reuse-values --wait
-  ```
-* If you are running Redis in HA mode, restart Redis in HA.
-  ```bash
-  kubectl rollout restart deployment argocd-redis-ha-haproxy
-  kubectl rollout restart statefulset argocd-redis-ha-server
-  ```
-* If you are running Redis in non-HA mode, restart Redis.
-  ```bash
-  kubectl rollout restart deployment argocd-redis
-  ```
-* Restart other components.
-  ```bash
-  kubectl rollout restart deployment argocd-server argocd-repo-server
-  kubectl rollout restart statefulset argocd-application-controller
-  ```
-
-### 6.9.0
-ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).  
-
-### 6.4.0
-
-Added support for application controller dynamic cluster distribution.
-Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
-
-Added env variables to handle the non-standard names generated by the helm chart.
-Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
-and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
-
-### 6.1.0
-
-Added support for global domain used by all components.
-
-### 6.0.0
-
-This version **removes support for**:
-
-* deprecated component options `logLevel` and `logFormat`
-* deprecated component arguments `<components>.args.<feature>` that were replaced with `configs.params`
-* deprecated configuration `server.config` that was replaced with `configs.cm`
-* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac`
-
-Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations.
-Please review your setup and adjust to new configuration options:
-
-* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname
-* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path
-* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname
-* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `<hostname>-tls` secret when `tls: true`
-* additional hostnames and routing can be provided via `extraHosts` configuration section
-* additional TLS secrets can be provided via `extraTls` configuration section
-
-Please refer to [ingress configuration](#ingress-configuration) for examples.
-
-### 5.53.0
-
-Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
-
-### 5.52.0
-
-Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
-If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
-
-### 5.35.0
-
-This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
-
-Please see more information about EoL: [Amazon EKS EoL][EKS EoL].
-
-
-### 5.31.0
-The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility.
-This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later.
-In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start.
-
-### 5.26.0
-
-This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. 
-Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics.
-
-To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`.
-You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also.
-
-### 5.24.0
-
-This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
-Default `global.affinity` rules can be disabled when `none` value is used for the preset.
-
-### 5.22.0
-
-This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
-
-### 5.19.0
-
-This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections.
-You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories.
-
-### 5.13.0
-
-This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
-
-### 5.12.0
-
-If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead.
-For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`.
-For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys.
-
-### 5.10.0
-
-This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly.
-The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project.
-
-### 5.7.0
-
-This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively.
-Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`.
-If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes.
-
-### 5.5.20
-
-This version moved API version templates into dedicated helper. If you are using these in your umbrella
-chart please migrate your templates to pattern `argo-cd.apiVersion.<component>`.
-
-### 5.5.0
-
-This version introduces new `configs.params` section that replaces command line arguments for containers.
-Please refer to documentation in values.yaml for migrating the configuration.
-
-### 5.2.0
-
-Custom resource definitions were moved to `templates` folder so they can be managed by Helm.
-
-To adopt already created CRDs, please use following command:
-
-```bash
-YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd
-YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd
-
-for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do
-  kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm
-  kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE"
-  kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME"
-done
-```
-
-### 5.0.0
-
-This version **removes support for**:
-
-- deprecated repository credentials (parameter `configs.repositoryCredentials`)
-- option to run application controller as a Deployment
-- the parameters `server.additionalApplications` and `server.additionalProjects`
-
-Please carefully read the following section if you are using these parameters!
-
-In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps).
-
-If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below:
-
-1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart
-
-You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`.
-
-e.g:
-
-```yaml
-server:
-  additionalApplications:
-    - name: guestbook
-      namespace: argocd
-      additionalLabels: {}
-      additionalAnnotations:
-        "helm.sh/resource-policy": keep # <-- add this
-      finalizers:
-      - resources-finalizer.argocd.argoproj.io
-      project: guestbook
-      source:
-        repoURL: https://github.com/argoproj/argocd-example-apps.git
-        targetRevision: HEAD
-        path: guestbook
-        directory:
-          recurse: true
-      destination:
-        server: https://kubernetes.default.svc
-        namespace: guestbook
-      syncPolicy:
-        automated:
-          prune: false
-          selfHeal: false
-      ignoreDifferences:
-      - group: apps
-        kind: Deployment
-        jsonPointers:
-        - /spec/replicas
-      info:
-      - name: url
-        value: https://argoproj.github.io/
-```
-
-You can also keep your existing CRDs by running the following scripts.
-
-```bash
-# keep Applications
-for app in "guestbook"; do
-  kubectl annotate --overwrite application $app helm.sh/resource-policy=keep
-done
-
-# keep Projects
-for project in "guestbook"; do
-  kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep
-done
-```
-
-2. Upgrade argo-cd Helm chart to v5.0.0
-
-3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource)
-
-```bash
-# delete annotations from Applications
-for app in "guestbook"; do
-  kubectl annotate --overwrite application $app helm.sh/resource-policy-
-done
-
-# delete annotations from Projects
-for project in "guestbook"; do
-  kubectl annotate --overwrite appproject $project helm.sh/resource-policy-
-done
-```
-
-4. Adopt existing resources to [argocd-apps](../argocd-apps)
-
-### 4.9.0
-
-This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller`
-
-### 4.3.*
-
-With this minor version, the notification notifier's `service.slack` is no longer configured by default.
-
-### 4.0.0 and above
-
-This helm chart version deploys Argo CD v2.3. The Argo CD Notifications and ApplicationSet are part of Argo CD now. You no longer need to install them separately. The Notifications and ApplicationSet components **are bundled into default** Argo CD installation.
-Please read the [v2.2 to 2.3 upgrade instructions] in the upstream repository.
-
-### 3.13.0
-
-This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of Argo CD, it can be passed via the `server.extraArgs` field
-
-### 3.10.2
-
-Argo CD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default
-It can be re-enabled by setting `server.staticAssets.enabled` to true
-
-### 3.8.1
-
-This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization:
-
-```yaml
-# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name)
-repoServer:
-  serviceAccount:
-    create: true
-
-# Case 2)
-controller:
-  serviceAccount:
-    name: "" # or <nil>
-
-# Case 3)
-dex:
-  serviceAccount:
-    name: "" # or <nil>
-
-# Case 4)
-server:
-  serviceAccount:
-    name: "" # or <nil>
-```
-
-Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE)
-
-### 3.2.*
-
-With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
-[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an Argo CD instance**,
-especially deploying on clusters running a cluster version prior to `1.19` (which misses  `Ingress` on apiVersion `networking.k8s.io/v1`).
-
-If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like:
-
-```yaml
-kubeVersionOverride: "1.18.0"
-```
-
-Then you should no longer encounter this issue.
-
-
-### 3.0.0 and above
-
-Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3.
-
-### 2.14.7 and above
-
-The `matchLabels` key in the Argo CD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
-
-### 2.10.x to 2.11.0
-
-The application controller is now available as a `StatefulSet` when the `controller.enableStatefulSet` flag is set to true. Depending on your Helm deployment this may be a downtime or breaking change if enabled when using HA and will become the default in 3.x.
-
-### 1.8.7 to 2.x.x
-
-`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs`  are now arrays of strings instead of a map
-
-What was
-
-```yaml
-server:
-  extraArgs:
-    insecure: ""
-```
-
-is now
-
-```yaml
-server:
-  extraArgs:
-  - --insecure
-```
-
-## Prerequisites
-
-- {{ template "chart.kubeVersionLine" . }}
-  - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach.
-  - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info.
-- Helm v3.0.0+
-
-## Installing the Chart
-
-To install the chart with the release name `my-release`:
-
-```console
-$ helm repo add argo https://argoproj.github.io/argo-helm
-"argo" has been added to your repositories
-
-$ helm install my-release argo/argo-cd
-NAME: my-release
-...
-```
-
-## General parameters
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if not (or  (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Global Configs
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "global" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Argo CD Configs
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "configs" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Argo CD Controller
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "controller" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Argo Repo Server
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "repoServer" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Argo Server
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if and (hasPrefix "server" .Key) (not (hasPrefix "server.additional" .Key)) }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Dex
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "dex" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Redis
-
-### Option 1 - Single Redis instance (default option)
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "redis." .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-### Option 2 - Redis HA
-
-This option uses the following third-party chart to bootstrap a clustered Redis: https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha.
-For all available configuration options, please read upstream README and/or chart source.
-The main options are listed here:
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "redis-ha" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image |
-| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag |
-| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository |
-| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag |
-| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository |
-
-### Option 3 - External Redis
-
-If you want to use an existing Redis (eg. a managed service from a cloud provider), you can use these parameters:
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "externalRedis" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-### Redis secret-init
-
-The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
-If you use an External Redis (See Option 3 above), this Job is not deployed.
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "redisSecretInit" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## ApplicationSet
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "applicationSet" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Notifications
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "notifications" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-## Commit server (Manifest Hydrator)
-
-The Argo CD Commit Server provides push access to git repositories for hydrated manifests.
-
-To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator].
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "commitServer" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
-
-[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
-[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
-[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
-[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
-[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
-[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
-[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
-[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
-[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
-[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
-[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
-[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
-[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
-[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
-[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
-[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
-[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
-[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
-[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
-[values.yaml]: values.yaml
-[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
-[tini]: https://github.com/argoproj/argo-cd/pull/12707
-[EKS EoL]: https://endoflife.date/amazon-eks
-[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
-[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
-[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
-[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
-[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
-[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md

charts/argo-cd/ci/default-values.yaml

@@ -1,3 +0,0 @@
-# Test with default values
-crds:
-  keep: false

charts/argo-cd/ci/dynamic-sharding-values.yaml

@@ -1,6 +0,0 @@
-# Test application controller dynamic cluster distribution
-crds:
-  keep: false
-
-controller:
-  dynamicClusterDistribution: true

charts/argo-cd/ci/extension-values.yaml

@@ -1,14 +0,0 @@
-# Test Argo CD extension
-crds:
-  keep: false
-# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension
-server:
-  extensions:
-    enabled: true
-    extensionList:
-      - name: extension-metrics
-        env:
-          - name: EXTENSION_URL
-            value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
-          - name: EXTENSION_CHECKSUM_URL
-            value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt

charts/argo-cd/ci/external-redis-values.yaml

@@ -1,12 +0,0 @@
-crds:
-  keep: false
-
-redis:
-  enabled: false
-
-redis-ha:
-  enabled: false
-
-externalRedis:
-  host: "redis-master.redis.svc.cluster.local"
-  password: "argocd"

charts/argo-cd/ci/ha-autoscaling-values.yaml

@@ -1,16 +0,0 @@
-# Test High Availability with autoscaling
-crds:
-  keep: false
-
-redis-ha:
-  enabled: true
-
-server:
-  autoscaling:
-    enabled: true
-    minReplicas: 2
-
-repoServer:
-  autoscaling:
-    enabled: true
-    minReplicas: 2

charts/argo-cd/ci/ha-static-values.yaml

@@ -1,12 +0,0 @@
-# Test High Availability without autoscaling
-crds:
-  keep: false
-
-redis-ha:
-  enabled: true
-
-server:
-  replicas: 2
-
-repoServer:
-  replicas: 2

charts/argo-cd/ci/with-commit-server-values.yaml

@@ -1,3 +0,0 @@
-# Test Argo CD with optional component "commit-server"
-commitServer:
-  enabled: true

charts/argo-cd/crds/crd-project.yaml

@@ -1,21 +1,12 @@
-{{- if .Values.crds.install }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  annotations:
-    {{- if .Values.crds.keep }}
-    "helm.sh/resource-policy": keep
-    {{- end }}
-    {{- with .Values.crds.annotations }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
   labels:
     app.kubernetes.io/name: appprojects.argoproj.io
     app.kubernetes.io/part-of: argocd
-    {{- with .Values.crds.additionalLabels }}
-      {{- toYaml . | nindent 4}}
-    {{- end }}
   name: appprojects.argoproj.io
+  annotations:
+    helm.sh/hook: crd-install
 spec:
   group: argoproj.io
   names:
@@ -29,30 +20,17 @@ spec:
   scope: Namespaced
   versions:
   - name: v1alpha1
+    served: true
+    storage: true
     schema:
       openAPIV3Schema:
-        description: |-
-          AppProject provides a logical grouping of applications, providing controls for:
-          * where the apps may deploy to (cluster whitelist)
-          * what may be deployed (repository whitelist, resource whitelist/blacklist)
-          * who can access these applications (roles, OIDC group claims bindings)
-          * and what they can do (RBAC policies)
-          * automation access to these roles (JWT tokens)
+        description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
         properties:
           apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
@@ -60,12 +38,9 @@ spec:
             description: AppProjectSpec is the specification of an AppProject
             properties:
               clusterResourceBlacklist:
-                description: ClusterResourceBlacklist contains list of blacklisted
-                  cluster level resources
+                description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
                 items:
-                  description: |-
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
-                    concepts during lookup stages without having partially valid types
+                  description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
                   properties:
                     group:
                       type: string
@@ -77,12 +52,9 @@ spec:
                   type: object
                 type: array
               clusterResourceWhitelist:
-                description: ClusterResourceWhitelist contains list of whitelisted
-                  cluster level resources
+                description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
                 items:
-                  description: |-
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
-                    concepts during lookup stages without having partially valid types
+                  description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
                   properties:
                     group:
                       type: string
@@ -96,63 +68,26 @@ spec:
               description:
                 description: Description contains optional project description
                 type: string
-              destinationServiceAccounts:
-                description: DestinationServiceAccounts holds information about the
-                  service accounts to be impersonated for the application sync operation
-                  for each destination.
-                items:
-                  description: ApplicationDestinationServiceAccount holds information
-                    about the service account to be impersonated for the application
-                    sync operation.
-                  properties:
-                    defaultServiceAccount:
-                      description: DefaultServiceAccount to be used for impersonation
-                        during the sync operation
-                      type: string
-                    namespace:
-                      description: Namespace specifies the target namespace for the
-                        application's resources.
-                      type: string
-                    server:
-                      description: Server specifies the URL of the target cluster's
-                        Kubernetes control plane API.
-                      type: string
-                  required:
-                  - defaultServiceAccount
-                  - server
-                  type: object
-                type: array
               destinations:
-                description: Destinations contains list of destinations available
-                  for deployment
+                description: Destinations contains list of destinations available for deployment
                 items:
-                  description: ApplicationDestination holds information about the
-                    application's destination
+                  description: ApplicationDestination contains deployment destination information
                   properties:
                     name:
-                      description: Name is an alternate way of specifying the target
-                        cluster by its symbolic name. This must be set if Server is
-                        not set.
+                      description: Name of the destination cluster which can be used instead of server (url) field
                       type: string
                     namespace:
-                      description: |-
-                        Namespace specifies the target namespace for the application's resources.
-                        The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
+                      description: Namespace overrides the environment namespace value in the ksonnet app.yaml
                       type: string
                     server:
-                      description: Server specifies the URL of the target cluster's
-                        Kubernetes control plane API. This must be set if Name is
-                        not set.
+                      description: Server overrides the environment server value in the ksonnet app.yaml
                       type: string
                   type: object
                 type: array
               namespaceResourceBlacklist:
-                description: NamespaceResourceBlacklist contains list of blacklisted
-                  namespace level resources
+                description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
                 items:
-                  description: |-
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
-                    concepts during lookup stages without having partially valid types
+                  description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
                   properties:
                     group:
                       type: string
@@ -164,12 +99,9 @@ spec:
                   type: object
                 type: array
               namespaceResourceWhitelist:
-                description: NamespaceResourceWhitelist contains list of whitelisted
-                  namespace level resources
+                description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
                 items:
-                  description: |-
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
-                    concepts during lookup stages without having partially valid types
+                  description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
                   properties:
                     group:
                       type: string
@@ -181,15 +113,10 @@ spec:
                   type: object
                 type: array
               orphanedResources:
-                description: OrphanedResources specifies if controller should monitor
-                  orphaned resources of apps in this project
+                description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
                 properties:
                   ignore:
-                    description: Ignore contains a list of resources that are to be
-                      excluded from orphaned resources monitoring
                     items:
-                      description: OrphanedResourceKey is a reference to a resource
-                        to be ignored from
                       properties:
                         group:
                           type: string
@@ -200,36 +127,26 @@ spec:
                       type: object
                     type: array
                   warn:
-                    description: Warn indicates if warning condition should be created
-                      for apps which have orphaned resources
+                    description: Warn indicates if warning condition should be created for apps which have orphaned resources
                     type: boolean
                 type: object
-              permitOnlyProjectScopedClusters:
-                description: PermitOnlyProjectScopedClusters determines whether destinations
-                  can only reference clusters which are project-scoped
-                type: boolean
               roles:
-                description: Roles are user defined RBAC roles associated with this
-                  project
+                description: Roles are user defined RBAC roles associated with this project
                 items:
-                  description: ProjectRole represents a role that has access to a
-                    project
+                  description: ProjectRole represents a role that has access to a project
                   properties:
                     description:
                       description: Description is a description of the role
                       type: string
                     groups:
-                      description: Groups are a list of OIDC group claims bound to
-                        this role
+                      description: Groups are a list of OIDC group claims bound to this role
                       items:
                         type: string
                       type: array
                     jwtTokens:
-                      description: JWTTokens are a list of generated JWT tokens bound
-                        to this role
+                      description: JWTTokens are a list of generated JWT tokens bound to this role
                       items:
-                        description: JWTToken holds the issuedAt and expiresAt values
-                          of a token
+                        description: JWTToken holds the issuedAt and expiresAt values of a token
                         properties:
                           exp:
                             format: int64
@@ -247,8 +164,7 @@ spec:
                       description: Name is a name for this role
                       type: string
                     policies:
-                      description: Policies Stores a list of casbin formatted strings
-                        that define access policies for the role in the project
+                      description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
                       items:
                         type: string
                       type: array
@@ -257,11 +173,9 @@ spec:
                   type: object
                 type: array
               signatureKeys:
-                description: SignatureKeys contains a list of PGP key IDs that commits
-                  in Git must be signed with in order to be allowed for sync
+                description: List of PGP key IDs that commits to be synced to must be signed with
                 items:
-                  description: SignatureKey is the specification of a key required
-                    to verify commit signatures with
+                  description: SignatureKey is the specification of a key required to verify commit signatures with
                   properties:
                     keyID:
                       description: The ID of the key in hexadecimal notation
@@ -270,99 +184,75 @@ spec:
                   - keyID
                   type: object
                 type: array
-              sourceNamespaces:
-                description: SourceNamespaces defines the namespaces application resources
-                  are allowed to be created in
-                items:
-                  type: string
-                type: array
               sourceRepos:
-                description: SourceRepos contains list of repository URLs which can
-                  be used for deployment
+                description: SourceRepos contains list of repository URLs which can be used for deployment
                 items:
                   type: string
                 type: array
               syncWindows:
-                description: SyncWindows controls when syncs can be run for apps in
-                  this project
+                description: SyncWindows controls when syncs can be run for apps in this project
                 items:
-                  description: SyncWindow contains the kind, time, duration and attributes
-                    that are used to assign the syncWindows to apps
+                  description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
                   properties:
                     applications:
-                      description: Applications contains a list of applications that
-                        the window will apply to
+                      description: Applications contains a list of applications that the window will apply to
                       items:
                         type: string
                       type: array
                     clusters:
-                      description: Clusters contains a list of clusters that the window
-                        will apply to
+                      description: Clusters contains a list of clusters that the window will apply to
                       items:
                         type: string
                       type: array
                     duration:
-                      description: Duration is the amount of time the sync window
-                        will be open
+                      description: Duration is the amount of time the sync window will be open
                       type: string
                     kind:
                       description: Kind defines if the window allows or blocks syncs
                       type: string
                     manualSync:
-                      description: ManualSync enables manual syncs when they would
-                        otherwise be blocked
+                      description: ManualSync enables manual syncs when they would otherwise be blocked
                       type: boolean
                     namespaces:
-                      description: Namespaces contains a list of namespaces that the
-                        window will apply to
+                      description: Namespaces contains a list of namespaces that the window will apply to
                       items:
                         type: string
                       type: array
                     schedule:
-                      description: Schedule is the time the window will begin, specified
-                        in cron format
-                      type: string
-                    timeZone:
-                      description: TimeZone of the sync that will be applied to the
-                        schedule
+                      description: Schedule is the time the window will begin, specified in cron format
                       type: string
                   type: object
                 type: array
             type: object
           status:
-            description: AppProjectStatus contains status information for AppProject
-              CRs
+            description: Status of the AppProject
             properties:
               jwtTokensByRole:
+                description: JWT Tokens issued for each of the roles in the project
                 additionalProperties:
-                  description: JWTTokens represents a list of JWT tokens
                   properties:
                     items: 
+                      description: List of JWT Tokens issued for the role
                       items: 
-                        description: JWTToken holds the issuedAt and expiresAt values
-                          of a token
+                        description: Holds the issuedAt and expiresAt values of the token
                         properties:
                           exp:
+                            description: The expiresAt value of a token
                             format: int64
                             type: integer
                           iat:
+                            description: The issuedAt value of a token
                             format: int64
                             type: integer
                           id:
+                            description: ID of the token
                             type: string
-                        required:
-                        - iat
                         type: object
                       type: array
                   type: object
-                description: JWTTokensByRole contains a list of JWT tokens issued
-                  for a given role
                 type: object
             type: object
         required:
         - metadata
         - spec
         type: object
-    served: true
-    storage: true
-{{- end }}

charts/argo-cd/templates/NOTES.txt

@@ -1,22 +1,15 @@
 In order to access the server UI you have the following options:
 
-1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include  "argo-cd.namespace" . }} 8080:443
+1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
 
     and then open the browser on http://localhost:8080 and accept the certificate
 
 2. enable ingress in the values file `server.ingress.enabled` and either
-      - Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
-      - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
+      - Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough
+      - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
 
 
-{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
-After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
+After reaching the UI the first time you can login with username: admin and the password will be the
+name of the server pod. You can get the pod name by running:
 
-kubectl -n {{ include  "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
-
-(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
-{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
-After reaching the UI the first time you can login using Dex or OIDC.
-{{ else -}}
-After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`.
-{{ end -}}
+kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2

charts/argo-cd/templates/_common.tpl

@@ -1,147 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "argo-cd.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "argo-cd.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "argo-cd.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create Argo CD app version
-*/}}
-{{- define "argo-cd.defaultTag" -}}
-{{- default .Chart.AppVersion .Values.global.image.tag }}
-{{- end -}}
-
-{{/*
-Return valid version label
-*/}}
-{{- define "argo-cd.versionLabelValue" -}}
-{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "argo-cd.labels" -}}
-helm.sh/chart: {{ include "argo-cd.chart" .context }}
-{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
-app.kubernetes.io/managed-by: {{ .context.Release.Service }}
-app.kubernetes.io/part-of: argocd
-app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }}
-{{- with .context.Values.global.additionalLabels }}
-{{ toYaml . }}
-{{- end }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "argo-cd.selectorLabels" -}}
-{{- if .name -}}
-app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }}
-{{ end -}}
-app.kubernetes.io/instance: {{ .context.Release.Name }}
-{{- if .component }}
-app.kubernetes.io/component: {{ .component }}
-{{- end }}
-{{- end }}
-
-{{/*
-Common affinity definition
-Pod affinity
-  - Soft prefers different nodes
-  - Hard requires different nodes and prefers different availibility zones
-Node affinity
-  - Soft prefers given user expressions
-  - Hard requires given user expressions
-*/}}
-{{- define "argo-cd.affinity" -}}
-{{- with .component.affinity -}}
-  {{- toYaml . -}}
-{{- else -}}
-{{- $preset := .context.Values.global.affinity -}}
-{{- if (eq $preset.podAntiAffinity "soft") }}
-podAntiAffinity:
-  preferredDuringSchedulingIgnoredDuringExecution:
-  - weight: 100
-    podAffinityTerm:
-      labelSelector:
-        matchLabels:
-          app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
-      topologyKey: kubernetes.io/hostname
-{{- else if (eq $preset.podAntiAffinity "hard") }}
-podAntiAffinity:
-  preferredDuringSchedulingIgnoredDuringExecution:
-  - weight: 100
-    podAffinityTerm:
-      labelSelector:
-        matchLabels:
-          app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
-      topologyKey: topology.kubernetes.io/zone
-  requiredDuringSchedulingIgnoredDuringExecution:
-  - labelSelector:
-      matchLabels:
-        app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
-    topologyKey: kubernetes.io/hostname
-{{- end }}
-{{- with $preset.nodeAffinity.matchExpressions }}
-{{- if (eq $preset.nodeAffinity.type "soft") }}
-nodeAffinity:
-  preferredDuringSchedulingIgnoredDuringExecution:
-  - weight: 1
-    preference:
-      matchExpressions:
-      {{- toYaml . | nindent 6 }}
-{{- else if (eq $preset.nodeAffinity.type "hard") }}
-nodeAffinity:
-  requiredDuringSchedulingIgnoredDuringExecution:
-    nodeSelectorTerms:
-    - matchExpressions:
-      {{- toYaml . | nindent 6 }}
-{{- end }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Common deployment strategy definition
-- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite
-*/}}
-{{- define "argo-cd.strategy" -}}
-{{- $preset := . -}}
-{{- if (eq (toString $preset.type) "Recreate") }}
-type: Recreate
-{{- else if (eq (toString $preset.type) "RollingUpdate") }}
-type: RollingUpdate
-{{- with $preset.rollingUpdate }}
-rollingUpdate:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-{{- end }}
-{{- end -}}

charts/argo-cd/templates/_helpers.tpl

@@ -1,23 +1,35 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
-Create controller name and version as used by the chart label.
-Truncated at 52 chars because StatefulSet label 'controller-revision-hash' is limited
-to 63 chars and it includes 10 chars of hash and a separating '-'.
+Expand the name of the chart.
 */}}
-{{- define "argo-cd.controller.fullname" -}}
-{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}}
+{{- define "argo-cd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
-Create the name of the controller service account to use
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
 */}}
-{{- define "argo-cd.controller.serviceAccountName" -}}
-{{- if .Values.controller.serviceAccount.create -}}
-    {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
+{{- define "argo-cd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
-    {{ default "default" .Values.controller.serviceAccount.name }}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}
+
+{{/*
+Create controller name and version as used by the chart label.
+*/}}
+{{- define "argo-cd.controller.fullname" -}}
+{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
 
 {{/*
 Create dex name and version as used by the chart label.
@@ -26,85 +38,20 @@ Create dex name and version as used by the chart label.
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create Dex server endpoint
-*/}}
-{{- define "argo-cd.dex.server" -}}
-{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}}
-{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}}
-{{- $host := include "argo-cd.dex.fullname" . -}}
-{{- $port := int .Values.dex.servicePortHttp -}}
-{{- printf "%s://%s:%d" $scheme $host $port }}
-{{- end }}
-
-{{/*
-Create the name of the dex service account to use
-*/}}
-{{- define "argo-cd.dex.serviceAccountName" -}}
-{{- if .Values.dex.serviceAccount.create -}}
-    {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.dex.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create redis name and version as used by the chart label.
 */}}
 {{- define "argo-cd.redis.fullname" -}}
-{{- $redisHa := (index .Values "redis-ha") -}}
-{{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}}
+{{ $redisHa := (index .Values "redis-ha") }}
 {{- if $redisHa.enabled -}}
     {{- if $redisHa.haproxy.enabled -}}
-        {{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}}
+        {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}}
     {{- end -}}
 {{- else -}}
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 
-{{/*
-Return Redis server endpoint
-*/}}
-{{- define "argo-cd.redis.server" -}}
-{{- $redisHa := (index .Values "redis-ha") -}}
-{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
-    {{- printf "%s:%s" (include "argo-cd.redis.fullname" .)  (toString .Values.redis.servicePort) }}
-{{- else if and .Values.externalRedis.host .Values.externalRedis.port }}
-    {{- printf "%s:%s" .Values.externalRedis.host (toString .Values.externalRedis.port) }}
-{{- end }}
-{{- end -}}
-
-{{/*
-Create the name of the redis service account to use
-*/}}
-{{- define "argo-cd.redis.serviceAccountName" -}}
-{{- if .Values.redis.serviceAccount.create -}}
-    {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.redis.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Create Redis secret-init name
-*/}}
-{{- define "argo-cd.redisSecretInit.fullname" -}}
-{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the Redis secret-init service account to use
-*/}}
-{{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
-{{- if .Values.redisSecretInit.serviceAccount.create -}}
-    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.redisSecretInit.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create argocd server name and version as used by the chart label.
 */}}
@@ -112,17 +59,6 @@ Create argocd server name and version as used by the chart label.
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create the name of the Argo CD server service account to use
-*/}}
-{{- define "argo-cd.server.serviceAccountName" -}}
-{{- if .Values.server.serviceAccount.create -}}
-    {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.server.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create argocd repo-server name and version as used by the chart label.
 */}}
@@ -130,148 +66,76 @@ Create argocd repo-server name and version as used by the chart label.
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "argo-cd.controllerServiceAccountName" -}}
+{{- if .Values.controller.serviceAccount.create -}}
+    {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.controller.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the dex service account to use
+*/}}
+{{- define "argo-cd.dexServiceAccountName" -}}
+{{- if .Values.dex.serviceAccount.create -}}
+    {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.dex.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the ArgoCD server service account to use
+*/}}
+{{- define "argo-cd.serverServiceAccountName" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create the name of the repo-server service account to use
 */}}
-{{- define "argo-cd.repoServer.serviceAccountName" -}}
+{{- define "argo-cd.repoServerServiceAccountName" -}}
 {{- if .Values.repoServer.serviceAccount.create -}}
-    {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
+    {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
 {{- else -}}
     {{ default "default" .Values.repoServer.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 
 {{/*
-Create argocd application set name and version as used by the chart label.
+Create chart name and version as used by the chart label.
 */}}
-{{- define "argo-cd.applicationSet.fullname" -}}
-{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}}
+{{- define "argo-cd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
-Create the name of the application set service account to use
+Common labels
 */}}
-{{- define "argo-cd.applicationSet.serviceAccountName" -}}
-{{- if .Values.applicationSet.serviceAccount.create -}}
-    {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.applicationSet.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create argocd notifications name and version as used by the chart label.
-*/}}
-{{- define "argo-cd.notifications.fullname" -}}
-{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the notifications service account to use
-*/}}
-{{- define "argo-cd.notifications.serviceAccountName" -}}
-{{- if .Values.notifications.serviceAccount.create -}}
-    {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.notifications.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create argocd commit-server name and version as used by the chart label.
-*/}}
-{{- define "argo-cd.commitServer.fullname" -}}
-{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the commit-server service account to use
-*/}}
-{{- define "argo-cd.commitServer.serviceAccountName" -}}
-{{- if .Values.commitServer.serviceAccount.create -}}
-    {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.commitServer.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Argo Configuration Preset Values (Influenced by Values configuration)
-*/}}
-{{- define "argo-cd.config.cm.presets" -}}
-{{- $presets := dict -}}
-{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
-{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}}
-{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}}
-{{- end -}}
-{{- if .Values.configs.styles -}}
-{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}}
-{{- end -}}
-{{- toYaml $presets }}
-{{- end -}}
-
-{{/*
-Merge Argo Configuration with Preset Configuration
-*/}}
-{{- define "argo-cd.config.cm" -}}
-{{- $config := omit .Values.configs.cm "create" "annotations" -}}
-{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
-{{- range $key, $value := mergeOverwrite $preset $config }}
-{{- $fmted := $value | toString }}
-{{- if not (eq $fmted "") }}
-{{ $key }}: {{ $fmted | toYaml }}
-{{- end }}
-{{- end }}
-{{- end -}}
-
-{{/*
-Argo Params Default Configuration Presets
-NOTE: Configuration keys must be stored as dict because YAML treats dot as separator
-*/}}
-{{- define "argo-cd.config.params.presets" -}}
-{{- $presets := dict -}}
-{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}}
-{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}}
-{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}}
-{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}}
-{{- if .Values.dex.enabled -}}
-{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}}
-{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}}
-{{- end -}}
-{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}}
-{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}}
-{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}}
-{{- end -}}
-{{- toYaml $presets }}
-{{- end -}}
-
-{{/*
-Merge Argo Params Configuration with Preset Configuration
-*/}}
-{{- define "argo-cd.config.params" -}}
-{{- $config := omit .Values.configs.params "create" "annotations" }}
-{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
-{{- range $key, $value := mergeOverwrite $preset $config }}
-{{ $key }}: {{ toString $value | toYaml }}
-{{- end }}
-{{- end -}}
-
-{{/*
-Expand the namespace of the release.
-Allows overriding it for multi-namespace deployments in combined charts.
-*/}}
-{{- define "argo-cd.namespace" -}}
-{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- define "argo-cd.labels" -}}
+helm.sh/chart: {{ include "argo-cd.chart" .context }}
+{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
+app.kubernetes.io/managed-by: {{ .context.Release.Service }}
+app.kubernetes.io/part-of: argocd
 {{- end }}
 
 {{/*
-Dual stack definition
+Selector labels
 */}}
-{{- define "argo-cd.dualStack" -}}
-{{- with .Values.global.dualStack.ipFamilyPolicy }}
-ipFamilyPolicy: {{ . }}
-{{- end }}
-{{- with .Values.global.dualStack.ipFamilies }}
-ipFamilies: {{ toYaml . | nindent 4 }}
+{{- define "argo-cd.selectorLabels" -}}
+{{- if .name -}}
+app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }}
+{{ end -}}
+app.kubernetes.io/instance: {{ .context.Release.Name }}
+{{- if .component }}
+app.kubernetes.io/component: {{ .component }}
 {{- end }}
 {{- end }}

charts/argo-cd/templates/_versions.tpl

@@ -1,7 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Return the target Kubernetes version
-*/}}
-{{- define "argo-cd.kubeVersion" -}}
-{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
-{{- end }}

charts/argo-cd/templates/aggregate-roles.yaml

@@ -1,70 +0,0 @@
-{{- if .Values.createAggregateRoles }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "argo-cd.fullname" . }}-aggregate-to-view
-  labels:
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - appprojects
-  verbs:
-  - get
-  - list
-  - watch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit
-  labels:
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - appprojects
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin
-  labels:
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - appprojects
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch
-{{- end }}

charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml

@@ -1,14 +1,11 @@
-{{- if .Values.createClusterRoles }}
+{{- if .Values.controller.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "argo-cd.controller.fullname" . }}
+  name: {{ template "argo-cd.controller.fullname" . }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
-  {{- if .Values.controller.clusterRoleRules.enabled }}
-    {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
-  {{- else }}
 - apiGroups:
   - '*'
   resources:
@@ -20,4 +17,3 @@ rules:
   verbs:
   - '*'
 {{- end }}
-{{- end }}

charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml

@@ -1,16 +1,16 @@
-{{- if .Values.createClusterRoles }}
+{{- if .Values.controller.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "argo-cd.controller.fullname" . }}
+  name: {{ template "argo-cd.controller.fullname" . }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "argo-cd.controller.fullname" . }}
+  name: {{ template "argo-cd.controller.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ include "argo-cd.controller.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  name: {{ template "argo-cd.controllerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}

charts/argo-cd/templates/argocd-application-controller/deployment.yaml

@@ -1,440 +1,124 @@
-{{- if .Values.controller.dynamicClusterDistribution }}
+{{- $redisHa := (index .Values "redis-ha") -}}
 apiVersion: apps/v1
-kind: Deployment
+kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }}
 metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
   name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
 spec:
-  replicas: {{ .Values.controller.replicas }}
-  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
   selector:
     matchLabels:
       {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
+  {{- if  .Values.controller.enableStatefulSet }}
+  serviceName: {{ template "argo-cd.controller.fullname" . }}
+  {{- end }}
+  revisionHistoryLimit: 5
+  replicas: {{ .Values.controller.replicas }}
   template:
     metadata:
+      {{- if .Values.controller.podAnnotations }}
       annotations:
-        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- if .Values.configs.cm.create }}
-        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
-        {{- end }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
-        {{- range $key, $value := . }}
+      {{- range $key, $value := .Values.controller.podAnnotations }}
         {{ $key }}: {{ $value | quote }}
       {{- end }}
       {{- end }}
       labels:
         {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
-          {{- toYaml . | nindent 8 }}
+        app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
+        {{- if .Values.controller.podLabels }}
+{{- toYaml .Values.controller.podLabels | nindent 8 }}
         {{- end }}
     spec:
-      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
+      {{- with .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 8 }}
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
       {{- end }}
-      {{- with .Values.global.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-      {{- if .Values.controller.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
       containers:
-      - args:
-        - /usr/local/bin/argocd-application-controller
-        - --metrics-port={{ .Values.controller.containerPorts.metrics }}
-        {{- if .Values.controller.metrics.applicationLabels.enabled }}
-        {{- range .Values.controller.metrics.applicationLabels.labels }}
-        - --metrics-application-labels
-        - {{ . }}
-        {{- end }}
+      - command:
+        - argocd-application-controller
+        - --status-processors
+        - {{ .Values.controller.args.statusProcessors | quote }}
+        - --operation-processors
+        - {{ .Values.controller.args.operationProcessors | quote }}
+        - --app-resync
+        - {{ .Values.controller.args.appResyncPeriod | quote }}
+        - --self-heal-timeout-seconds
+        - {{ .Values.controller.args.selfHealTimeout | quote }}
+        - --repo-server
+        - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
+        - --logformat
+        - {{ .Values.controller.logFormat }}
+        - --loglevel
+        - {{ .Values.controller.logLevel }}
+        {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
+        - --redis
+        - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
         {{- end }}
         {{- with .Values.controller.extraArgs }}
-          {{- toYaml . | nindent 8 }}
+        {{- . | toYaml | nindent 8 }}
         {{- end }}
-        image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
+        image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }}
         imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
         name: {{ .Values.controller.name }}
+        {{- if .Values.controller.containerSecurityContext }}
+        securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
+        {{- end }}
+        {{- if .Values.controller.env }}
         env:
-          {{- with (concat .Values.global.env .Values.controller.env) }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION
-            value: "true"
-          - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME
-            value: {{ .Values.controller.heartbeatTime | quote }}
-          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
-            value: {{ template "argo-cd.controller.fullname" . }}
-          - name: ARGOCD_RECONCILIATION_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cm
-                key: timeout.reconciliation
-                optional: true
-          - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cm
-                key: timeout.hard.reconciliation
-                optional: true
-          - name: ARGOCD_RECONCILIATION_JITTER
-            valueFrom:
-              configMapKeyRef:
-                key: timeout.reconciliation.jitter
-                name: argocd-cm
-                optional: true
-          - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.error.grace.period.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: repo.server
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.status.processors
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.operation.processors
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.log.format
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.log.level
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.metrics.cache.expiration
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.factor
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.cap.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sync.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.plaintext
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.strict.tls
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.resource.health.persist
-                optional: true
-          - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.app.state.cache.expiration
-                optional: true
-          - name: REDIS_SERVER
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.server
-                optional: true
-          - name: REDIS_COMPRESSION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.compression
-                optional: true
-          - name: REDISDB
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.db
-                optional: true
-          - name: REDIS_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                key: redis-username
-                optional: true
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
-                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
-          - name: REDIS_SENTINEL_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-username
-                optional: true
-          - name: REDIS_SENTINEL_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-password
-                optional: true
-          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.default.cache.expiration
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.address
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.insecure
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.headers
-                optional: true
-          - name: ARGOCD_APPLICATION_NAMESPACES
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: application.namespaces
-                optional: true
-          - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sharding.algorithm
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.kubectl.parallelism.limit
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_MAX
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.max
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.base.backoff
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.diff.server.side
-                optional: true
-          - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.ignore.normalizer.jq.timeout
-                optional: true
-          - name: ARGOCD_HYDRATOR_ENABLED
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: hydrator.enabled
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.batch.events.processing
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.events.processing.interval
-                optional: true
-        {{- with .Values.controller.envFrom }}
-        envFrom:
-          {{- toYaml . | nindent 10 }}
+{{- toYaml .Values.controller.env | nindent 8 }}
         {{- end }}
         ports:
-        - name: metrics
-          containerPort: {{ .Values.controller.containerPorts.metrics }}
+        - name: controller
+          containerPort: {{ .Values.controller.containerPort }}
           protocol: TCP
-        readinessProbe:
+        livenessProbe:
           httpGet:
             path: /healthz
-            port: metrics
+            port: {{ .Values.controller.containerPort }}
+          initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.controller.containerPort }}
           initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
           timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
           successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
           failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
+{{- if .Values.controller.volumeMounts }}
+        volumeMounts:
+{{- toYaml .Values.controller.volumeMounts | nindent 10}}
+{{- end }}
         resources:
 {{- toYaml .Values.controller.resources | nindent 10 }}
-        {{- with .Values.controller.containerSecurityContext }}
-        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        workingDir: /home/argocd
-        volumeMounts:
-        {{- with .Values.controller.volumeMounts }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - mountPath: /app/config/controller/tls
-          name: argocd-repo-server-tls
-        - mountPath: /home/argocd
-          name: argocd-home
-        - name: argocd-cmd-params-cm
-          mountPath: /home/argocd/params
-      {{- with .Values.controller.extraContainers }}
-        {{- tpl (toYaml .) $ | nindent 6 }}
-      {{- end }}
-      {{- with .Values.controller.initContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 6 }}
-      {{- end }}
-      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
-      affinity:
-        {{- trim . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
+    {{- if .Values.controller.nodeSelector }}
       nodeSelector:
-        {{- toYaml . | nindent 8 }}
+{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
     {{- end }}
-      {{- with .Values.controller.tolerations | default .Values.global.tolerations }}
+    {{- if .Values.controller.tolerations }}
       tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-          {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
+{{- toYaml .Values.controller.tolerations | nindent 8 }}
     {{- end }}
+    {{- if .Values.controller.affinity }}
+      affinity:
+{{- toYaml .Values.controller.affinity | nindent 8 }}
     {{- end }}
+      serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
+{{- with .Values.global.hostAliases }}
+      hostAliases:
+{{ toYaml . | indent 6 }}
 {{- end }}
+{{- if .Values.controller.volumes }}
       volumes:
-      {{- with .Values.controller.volumes }}
-        {{- toYaml . | nindent 6 }}
+{{- toYaml .Values.controller.volumes | nindent 8 }}
 {{- end }}
-      - name: argocd-home
-        {{- if .Values.controller.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
-        {{- else }}
-        emptyDir: {}
-        {{- end }}
-
-      - name: argocd-repo-server-tls
-        secret:
-          secretName: argocd-repo-server-tls
-          optional: true
-          items:
-          - key: tls.crt
-            path: tls.crt
-          - key: tls.key
-            path: tls.key
-          - key: ca.crt
-            path: ca.crt
-      - name: argocd-cmd-params-cm
-        configMap:
-          optional: true
-          name: argocd-cmd-params-cm
-          items:
-          - key: controller.profile.enabled
-            path: profiler.enabled
-      {{- if .Values.controller.hostNetwork }}
-      hostNetwork: {{ .Values.controller.hostNetwork }}
-      {{- end }}
-      {{- with .Values.controller.dnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
 {{- end }}

charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml

@@ -0,0 +1,25 @@
+{{- if .Values.controller.metrics.enabled}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.metrics.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.metrics.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
+{{- if .Values.controller.metrics.service.labels }}
+{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
+{{- end }}
+  name: {{ template "argo-cd.controller.fullname" . }}-metrics
+spec:
+  ports:
+  - name: metrics
+    protocol: TCP
+    port: {{ .Values.controller.metrics.service.servicePort }}
+    targetPort: controller
+  selector:
+    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
+{{- end }}

charts/argo-cd/templates/argocd-application-controller/metrics.yaml

@@ -1,35 +0,0 @@
-{{- if .Values.controller.metrics.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "argo-cd.controller.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
-    {{- with .Values.controller.metrics.service.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
-  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.controller.metrics.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  type: {{ .Values.controller.metrics.service.type }}
-  {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
-  ports:
-  - name: {{ .Values.controller.metrics.service.portName }}
-    protocol: TCP
-    port: {{ .Values.controller.metrics.service.servicePort }}
-    targetPort: metrics
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
-{{- end }}

charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.global.networkPolicy.create }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-spec:
-  ingress:
-  - from:
-    - namespaceSelector: {}
-    ports:
-    - port: metrics
-  podSelector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-  policyTypes:
-  - Ingress
-{{- end }}

charts/argo-cd/templates/argocd-application-controller/pdb.yaml

@@ -1,27 +0,0 @@
-{{- if .Values.controller.pdb.enabled }}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    {{- with .Values.controller.pdb.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.controller.pdb.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  {{- with .Values.controller.pdb.maxUnavailable }}
-  maxUnavailable: {{ . }}
-  {{- else }}
-  minAvailable: {{ .Values.controller.pdb.minAvailable | default 0 }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-{{- end }}

charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml

@@ -1,9 +1,11 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
   name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }}
+  {{- if .Values.controller.metrics.rules.namespace }}
+  namespace: {{ .Values.controller.metrics.rules.namespace }}
+  {{- end }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
     {{- if .Values.controller.metrics.rules.selector }}
@@ -12,10 +14,6 @@ metadata:
     {{- if .Values.controller.metrics.rules.additionalLabels }}
 {{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }}
     {{- end }}
-  {{- with .Values.controller.metrics.rules.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   groups:
   - name: argocd

charts/argo-cd/templates/argocd-application-controller/role.yaml

@@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
@@ -35,25 +34,3 @@ rules:
   verbs:
   - create
   - list
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }}
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  resourceNames:
-  - argocd-app-controller-shard-cm
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-{{- end }}

charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml

@@ -1,15 +1,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  name: {{ template "argo-cd.controller.fullname" . }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ include "argo-cd.controller.fullname" . }}
+  name: {{ template "argo-cd.controller.fullname" . }}
 subjects:
 - kind: ServiceAccount
-    name: {{ include "argo-cd.controller.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
+  name: {{ template "argo-cd.controllerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}

charts/argo-cd/templates/argocd-application-controller/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.service.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.controller.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  name: {{ template "argo-cd.controller.fullname" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+spec:
+  ports:
+  - name: {{ .Values.controller.service.portName }}
+    port: {{ .Values.controller.service.port }}
+    targetPort: {{ .Values.controller.containerPort }}
+  selector:
+    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}

charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml

@@ -3,17 +3,13 @@ apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
 metadata:
-  name: {{ include "argo-cd.controller.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  {{- with .Values.controller.serviceAccount.annotations }}
+  name: {{ template "argo-cd.controllerServiceAccountName" . }}
+{{- if .Values.controller.serviceAccount.annotations }}
   annotations:
-    {{- range $key, $value := . }}
+  {{- range $key, $value := .Values.controller.serviceAccount.annotations }}
     {{ $key }}: {{ $value | quote }}
   {{- end }}
 {{- end }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    {{- with .Values.controller.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
 {{- end }}

charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml

@@ -1,51 +1,29 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
+  {{- if .Values.controller.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
+  {{- end }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    {{- with .Values.controller.metrics.serviceMonitor.selector }}
-      {{- toYaml . | nindent 4 }}
+    {{- if .Values.controller.metrics.serviceMonitor.selector }}
+{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }}
     {{- end }}
-    {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.controller.metrics.serviceMonitor.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
+    {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
+{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
     {{- end }}
 spec:
   endpoints:
-    - port: {{ .Values.controller.metrics.service.portName }}
-      {{- with .Values.controller.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
+    - port: metrics
+      interval: 30s
       path: /metrics
-      {{- with .Values.controller.metrics.serviceMonitor.relabelings }}
-      relabelings:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }}
-      metricRelabelings:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }}
-      {{- with .Values.controller.metrics.serviceMonitor.scheme }}
-      scheme: {{ . }}
-      {{- end }}
-      {{- with .Values.controller.metrics.serviceMonitor.tlsConfig }}
-      tlsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
   namespaceSelector:
     matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
   selector:
     matchLabels:
       {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }}
 {{- end }}
+

charts/argo-cd/templates/argocd-application-controller/statefulset.yaml

@@ -1,444 +0,0 @@
-{{- if not .Values.controller.dynamicClusterDistribution | default false }}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.controller.statefulsetAnnotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-spec:
-  replicas: {{ .Values.controller.replicas }}
-  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
-  serviceName: {{ include "argo-cd.controller.fullname" . }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- if .Values.configs.cm.create }}
-        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
-        {{- end }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
-        {{- range $key, $value := . }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-        {{- end }}
-      labels:
-        {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-      {{- if .Values.controller.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
-      containers:
-      - args:
-        - /usr/local/bin/argocd-application-controller
-        - --metrics-port={{ .Values.controller.containerPorts.metrics }}
-        {{- if .Values.controller.metrics.applicationLabels.enabled }}
-        {{- range .Values.controller.metrics.applicationLabels.labels }}
-        - --metrics-application-labels
-        - {{ . }}
-        {{- end }}
-        {{- end }}
-        {{- with .Values.controller.extraArgs }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
-        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
-        name: {{ .Values.controller.name }}
-        env:
-          {{- with (concat .Values.global.env .Values.controller.env) }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          - name: ARGOCD_CONTROLLER_REPLICAS
-            value: {{ .Values.controller.replicas | quote }}
-          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
-            value: {{ template "argo-cd.controller.fullname" . }}
-          - name: ARGOCD_RECONCILIATION_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cm
-                key: timeout.reconciliation
-                optional: true
-          - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cm
-                key: timeout.hard.reconciliation
-                optional: true
-          - name: ARGOCD_RECONCILIATION_JITTER
-            valueFrom:
-              configMapKeyRef:
-                key: timeout.reconciliation.jitter
-                name: argocd-cm
-                optional: true
-          - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.error.grace.period.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: repo.server
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.status.processors
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.operation.processors
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.log.format
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.log.level
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.metrics.cache.expiration
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.factor
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.cap.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sync.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.plaintext
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.strict.tls
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.resource.health.persist
-                optional: true
-          - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.app.state.cache.expiration
-                optional: true
-          - name: REDIS_SERVER
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.server
-                optional: true
-          - name: REDIS_COMPRESSION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.compression
-                optional: true
-          - name: REDISDB
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.db
-                optional: true
-          - name: REDIS_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                key: redis-username
-                optional: true
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
-                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
-          - name: REDIS_SENTINEL_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-username
-                optional: true
-          - name: REDIS_SENTINEL_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-password
-                optional: true
-          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.default.cache.expiration
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.address
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.insecure
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.headers
-                optional: true
-          - name: ARGOCD_APPLICATION_NAMESPACES
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: application.namespaces
-                optional: true
-          - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sharding.algorithm
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.kubectl.parallelism.limit
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_MAX
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.max
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.base.backoff
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.diff.server.side
-                optional: true
-          - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.ignore.normalizer.jq.timeout
-                optional: true
-          - name: ARGOCD_HYDRATOR_ENABLED
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: hydrator.enabled
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.batch.events.processing
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.events.processing.interval
-                optional: true
-          - name: KUBECACHEDIR
-            value: /tmp/kubecache
-        {{- with .Values.controller.envFrom }}
-        envFrom:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        ports:
-        - name: metrics
-          containerPort: {{ .Values.controller.containerPorts.metrics }}
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: metrics
-          initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
-          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
-        resources:
-          {{- toYaml .Values.controller.resources | nindent 10 }}
-        {{- with .Values.controller.containerSecurityContext }}
-        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        workingDir: /home/argocd
-        volumeMounts:
-        {{- with .Values.controller.volumeMounts }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - mountPath: /app/config/controller/tls
-          name: argocd-repo-server-tls
-        - mountPath: /home/argocd
-          name: argocd-home
-        - name: argocd-cmd-params-cm
-          mountPath: /home/argocd/params
-        - name: argocd-application-controller-tmp
-          mountPath: /tmp
-      {{- with .Values.controller.extraContainers }}
-        {{- tpl (toYaml .) $ | nindent 6 }}
-      {{- end }}
-      {{- with .Values.controller.initContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 6 }}
-      {{- end }}
-      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
-      affinity:
-        {{- trim . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.tolerations | default .Values.global.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-          {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-      volumes:
-      {{- with .Values.controller.volumes }}
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
-      - name: argocd-home
-        {{- if .Values.controller.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
-        {{- else }}
-        emptyDir: {}
-        {{- end }}
-      - emptyDir: {}
-        name: argocd-application-controller-tmp
-      - name: argocd-repo-server-tls
-        secret:
-          secretName: argocd-repo-server-tls
-          optional: true
-          items:
-          - key: tls.crt
-            path: tls.crt
-          - key: tls.key
-            path: tls.key
-          - key: ca.crt
-            path: ca.crt
-      - name: argocd-cmd-params-cm
-        configMap:
-          optional: true
-          name: argocd-cmd-params-cm
-          items:
-          - key: controller.profile.enabled
-            path: profiler.enabled
-      {{- if .Values.controller.hostNetwork }}
-      hostNetwork: {{ .Values.controller.hostNetwork }}
-      {{- end }}
-      {{- with .Values.controller.dnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      dnsPolicy: {{ .Values.controller.dnsPolicy }}
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/certificate.yaml

@@ -1,39 +0,0 @@
-{{- if .Values.applicationSet.certificate.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-spec:
-  secretName: argocd-applicationset-controller-tls
-  commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
-  dnsNames:
-    - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
-    {{- range .Values.applicationSet.certificate.additionalHosts }}
-    - {{ . | quote }}
-    {{- end }}
-  {{- with .Values.applicationSet.certificate.duration }}
-  duration: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.applicationSet.certificate.renewBefore }}
-  renewBefore: {{ . | quote }}
-  {{- end }}
-  issuerRef:
-    {{- with .Values.applicationSet.certificate.issuer.group }}
-    group: {{ . | quote }}
-    {{- end }}
-    kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }}
-    name: {{ .Values.applicationSet.certificate.issuer.name | quote }}
-  {{- with .Values.applicationSet.certificate.privateKey }}
-  privateKey:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml

@@ -1,90 +0,0 @@
-{{- if .Values.applicationSet.allowAnyNamespace }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-rules:
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - applications
-    - applicationsets
-    - applicationsets/finalizers
-    verbs:
-    - create
-    - delete
-    - get
-    - list
-    - patch
-    - update
-    - watch
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - applicationsets/status
-    verbs:
-    - get
-    - patch
-    - update
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - appprojects
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - events
-    verbs:
-    - create
-    - get
-    - list
-    - patch
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - configmaps
-    verbs:
-    - create
-    - update
-    - delete
-    - get
-    - list
-    - patch
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - secrets
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - apps
-    - extensions
-    resources:
-    - deployments
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - coordination.k8s.io
-    resources:
-    - leases
-    verbs:
-    - create
-    - delete
-    - get
-    - list
-    - patch
-    - update
-    - watch
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml

@@ -1,16 +0,0 @@
-{{- if .Values.applicationSet.allowAnyNamespace }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/deployment.yaml

@@ -1,354 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.applicationSet.deploymentAnnotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-spec:
-  {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.applicationSet.deploymentStrategy) }}
-  strategy:
-    {{- trim . | nindent 4 }}
-  {{- end }}
-  replicas: {{ .Values.applicationSet.replicas }}
-  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
-        {{- range $key, $value := . }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-        {{- end }}
-      labels:
-        {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-      {{- if .Values.applicationSet.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }}
-      containers:
-        - name: {{ .Values.applicationSet.name }}
-          image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
-          imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }}
-          args:
-            - /usr/local/bin/argocd-applicationset-controller
-            - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
-            - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
-            - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
-            {{- with .Values.applicationSet.extraArgs }}
-              {{- toYaml . | nindent 12 }}
-            {{- end }}
-          env:
-            {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }}
-              {{- toYaml . | nindent 12 }}
-            {{- end }}
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.global.preserved.annotations
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.global.preserved.labels
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.leader.election
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
-              valueFrom:
-                configMapKeyRef:
-                  key: repo.server
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.policy
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.policy.override
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.debug
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.log.format
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.log.level
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.dryrun
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_GIT_MODULES_ENABLED
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.git.submodule
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.progressive.syncs
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.tokenref.strict.mode
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.new.git.file.globbing
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.repo.server.plaintext
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.repo.server.strict.tls
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.repo.server.timeout.seconds
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.concurrent.reconciliations.max
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.namespaces
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.scm.root.ca.path
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.allowed.scm.providers
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.enable.scm.providers
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.webhook.parallelism.limit
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.requeue.after
-                  name: argocd-cmd-params-cm
-                  optional: true
-          {{- with .Values.applicationSet.extraEnvFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          ports:
-            - name: metrics
-              containerPort: {{ .Values.applicationSet.containerPorts.metrics }}
-              protocol: TCP
-            - name: probe
-              containerPort: {{ .Values.applicationSet.containerPorts.probe }}
-              protocol: TCP
-            - name: webhook
-              containerPort: {{ .Values.applicationSet.containerPorts.webhook }}
-              protocol: TCP
-          {{- if .Values.applicationSet.livenessProbe.enabled }}
-          livenessProbe:
-            tcpSocket:
-              port: probe
-            initialDelaySeconds: {{ .Values.applicationSet.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.applicationSet.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.applicationSet.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.applicationSet.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.applicationSet.livenessProbe.failureThreshold }}
-          {{- end }}
-          {{- if .Values.applicationSet.readinessProbe.enabled }}
-          readinessProbe:
-            tcpSocket:
-              port: probe
-            initialDelaySeconds: {{ .Values.applicationSet.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.applicationSet.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.applicationSet.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.applicationSet.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.applicationSet.readinessProbe.failureThreshold }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.applicationSet.resources | nindent 12 }}
-          {{- with .Values.applicationSet.containerSecurityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            {{- with .Values.applicationSet.extraVolumeMounts }}
-              {{- toYaml . | nindent 12 }}
-            {{- end }}
-            - mountPath: /app/config/ssh
-              name: ssh-known-hosts
-            - mountPath: /app/config/tls
-              name: tls-certs
-            - mountPath: /app/config/gpg/source
-              name: gpg-keys
-            - mountPath: /app/config/gpg/keys
-              name: gpg-keyring
-            - mountPath: /app/config/reposerver/tls
-              name: argocd-repo-server-tls
-            - mountPath: /tmp
-              name: tmp
-        {{- with .Values.applicationSet.extraContainers }}
-          {{- tpl (toYaml .) $ | nindent 8 }}
-        {{- end }}
-      {{- with .Values.applicationSet.initContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 6 }}
-      {{- end }}
-      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) }}
-      affinity:
-        {{- trim . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.applicationSet.nodeSelector | default .Values.global.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.applicationSet.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-          {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.applicationSet.name) | nindent 12 }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-      volumes:
-        {{- with .Values.applicationSet.extraVolumes }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - name: ssh-known-hosts
-          configMap:
-            name: argocd-ssh-known-hosts-cm
-        - name: tls-certs
-          configMap:
-            name: argocd-tls-certs-cm
-        - name: gpg-keys
-          configMap:
-            name: argocd-gpg-keys-cm
-        - name: gpg-keyring
-          {{- if .Values.applicationSet.emptyDir.sizeLimit }}
-          emptyDir:
-            sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
-          {{- else }}
-          emptyDir: {}
-          {{- end }}
-        - name: tmp
-          {{- if .Values.applicationSet.emptyDir.sizeLimit }}
-          emptyDir:
-            sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
-          {{- else }}
-          emptyDir: {}
-          {{- end }}
-        - name: argocd-repo-server-tls
-          secret:
-            secretName: argocd-repo-server-tls
-            optional: true
-            items:
-              - key: tls.crt
-                path: tls.crt
-              - key: tls.key
-                path: tls.key
-              - key: ca.crt
-                path: ca.crt
-      {{- with .Values.applicationSet.dnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      dnsPolicy: {{ .Values.applicationSet.dnsPolicy }}

charts/argo-cd/templates/argocd-applicationset/ingress.yaml

@@ -1,62 +0,0 @@
-{{- if .Values.applicationSet.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-    {{- with .Values.applicationSet.ingress.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.applicationSet.ingress.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  {{- with .Values.applicationSet.ingress.ingressClassName }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  rules:
-    - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
-      http:
-        paths:
-          {{- with .Values.applicationSet.ingress.extraPaths }}
-            {{- tpl (toYaml .) $ | nindent 10 }}
-          {{- end }}
-          - path: {{ .Values.applicationSet.ingress.path }}
-            pathType: {{ .Values.applicationSet.ingress.pathType }}
-            backend:
-              service:
-                name: {{ include "argo-cd.applicationSet.fullname" . }}
-                port:
-                  number: {{ .Values.applicationSet.service.port }}
-    {{- range .Values.applicationSet.ingress.extraHosts }}
-    - host: {{ .name | quote }}
-      http:
-        paths:
-          - path: {{ default $.Values.applicationSet.ingress.path .path }}
-            pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }}
-            backend:
-              service:
-                name: {{ include "argo-cd.applicationSet.fullname" $ }}
-                port:
-                  number: {{ $.Values.applicationSet.service.port }}
-    {{- end }}
-    {{- with .Values.applicationSet.ingress.extraRules }}
-      {{- tpl (toYaml .) $ | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }}
-  tls:
-    {{- if .Values.applicationSet.ingress.tls }}
-    - hosts:
-      - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
-      secretName: argocd-applicationset-controller-tls
-    {{- end }}
-    {{- with .Values.applicationSet.ingress.extraTls }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- end }}
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/metrics.yaml

@@ -1,35 +0,0 @@
-{{- if .Values.applicationSet.metrics.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }}
-    {{- with .Values.applicationSet.metrics.service.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
-  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  type: {{ .Values.applicationSet.metrics.service.type }}
-  {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
-  ports:
-  - name:  {{ .Values.applicationSet.metrics.service.portName }}
-    protocol: TCP
-    port: {{ .Values.applicationSet.metrics.service.servicePort }}
-    targetPort: metrics
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml

@@ -1,26 +0,0 @@
-{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-spec:
-  ingress:
-  {{- if .Values.applicationSet.ingress.enabled }}
-  - ports:
-    - port: webhook
-  {{- end }}
-  {{- if .Values.applicationSet.metrics.enabled }}
-  - from:
-    - namespaceSelector: {}
-    ports:
-    - port: metrics
-  {{- end }}
-  podSelector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
-  policyTypes:
-  - Ingress
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/pdb.yaml

@@ -1,27 +0,0 @@
-{{- if .Values.applicationSet.pdb.enabled }}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-    {{- with .Values.applicationSet.pdb.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.applicationSet.pdb.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  {{- with .Values.applicationSet.pdb.maxUnavailable }}
-  maxUnavailable: {{ . }}
-  {{- else }}
-  minAvailable: {{ .Values.applicationSet.pdb.minAvailable | default 0 }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}

charts/argo-cd/templates/argocd-applicationset/service.yaml

@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-{{- if .Values.applicationSet.service.annotations }}
-  annotations:
-  {{- range $key, $value := .Values.applicationSet.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-  {{- end }}
-{{- end }}
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-{{- with .Values.applicationSet.service.labels }}
-{{- toYaml . | nindent 4 }}
-{{- end }}
-spec:
-  type: {{ .Values.applicationSet.service.type }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
-  ports:
-  - name: {{ .Values.applicationSet.service.portName }}
-    port: {{ .Values.applicationSet.service.port }}
-    targetPort: webhook
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}

charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.applicationSet.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  {{- with .Values.applicationSet.serviceAccount.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-    {{- with .Values.applicationSet.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}

charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml

@@ -1,51 +0,0 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-    {{- with .Values.applicationSet.metrics.serviceMonitor.selector }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- with .Values.applicationSet.metrics.serviceMonitor.additionalLabels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.applicationSet.metrics.serviceMonitor.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  endpoints:
-    - port: {{ .Values.applicationSet.metrics.service.portName }}
-      {{- with .Values.applicationSet.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
-      path: /metrics
-      {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }}
-      relabelings:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.applicationSet.metrics.serviceMonitor.metricRelabelings }}
-      metricRelabelings:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }}
-      {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }}
-      scheme: {{ . }}
-      {{- end }}
-      {{- with .Values.applicationSet.metrics.serviceMonitor.tlsConfig }}
-      tlsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-  namespaceSelector:
-    matchNames:
-      - {{ include "argo-cd.namespace" . }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }}
-{{- end }}

charts/argo-cd/templates/argocd-commit-server/deployment.yaml

@@ -1,238 +0,0 @@
-{{- if .Values.commitServer.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ template "argo-cd.commitServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
-spec:
-  {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }}
-  strategy:
-    {{- trim . | nindent 4 }}
-  {{- end }}
-  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }}
-        {{- range $key, $value := . }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-        {{- end }}
-      labels:
-        {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.commitServer.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ . }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }}
-      containers:
-      - name: {{ .Values.commitServer.name }}
-        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
-        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }}
-        args:
-        - /usr/local/bin/argocd-commit-server
-        {{- with .Values.commitServer.extraArgs }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        env:
-          {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.listen.address
-                optional: true
-          - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.metrics.listen.address
-                optional: true
-          - name: ARGOCD_COMMIT_SERVER_LOGFORMAT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.log.format
-                optional: true
-          - name: ARGOCD_COMMIT_SERVER_LOGLEVEL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.log.level
-                optional: true
-          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: log.format.timestamp
-                optional: true
-        {{- with .Values.commitServer.envFrom }}
-        envFrom:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        ports:
-        - containerPort: 8086
-          name: server
-          protocol: TCP
-        - containerPort: 8087
-          name: metrics
-          protocol: TCP
-        {{- if .Values.commitServer.livenessProbe.enabled }}
-        livenessProbe:
-          httpGet:
-            path: /healthz?full=true
-            port: 8087
-          initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }}
-          failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }}
-          timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }}
-        {{- end }}
-        {{- if .Values.commitServer.readinessProbe.enabled }}
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: 8087
-          initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }}
-          failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }}
-          timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }}
-        {{- end }}
-        resources:
-          {{- toYaml .Values.commitServer.resources | nindent 10 }}
-        {{- with .Values.commitServer.containerSecurityContext }}
-        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        {{- with .Values.commitServer.lifecycle }}
-        lifecycle:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        volumeMounts:
-        {{- with .Values.commitServer.extraVolumeMounts }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - name: ssh-known-hosts
-          mountPath: /app/config/ssh
-        - name: tls-certs
-          mountPath: /app/config/tls
-        - name: gpg-keys
-          mountPath: /app/config/gpg/source
-        - name: gpg-keyring
-          mountPath: /app/config/gpg/keys
-        # We need a writeable temp directory for the askpass socket file.
-        - name: tmp
-          mountPath: /tmp
-      initContainers:
-      - command:
-        - /bin/cp
-        - -n
-        - /usr/local/bin/argocd
-        - /var/run/argocd/argocd-cmp-server
-        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
-        name: copyutil
-        resources:
-          {{- toYaml .Values.commitServer.resources | nindent 10 }}
-        {{- with .Values.commitServer.containerSecurityContext }}
-        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        volumeMounts:
-        - mountPath: /var/run/argocd
-          name: var-files
-      volumes:
-        {{- with .Values.commitServer.extraVolumes }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - name: ssh-known-hosts
-          configMap:
-            name: argocd-ssh-known-hosts-cm
-        - name: tls-certs
-          configMap:
-            name: argocd-tls-certs-cm
-        - name: gpg-keys
-          configMap:
-            name: argocd-gpg-keys-cm
-        - name: gpg-keyring
-          emptyDir: {}
-        - name: tmp
-          emptyDir: {}
-        - name: argocd-commit-server-tls
-          secret:
-            secretName: argocd-commit-server-tls
-            optional: true
-            items:
-            - key: tls.crt
-              path: tls.crt
-            - key: tls.key
-              path: tls.key
-            - key: ca.crt
-              path: ca.crt
-        - emptyDir: {}
-          name: var-files
-      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }}
-      affinity:
-        {{- trim . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- if .Values.commitServer.hostNetwork }}
-      hostNetwork: {{ .Values.commitServer.hostNetwork }}
-      {{- end }}
-      {{- with .Values.commitServer.dnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      dnsPolicy: {{ .Values.commitServer.dnsPolicy }}
-{{- end }}

charts/argo-cd/templates/argocd-commit-server/metrics.yaml

@@ -1,35 +0,0 @@
-{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "argo-cd.commitServer.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }}
-    {{- with .Values.commitServer.metrics.service.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
-  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.commitServer.metrics.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  type: {{ .Values.commitServer.metrics.service.type }}
-  {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
-  ports:
-  - name:  {{ .Values.commitServer.metrics.service.portName }}
-    protocol: TCP
-    port: {{ .Values.commitServer.metrics.service.servicePort }}
-    targetPort: 8087
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
-{{- end }}

charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml

@@ -1,25 +0,0 @@
-{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ template "argo-cd.commitServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }}
-      ports:
-        - protocol: TCP
-          port: 8086
-    - from:
-        - namespaceSelector: { }
-      ports:
-        - port: 8087
-{{- end }}

charts/argo-cd/templates/argocd-commit-server/service.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.commitServer.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "argo-cd.commitServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
-    {{- with .Values.commitServer.service.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.commitServer.service.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  ports:
-  - name: server
-    protocol: TCP
-    port: 8086
-    targetPort: 8086
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
-{{- end }}

charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml

@@ -1,19 +0,0 @@
-{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ include "argo-cd.commitServer.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  {{- with .Values.commitServer.serviceAccount.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
-    {{- with .Values.commitServer.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}

charts/argo-cd/templates/argocd-configs/argocd-cm.yaml

@@ -1,17 +1,16 @@
-{{- if .Values.configs.cm.create }}
+{{- if .Values.server.configEnabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: argocd-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
-  {{- with .Values.configs.cm.annotations }}
+  {{- if .Values.server.configAnnotations }}
   annotations:
-    {{- range $key, $value := . }}
+  {{- range $key, $value := .Values.server.configAnnotations }}
     {{ $key }}: {{ $value | quote }}
   {{- end }}
   {{- end }}
 data:
-  {{- include "argo-cd.config.cm" . | trim | nindent 2 }}
+{{- toYaml .Values.server.config | nindent 4 }}
 {{- end }}