argoproj
/
argo-helm
mirror of https://github.com/argoproj/argo-helm.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #119 from codefresh-io/CR-26737-argo-cd-helm-7.7.x 

chore: update upstream argo-cd 2.13.3 and bump helm chart to 7.7.14
pull/3162/head
Oleksandr Saulyak 2025-01-13 10:37:35 +02:00 committed by GitHub
parent cfa449a99c 61829719f7
commit 126503547a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
79 changed files with 3800 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/configs/renovate-config.js vendored
View File

@ -1,6 +1,7 @@
module.exports = {
platform: 'github',
gitAuthor: 'renovate[bot] <renovate[bot]@users.noreply.github.com>',
// This ensures that the gitAuthor and gitSignOff fields match
gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>',
autodiscover: false,
allowPostUpgradeCommandTemplating: true,
allowedPostUpgradeCommands: [".*"],

10
.github/workflows/lint-and-test.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
options: --user 1001
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run ah lint
working-directory: ./charts
run: ah lint
@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
@ -32,7 +32,7 @@ jobs:
version: v3.10.1 # Also update in publish.yaml
- name: Set up python
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: 3.9
@ -41,7 +41,7 @@ jobs:
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
with:
# Note: Also update in scripts/lint.sh
version: v3.10.0
version: v3.11.0
- name: List changed charts
id: list-changed
@ -70,7 +70,7 @@ jobs:
fi
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
if: steps.list-changed.outputs.changed == 'true'
with:
config: .github/configs/kind-config.yaml

2
.github/workflows/pr-sizing.yml vendored
View File

@ -25,6 +25,6 @@ jobs:
size-label:
runs-on: ubuntu-latest
steps:
- uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2
- uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

2
.github/workflows/publish.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

8
.github/workflows/renovate.yaml vendored
View File

@ -16,21 +16,21 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Get token
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
id: get_token
with:
app-id: ${{ vars.RENOVATE_APP_ID }}
private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Self-hosted Renovate
uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7
uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8
with:
configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 38.18.0
renovate-version: 39.86.4
token: '${{ steps.get_token.outputs.token }}'
env:
LOG_LEVEL: 'debug'

6
.github/workflows/scorecard.yml vendored
View File

@ -33,7 +33,7 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
@ -60,7 +60,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: SARIF file
path: results.sarif
@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
sarif_file: results.sarif

2
SECURITY.md
View File

@ -6,7 +6,7 @@ Each helm chart currently supports the designated application version in the Cha
* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)
* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md)
* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md)
* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md)
* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md)

6
charts/argo-cd/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.26.1
digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41
generated: "2024-02-18T19:42:53.135599+02:00"
version: 4.29.4
digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
generated: "2024-11-13T09:07:36.494128+09:00"

10
charts/argo-cd/Chart.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v2.12.3-2024.12.23-4a8e092c0
kubeVersion: ">=1.23.0-0"
appVersion: v2.13.3-2025.1.9-67d01f9e0
kubeVersion: ">=1.25.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 7.4.7-10-cap-2.12.3-2024.12.23-4a8e092c0
version: 7.7.14-0-cap-2.13.3-2025.1.9-67d01f9e0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -18,7 +18,7 @@ maintainers:
url: https://argoproj.github.io/
dependencies:
- name: redis-ha
version: 4.26.1
version: 4.29.4
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled
annotations:
@ -27,4 +27,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: argo-cd updated to v2.12.3-2024.12.23-4a8e092c0 with dex and redis bump
description: Bump argo-cd to v2.13.3-2025.1.9-67d01f9e0 and base helm chart 7.7.14

41
charts/argo-cd/README.md
View File

@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach.
Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
```bash
kubectl delete secret argocd-redis -n <argocd namesapce>
kubectl delete secret argocd-redis -n <argocd namespace>
```
* **Perform a helm upgrade**
```bash
@ -647,7 +647,7 @@ server:
## Prerequisites
- Kubernetes: `>=1.23.0-0`
- Kubernetes: `>=1.25.0-0`
- We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach.
- Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info.
- Helm v3.0.0+
@ -829,6 +829,7 @@ NAME: my-release
| global.podLabels | object | `{}` | Labels for the all deployed pods |
| global.priorityClassName | string | `""` | Default priority class for all components |
| global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. |
| global.runtimeClassName | string | `""` | Runtime class name for all components |
| global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. |
| global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets |
| global.tolerations | list | `[]` | Default tolerations for all components |
@ -858,6 +859,7 @@ NAME: my-release
| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) |
| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout |
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
@ -869,6 +871,7 @@ NAME: my-release
| configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / |
| configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication |
| configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression |
| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) |
| configs.params."server.insecure" | bool | `false` | Run server without TLS |
| configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / |
| configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets |
@ -897,6 +900,7 @@ NAME: my-release
| configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events |
| configs.secret.labels | object | `{}` | Labels to be added to argocd-secret |
| configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap |
| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. |
| configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories |
| configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. |
| configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. |
@ -948,6 +952,7 @@ NAME: my-release
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
| controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -973,6 +978,7 @@ NAME: my-release
| controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. |
| controller.resources | object | `{}` | Resource limits and requests for the application controller pods |
| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history |
| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller |
| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| controller.serviceAccount.create | bool | `true` | Create a service account for the application controller |
@ -1041,6 +1047,7 @@ NAME: my-release
| repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
| repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
| repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1067,6 +1074,7 @@ NAME: my-release
| repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| repoServer.replicas | int | `1` | The number of repo server pods to run |
| repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods |
| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server |
| repoServer.service.annotations | object | `{}` | Repo server service annotations |
| repoServer.service.labels | object | `{}` | Repo server service labels |
| repoServer.service.port | int | `8081` | Repo server service port |
@ -1133,7 +1141,7 @@ NAME: my-release
| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD |
| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions |
| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image |
| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image |
| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image |
| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
| server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
@ -1190,6 +1198,7 @@ NAME: my-release
| server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
| server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
| server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1220,6 +1229,7 @@ NAME: my-release
| server.route.hostname | string | `""` | Hostname of OpenShift Route |
| server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route |
| server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route |
| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server |
| server.service.annotations | object | `{}` | Server service annotations |
| server.service.externalIPs | list | `[]` | Server service external IPs |
| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints |
@ -1300,6 +1310,7 @@ NAME: my-release
| dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
| dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
| dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1327,6 +1338,7 @@ NAME: my-release
| dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| dex.resources | object | `{}` | Resource limits and requests for dex |
| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex |
| dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| dex.serviceAccount.create | bool | `true` | Create dex service account |
@ -1382,7 +1394,7 @@ NAME: my-release
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.2.5-alpine"` | Redis tag |
| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server |
@ -1401,6 +1413,7 @@ NAME: my-release
| redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped |
| redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
| redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1425,6 +1438,7 @@ NAME: my-release
| redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out |
| redis.resources | object | `{}` | Resource limits and requests for redis |
| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis |
| redis.securityContext | object | See [values.yaml] | Redis pod-level security context |
| redis.service.annotations | object | `{}` | Redis service annotations |
| redis.service.labels | object | `{}` | Additional redis service labels |
@ -1466,7 +1480,7 @@ The main options are listed here:
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag |
| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
@ -1503,6 +1517,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job |
| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods |
| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job |
@ -1591,6 +1606,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
| applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
| applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1617,6 +1633,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run |
| applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. |
| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller |
| applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations |
| applicationSet.service.labels | object | `{}` | ApplicationSet service labels |
| applicationSet.service.port | int | `7000` | ApplicationSet service port |
@ -1677,6 +1694,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
| notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
| notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
@ -1700,6 +1718,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| notifications.resources | object | `{}` | Resource limits and requests for the notifications controller |
| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller |
| notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret |
| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret |
@ -1721,26 +1740,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
[values.yaml]: values.yaml
[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
[tini]: https://github.com/argoproj/argo-cd/pull/12707

14
charts/argo-cd/README.md.gotmpl
View File

@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach.
Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
```bash
kubectl delete secret argocd-redis -n <argocd namesapce>
kubectl delete secret argocd-redis -n <argocd namespace>
```
* **Perform a helm upgrade**
```bash
@ -817,26 +817,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
[values.yaml]: values.yaml
[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
[tini]: https://github.com/argoproj/argo-cd/pull/12707

30
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View File

@ -36,6 +36,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@ -154,6 +157,24 @@ spec:
name: argocd-cmd-params-cm
key: controller.self.heal.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.factor
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.cap.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
@ -322,6 +343,8 @@ spec:
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
- name: argocd-cmd-params-cm
mountPath: /home/argocd/params
{{- with .Values.controller.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
@ -375,6 +398,13 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
- name: argocd-cmd-params-cm
configMap:
optional: true
name: argocd-cmd-params-cm
items:
- key: controller.profile.enabled
path: profiler.enabled
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}

1
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View File

@ -34,6 +34,7 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }}
{{- with .Values.controller.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}

32
charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
View File

@ -37,6 +37,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@ -153,6 +156,24 @@ spec:
name: argocd-cmd-params-cm
key: controller.self.heal.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.factor
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.cap.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
@ -207,10 +228,10 @@ spec:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}
optional: true
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
@ -321,6 +342,8 @@ spec:
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
- name: argocd-cmd-params-cm
mountPath: /home/argocd/params
{{- with .Values.controller.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
@ -373,6 +396,13 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
- name: argocd-cmd-params-cm
configMap:
optional: true
name: argocd-cmd-params-cm
items:
- key: controller.profile.enabled
path: profiler.enabled
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- end }}

1
charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
View File

@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
rules:

1
charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
View File

@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
roleRef:

9
charts/argo-cd/templates/argocd-applicationset/deployment.yaml
View File

@ -36,6 +36,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@ -202,6 +205,12 @@ spec:
name: argocd-cmd-params-cm
key: applicationsetcontroller.enable.scm.providers
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: applicationsetcontroller.webhook.parallelism.limit
optional: true
{{- with .Values.applicationSet.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}

1
charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
View File

@ -34,6 +34,7 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }}
{{- with .Values.applicationSet.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}

2
charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.configs.ssh.create }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -17,3 +18,4 @@ data:
{{- with .Values.configs.ssh.extraHosts }}
{{- . | nindent 4 }}
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
View File

@ -20,7 +20,7 @@ metadata:
type: Opaque
stringData:
{{- if $cluster_value.shard }}
shard: {{ $cluster_value.shard }}
shard: {{ $cluster_value.shard | quote }}
{{- end }}
name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}

9
charts/argo-cd/templates/argocd-notifications/deployment.yaml
View File

@ -36,6 +36,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@ -99,6 +102,12 @@ spec:
key: notificationscontroller.selfservice.enabled
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
{{- with .Values.notifications.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}

1
charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
View File

@ -41,6 +41,7 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }}
namespaceSelector:
matchNames:
- {{ include "argo-cd.namespace" . }}

5
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -47,6 +47,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@ -188,10 +191,10 @@ spec:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}
optional: true
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:

1
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View File

@ -34,6 +34,7 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }}
{{- with .Values.repoServer.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}

4
charts/argo-cd/templates/argocd-server/certificate.yaml
View File

@ -13,13 +13,13 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- with .Values.server.certificate.secretTemplateAnnotations }}
secretTemplate:
{{- with .Values.server.certificate.secretTemplateAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
secretName: argocd-server-tls
commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
dnsNames:

12
charts/argo-cd/templates/argocd-server/clusterrole.yaml
View File

@ -14,25 +14,23 @@ rules:
resources:
- '*'
verbs:
- delete
- get
- patch
- delete # supports deletion a live object in UI
- get # supports viewing live object manifest in UI
- patch # supports `argocd app patch`
- apiGroups:
- ""
resources:
- events
verbs:
- list
{{- if (index .Values.configs.params "application.namespaces") }}
- list # supports listing events in UI
- create
{{- end }}
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- get # supports viewing pod logs from UI
{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }}
- apiGroups:
- ""

44
charts/argo-cd/templates/argocd-server/deployment.yaml
View File

@ -41,6 +41,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@ -252,10 +255,10 @@ spec:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
optional: true
{{- else }}
key: auth
{{- end }}
optional: true
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
@ -340,6 +343,36 @@ spec:
name: argocd-cmd-params-cm
key: server.api.content.types
optional: true
- name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.webhook.parallelism.limit
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.new.git.file.globbing
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.scm.root.ca.path
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: applicationsetcontroller.allowed.scm.providers
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: applicationsetcontroller.enable.scm.providers
optional: true
{{- with .Values.server.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
@ -362,6 +395,8 @@ spec:
name: styles
- mountPath: /tmp
name: tmp
- name: argocd-cmd-params-cm
mountPath: /home/argocd/params
{{- if .Values.server.extensions.enabled }}
- mountPath: /tmp/extensions
name: extensions
@ -510,6 +545,13 @@ spec:
path: tls.crt
- key: ca.crt
path: ca.crt
- name: argocd-cmd-params-cm
configMap:
optional: true
name: argocd-cmd-params-cm
items:
- key: server.profile.enabled
path: profiler.enabled
{{- if .Values.server.hostNetwork }}
hostNetwork: {{ .Values.server.hostNetwork }}
{{- end }}

16
charts/argo-cd/templates/argocd-server/ingress.yaml
View File

@ -9,20 +9,20 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
ingressClassName: {{ tpl . $ }}
{{- end }}
rules:
- host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
- host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
@ -36,7 +36,7 @@ spec:
port:
number: {{ $servicePort }}
{{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }}
- host: {{ tpl .name $ | quote }}
http:
paths:
- path: {{ default $.Values.server.ingress.path .path }}
@ -54,16 +54,16 @@ spec:
tls:
{{- if .Values.server.ingress.tls }}
- hosts:
- {{ .Values.server.ingress.hostname | default .Values.global.domain }}
- {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
{{- range .Values.server.ingress.extraHosts }}
{{- if .name }}
- {{ .name }}
- {{ tpl .name $ }}
{{- end }}
{{- end }}
secretName: argocd-server-tls
{{- end }}
{{- with .Values.server.ingress.extraTls }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

1
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View File

@ -34,6 +34,7 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }}
{{- with .Values.server.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}

358
charts/argo-cd/templates/crds/crd-application.yaml
View File

@ -125,6 +125,11 @@ spec:
sync:
description: Sync contains parameters for the operation
properties:
autoHealAttemptsCount:
description: SelfHealAttemptsCount contains the number of auto-heal
attempts
format: int64
type: integer
changeRevision:
type: string
changeRevisions:
@ -250,6 +255,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the
helm template
@ -271,6 +283,16 @@ spec:
from failing when valueFiles do not exist locally by
not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template
with. If left empty, defaults to the app's destination
namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters which
are passed to the helm template command upon manifest
@ -328,6 +350,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -367,6 +396,11 @@ spec:
definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to
apply common labels to resource selectors or not
@ -586,6 +620,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the
helm template
@ -607,6 +648,16 @@ spec:
from failing when valueFiles do not exist locally
by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template
with. If left empty, defaults to the app's destination
namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
@ -665,6 +716,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -706,6 +764,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or not
@ -1041,6 +1104,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the helm
template
@ -1062,6 +1132,15 @@ spec:
from failing when valueFiles do not exist locally by not
appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template
with. If left empty, defaults to the app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters which
are passed to the helm template command upon manifest generation
@ -1118,6 +1197,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -1156,6 +1242,11 @@ spec:
definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to apply
common labels to resource selectors or not
@ -1368,6 +1459,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the helm
template
@ -1389,6 +1487,16 @@ spec:
from failing when valueFiles do not exist locally by not
appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template
with. If left empty, defaults to the app's destination
namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters which
are passed to the helm template command upon manifest
@ -1446,6 +1554,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -1485,6 +1600,11 @@ spec:
definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to apply
common labels to resource selectors or not
@ -1860,6 +1980,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to the
helm template
@ -1881,6 +2008,16 @@ spec:
from failing when valueFiles do not exist locally
by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to template
with. If left empty, defaults to the app's destination
namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
@ -1939,6 +2076,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -1980,6 +2124,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or not
@ -2198,6 +2347,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to
the helm template
@ -2220,6 +2376,16 @@ spec:
template from failing when valueFiles do not exist
locally by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to
template with. If left empty, defaults to the app's
destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
@ -2280,6 +2446,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -2321,6 +2494,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -2553,6 +2731,11 @@ spec:
sync:
description: Sync contains parameters for the operation
properties:
autoHealAttemptsCount:
description: SelfHealAttemptsCount contains the number
of auto-heal attempts
format: int64
type: integer
changeRevision:
type: string
changeRevisions:
@ -2685,6 +2868,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters
to the helm template
@ -2709,6 +2899,16 @@ spec:
not exist locally by not appending them to helm
template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace
to template with. If left empty, defaults to
the app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command
@ -2771,6 +2971,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -2813,6 +3020,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors
@ -3042,6 +3254,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters
to the helm template
@ -3066,6 +3285,16 @@ spec:
do not exist locally by not appending them
to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace
to template with. If left empty, defaults
to the app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command
@ -3130,6 +3359,13 @@ spec:
description: Kustomize holds kustomize specific
options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -3173,6 +3409,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies
whether to apply common labels to resource
@ -3522,6 +3763,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to
the helm template
@ -3544,6 +3792,16 @@ spec:
template from failing when valueFiles do not exist
locally by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to
template with. If left empty, defaults to the app's
destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
@ -3604,6 +3862,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -3645,6 +3910,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -3870,6 +4140,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters
to the helm template
@ -3894,6 +4171,16 @@ spec:
locally by not appending them to helm template
--values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace
to template with. If left empty, defaults to the
app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command
@ -3956,6 +4243,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -3998,6 +4292,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -4370,6 +4669,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters to
the helm template
@ -4392,6 +4698,16 @@ spec:
template from failing when valueFiles do not exist
locally by not appending them to helm template --values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace to
template with. If left empty, defaults to the app's
destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command upon
@ -4452,6 +4768,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -4493,6 +4816,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -4718,6 +5046,13 @@ spec:
helm:
description: Helm holds helm specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
fileParameters:
description: FileParameters are file parameters
to the helm template
@ -4742,6 +5077,16 @@ spec:
locally by not appending them to helm template
--values
type: boolean
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
namespace:
description: Namespace is an optional namespace
to template with. If left empty, defaults to the
app's destination namespace.
type: string
parameters:
description: Parameters is a list of Helm parameters
which are passed to the helm template command
@ -4804,6 +5149,13 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
apiVersions:
description: |-
APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
items:
type: string
type: array
commonAnnotations:
additionalProperties:
type: string
@ -4846,6 +5198,11 @@ spec:
image definition in the format [old_image_name=]<image_name>:<image_tag>
type: string
type: array
kubeVersion:
description: |-
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -5028,3 +5385,4 @@ spec:
storage: true
subresources: {}
{{- end }}

912
charts/argo-cd/templates/crds/crd-applicationset.yaml
View File

File diff suppressed because it is too large Load Diff

26
charts/argo-cd/templates/crds/crd-project.yaml
View File

@ -96,6 +96,32 @@ spec:
description:
description: Description contains optional project description
type: string
destinationServiceAccounts:
description: DestinationServiceAccounts holds information about the
service accounts to be impersonated for the application sync operation
for each destination.
items:
description: ApplicationDestinationServiceAccount holds information
about the service account to be impersonated for the application
sync operation.
properties:
defaultServiceAccount:
description: DefaultServiceAccount to be used for impersonation
during the sync operation
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources.
type: string
server:
description: Server specifies the URL of the target cluster's
Kubernetes control plane API.
type: string
required:
- defaultServiceAccount
- server
type: object
type: array
destinations:
description: Destinations contains list of destinations available
for deployment

15
charts/argo-cd/templates/dex/deployment.yaml
View File

@ -43,6 +43,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@ -80,6 +83,18 @@ spec:
{{- with (concat .Values.global.env .Values.dex.env) }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_DEX_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: dexserver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEX_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: dexserver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:

1
charts/argo-cd/templates/dex/servicemonitor.yaml
View File

@ -31,6 +31,7 @@ spec:
metricRelabelings:
{{- toYaml . |nindent 8 }}
{{- end }}
honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }}
{{- with .Values.dex.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}

8
charts/argo-cd/templates/redis-secret-init/job.yaml
View File

@ -28,9 +28,9 @@ spec:
{{- end }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
{{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml . | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
@ -54,6 +54,10 @@ spec:
priorityClassName: {{ . }}
{{- end }}
restartPolicy: OnFailure
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

3
charts/argo-cd/templates/redis/deployment.yaml
View File

@ -33,6 +33,9 @@ spec:
{{- end }}
{{- end }}
spec:
{{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}

1
charts/argo-cd/templates/redis/servicemonitor.yaml
View File

@ -32,6 +32,7 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }}
{{- with .Values.redis.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}

115
charts/argo-cd/values.yaml
View File

@ -50,6 +50,9 @@ global:
## Used for ingresses, certificates, SSO, notifications, etc.
domain: argocd.example.com
# -- Runtime class name for all components
runtimeClassName: ""
# -- Common labels for the all resources
additionalLabels: {}
# app: argo-cd
@ -144,7 +147,7 @@ global:
# - antarctica-west1
# -- Default [TopologySpreadConstraints] rules for all components
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector of the component
topologySpreadConstraints: []
# - maxSkew: 1
@ -235,6 +238,25 @@ configs:
# - profile
# - email
# Extension Configuration
## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/
# extension.config: |
# extensions:
# - name: httpbin
# backend:
# connectionTimeout: 2s
# keepAlive: 15s
# idleConnectionTimeout: 60s
# maxIdleConnections: 30
# services:
# - url: http://httpbin.org
# headers:
# - name: some-header
# value: '$some.argocd.secret.key'
# cluster:
# name: some-cluster
# server: https://some-cluster
# Argo CD configuration parameters
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
params:
@ -273,6 +295,8 @@ configs:
server.disable.auth: false
# -- Enable GZIP compression
server.enable.gzip: true
# -- Enable proxy extension feature. (proxy extension is in Alpha phase)
server.enable.proxy.extension: false
# -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "".
server.x.frame.options: sameorigin
@ -285,6 +309,10 @@ configs:
applicationsetcontroller.policy: sync
# -- Enables use of the Progressive Syncs capability
applicationsetcontroller.enable.progressive.syncs: false
# -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`)
# @default -- `""` (default is only the ns where the controller is installed)
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/
applicationsetcontroller.namespaces: ""
# -- Enables [Applications in any namespace]
## List of additional namespaces where applications may be created in and reconciled from.
@ -353,6 +381,9 @@ configs:
# SSH known hosts for Git repositories
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
ssh:
# -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
create: true
# -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
annotations: {}
@ -629,6 +660,10 @@ controller:
## like round-robin, then the shards will be well-balanced.
dynamicClusterDistribution: false
# -- Runtime class name for the application controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
# -- Application controller heartbeat time
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
heartbeatTime: 10
@ -767,7 +802,7 @@ controller:
- ALL
# Readiness probe for application controller
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -801,7 +836,7 @@ controller:
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -852,6 +887,8 @@ controller:
enabled: false
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -929,6 +966,10 @@ dex:
# -- Additional command line arguments to pass to the Dex server
extraArgs: []
# -- Runtime class name for Dex
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
metrics:
# -- Deploy metrics service
enabled: false
@ -944,6 +985,8 @@ dex:
enabled: false
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -1195,7 +1238,7 @@ dex:
# -- Assign custom [TopologySpreadConstraints] rules to dex
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -1223,6 +1266,10 @@ redis:
# -- Redis name
name: redis
# -- Runtime class name for redis
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Redis Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
@ -1244,7 +1291,7 @@ redis:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.2.5-alpine
tag: 7.4.1-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1278,7 +1325,7 @@ redis:
- ALL
## Probes for Redis exporter (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis exporter (optional)
enabled: false
@ -1336,7 +1383,7 @@ redis:
# name: secret-name
## Probes for Redis server (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis server
enabled: false
@ -1446,7 +1493,7 @@ redis:
# -- Assign custom [TopologySpreadConstraints] rules to redis
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -1499,6 +1546,8 @@ redis:
enabled: false
# -- Interval at which metrics should be scraped
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -1528,7 +1577,7 @@ redis-ha:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.2.4-alpine
tag: 7.4.1-alpine
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
@ -1593,7 +1642,7 @@ redis-ha:
tolerations: []
# -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
topologySpreadConstraints:
# -- Enable Redis HA topology spread constraints
enabled: false
@ -1695,6 +1744,9 @@ redisSecretInit:
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- Assign custom [affinity] rules to the Redis secret-init Job
affinity: {}
# -- Node selector to be added to the Redis secret-init Job
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
@ -1711,6 +1763,10 @@ server:
# -- The number of server pods to run
replicas: 1
# -- Runtime class name for the Argo CD server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Argo CD server Horizontal Pod Autoscaler
autoscaling:
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server
@ -1804,7 +1860,7 @@ server:
# -- Repository to use for extension installer image
repository: "quay.io/argoprojlabs/argocd-extension-installer"
# -- Tag to use for extension installer image
tag: "v0.0.5"
tag: "v0.0.8"
# -- Image pull policy for extensions
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1945,7 +2001,7 @@ server:
- ALL
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -1991,7 +2047,7 @@ server:
# -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -2092,7 +2148,8 @@ server:
# -- LoadBalancer will get created with the IP specified in this field
loadBalancerIP: ""
# -- Source IP ranges to allow access to service from
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
loadBalancerSourceRanges: []
# -- Server service external IPs
externalIPs: []
@ -2127,6 +2184,8 @@ server:
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2374,6 +2433,10 @@ repoServer:
# -- The number of repo server pods to run
replicas: 1
# -- Runtime class name for the repo server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Repo server Horizontal Pod Autoscaler
autoscaling:
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server
@ -2586,7 +2649,7 @@ repoServer:
- ALL
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -2628,7 +2691,7 @@ repoServer:
# -- Assign custom [TopologySpreadConstraints] rules to the repo server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -2698,6 +2761,8 @@ repoServer:
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2762,6 +2827,10 @@ applicationSet:
# -- The number of ApplicationSet controller pods to run
replicas: 1
# -- Runtime class name for the ApplicationSet controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## ApplicationSet controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
@ -2855,6 +2924,8 @@ applicationSet:
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2947,7 +3018,7 @@ applicationSet:
- ALL
## Probes for ApplicationSet controller (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false
@ -3129,6 +3200,10 @@ notifications:
# @default -- `""` (defaults to https://`global.domain`)
argocdUrl: ""
# -- Runtime class name for the notifications controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Notifications controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
@ -3265,6 +3340,8 @@ notifications:
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -3318,7 +3395,7 @@ notifications:
- ALL
## Probes for notifications controller Pods (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
@ -3364,7 +3441,7 @@ notifications:
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1

6
charts/argo-events/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: v1.9.2
appVersion: v1.9.3
description: A Helm chart for Argo Events, the event-driven workflow automation framework
name: argo-events
version: 2.4.7
version: 2.4.11
home: https://github.com/argoproj/argo-helm
icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
keywords:
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Update Jetstream versions as following upstream
description: Support initContainers to controller

10
charts/argo-events/README.md
View File

@ -60,11 +60,13 @@ done
|-----|------|---------|-------------|
| configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) |
| configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) |
| configs.jetstream.streamConfig.discard | int | `0` | 0: DiscardOld, 1: DiscardNew |
| configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment |
| configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” |
| configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | |
| configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message |
| configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 |
| configs.jetstream.streamConfig.retention | int | `0` | 0: Limits, 1: Interest, 2: WorkQueue |
| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | |
| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | |
| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | |
@ -232,9 +234,9 @@ done
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
[values.yaml]: values.yaml

8
charts/argo-events/README.md.gotmpl
View File

@ -89,9 +89,9 @@ done
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
[values.yaml]: values.yaml

2
charts/argo-events/templates/argo-events-controller/config.yaml
View File

@ -32,6 +32,8 @@ data:
maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }}
replicas: {{ .Values.configs.jetstream.streamConfig.replicas }}
duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }}
retention: {{ .Values.configs.jetstream.streamConfig.retention }}
discard: {{ .Values.configs.jetstream.streamConfig.discard }}
versions:
{{- range .Values.configs.jetstream.versions }}
- version: {{ .version }}

4
charts/argo-events/templates/argo-events-controller/deployment.yaml
View File

@ -108,6 +108,10 @@ spec:
{{- with .Values.controller.extraContainers }}
{{- toYaml . | nindent 6 }}
{{- end -}}
{{- with .Values.controller.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

2
charts/argo-events/templates/argo-events-webhook/service.yaml
View File

@ -8,7 +8,7 @@ metadata:
{{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }}
spec:
ports:
- port: 443
- port: {{ int .Values.webhook.port }}
targetPort: webhook
selector:
{{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }}

12
charts/argo-events/values.yaml
View File

@ -94,6 +94,10 @@ configs:
replicas: 3
# -- Not documented at the moment
duplicates: 300s
# -- 0: Limits, 1: Interest, 2: WorkQueue
retention: 0
# -- 0: DiscardOld, 1: DiscardNew
discard: 0
# Supported versions of JetStream eventbus
versions:
- version: latest
@ -239,7 +243,7 @@ controller:
# runAsNonRoot: true
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -277,7 +281,7 @@ controller:
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the events controller
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -405,7 +409,7 @@ webhook:
# runAsNonRoot: true
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -443,7 +447,7 @@ webhook:
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the event controller
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1

8
charts/argo-rollouts/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v1.7.2
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 2.37.5
version: 2.38.2
home: https://github.com/argoproj/argo-helm
icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
keywords:
@ -18,5 +18,7 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Bump argo-rollouts to v1.7.2
- kind: added
description: Add lifecycle settings for controller
- kind: added
description: Add terminationGracePeriodSeconds for controller

9
charts/argo-rollouts/README.md
View File

@ -60,7 +60,7 @@ For full list of changes please check ArtifactHub [changelog].
| notifications.configmap.create | bool | `true` | Whether to create notifications configmap |
| notifications.notifiers | object | `{}` | Configures notification services |
| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret |
| notifications.secret.create | bool | `false` | Whether to create notifications secret |
| notifications.secret.create | bool | `false` | Whether to create notifications secret. |
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts |
| notifications.templates | object | `{}` | Notification templates |
@ -98,11 +98,12 @@ For full list of changes please check ArtifactHub [changelog].
| controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use |
| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod |
| controller.lifecycle | object | `{}` | Specify lifecycle hooks for the controller |
| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
| controller.logging.kloglevel | string | `"0"` | Set the klog logging level |
| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller |
| controller.metricProviderPlugins | list | `[]` | Configures 3rd party metric providers for controller |
| controller.metrics.enabled | bool | `false` | Deploy metrics service |
| controller.metrics.service.annotations | object | `{}` | Service annotations |
| controller.metrics.service.port | int | `8090` | Metrics service port |
@ -125,9 +126,10 @@ For full list of changes please check ArtifactHub [changelog].
| controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller |
| controller.replicas | int | `2` | The number of controller pods to run |
| controller.resources | object | `{}` | Resource limits and requests for the controller pods. |
| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller |
| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller |
| controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller |
| controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container |
| controller.volumes | list | `[]` | Additional volumes to add to the controller pod |
| podAnnotations | object | `{}` | Annotations for the all deployed pods |
@ -182,6 +184,7 @@ For full list of changes please check ArtifactHub [changelog].
| dashboard.service.annotations | object | `{}` | Service annotations |
| dashboard.service.externalIPs | list | `[]` | Dashboard service external IPs |
| dashboard.service.labels | object | `{}` | Service labels |
| dashboard.service.loadBalancerClass | string | `""` | The class of the load balancer implementation |
| dashboard.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
| dashboard.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
| dashboard.service.nodePort | int | `nil` | Service nodePort |

6
charts/argo-rollouts/templates/controller/configmap.yaml
View File

@ -8,8 +8,10 @@ metadata:
{{- include "argo-rollouts.labels" . | nindent 4 }}
data:
{{- with .Values.controller.metricProviderPlugins }}
{{- toYaml . | nindent 2 }}
metricProviderPlugins: |-
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.trafficRouterPlugins }}
{{- toYaml . | nindent 2 }}
trafficRouterPlugins: |-
{{- toYaml . | nindent 4 }}
{{- end }}

6
charts/argo-rollouts/templates/controller/deployment.yaml
View File

@ -78,6 +78,9 @@ spec:
{{- toYaml .Values.controller.readinessProbe | nindent 10 }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
{{- with .Values.controller.lifecycle }}
lifecycle: {{ toYaml . | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
volumeMounts:
@ -101,6 +104,9 @@ spec:
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.controller.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 8 }}

3
charts/argo-rollouts/templates/dashboard/service.yaml
View File

@ -22,6 +22,9 @@ spec:
externalIPs: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if eq .Values.dashboard.service.type "LoadBalancer" }}
{{- with .Values.dashboard.service.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- with .Values.dashboard.service.loadBalancerIP }}
loadBalancerIP: {{ . | quote }}
{{- end }}

25
charts/argo-rollouts/values.yaml
View File

@ -79,6 +79,10 @@ controller:
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Specify lifecycle hooks for the controller
lifecycle: {}
# -- [priorityClassName] for the controller
priorityClassName: ""
# -- The number of controller pods to run
@ -209,17 +213,15 @@ controller:
# -- Configures 3rd party metric providers for controller
## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/
metricProviderPlugins: {}
# metricProviderPlugins: |-
# - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration
# location: "file://./my-custom-plugin" # supports http(s):// urls and file://
metricProviderPlugins: []
# - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration
# location: "file://./my-custom-plugin" # supports http(s):// urls and file://
# -- Configures 3rd party traffic router plugins for controller
## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/
trafficRouterPlugins: {}
# trafficRouterPlugins: |-
# - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration
# location: "file://./my-custom-plugin" # supports http(s):// urls and file://
trafficRouterPlugins: []
# - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration
# location: "file://./my-custom-plugin" # supports http(s):// urls and file://
serviceAccount:
# -- Specifies whether a service account should be created
@ -356,6 +358,8 @@ dashboard:
service:
# -- Sets the type of the Service
type: ClusterIP
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- LoadBalancer will get created with the IP specified in this field
loadBalancerIP: ""
# -- Source IP ranges to allow access to service from
@ -397,7 +401,7 @@ dashboard:
maxUnavailable: # 0
## Ingress configuration.
## ref: https://kubernetes.io/docs/user-guide/ingress/
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
# -- Enable dashboard ingress support
@ -454,7 +458,8 @@ notifications:
create: true
secret:
# -- Whether to create notifications secret
# -- Whether to create notifications secret.
## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}".
create: false
# -- Generic key:value pairs to be inserted into the notifications secret
items: {}

6
charts/argo-workflows/Chart.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: v3.5.10
appVersion: v3.6.2
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.42.0
version: 0.45.3
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
home: https://github.com/argoproj/argo-helm
sources:
@ -17,4 +17,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: Added support for setting annotations on argo workflows controller configmap
description: Support ephemeral credentials for s3 artifact repository

9
charts/argo-workflows/README.md
View File

@ -133,6 +133,8 @@ Fields to note:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. |
| workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates |
| workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc |
| workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
| workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding |
| workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
@ -168,13 +170,16 @@ Fields to note:
| controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. |
| controller.links | list | `[]` | Configure Argo Server to show custom [links] |
| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
| controller.loadBalancerClass | string | `""` | The class of the load balancer implementation |
| controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
| controller.logging.globallevel | string | `"0"` | Set the glog logging level |
| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server |
| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service |
| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics |
| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion |
| controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
| controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". |
@ -222,6 +227,7 @@ Fields to note:
| controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service |
| controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server |
| controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data |
| controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
| controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path |
| controller.telemetryConfig.port | int | `8081` | telemetry container port |
@ -302,6 +308,8 @@ Fields to note:
| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
| server.ingress.paths | list | `["/"]` | List of ingress paths |
| server.ingress.tls | list | `[]` | Ingress TLS configuration |
| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container |
| server.loadBalancerClass | string | `""` | The class of the load balancer implementation |
| server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` |
| server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
| server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
@ -346,6 +354,7 @@ Fields to note:
| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider |
| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) |
| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim |
| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. |
| server.tolerations | list | `[]` | [Tolerations] for use with node taints |
| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server |

29
charts/argo-workflows/templates/controller/agent-rb.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.agentPermissions -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
subjects:
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ .namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

29
charts/argo-workflows/templates/controller/agent-role.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.agentPermissions -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
rules:
- apiGroups:
- argoproj.io
resources:
- workflowtasksets
verbs:
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowtasksets/status
verbs:
- patch
{{- end }}
{{- end }}

29
charts/argo-workflows/templates/controller/artifact-gc-rb.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.artifactGC -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
subjects:
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ .namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

29
charts/argo-workflows/templates/controller/artifact-gc-role.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.artifactGC -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
rules:
- apiGroups:
- argoproj.io
resources:
- workflowartifactgctasks
verbs:
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowartifactgctasks/status
verbs:
- patch
{{- end }}
{{- end }}

2
charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View File

@ -198,7 +198,7 @@ rules:
- watch
{{- end }}
{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

5
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View File

@ -83,6 +83,11 @@ data:
secretKeySecret:
key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
{{- if .Values.artifactRepository.s3.sessionTokenSecret }}
sessionTokenSecret:
key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }}
name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }}
{{- end }}
{{- end }}
bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}

7
charts/argo-workflows/templates/controller/workflow-controller-service.yaml
View File

@ -35,8 +35,13 @@ spec:
{{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }}
clusterIP: None
{{- end }}
{{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
{{- if eq .Values.controller.serviceType "LoadBalancer" }}
{{- with .Values.controller.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- if .Values.controller.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

6
charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
View File

@ -15,7 +15,7 @@ spec:
{{- if .Values.controller.metricsConfig.enabled }}
- port: {{ .Values.controller.metricsConfig.servicePortName }}
path: {{ .Values.controller.metricsConfig.path }}
interval: 30s
interval: {{ .Values.controller.metricsConfig.interval }}
{{- with .Values.controller.metricsConfig.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
@ -24,11 +24,12 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.controller.metricsConfig.honorLabels }}
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
- port: telemetry
path: {{ .Values.controller.telemetryConfig.path }}
interval: 30s
interval: {{ .Values.controller.telemetryConfig.interval }}
{{- with .Values.controller.metricsConfig.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
@ -37,6 +38,7 @@ spec:
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.controller.metricsConfig.honorLabels }}
{{- end }}
{{- with .Values.controller.metricsConfig.targetLabels }}
targetLabels:

36
charts/argo-workflows/templates/controller/workflow-role.yaml
View File

@ -11,27 +11,6 @@ metadata:
namespace: {{ . }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- argoproj.io
resources:
@ -39,21 +18,6 @@ rules:
verbs:
- create
- patch
- apiGroups:
- argoproj.io
resources:
- workflowtasksets
- workflowartifactgctasks
verbs:
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowtasksets/status
- workflowartifactgctasks/status
verbs:
- patch
{{- end }}
{{- end }}

1150
charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml
View File

File diff suppressed because it is too large Load Diff

650
charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml
View File

@ -32,9 +32,655 @@ spec:
metadata:
type: object
spec:
properties:
event:
properties:
selector:
type: string
required:
- selector
type: object
submit:
properties:
arguments:
properties:
artifacts:
items:
properties:
archive:
properties:
none:
type: object
tar:
properties:
compressionLevel:
format: int32
type: integer
type: object
zip:
type: object
type: object
archiveLogs:
type: boolean
artifactGC:
properties:
podMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
serviceAccountName:
type: string
strategy:
enum:
- ""
- OnWorkflowCompletion
- OnWorkflowDeletion
- Never
type: string
type: object
artifactory:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
url:
type: string
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- url
type: object
azure:
properties:
accountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
blob:
type: string
container:
type: string
endpoint:
type: string
useSDKCreds:
type: boolean
required:
- blob
- container
- endpoint
type: object
deleted:
type: boolean
from:
type: string
fromExpression:
type: string
gcs:
properties:
bucket:
type: string
key:
type: string
serviceAccountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- key
type: object
git:
properties:
branch:
type: string
depth:
format: int64
type: integer
disableSubmodules:
type: boolean
fetch:
items:
type: string
type: array
insecureIgnoreHostKey:
type: boolean
insecureSkipTLS:
type: boolean
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
repo:
type: string
revision:
type: string
singleBranch:
type: boolean
sshPrivateKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- repo
type: object
globalName:
type: string
hdfs:
properties:
addresses:
items:
type: string
type: array
dataTransferProtection:
type: string
force:
type: boolean
hdfsUser:
type: string
krbCCacheSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbConfigConfigMap:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbKeytabSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbRealm:
type: string
krbServicePrincipalName:
type: string
krbUsername:
type: string
path:
type: string
required:
- path
type: object
http:
properties:
auth:
properties:
basicAuth:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientCert:
properties:
clientCertSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
oauth2:
properties:
clientIDSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientSecretSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
endpointParams:
items:
properties:
key:
type: string
value:
type: string
required:
- key
type: object
type: array
scopes:
items:
type: string
type: array
tokenURLSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
headers:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
url:
type: string
required:
- url
type: object
mode:
format: int32
type: integer
name:
type: string
optional:
type: boolean
oss:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
createBucketIfNotPresent:
type: boolean
endpoint:
type: string
key:
type: string
lifecycleRule:
properties:
markDeletionAfterDays:
format: int32
type: integer
markInfrequentAccessAfterDays:
format: int32
type: integer
type: object
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
path:
type: string
raw:
properties:
data:
type: string
required:
- data
type: object
recurseMode:
type: boolean
s3:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
createBucketIfNotPresent:
properties:
objectLocking:
type: boolean
type: object
encryptionOptions:
properties:
enableEncryption:
type: boolean
kmsEncryptionContext:
type: string
kmsKeyId:
type: string
serverSideCustomerKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
endpoint:
type: string
insecure:
type: boolean
key:
type: string
region:
type: string
roleARN:
type: string
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
useSDKCreds:
type: boolean
type: object
subPath:
type: string
required:
- name
type: object
type: array
parameters:
items:
properties:
default:
type: string
description:
type: string
enum:
items:
type: string
type: array
globalName:
type: string
name:
type: string
value:
type: string
valueFrom:
properties:
configMapKeyRef:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
default:
type: string
event:
type: string
expression:
type: string
jqFilter:
type: string
jsonPath:
type: string
parameter:
type: string
path:
type: string
supplied:
type: object
type: object
required:
- name
type: object
type: array
type: object
metadata:
type: object
workflowTemplateRef:
properties:
clusterScope:
type: boolean
name:
type: string
type: object
required:
- workflowTemplateRef
type: object
required:
- event
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec

65
charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml
View File

@ -81,12 +81,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
url:
type: string
usernameSecret:
@ -94,12 +96,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- url
type: object
@ -110,12 +114,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
blob:
type: string
container:
@ -146,12 +152,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- key
type: object
@ -170,17 +178,21 @@ spec:
type: array
insecureIgnoreHostKey:
type: boolean
insecureSkipTLS:
type: boolean
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
repo:
type: string
revision:
@ -192,23 +204,27 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- repo
type: object
@ -220,6 +236,8 @@ spec:
items:
type: string
type: array
dataTransferProtection:
type: string
force:
type: boolean
hdfsUser:
@ -229,34 +247,40 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbConfigConfigMap:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbKeytabSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbRealm:
type: string
krbServicePrincipalName:
@ -279,23 +303,27 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientCert:
properties:
@ -304,23 +332,27 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
oauth2:
properties:
@ -329,23 +361,27 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientSecretSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
endpointParams:
items:
properties:
@ -366,12 +402,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
headers:
@ -405,12 +443,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
createBucketIfNotPresent:
@ -433,12 +473,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
securityToken:
type: string
useSDKCreds:
@ -464,12 +506,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
caSecret:
@ -477,12 +521,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
createBucketIfNotPresent:
properties:
objectLocking:
@ -501,12 +547,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
endpoint:
type: string
@ -523,12 +571,27 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
useSDKCreds:
type: boolean
type: object
@ -564,12 +627,14 @@ spec:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
default:
type: string
event:

2
charts/argo-workflows/templates/server/server-cluster-roles.yaml
View File

@ -118,7 +118,7 @@ rules:
- patch
- delete
{{- if .Values.server.clusterWorkflowTemplates.enabled }}
{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

9
charts/argo-workflows/templates/server/server-deployment.yaml
View File

@ -95,7 +95,7 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: BASE_HREF
- name: ARGO_BASE_HREF
value: {{ .Values.server.baseHref | quote }}
{{- with .Values.server.extraEnv }}
{{- toYaml . | nindent 12 }}
@ -108,9 +108,16 @@ spec:
{{- with .Values.server.volumeMounts }}
{{- toYaml . | nindent 10}}
{{- end }}
{{- with .Values.server.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.server.extraContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}

11
charts/argo-workflows/templates/server/server-service.yaml
View File

@ -28,11 +28,16 @@ spec:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.server.serviceType }}
{{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
{{- if eq .Values.server.serviceType "LoadBalancer" }}
{{- with .Values.controller.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
{{- with .Values.server.loadBalancerIP }}
loadBalancerIP: {{ . | quote }}
{{- end }}
{{- if .Values.server.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

26
charts/argo-workflows/values.yaml
View File

@ -69,6 +69,10 @@ workflow:
# -- Adds Role and RoleBinding for the above specified service account to be able to run workflows.
# A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
create: true
# -- Allows permissions for the Argo Agent. Only required if using http/plugin templates
agentPermissions: false
# -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc
artifactGC: false
# -- Extra service accounts to be added to the RoleBinding
serviceAccounts: []
# - name: my-service-account
@ -127,6 +131,8 @@ controller:
enabled: false
# -- Path is the path where metrics are emitted. Must start with a "/".
path: /metrics
# -- Frequency at which prometheus scrapes metrics
interval: 30s
# -- Port is the port where metrics are emitted
port: 9090
# -- How often custom metrics are cleared from memory
@ -143,6 +149,9 @@ controller:
servicePortName: metrics
# -- Flag to enable headless service
headlessService: false
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels
honorLabels: false
# -- ServiceMonitor relabel configs to apply to samples before scraping
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
relabelings: []
@ -231,6 +240,8 @@ controller:
enabled: false
# -- telemetry path
path: /telemetry
# -- Frequency at which prometheus scrapes telemetry data
interval: 30s
# -- telemetry container port
port: 8081
# -- How often custom metrics are cleared from memory
@ -297,6 +308,8 @@ controller:
serviceAnnotations: {}
# -- Optional labels to add to the controller Service
serviceLabels: {}
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
loadBalancerSourceRanges: []
@ -508,6 +521,8 @@ server:
serviceAnnotations: {}
# -- Optional labels to add to the UI Service
serviceLabels: {}
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- Static IP address to assign to loadBalancer service type `LoadBalancer`
loadBalancerIP: ""
# -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
@ -610,7 +625,7 @@ server:
volumes: []
## Ingress configuration.
# ref: https://kubernetes.io/docs/user-guide/ingress/
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
# -- Enable an ingress resource
enabled: false
@ -749,6 +764,12 @@ server:
# -- Enables init containers to be added to the server deployment
extraInitContainers: []
# -- Specify postStart and preStop lifecycle hooks for server container
lifecycle: {}
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Array of extra K8s manifests to deploy
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
@ -791,6 +812,9 @@ artifactRepository:
# secretKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: secretkey
# sessionTokenSecret:
# name: "{{ .Release.Name }}-minio"
# key: sessionToken
# # insecure will disable TLS. Primarily used for minio installs not configured with TLS
# insecure: false
# caSecret:

4
charts/argocd-apps/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-apps
description: A Helm chart for managing additional Argo CD Applications and Projects
type: application
version: 2.0.0
version: 2.0.2
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -18,4 +18,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: added
description: make the chart use maps instead of lists
description: allow setting applicationset finalizers

2
charts/argocd-apps/ci/applicationsets-values.yaml
View File

@ -4,6 +4,8 @@ applicationsets:
applicationset:
additionalLabels: {}
additionalAnnotations: {}
finalizers:
- resources-finalizer.argocd.argoproj.io
# See PR #10026 (ArgoCD v2.5 or later)
# goTemplate: false
generators:

4
charts/argocd-apps/templates/applicationsets.yaml
View File

@ -17,6 +17,10 @@ metadata:
{{- with $appSetData.namespace }}
namespace: {{ . }}
{{- end }}
{{- with $appSetData.finalizers }}
finalizers:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if hasKey $appSetData "goTemplate" }}
goTemplate: {{ $appSetData.goTemplate }}

4
charts/argocd-apps/templates/projects.yaml
View File

@ -25,7 +25,9 @@ spec:
{{- with $projectData.permitOnlyProjectScopedClusters }}
permitOnlyProjectScopedClusters: {{ . }}
{{- end }}
description: {{ $projectData.description }}
{{- with $projectData.description }}
description: {{ . }}
{{- end }}
{{- with $projectData.sourceRepos }}
sourceRepos:
{{- toYaml . | nindent 4 }}

2
charts/argocd-apps/values.yaml
View File

@ -97,6 +97,8 @@ applicationsets: {}
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# finalizers:
# - resources-finalizer.argocd.argoproj.io
# # See PR #10026 (ArgoCD v2.5 or later)
# # goTemplate: false
# generators:

6
charts/argocd-image-updater/Chart.yaml
View File

@ -2,8 +2,8 @@ apiVersion: v2
name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application
version: 0.11.0
appVersion: v0.14.0
version: 0.11.4
appVersion: v0.15.2
home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
keywords:
@ -19,4 +19,4 @@ annotations:
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: changed
description: Bump argocd-image-updater to v0.14.0
description: Bump argocd-image-updater to v0.15.2

1
charts/argocd-image-updater/README.md
View File

@ -87,6 +87,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
| config.logLevel | string | `"info"` | Argo CD Image Update log level |
| config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. |
| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. |
| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry |
| extraEnv | list | `[]` | Extra environment variables for argocd-image-updater |
| extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater |

56
charts/argocd-image-updater/templates/rbac.yaml
View File

@ -17,6 +17,13 @@ rules:
- get
- list
- watch
{{- if not .Values.createClusterRoles }}
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- argoproj.io
resources:
@ -26,12 +33,7 @@ rules:
- list
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
@ -49,3 +51,45 @@ subjects:
name: {{ include "argocd-image-updater.serviceAccountName" . }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
{{- end }}
---
{{- if and .Values.rbac.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
name: {{ include "argocd-image-updater.fullname" . }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- argoproj.io
resources:
- applications
verbs:
- get
- list
- update
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
name: {{ include "argocd-image-updater.fullname" . }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "argocd-image-updater.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argocd-image-updater.serviceAccountName" . }}
namespace: {{ include "argocd-image-updater.namespace" . | quote }}
{{- end }}

5
charts/argocd-image-updater/values.yaml
View File

@ -20,6 +20,11 @@ fullnameOverride: ""
# -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override
namespaceOverride: ""
# -- Create cluster roles for cluster-wide installation.
## Used when you manage applications in the same cluster where Argo CD Image Updater runs.
## If you want to use this, please set `.Values.rbac.enabled` true as well.
createClusterRoles: true
# -- Extra arguments for argocd-image-updater not defined in `config.argocd`.
# If a flag contains both key and value, they need to be split to a new entry
extraArgs: []

11
renovate.json
View File

@ -5,12 +5,14 @@
},
"extends": [
"config:recommended",
"docker:enableMajor"
"docker:enableMajor",
":gitSignOff"
],
"labels": ["renovate"],
"includePaths": [
"**/charts/argo-workflows/Chart.yaml",
"**/charts/argo-cd/Chart.yaml",
"**/charts/argo-cd/values.yaml",
"**/charts/argo-events/Chart.yaml",
"**/charts/argo-rollouts/Chart.yaml",
"**/charts/argocd-image-updater/Chart.yaml",
@ -99,6 +101,13 @@
"matchPackagePatterns": ["redis-ha"],
"enabled": false
},
{
"matchPackagePatterns": ["public.ecr.aws/bitnami/redis-exporter"],
"commitMessagePrefix": "chore({{{replace 'public.ecr.aws/' '' depName}}}):",
"postUpgradeTasks": {
"commands": ["./scripts/renovate-bump-version.sh {{depName}}"]
}
},
{
"matchPackageNames": ["ghcr.io/renovatebot/renovate"],
"extends": ["schedule:monthly"]