diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index a15ecf9b..89ff80ef 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.3.1 +appVersion: v1.4.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.21.3 +version: 2.22.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,5 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Fixed]: avoid app.kubernetes.io/version kubernetes label from exceeding maximum length (63)" - - "[Fixed]: generated value for app.kubernetes.io/version label is now valid even when defining a controller.image.tag with a SHA digest" + - "[Changed]: Upgrade ArgoRollouts to v1.4.0" diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index b8fdf475..eaaadd24 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -89,7 +89,7 @@ rules: - create - get - update -# secret access to run analysis templates which reference secrets, allow init containers to manipulate secrets +# secret read access to run analysis templates which reference secrets - apiGroups: - "" resources: @@ -99,9 +99,6 @@ rules: - get - list - watch - - create - - patch - - update # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -110,6 +107,7 @@ rules: verbs: - list - update + - watch # pods eviction needed for restart - apiGroups: - "" @@ -223,4 +221,20 @@ rules: - list - update - patch +- apiGroups: + - traefik.containo.us + resources: + - traefikservices + verbs: + - watch + - get + - update +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 81ce8542..8c7aa9d4 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -56,7 +56,19 @@ rules: - update - patch - delete +# deployments and podtemplates read access needed for workload reference support +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch # services patch needed to update selector of canary/stable/active/preview services +# services create needed to create and delete services for experiments - apiGroups: - "" resources: @@ -66,8 +78,18 @@ rules: - list - watch - patch -# secret access to run analysis templates which reference secrets -# configmap access to read notification-engine configuration + - create + - delete +# leases create/get/update needed for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +# secret read access to run analysis templates which reference secrets - apiGroups: - "" resources: @@ -77,9 +99,6 @@ rules: - get - list - watch - - create - - patch - - update # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -88,6 +107,7 @@ rules: verbs: - list - update + - watch # pods eviction needed for restart - apiGroups: - "" @@ -129,15 +149,17 @@ rules: - update - patch - delete -# virtualservice access needed for using the Istio provider +# virtualservice/destinationrule access needed for using the Istio provider - apiGroups: - networking.istio.io resources: - virtualservices + - destinationrules verbs: - watch - get - update + - patch - list # trafficsplit access needed for using the SMI provider - apiGroups: @@ -150,4 +172,69 @@ rules: - get - update - patch +# ambassador access needed for Ambassador provider +- apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - mappings + - ambassadormappings + verbs: + - create + - watch + - get + - update + - list + - delete +# Endpoints and TargetGroupBindings needed for ALB target group verification +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - list + - get +# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - watch + - get + - list +# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - watch + - get + - list + - update + - patch +- apiGroups: + - traefik.containo.us + resources: + - traefikservices + verbs: + - watch + - get + - update +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 0d95f6f5..70187985 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -2742,6 +2742,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 862af976..c2846186 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -2738,6 +2738,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 60604611..a00f68fe 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -2738,6 +2738,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index ec58d318..3f6ea749 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -89,6 +89,12 @@ spec: revisionHistoryLimit: format: int32 type: integer + rollbackWindow: + properties: + revisions: + format: int32 + type: integer + type: object selector: properties: matchExpressions: @@ -397,6 +403,9 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + minPodsPerReplicaSet: + format: int32 + type: integer pingPong: properties: pingService: @@ -713,6 +722,20 @@ spec: required: - mappings type: object + apisix: + properties: + route: + properties: + name: + type: string + rules: + items: + type: string + type: array + required: + - name + type: object + type: object appMesh: properties: virtualNodeGroup: @@ -770,6 +793,14 @@ spec: items: type: string type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array tlsRoutes: items: properties: @@ -794,6 +825,14 @@ spec: items: type: string type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array tlsRoutes: items: properties: diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml index 6a84102d..5f05d6e6 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -44,17 +44,18 @@ rules: - get - list - watch - # deployments and podtemplates read access needed for workload reference support - apiGroups: - - "" - apps resources: - deployments - - podtemplates verbs: - get - list - watch + {{- if not .Values.dashboard.readonly }} + - update + - patch + {{- end }} - apiGroups: - apps resources: