diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js index 9118ffe9e..f453f6407 100644 --- a/.github/configs/renovate-config.js +++ b/.github/configs/renovate-config.js @@ -1,6 +1,7 @@ module.exports = { platform: 'github', - gitAuthor: 'renovate[bot] ', + // This ensures that the gitAuthor and gitSignOff fields match + gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>', autodiscover: false, allowPostUpgradeCommandTemplating: true, allowedPostUpgradeCommands: [".*"], diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 9c6698609..67d938e97 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.9 @@ -41,7 +41,7 @@ jobs: uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: # Note: Also update in scripts/lint.sh - version: v3.10.0 + version: v3.11.0 - name: List changed charts id: list-changed @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 04d2b6b45..9bde9db41 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2 + - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6f3682c8b..4ebfd963a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 97943b77f..eeea77558 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,21 +16,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7 + uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.18.0 + renovate-version: 39.86.4 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9d5832350..0205ce8c8 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif diff --git a/SECURITY.md b/SECURITY.md index f4fb60022..a066f67fe 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ Each helm chart currently supports the designated application version in the Cha * [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) * [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) -* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md) +* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md) * [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md) * [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index bc11a7154..36656a142 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.26.1 -digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41 -generated: "2024-02-18T19:42:53.135599+02:00" + version: 4.29.4 +digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7 +generated: "2024-11-13T09:07:36.494128+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 990ee3b77..83d8170ab 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.3-2024.12.23-4a8e092c0 -kubeVersion: ">=1.23.0-0" +appVersion: v2.13.3-2025.1.9-67d01f9e0 +kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.7-10-cap-2.12.3-2024.12.23-4a8e092c0 +version: 7.7.14-0-cap-2.13.3-2025.1.9-67d01f9e0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.26.1 + version: 4.29.4 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: argo-cd updated to v2.12.3-2024.12.23-4a8e092c0 with dex and redis bump + description: Bump argo-cd to v2.13.3-2025.1.9-67d01f9e0 and base helm chart 7.7.14 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 03f39bd5c..61329618f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach. Steps to roteate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash @@ -647,7 +647,7 @@ server: ## Prerequisites -- Kubernetes: `>=1.23.0-0` +- Kubernetes: `>=1.25.0-0` - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ @@ -829,6 +829,7 @@ NAME: my-release | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | | global.tolerations | list | `[]` | Default tolerations for all components | @@ -858,6 +859,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | @@ -869,6 +871,7 @@ NAME: my-release | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | | configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | @@ -897,6 +900,7 @@ NAME: my-release | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | | configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | | configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | | configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | | configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | @@ -948,6 +952,7 @@ NAME: my-release | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -973,6 +978,7 @@ NAME: my-release | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -1041,6 +1047,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1067,6 +1074,7 @@ NAME: my-release | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.replicas | int | `1` | The number of repo server pods to run | | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | @@ -1133,7 +1141,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | @@ -1190,6 +1198,7 @@ NAME: my-release | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1220,6 +1229,7 @@ NAME: my-release | server.route.hostname | string | `""` | Hostname of OpenShift Route | | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | @@ -1300,6 +1310,7 @@ NAME: my-release | dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1327,6 +1338,7 @@ NAME: my-release | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | dex.serviceAccount.create | bool | `true` | Create dex service account | @@ -1382,7 +1394,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.2.5-alpine"` | Redis tag | +| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1401,6 +1413,7 @@ NAME: my-release | redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | | redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1425,6 +1438,7 @@ NAME: my-release | redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | | redis.service.labels | object | `{}` | Additional redis service labels | @@ -1466,7 +1480,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -1503,6 +1517,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | @@ -1591,6 +1606,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1617,6 +1633,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | @@ -1677,6 +1694,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | @@ -1700,6 +1718,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | @@ -1721,26 +1740,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 7ba255816..35692a822 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach. Steps to roteate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash @@ -817,26 +817,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 3938c25d2..e61a85257 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -154,6 +157,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -322,6 +343,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -375,6 +398,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index a9edaf545..d19124704 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }} {{- with .Values.controller.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 4fb49beea..a907ac767 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -37,6 +37,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -153,6 +156,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -207,10 +228,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -321,6 +342,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -373,6 +396,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 7b1f19980..2723e3d22 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index af6d52978..9dcae8d2b 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 060d20c57..303106b5e 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -202,6 +205,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 8fac6a8da..52d707007 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }} {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index b0695ed3d..0218d40b3 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.ssh.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -17,3 +18,4 @@ data: {{- with .Values.configs.ssh.extraHosts }} {{- . | nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 0b4b1e113..d317eac23 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -20,7 +20,7 @@ metadata: type: Opaque stringData: {{- if $cluster_value.shard }} - shard: {{ $cluster_value.shard }} + shard: {{ $cluster_value.shard | quote }} {{- end }} name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 0f6ad38b2..cee627d51 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -99,6 +102,12 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 0d2c704f2..22b882a68 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -41,6 +41,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }} namespaceSelector: matchNames: - {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index efffe4968..0c923699c 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -47,6 +47,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -188,10 +191,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 709953987..3d7cc4970 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 803452f63..a98621392 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -13,13 +13,13 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: + {{- with .Values.server.certificate.secretTemplateAnnotations }} secretTemplate: - {{- with .Values.server.certificate.secretTemplateAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} secretName: argocd-server-tls commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index c1439b0c9..1bc9aed54 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -14,25 +14,23 @@ rules: resources: - '*' verbs: - - delete - - get - - patch + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` - apiGroups: - "" resources: - events verbs: - - list - {{- if (index .Values.configs.params "application.namespaces") }} + - list # supports listing events in UI - create - {{- end }} - apiGroups: - "" resources: - pods - pods/log verbs: - - get + - get # supports viewing pod logs from UI {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f20f2af08..cc5f7bfe6 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -41,6 +41,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -252,10 +255,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -340,6 +343,36 @@ spec: name: argocd-cmd-params-cm key: server.api.content.types optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -362,6 +395,8 @@ spec: name: styles - mountPath: /tmp name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- if .Values.server.extensions.enabled }} - mountPath: /tmp/extensions name: extensions @@ -510,6 +545,13 @@ spec: path: tls.crt - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled {{- if .Values.server.hostNetwork }} hostNetwork: {{ .Values.server.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 846683732..88c2f99ab 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -9,20 +9,20 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- with .Values.server.ingress.annotations }} annotations: {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ tpl $value $ | quote }} {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} - ingressClassName: {{ . }} + ingressClassName: {{ tpl . $ }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -36,7 +36,7 @@ spec: port: number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name | quote }} + - host: {{ tpl .name $ | quote }} http: paths: - path: {{ default $.Values.server.ingress.path .path }} @@ -54,16 +54,16 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ tpl .name $ }} {{- end }} {{- end }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 74902ef04..49c24138d 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} {{- with .Values.server.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 1bc44ed8e..c7e0aeec6 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -125,6 +125,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -250,6 +255,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -271,6 +283,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -328,6 +350,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -367,6 +396,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -586,6 +620,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -607,6 +648,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -665,6 +716,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -706,6 +764,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1041,6 +1104,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1062,6 +1132,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1118,6 +1197,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1156,6 +1242,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1368,6 +1459,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1389,6 +1487,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1446,6 +1554,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1485,6 +1600,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1860,6 +1980,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1881,6 +2008,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1939,6 +2076,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1980,6 +2124,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2198,6 +2347,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2220,6 +2376,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2280,6 +2446,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2321,6 +2494,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2553,6 +2731,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -2685,6 +2868,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2709,6 +2899,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2771,6 +2971,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2813,6 +3020,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3042,6 +3254,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3066,6 +3285,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3130,6 +3359,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3173,6 +3409,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3522,6 +3763,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3544,6 +3792,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3604,6 +3862,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3645,6 +3910,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3870,6 +4140,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3894,6 +4171,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3956,6 +4243,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3998,6 +4292,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4370,6 +4669,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4392,6 +4698,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4452,6 +4768,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4493,6 +4816,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4718,6 +5046,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4742,6 +5077,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4804,6 +5149,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4846,6 +5198,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -5028,3 +5385,4 @@ spec: storage: true subresources: {} {{- end }} + diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 71c3b3048..816a7c60c 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -62,11 +62,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -204,6 +206,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -215,6 +221,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -246,6 +256,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -270,6 +284,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -422,6 +438,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -433,6 +453,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -464,6 +488,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -488,6 +516,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -663,11 +693,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -800,6 +832,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -811,6 +847,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -842,6 +882,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -866,6 +910,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1018,6 +1064,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1029,6 +1079,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1060,6 +1114,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1084,6 +1142,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1399,6 +1459,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1410,6 +1474,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1441,6 +1509,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1465,6 +1537,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1617,6 +1691,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1628,6 +1706,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1659,6 +1741,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1683,6 +1769,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1978,6 +2066,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1989,6 +2081,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2020,6 +2116,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2044,6 +2144,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2196,6 +2298,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2207,6 +2313,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2238,6 +2348,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2262,6 +2376,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2438,11 +2554,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2580,6 +2698,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2591,6 +2713,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2622,6 +2748,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2646,6 +2776,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2798,6 +2930,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2809,6 +2945,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2840,6 +2980,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2864,6 +3008,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3039,11 +3185,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3176,6 +3324,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3187,6 +3339,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3218,6 +3374,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3242,6 +3402,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3394,6 +3556,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3405,6 +3571,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3436,6 +3606,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3460,6 +3634,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3775,6 +3951,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3786,6 +3966,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3817,6 +4001,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3841,6 +4029,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3993,6 +4183,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4004,6 +4198,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4035,6 +4233,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4059,6 +4261,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4354,6 +4558,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4365,6 +4573,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4396,6 +4608,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4420,6 +4636,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4572,6 +4790,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4583,6 +4805,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4614,6 +4840,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4638,6 +4868,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4941,6 +5173,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4952,6 +5188,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4983,6 +5223,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5007,6 +5251,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5159,6 +5405,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5170,6 +5420,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5201,6 +5455,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5225,6 +5483,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5483,6 +5743,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -5558,6 +5845,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -5710,6 +6007,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5721,6 +6022,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5752,6 +6057,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5776,6 +6085,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5928,6 +6239,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5939,6 +6254,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5970,6 +6289,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5994,6 +6317,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6242,6 +6567,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -6322,7 +6674,17 @@ spec: type: boolean api: type: string - group: + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: type: string includeSharedProjects: type: boolean @@ -6474,6 +6836,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6485,6 +6851,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6516,6 +6886,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6540,6 +6914,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6692,6 +7068,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6703,6 +7083,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6734,6 +7118,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6758,6 +7146,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6929,11 +7319,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7068,6 +7460,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7079,6 +7475,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7110,6 +7510,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7134,6 +7538,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7286,6 +7692,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7297,6 +7707,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7328,6 +7742,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7352,6 +7770,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7530,11 +7950,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7672,6 +8094,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7683,6 +8109,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7714,6 +8144,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7738,6 +8172,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7890,6 +8326,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7901,6 +8341,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7932,6 +8376,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7956,6 +8404,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8131,11 +8581,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8268,6 +8720,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8279,6 +8735,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8310,6 +8770,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8334,6 +8798,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8486,6 +8952,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8497,6 +8967,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8528,6 +9002,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8552,6 +9030,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8867,6 +9347,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8878,6 +9362,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8909,6 +9397,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8933,6 +9425,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9085,6 +9579,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9096,6 +9594,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9127,6 +9629,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9151,6 +9657,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9446,6 +9954,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9457,6 +9969,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9488,6 +10004,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9512,6 +10032,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9664,6 +10186,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9675,6 +10201,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9706,6 +10236,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9730,6 +10264,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10033,6 +10569,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10044,6 +10584,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10075,6 +10619,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10099,6 +10647,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10251,6 +10801,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10262,6 +10816,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10293,6 +10851,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10317,6 +10879,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10575,6 +11139,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10650,6 +11241,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10802,6 +11403,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10813,6 +11418,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10844,6 +11453,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10868,6 +11481,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11020,6 +11635,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11031,6 +11650,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11062,6 +11685,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11086,6 +11713,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11334,6 +11963,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11414,6 +12070,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11566,6 +12232,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11577,6 +12247,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11608,6 +12282,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11632,6 +12310,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11784,6 +12464,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11795,6 +12479,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11826,6 +12514,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11850,6 +12542,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12021,11 +12715,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12164,6 +12860,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12175,6 +12875,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12206,6 +12910,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12230,6 +12938,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12382,6 +13092,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12393,6 +13107,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12424,6 +13142,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12448,6 +13170,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12750,6 +13474,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12761,6 +13489,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12792,6 +13524,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12816,6 +13552,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12968,6 +13706,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12979,6 +13721,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13010,6 +13756,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13034,6 +13784,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13292,6 +14044,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -13367,6 +14146,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -13519,6 +14308,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13530,6 +14323,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13561,6 +14358,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13585,6 +14386,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13737,6 +14540,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13748,6 +14555,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13779,6 +14590,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13803,6 +14618,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14051,6 +14868,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -14131,6 +14975,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -14283,6 +15137,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14294,6 +15152,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14325,6 +15187,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14349,6 +15215,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14501,6 +15369,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14512,6 +15384,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14543,6 +15419,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14567,6 +15447,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14738,11 +15620,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14952,6 +15836,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14963,6 +15851,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14994,6 +15886,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15018,6 +15914,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15170,6 +16068,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15181,6 +16083,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15212,6 +16118,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15236,6 +16146,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index f9910152e..1865aa2d0 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -96,6 +96,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index bc9b45309..4c6209ad9 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -43,6 +43,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -80,6 +83,18 @@ spec: {{- with (concat .Values.global.env .Values.dex.env) }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 2c03e5970..93c9fa328 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -31,6 +31,7 @@ spec: metricRelabelings: {{- toYaml . |nindent 8 }} {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} {{- with .Values.dex.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 643dadc71..5fd41f64b 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -28,9 +28,9 @@ spec: {{- end }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: - {{ toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - command: @@ -54,6 +54,10 @@ spec: priorityClassName: {{ . }} {{- end }} restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 76e1b00ac..655816655 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- end }} {{- end }} spec: + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 4132c1ce0..4710d2869 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -32,6 +32,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }} {{- with .Values.redis.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f14090e4d..b18574795 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -50,6 +50,9 @@ global: ## Used for ingresses, certificates, SSO, notifications, etc. domain: argocd.example.com + # -- Runtime class name for all components + runtimeClassName: "" + # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -144,7 +147,7 @@ global: # - antarctica-west1 # -- Default [TopologySpreadConstraints] rules for all components - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector of the component topologySpreadConstraints: [] # - maxSkew: 1 @@ -235,6 +238,25 @@ configs: # - profile # - email + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -273,6 +295,8 @@ configs: server.disable.auth: false # -- Enable GZIP compression server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin @@ -285,6 +309,10 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ + applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] ## List of additional namespaces where applications may be created in and reconciled from. @@ -353,6 +381,9 @@ configs: # SSH known hosts for Git repositories ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true + # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap annotations: {} @@ -629,6 +660,10 @@ controller: ## like round-robin, then the shards will be well-balanced. dynamicClusterDistribution: false + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + # -- Application controller heartbeat time # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution heartbeatTime: 10 @@ -767,7 +802,7 @@ controller: - ALL # Readiness probe for application controller - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -801,7 +836,7 @@ controller: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -852,6 +887,8 @@ controller: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -929,6 +966,10 @@ dex: # -- Additional command line arguments to pass to the Dex server extraArgs: [] + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + metrics: # -- Deploy metrics service enabled: false @@ -944,6 +985,8 @@ dex: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -1195,7 +1238,7 @@ dex: # -- Assign custom [TopologySpreadConstraints] rules to dex # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1223,6 +1266,10 @@ redis: # -- Redis name name: redis + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Redis Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -1244,7 +1291,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.5-alpine + tag: 7.4.1-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1278,7 +1325,7 @@ redis: - ALL ## Probes for Redis exporter (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis exporter (optional) enabled: false @@ -1336,7 +1383,7 @@ redis: # name: secret-name ## Probes for Redis server (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis server enabled: false @@ -1446,7 +1493,7 @@ redis: # -- Assign custom [TopologySpreadConstraints] rules to redis # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1499,6 +1546,8 @@ redis: enabled: false # -- Interval at which metrics should be scraped interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -1528,7 +1577,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.1-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1593,7 +1642,7 @@ redis-ha: tolerations: [] # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false @@ -1695,6 +1744,9 @@ redisSecretInit: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} + # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} @@ -1711,6 +1763,10 @@ server: # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Argo CD server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server @@ -1804,7 +1860,7 @@ server: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.5" + tag: "v0.0.8" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1945,7 +2001,7 @@ server: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -1991,7 +2047,7 @@ server: # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -2092,7 +2148,8 @@ server: # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] @@ -2127,6 +2184,8 @@ server: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2374,6 +2433,10 @@ repoServer: # -- The number of repo server pods to run replicas: 1 + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Repo server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server @@ -2586,7 +2649,7 @@ repoServer: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2628,7 +2691,7 @@ repoServer: # -- Assign custom [TopologySpreadConstraints] rules to the repo server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -2698,6 +2761,8 @@ repoServer: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2762,6 +2827,10 @@ applicationSet: # -- The number of ApplicationSet controller pods to run replicas: 1 + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -2855,6 +2924,8 @@ applicationSet: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2947,7 +3018,7 @@ applicationSet: - ALL ## Probes for ApplicationSet controller (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for ApplicationSet controller enabled: false @@ -3129,6 +3200,10 @@ notifications: # @default -- `""` (defaults to https://`global.domain`) argocdUrl: "" + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -3265,6 +3340,8 @@ notifications: scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -3318,7 +3395,7 @@ notifications: - ALL ## Probes for notifications controller Pods (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for notifications controller Pods enabled: false @@ -3364,7 +3441,7 @@ notifications: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index aae234420..76d675a38 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.2 +appVersion: v1.9.3 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.7 +version: 2.4.11 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update Jetstream versions as following upstream + description: Support initContainers to controller diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 5d2c036b5..7e9f6e37f 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -60,11 +60,13 @@ done |-----|------|---------|-------------| | configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) | | configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) | +| configs.jetstream.streamConfig.discard | int | `0` | 0: DiscardOld, 1: DiscardNew | | configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment | | configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” | | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | +| configs.jetstream.streamConfig.retention | int | `0` | 0: Limits, 1: Interest, 2: WorkQueue | | configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | | configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | | configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | | @@ -232,9 +234,9 @@ done ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/README.md.gotmpl b/charts/argo-events/README.md.gotmpl index c25a3e977..505217ba2 100644 --- a/charts/argo-events/README.md.gotmpl +++ b/charts/argo-events/README.md.gotmpl @@ -89,9 +89,9 @@ done ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index 119c10f5f..e3047de74 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -32,6 +32,8 @@ data: maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }} replicas: {{ .Values.configs.jetstream.streamConfig.replicas }} duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }} + retention: {{ .Values.configs.jetstream.streamConfig.retention }} + discard: {{ .Values.configs.jetstream.streamConfig.discard }} versions: {{- range .Values.configs.jetstream.versions }} - version: {{ .version }} diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 75d0cdb23..17bf0a6a4 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -108,6 +108,10 @@ spec: {{- with .Values.controller.extraContainers }} {{- toYaml . | nindent 6 }} {{- end -}} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index e1f2b2ee0..797ceb438 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: ports: - - port: 443 + - port: {{ int .Values.webhook.port }} targetPort: webhook selector: {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 09a2d9ea0..fb9878c9f 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -94,6 +94,10 @@ configs: replicas: 3 # -- Not documented at the moment duplicates: 300s + # -- 0: Limits, 1: Interest, 2: WorkQueue + retention: 0 + # -- 0: DiscardOld, 1: DiscardNew + discard: 0 # Supported versions of JetStream eventbus versions: - version: latest @@ -239,7 +243,7 @@ controller: # runAsNonRoot: true ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -277,7 +281,7 @@ controller: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the events controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -405,7 +409,7 @@ webhook: # runAsNonRoot: true ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -443,7 +447,7 @@ webhook: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the event controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index da2ffcb0d..757a63296 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.5 +version: 2.38.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-rollouts to v1.7.2 + - kind: added + description: Add lifecycle settings for controller + - kind: added + description: Add terminationGracePeriodSeconds for controller diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index b6a6f44d1..aa09ca142 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -60,7 +60,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.configmap.create | bool | `true` | Whether to create notifications configmap | | notifications.notifiers | object | `{}` | Configures notification services | | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | -| notifications.secret.create | bool | `false` | Whether to create notifications secret | +| notifications.secret.create | bool | `false` | Whether to create notifications secret. | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | @@ -98,11 +98,12 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | +| controller.lifecycle | object | `{}` | Specify lifecycle hooks for the controller | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.kloglevel | string | `"0"` | Set the klog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | -| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | +| controller.metricProviderPlugins | list | `[]` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.service.annotations | object | `{}` | Service annotations | | controller.metrics.service.port | int | `8090` | Metrics service port | @@ -125,9 +126,10 @@ For full list of changes please check ArtifactHub [changelog]. | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | -| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller | +| controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | | controller.volumes | list | `[]` | Additional volumes to add to the controller pod | | podAnnotations | object | `{}` | Annotations for the all deployed pods | @@ -182,6 +184,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.service.annotations | object | `{}` | Service annotations | | dashboard.service.externalIPs | list | `[]` | Dashboard service external IPs | | dashboard.service.labels | object | `{}` | Service labels | +| dashboard.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | | dashboard.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | dashboard.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | dashboard.service.nodePort | int | `nil` | Service nodePort | diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml index 1978b2b62..a1971ab9a 100644 --- a/charts/argo-rollouts/templates/controller/configmap.yaml +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -8,8 +8,10 @@ metadata: {{- include "argo-rollouts.labels" . | nindent 4 }} data: {{- with .Values.controller.metricProviderPlugins }} - {{- toYaml . | nindent 2 }} + metricProviderPlugins: |- + {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.controller.trafficRouterPlugins }} - {{- toYaml . | nindent 2 }} + trafficRouterPlugins: |- + {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index df5dc4db3..7aea72a41 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -78,6 +78,9 @@ spec: {{- toYaml .Values.controller.readinessProbe | nindent 10 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 10 }} + {{- with .Values.controller.lifecycle }} + lifecycle: {{ toYaml . | nindent 10 }} + {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} volumeMounts: @@ -101,6 +104,9 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{- toYaml .Values.controller.tolerations | nindent 8 }} diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml index 6a304b82d..b7e553d7f 100644 --- a/charts/argo-rollouts/templates/dashboard/service.yaml +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -22,6 +22,9 @@ spec: externalIPs: {{- toYaml . | nindent 4 }} {{- end }} {{- if eq .Values.dashboard.service.type "LoadBalancer" }} + {{- with .Values.dashboard.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.dashboard.service.loadBalancerIP }} loadBalancerIP: {{ . | quote }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index a4d313e01..266334551 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -79,6 +79,10 @@ controller: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Specify lifecycle hooks for the controller + lifecycle: {} # -- [priorityClassName] for the controller priorityClassName: "" # -- The number of controller pods to run @@ -209,17 +213,15 @@ controller: # -- Configures 3rd party metric providers for controller ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ - metricProviderPlugins: {} - # metricProviderPlugins: |- - # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration - # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + metricProviderPlugins: [] + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// # -- Configures 3rd party traffic router plugins for controller ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ - trafficRouterPlugins: {} - # trafficRouterPlugins: |- - # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration - # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + trafficRouterPlugins: [] + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// serviceAccount: # -- Specifies whether a service account should be created @@ -356,6 +358,8 @@ dashboard: service: # -- Sets the type of the Service type: ClusterIP + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from @@ -397,7 +401,7 @@ dashboard: maxUnavailable: # 0 ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: # -- Enable dashboard ingress support @@ -454,7 +458,8 @@ notifications: create: true secret: - # -- Whether to create notifications secret + # -- Whether to create notifications secret. + ## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}". create: false # -- Generic key:value pairs to be inserted into the notifications secret items: {} diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index bb7251b2a..658d613f0 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.10 +appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.0 +version: 0.45.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added support for setting annotations on argo workflows controller configmap + description: Support ephemeral credentials for s3 artifact repository diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 9ab1c0161..6a82eb5ff 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -133,6 +133,8 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | +| workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates | +| workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc | | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | | workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | @@ -168,13 +170,16 @@ Fields to note: | controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. | | controller.links | list | `[]` | Configure Argo Server to show custom [links] | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.loadBalancerClass | string | `""` | The class of the load balancer implementation | | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.globallevel | string | `"0"` | Set the glog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | +| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | @@ -222,6 +227,7 @@ Fields to note: | controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service | | controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server | | controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data | | controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path | | controller.telemetryConfig.port | int | `8081` | telemetry container port | @@ -302,6 +308,8 @@ Fields to note: | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | | server.ingress.paths | list | `["/"]` | List of ingress paths | | server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container | +| server.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | | server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | @@ -346,6 +354,7 @@ Fields to note: | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | diff --git a/charts/argo-workflows/templates/controller/agent-rb.yaml b/charts/argo-workflows/templates/controller/agent-rb.yaml new file mode 100644 index 000000000..67e499551 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/agent-role.yaml b/charts/argo-workflows/templates/controller/agent-role.yaml new file mode 100644 index 000000000..577567b2e --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtasksets + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowtasksets/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml new file mode 100644 index 000000000..279b2c505 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-role.yaml b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml new file mode 100644 index 000000000..48218b835 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 1b01b117a..1e8f764cf 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -198,7 +198,7 @@ rules: - watch {{- end }} -{{- if .Values.controller.clusterWorkflowTemplates.enabled }} +{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d93a910e5..a269f6e54 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -83,6 +83,11 @@ data: secretKeySecret: key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} + {{- if .Values.artifactRepository.s3.sessionTokenSecret }} + sessionTokenSecret: + key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }} + {{- end }} {{- end }} bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 0cd8a75b5..4a1290baa 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -35,8 +35,13 @@ spec: {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} clusterIP: None {{- end }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + {{- if eq .Values.controller.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- if .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 1695f96db..46fd18dd0 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -15,7 +15,7 @@ spec: {{- if .Values.controller.metricsConfig.enabled }} - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} - interval: 30s + interval: {{ .Values.controller.metricsConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} @@ -24,11 +24,12 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s + interval: {{ .Values.controller.telemetryConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} @@ -37,6 +38,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- with .Values.controller.metricsConfig.targetLabels }} targetLabels: diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 142653726..81c20048a 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -11,27 +11,6 @@ metadata: namespace: {{ . }} {{- end }} rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - apiGroups: - argoproj.io resources: @@ -39,21 +18,6 @@ rules: verbs: - create - patch - - apiGroups: - - argoproj.io - resources: - - workflowtasksets - - workflowartifactgctasks - verbs: - - list - - watch - - apiGroups: - - argoproj.io - resources: - - workflowtasksets/status - - workflowartifactgctasks/status - verbs: - - patch {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml index dcebddb24..6a474715e 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml @@ -17,34 +17,1130 @@ spec: listKind: WorkflowArtifactGCTaskList plural: workflowartifactgctasks shortNames: - - wfat + - wfat singular: workflowartifactgctask scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + artifactsByNode: + additionalProperties: + properties: + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + type: object + artifacts: + additionalProperties: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: object + type: object + type: object + type: object + status: + properties: + artifactResultsByNode: + additionalProperties: + properties: + artifactResults: + additionalProperties: + properties: + error: + type: string + name: + type: string + success: + type: boolean + required: + - name + type: object + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml index 097fa5cda..f11df956b 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml @@ -32,9 +32,655 @@ spec: metadata: type: object spec: + properties: + event: + properties: + selector: + type: string + required: + - selector + type: object + submit: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + metadata: + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + required: + - workflowTemplateRef + type: object + required: + - event type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true required: - metadata - spec diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml index 861f1df8f..02f3f08bc 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml @@ -81,12 +81,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic url: type: string usernameSecret: @@ -94,12 +96,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - url type: object @@ -110,12 +114,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic blob: type: string container: @@ -146,12 +152,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - key type: object @@ -170,17 +178,21 @@ spec: type: array insecureIgnoreHostKey: type: boolean + insecureSkipTLS: + type: boolean passwordSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic repo: type: string revision: @@ -192,23 +204,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic usernameSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - repo type: object @@ -220,6 +236,8 @@ spec: items: type: string type: array + dataTransferProtection: + type: string force: type: boolean hdfsUser: @@ -229,34 +247,40 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbConfigConfigMap: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbKeytabSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbRealm: type: string krbServicePrincipalName: @@ -279,23 +303,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic usernameSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object clientCert: properties: @@ -304,23 +332,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic clientKeySecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object oauth2: properties: @@ -329,23 +361,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic clientSecretSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic endpointParams: items: properties: @@ -366,12 +402,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object type: object headers: @@ -405,12 +443,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string createBucketIfNotPresent: @@ -433,12 +473,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic securityToken: type: string useSDKCreds: @@ -464,12 +506,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string caSecret: @@ -477,12 +521,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic createBucketIfNotPresent: properties: objectLocking: @@ -501,12 +547,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object endpoint: type: string @@ -523,12 +571,27 @@ spec: key: type: string name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic useSDKCreds: type: boolean type: object @@ -564,12 +627,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic default: type: string event: diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index dbb5ff9f5..f09530997 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -118,7 +118,7 @@ rules: - patch - delete -{{- if .Values.server.clusterWorkflowTemplates.enabled }} +{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index a4b8df7b3..b9a2541b4 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -95,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: BASE_HREF + - name: ARGO_BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} @@ -108,9 +108,16 @@ spec: {{- with .Values.server.volumeMounts }} {{- toYaml . | nindent 10}} {{- end }} + {{- with .Values.server.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.server.extraContainers }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 7517d659d..39c377928 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -28,11 +28,16 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- if eq .Values.server.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + {{- with .Values.server.loadBalancerIP }} + loadBalancerIP: {{ . | quote }} + {{- end }} + {{- if .Values.server.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 9f140f1ba..035945d2b 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -69,6 +69,10 @@ workflow: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) create: true + # -- Allows permissions for the Argo Agent. Only required if using http/plugin templates + agentPermissions: false + # -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc + artifactGC: false # -- Extra service accounts to be added to the RoleBinding serviceAccounts: [] # - name: my-service-account @@ -127,6 +131,8 @@ controller: enabled: false # -- Path is the path where metrics are emitted. Must start with a "/". path: /metrics + # -- Frequency at which prometheus scrapes metrics + interval: 30s # -- Port is the port where metrics are emitted port: 9090 # -- How often custom metrics are cleared from memory @@ -143,6 +149,9 @@ controller: servicePortName: metrics # -- Flag to enable headless service headlessService: false + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels + honorLabels: false # -- ServiceMonitor relabel configs to apply to samples before scraping ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] @@ -231,6 +240,8 @@ controller: enabled: false # -- telemetry path path: /telemetry + # -- Frequency at which prometheus scrapes telemetry data + interval: 30s # -- telemetry container port port: 8081 # -- How often custom metrics are cleared from memory @@ -297,6 +308,8 @@ controller: serviceAnnotations: {} # -- Optional labels to add to the controller Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` loadBalancerSourceRanges: [] @@ -508,6 +521,8 @@ server: serviceAnnotations: {} # -- Optional labels to add to the UI Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Static IP address to assign to loadBalancer service type `LoadBalancer` loadBalancerIP: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` @@ -610,7 +625,7 @@ server: volumes: [] ## Ingress configuration. - # ref: https://kubernetes.io/docs/user-guide/ingress/ + # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: # -- Enable an ingress resource enabled: false @@ -749,6 +764,12 @@ server: # -- Enables init containers to be added to the server deployment extraInitContainers: [] + # -- Specify postStart and preStop lifecycle hooks for server container + lifecycle: {} + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Array of extra K8s manifests to deploy extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 @@ -791,6 +812,9 @@ artifactRepository: # secretKeySecret: # name: "{{ .Release.Name }}-minio" # key: secretkey + # sessionTokenSecret: + # name: "{{ .Release.Name }}-minio" + # key: sessionToken # # insecure will disable TLS. Primarily used for minio installs not configured with TLS # insecure: false # caSecret: diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 397e9db66..c4433fa4b 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 2.0.0 +version: 2.0.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: make the chart use maps instead of lists + description: allow setting applicationset finalizers diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index ed84c5fb1..394e2c88a 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -4,6 +4,8 @@ applicationsets: applicationset: additionalLabels: {} additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io # See PR #10026 (ArgoCD v2.5 or later) # goTemplate: false generators: diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index e8ae21345..606d60785 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -17,6 +17,10 @@ metadata: {{- with $appSetData.namespace }} namespace: {{ . }} {{- end }} + {{- with $appSetData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if hasKey $appSetData "goTemplate" }} goTemplate: {{ $appSetData.goTemplate }} diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index 34a865ea1..d6032636e 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -25,7 +25,9 @@ spec: {{- with $projectData.permitOnlyProjectScopedClusters }} permitOnlyProjectScopedClusters: {{ . }} {{- end }} - description: {{ $projectData.description }} + {{- with $projectData.description }} + description: {{ . }} + {{- end }} {{- with $projectData.sourceRepos }} sourceRepos: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 1fad39411..127dc6a9e 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -97,6 +97,8 @@ applicationsets: {} # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io # # See PR #10026 (ArgoCD v2.5 or later) # # goTemplate: false # generators: diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index c358515f7..f3880ec50 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.0 -appVersion: v0.14.0 +version: 0.11.4 +appVersion: v0.15.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.14.0 + description: Bump argocd-image-updater to v0.15.2 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5e51a8cd5..7a35b881f 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -87,6 +87,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.logLevel | string | `"info"` | Argo CD Image Update log level | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | | extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 50d75876e..867d5b590 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -17,6 +17,13 @@ rules: - get - list - watch + {{- if not .Values.createClusterRoles }} + - apiGroups: + - "" + resources: + - events + verbs: + - create - apiGroups: - argoproj.io resources: @@ -26,15 +33,52 @@ rules: - list - update - patch + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} +--- +{{- if and .Values.rbac.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: - apiGroups: - - "" + - "" resources: - events verbs: - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} @@ -42,7 +86,7 @@ metadata: namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: {{ include "argocd-image-updater.fullname" . }} subjects: - kind: ServiceAccount diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 19291de93..4825833ea 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -20,6 +20,11 @@ fullnameOverride: "" # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override namespaceOverride: "" +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD Image Updater runs. +## If you want to use this, please set `.Values.rbac.enabled` true as well. +createClusterRoles: true + # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry extraArgs: [] diff --git a/renovate.json b/renovate.json index 4e068215d..dcf912492 100644 --- a/renovate.json +++ b/renovate.json @@ -5,12 +5,14 @@ }, "extends": [ "config:recommended", - "docker:enableMajor" + "docker:enableMajor", + ":gitSignOff" ], "labels": ["renovate"], "includePaths": [ "**/charts/argo-workflows/Chart.yaml", "**/charts/argo-cd/Chart.yaml", + "**/charts/argo-cd/values.yaml", "**/charts/argo-events/Chart.yaml", "**/charts/argo-rollouts/Chart.yaml", "**/charts/argocd-image-updater/Chart.yaml", @@ -99,6 +101,13 @@ "matchPackagePatterns": ["redis-ha"], "enabled": false }, + { + "matchPackagePatterns": ["public.ecr.aws/bitnami/redis-exporter"], + "commitMessagePrefix": "chore({{{replace 'public.ecr.aws/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } + }, { "matchPackageNames": ["ghcr.io/renovatebot/renovate"], "extends": ["schedule:monthly"]