From 442fa22edcd5f980b2b4297d0d2d1bad1f820b2a Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 8 May 2023 19:38:23 -0500 Subject: [PATCH 001/617] fix(argo-events): use correct artifacthub annotation kind (#2032) This is to get latest argo-workflows chart version out to artifacthub. Can't get the previous ones that had incorrect kinds. argoproj#2030 adds linting so this doesn't happen again. Will merge after argo-workflows and argo-events charts are fixed. Signed-off-by: jmeridth Co-authored-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index b763af57..d6ce3465 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.1 +version: 2.3.2 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: chore - description: Update chart icon + - kind: fixed + description: Use correct artifacthub kind and get latest chart version to artifacthub From 395abc5435724684db43e2c99f4ec8ed859c0b90 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 8 May 2023 21:22:34 -0500 Subject: [PATCH 002/617] feat(github): add artifacthub linting (#2030) This will help us ensure we use correct notation in our artifacthub annotations Signed-off-by: jmeridth --- .github/workflows/lint-and-test.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 1f75294a..90106fc9 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -6,6 +6,18 @@ permissions: contents: read jobs: + linter-artifacthub: + runs-on: ubuntu-latest + container: + image: public.ecr.aws/artifacthub/ah:v1.14.0 + options: --user 1001 + steps: + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Run ah lint + working-directory: ./charts + run: ah lint + chart-test: runs-on: ubuntu-latest steps: From c8b47cf060b2ba6da64d4eb9e1f081472d70a371 Mon Sep 17 00:00:00 2001 From: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> Date: Tue, 9 May 2023 13:41:54 +1000 Subject: [PATCH 003/617] fix(argo-workflows): Fix Helm chart to correctly reference Kubernetes version in conditional check for HPA apiVersion (#2029) * add a fix for argo workflows hpa Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * add description for the fix Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * update readme Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * remove apiVersionOverrides from readme Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * fix linting Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> --------- Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> Co-authored-by: Aikawa Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 2 +- .../templates/server/server-deployment-hpa.yaml | 2 +- charts/argo-workflows/values.yaml | 5 +++++ 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 11bdb8ed..ae171a11 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.2 +version: 0.26.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: fixed - description: Use correct artifacthub kind and get latest chart version to artifacthub + description: Fix Helm chart to correctly reference Kubernetes version in conditional check for HPA apiVersion diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index dae6972b..1dbfc155 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -101,6 +101,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 2fbcc708..f302f0da 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -160,7 +160,7 @@ Return the appropriate apiVersion for autoscaling {{- define "argo-workflows.apiVersion.autoscaling" -}} {{- if .Values.apiVersionOverrides.autoscaling -}} {{- print .Values.apiVersionOverrides.autoscaling -}} -{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}} +{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}} {{- print "autoscaling/v2beta1" -}} {{- else -}} {{- print "autoscaling/v2" -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml index ebc45925..9194bbd9 100644 --- a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.server.enabled .Values.server.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} kind: HorizontalPodAutoscaler metadata: name: {{ template "argo-workflows.server.fullname" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index c1c0229e..e7e268a0 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -29,6 +29,11 @@ fullnameOverride: # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" +# Override APIVersions +apiVersionOverrides: + # -- String to override apiVersion of autoscaling rendered by this helm chart + autoscaling: "" # autoscaling/v2 + # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster # equivalents, and start workflow-controller with the --namespaced flag. Use it From cc64b0c9f51b85ec64f23582ee53167ff4abc4d1 Mon Sep 17 00:00:00 2001 From: PidgeyBE Date: Wed, 10 May 2023 12:16:14 +0200 Subject: [PATCH 004/617] fix(argo-workflows): fix clusterworkflowtemplates disabled flag (#2033) * fix clusterworkflowtemplates disabled flag Signed-off-by: Peejai * Bump chart version and add artifacthub changes Signed-off-by: Peejai --------- Signed-off-by: Peejai Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/crds/argoproj.io_clusterworkflowtemplates.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ae171a11..0933c3d5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.3 +version: 0.26.4 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: fixed - description: Fix Helm chart to correctly reference Kubernetes version in conditional check for HPA apiVersion + description: Create clusterWorkflowTemplates CRD only when enabled in Helm values. diff --git a/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml index 7f767b24..9264eaba 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,4 +1,5 @@ {{- if .Values.crds.install }} +{{- if or (.Values.server.clusterWorkflowTemplates.enabled) (.Values.controller.clusterWorkflowTemplates.enabled) }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -43,3 +44,4 @@ spec: served: true storage: true {{- end }} +{{- end }} From 07aa087a1942aac79dc04ec41a25a9c2b094ac4b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 15:06:56 +0200 Subject: [PATCH 005/617] feat(github): Introduce chart signing (#2040) Signed-off-by: Marco Kilchhofer --- .github/configs/cr.yaml | 8 +++++++- .github/workflows/publish.yml | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index 01fdbe0c..a0d425dc 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -1,2 +1,8 @@ ## Reference: https://github.com/helm/chart-releaser -index-path: "./index.yaml" \ No newline at end of file +index-path: "./index.yaml" + +# PGP signing +sign: true +key: Argo Helm maintainers +# keyring: # Set via env variable CR_KEYRING +# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e104fde2..58d7d22d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -38,6 +38,22 @@ jobs: run: | git checkout origin/gh-pages index.yaml + # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key + # in ASCII-armored format. To export a (new) key, run this command: + # `gpg --armor --export-secret-key ` + - name: Prepare PGP key + run: | + IFS="" + echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg + echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt + + # Tell chart-releaser-action where to find the key and its passphrase + echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV" + echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV" + env: + PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}" + PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" + - name: Run chart-releaser uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 with: From 8c295d3344dd4c09ef9c8f7b7d8e32b94250ef0b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 15:49:32 +0200 Subject: [PATCH 006/617] feat(argo-cd): Introduce chart signing (#2042) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index dd40f29b..12a1f5f0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.32.1 +version: 5.32.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -22,6 +22,9 @@ dependencies: repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Enable to customize Service type of applicationset-controller + description: Introduce chart signing From 887f68adb1d8ab3f2a767c99a3f46618faee112b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 16:20:51 +0200 Subject: [PATCH 007/617] feat(argo-workflows): Introduce chart signing (#2044) Signed-off-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0933c3d5..066adfa0 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.4 +version: 0.26.5 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -12,6 +12,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Create clusterWorkflowTemplates CRD only when enabled in Helm values. + - kind: added + description: Introduce chart signing From 2bd14d38b014ad1d45029c0990605d38eca960df Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Wed, 10 May 2023 15:30:17 +0100 Subject: [PATCH 008/617] chore(github): Add tico24 to codeowners (#2047) Signed-off-by: Tim Collins Co-authored-by: Aikawa --- CODEOWNERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index 9b0a95c5..f7432a77 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,13 +2,13 @@ * @mkilchhofer @jmeridth # Argo Workflows -/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco +/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 # Argo CD -/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil +/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 # Argo Events -/charts/argo-events/ @pdrastil @jmeridth +/charts/argo-events/ @pdrastil @jmeridth @tico24 # Argo Rollouts /charts/argo-rollouts/ @jmeridth From 083f42cdd67ab03c4e45f98b8365ebd291b27318 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 11 May 2023 00:30:57 +0900 Subject: [PATCH 009/617] feat(argo-rollouts): Upgrade Argo Rollouts to v1.5.0 (#2039) * feat(argo-rollouts): Upgrade Argo Rollouts to v1.5.0 Signed-off-by: yu-croco * feat(argo-rollouts): Add missing configmap for 3rd party metrics providers Signed-off-by: yu-croco * feat: Add signing information Signed-off-by: Marco Kilchhofer --------- Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 11 ++- charts/argo-rollouts/README.md | 1 + .../templates/controller/configmap.yaml | 12 +++ .../templates/crds/analysis-run-crd.yaml | 70 +++++++++++++++++ .../templates/crds/analysis-template-crd.yaml | 70 +++++++++++++++++ .../crds/cluster-analysis-template-crd.yaml | 70 +++++++++++++++++ .../templates/crds/experiment-crd.yaml | 14 ++++ .../templates/crds/rollout-crd.yaml | 78 ++++++++++++++++++- charts/argo-rollouts/values.yaml | 7 ++ 9 files changed, 328 insertions(+), 5 deletions(-) create mode 100644 charts/argo-rollouts/templates/controller/configmap.yaml diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 46ca6ba7..ecdcbb39 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.4.1 +appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.27.0 +version: 2.28.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -14,6 +14,11 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: changed + description: Upgrade Argo Rollouts to v1.5.0 - kind: added - description: Allow extraObjects to contain string templates + description: Introduce chart signing diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 58784cf0..aaed870f 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -85,6 +85,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml new file mode 100644 index 00000000..8eb2bbe2 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argo-rollouts-config + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +data: + {{- with .Values.controller.metricProviderPlugins }} + {{- toYaml . | nindent 2 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 70187985..bc2e61db 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -188,6 +188,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -240,6 +242,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1832,6 +1879,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2579,12 +2628,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2710,6 +2768,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2717,6 +2778,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index c2846186..2c73c5c9 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -184,6 +184,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -236,6 +238,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1828,6 +1875,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2575,12 +2624,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2706,6 +2764,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2713,6 +2774,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index a00f68fe..612608de 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -184,6 +184,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -236,6 +238,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1828,6 +1875,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2575,12 +2624,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2706,6 +2764,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2713,6 +2774,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 86af1932..acf98935 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -159,6 +159,9 @@ spec: type: object type: object service: + properties: + name: + type: string type: object template: properties: @@ -1727,6 +1730,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2474,12 +2479,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 3f6ea749..0fafbab3 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -163,6 +163,17 @@ spec: x-kubernetes-int-or-string: true postPromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -220,6 +231,17 @@ spec: type: object prePromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -307,6 +329,17 @@ spec: type: integer analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -440,6 +473,17 @@ spec: properties: analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -580,6 +624,11 @@ spec: type: string type: object type: object + service: + properties: + name: + type: string + type: object specRef: type: string weight: @@ -869,9 +918,14 @@ spec: type: string stableIngress: type: string - required: - - stableIngress + stableIngresses: + items: + type: string + type: array type: object + plugins: + type: object + x-kubernetes-preserve-unknown-fields: true smi: properties: rootService: @@ -2456,6 +2510,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -3203,12 +3259,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -3257,30 +3322,39 @@ spec: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object loadBalancer: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object stableTargetGroup: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object type: object diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 28a6f1f8..d1c91e30 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -169,6 +169,13 @@ controller: # - mountPath: /etc/ssl/certs # name: my-certs + # -- Configures 3rd party metric providers for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ + metricProviderPlugins: {} + # metricProviderPlugins: |- + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + serviceAccount: # -- Specifies whether a service account should be created create: true From a487e177845c686f633b31b249e7dc7722aad8ad Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 17:45:46 +0200 Subject: [PATCH 010/617] feat(argo-events): Introduce chart signing (#2043) Signed-off-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index d6ce3465..c35d0f96 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.2 +version: 2.3.3 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -14,6 +14,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Use correct artifacthub kind and get latest chart version to artifacthub + - kind: added + description: Introduce chart signing From fc47f9baa6613ff747fda14cca0847f9b3e8b716 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 18:46:04 +0200 Subject: [PATCH 011/617] feat(argocd-image-updater): Introduce chart signing (#2046) Signed-off-by: Marco Kilchhofer --- charts/argocd-image-updater/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index d6ec30ef..665f4bad 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.0 +version: 0.9.1 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -14,6 +14,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: add namespace field for namespace scoped resources + - kind: added + description: Introduce chart signing From b37a9e72a68d8fafe3cddd14cf2b3ed6722eff4a Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 18:57:43 +0200 Subject: [PATCH 012/617] feat(argocd-apps): Introduce chart signing (#2045) Signed-off-by: Marco Kilchhofer Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index c8e37b3b..0c55671d 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.0.0 +version: 1.0.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -13,6 +13,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Changed the project field of the applicationset from a tpl function to a string. + - kind: added + description: Introduce chart signing From f6d44750b8ecf25e272b22dd78950e3ad43e0ffd Mon Sep 17 00:00:00 2001 From: PidgeyBE Date: Thu, 11 May 2023 02:09:33 +0200 Subject: [PATCH 013/617] fix(argo-workflows): Fix templating in several places (#2026) * Add artifacthub changes Signed-off-by: Peejai * fix templating list of yamls Signed-off-by: Peejai * Bump version and fix templating for gcs and azure as well Signed-off-by: Peejai --------- Signed-off-by: Peejai Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- .../workflow-controller-config-map.yaml | 20 +++++++++---------- .../workflow-controller-deployment.yaml | 2 +- .../templates/server/server-deployment.yaml | 2 +- charts/argo-workflows/values.yaml | 4 ++-- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 066adfa0..3217d8e4 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.5 +version: 0.26.6 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Introduce chart signing + - kind: fixed + description: Fix Helm templating in S3 config and extra init containers diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 55720eb2..d30db859 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -60,29 +60,29 @@ data: archiveLogs: {{ .Values.artifactRepository.archiveLogs }} {{- end }} {{- with .Values.artifactRepository.gcs }} - gcs: {{- toYaml . | nindent 8 }} + gcs: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.artifactRepository.azure }} - azure: {{- toYaml . | nindent 8 }} + azure: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- if and (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: - key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }} secretKeySecret: - key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket }} - endpoint: {{ .Values.artifactRepository.s3.endpoint }} + bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} + endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} {{- if .Values.artifactRepository.s3.region }} - region: {{ .Values.artifactRepository.s3.region }} + region: {{ tpl .Values.artifactRepository.s3.region $ }} {{- end }} {{- if .Values.artifactRepository.s3.roleARN }} roleARN: {{ .Values.artifactRepository.s3.roleARN }} @@ -184,4 +184,4 @@ data: {{- end }} {{- with .Values.controller.podGCDeleteDelayDuration }} podGCDeleteDelayDuration: {{ . }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 4ee117b8..c391bee8 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} {{- with .Values.controller.extraInitContainers }} initContainers: - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} containers: - name: controller diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index d75933ac..b2e50967 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -38,7 +38,7 @@ spec: {{- end }} {{- with .Values.server.extraInitContainers }} initContainers: - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} containers: - name: argo-server diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index e7e268a0..0e5af428 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -655,10 +655,10 @@ artifactRepository: # Note the `key` attribute is not the actual secret, it's the PATH to # the contents in the associated secret, as defined by the `name` attribute. accessKeySecret: - # name: -minio + name: "{{ .Release.Name }}-minio" key: accesskey secretKeySecret: - # name: -minio + name: "{{ .Release.Name }}-minio" key: secretkey # insecure will disable TLS. Primarily used for minio installs not configured with TLS insecure: false From 8402303bf8fcbf2433a9b99714f89f232c0777db Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Thu, 11 May 2023 02:39:56 +0200 Subject: [PATCH 014/617] feat(argo-cd): Add ability to add prometheus.io/scrape annotations (#2037) --- charts/argo-cd/Chart.yaml | 6 +++-- charts/argo-cd/README.md | 11 +++++++++ .../metrics.yaml | 12 ++++++++-- .../argocd-applicationset/metrics.yaml | 12 ++++++++-- .../argocd-notifications/metrics.yaml | 12 ++++++++-- .../templates/argocd-repo-server/metrics.yaml | 12 ++++++++-- .../templates/argocd-server/metrics.yaml | 12 ++++++++-- charts/argo-cd/templates/redis/metrics.yaml | 12 ++++++---- charts/argo-cd/values.yaml | 23 +++++++++++++++++++ 9 files changed, 96 insertions(+), 16 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 12a1f5f0..a8d8e721 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.32.2 +version: 5.33.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Introduce chart signing + description: Ability to add prometheus.io/scrape annotations to all metrics services + - kind: added + description: Ability to change metrics service type and clusterIP diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 054dc2f9..6f25e5ce 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -394,6 +394,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| +| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. | | global.additionalLabels | object | `{}` | Common labels for the all resources | | global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | | global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | @@ -513,9 +514,11 @@ NAME: my-release | controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | | controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | controller.metrics.service.labels | object | `{}` | Metrics service labels | | controller.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -597,9 +600,11 @@ NAME: my-release | repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.metrics.enabled | bool | `false` | Deploy metrics service | | repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| repoServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | repoServer.metrics.service.labels | object | `{}` | Metrics service labels | | repoServer.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | repoServer.metrics.service.servicePort | int | `8084` | Metrics service port | +| repoServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -731,9 +736,11 @@ NAME: my-release | server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | server.metrics.enabled | bool | `false` | Deploy metrics service | | server.metrics.service.annotations | object | `{}` | Metrics service annotations | +| server.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | server.metrics.service.labels | object | `{}` | Metrics service labels | | server.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | server.metrics.service.servicePort | int | `8083` | Metrics service port | +| server.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -1044,9 +1051,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | | applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | +| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port | +| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -1128,8 +1137,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | | notifications.metrics.port | int | `9001` | Metrics port | | notifications.metrics.service.annotations | object | `{}` | Metrics service annotations | +| notifications.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | notifications.metrics.service.labels | object | `{}` | Metrics service labels | | notifications.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| notifications.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index 754b8490..01b7a779 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.controller.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.controller.metrics.service.annotations }} + {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.controller.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.controller.metrics.service.type }} + {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index fdac0bcf..ad26d22d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.applicationSet.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.applicationSet.metrics.service.annotations }} + {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.applicationSet.metrics.service.type }} + {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.applicationSet.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index 3c30a085..b5ce611d 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.notifications.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.notifications.metrics.service.annotations }} + {{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.notifications.metrics.port | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.notifications.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.notifications.metrics.service.type }} + {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} ports: diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index b2be38ee..514595a2 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.repoServer.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.repoServer.metrics.service.annotations }} + {{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.repoServer.metrics.service.type }} + {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.repoServer.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index 3a9f46f7..3844820e 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.server.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.server.metrics.service.annotations }} + {{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.server.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.server.metrics.service.type }} + {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.server.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.server.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/redis/metrics.yaml b/charts/argo-cd/templates/redis/metrics.yaml index db526285..67b4c3ac 100644 --- a/charts/argo-cd/templates/redis/metrics.yaml +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -10,16 +10,20 @@ metadata: {{- with .Values.redis.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.redis.metrics.service.annotations }} + {{- if or .Values.redis.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.redis.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.redis.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: type: {{ .Values.redis.metrics.service.type }} - {{- with .Values.redis.metrics.service.clusterIP }} - clusterIP: {{ . }} + {{- if and .Values.redis.metrics.service.clusterIP (eq .Values.redis.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.redis.metrics.service.clusterIP }} {{- end }} ports: - name: {{ .Values.redis.metrics.service.portName }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 3f95a663..9ee41698 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -79,6 +79,9 @@ global: # -- Labels for the all deployed pods podLabels: {} + # -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. + addPrometheusAnnotations: false + # -- Toggle and define pod-level security context. # @default -- `{}` (See [values.yaml]) securityContext: {} @@ -762,6 +765,10 @@ controller: # -- Additional labels labels: [] service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -1773,6 +1780,10 @@ server: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2241,6 +2252,10 @@ repoServer: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2394,6 +2409,10 @@ applicationSet: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2715,6 +2734,10 @@ notifications: # -- Metrics port port: 9001 service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels From 5873a1bc331e37c9500e4337d2ad2deca2fd8c80 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Thu, 11 May 2023 08:39:17 +0200 Subject: [PATCH 015/617] feat(argo-workflows): allow extraObjects to contain string template (#1995) [argo-workflows] allow extraObjects to contain string template Signed-off-by: Cyril Jouve Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/extra-manifests.yaml | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 3217d8e4..9b232421 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.6 +version: 0.27.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix Helm templating in S3 config and extra init containers + - kind: added + description: Allow extraObjects to contain string templates diff --git a/charts/argo-workflows/templates/extra-manifests.yaml b/charts/argo-workflows/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-workflows/templates/extra-manifests.yaml +++ b/charts/argo-workflows/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} From 1492e23522339e07e281aed0c7e659ce6a9d2189 Mon Sep 17 00:00:00 2001 From: Jonas Eilers <133217951+jdvgh@users.noreply.github.com> Date: Thu, 11 May 2023 16:06:46 +0200 Subject: [PATCH 016/617] feat(argo-cd): Add ability to add additional labels to all CRDs (#2051) feat(argo-cd): Add ability to add additional labels to all CRDs via .Values.crds.additionalLabels Signed-off-by: jdvgh <133217951+jdvgh@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/crds/crd-application.yaml | 3 +++ charts/argo-cd/templates/crds/crd-applicationset.yaml | 3 +++ charts/argo-cd/templates/crds/crd-extension.yaml | 3 +++ charts/argo-cd/templates/crds/crd-project.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 7 files changed, 17 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a8d8e721..b199884e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.0 +version: 5.33.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,6 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Ability to add prometheus.io/scrape annotations to all metrics services - - kind: added - description: Ability to change metrics service type and clusterIP + description: Ability to add additional labels to all CRDs via .Values.crds.additionalLabels diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6f25e5ce..34879a2a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -379,6 +379,7 @@ NAME: my-release | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 5bb7bfb3..cbb480e6 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: applications.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: applications.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index f9bfde6c..ad35b062 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: applicationsets.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: applicationsets.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/crds/crd-extension.yaml b/charts/argo-cd/templates/crds/crd-extension.yaml index 802f0e8c..30fbce70 100644 --- a/charts/argo-cd/templates/crds/crd-extension.yaml +++ b/charts/argo-cd/templates/crds/crd-extension.yaml @@ -13,6 +13,9 @@ metadata: labels: app.kubernetes.io/name: argocdextensions.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: argocdextensions.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 81e57d82..0a6da4f0 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: appprojects.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 9ee41698..78e3c518 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -38,6 +38,8 @@ crds: keep: true # -- Annotations to be added to all CRDs annotations: {} + # -- Addtional labels to be added to all CRDs + additionalLabels: {} ## Globally shared configuration global: From 5dd7ae964d01eba826202107426fa3a6b3c62b57 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 13 May 2023 00:19:03 +0900 Subject: [PATCH 017/617] chore(argo-cd): Upgrade Argo CD to v2.7.2 (#2054) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b199884e..8e6211ca 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.1 +appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.1 +version: 5.33.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Ability to add additional labels to all CRDs via .Values.crds.additionalLabels + - kind: changed + description: Upgrade Argo CD to v2.7.2 From 6564b4453893d2a2498eed83ef5968cb65578368 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 13 May 2023 20:01:19 +0900 Subject: [PATCH 018/617] feat(argo-cd): Enable to add certificate to ApplicationSet Controller (#2052) * feat(argo-cd): Add ability to add certificate to Argo CD Controller Signed-off-by: yu-croco * fix(argo-cd): Add Certificate to right component Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +-- charts/argo-cd/README.md | 13 +++++++ .../argocd-applicationset/certificate.yaml | 33 ++++++++++++++++ charts/argo-cd/values.yaml | 39 +++++++++++++++++++ 4 files changed, 88 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-applicationset/certificate.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8e6211ca..5eb9ac9e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.2 +version: 5.33.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.2 + - kind: added + description: Enable to add certificate to ApplicationSet Controller diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 34879a2a..4519caec 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1024,6 +1024,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | +| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml new file mode 100644 index 00000000..505a70fc --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -0,0 +1,33 @@ +{{- if .Values.applicationSet.certificate.enabled -}} +apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} +kind: Certificate +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + secretName: {{ .Values.applicationSet.certificate.secretName }} + commonName: {{ .Values.applicationSet.certificate.domain | quote }} + dnsNames: + - {{ .Values.applicationSet.certificate.domain | quote }} + {{- range .Values.applicationSet.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.applicationSet.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }} + name: {{ .Values.applicationSet.certificate.issuer.name | quote }} + {{- with .Values.applicationSet.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 78e3c518..2ad1b918 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2623,6 +2623,45 @@ applicationSet: # hosts: # - argocd-applicationset.example.com + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- The name of the Secret that will be automatically created and managed by this Certificate resource + secretName: argocd-application-controller-tls + # -- Certificate primary domain (commonName) + domain: argocd.example.com + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + ## Notifications controller notifications: # -- Enable notifications controller From 6b09ff82e05e808010f12ba277b268c3c21446c9 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Sat, 13 May 2023 13:25:33 +0200 Subject: [PATCH 019/617] fix(github): Don't run Scorecard analysis on forked repos (#2057) Signed-off-by: Marco Kilchhofer --- .github/workflows/scorecard.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 66e1d5ee..7059cc34 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -19,6 +19,7 @@ permissions: read-all jobs: analysis: + if: github.repository_owner == 'argoproj' name: Scorecard analysis runs-on: ubuntu-latest permissions: From 5dfed33a5668f1a18dde26417b69806d5c3e7ac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 May 2023 20:32:52 +0900 Subject: [PATCH 020/617] chore(deps): bump actions/checkout from 3.1.0 to 3.5.2 (#2056) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...8e5e7e5ab8b370d6c329ec480221332ada57f0ab) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7059cc34..7f5cbfa5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: persist-credentials: false From 1a5ee8eb352579bd81dfc3a14ef03f6604ad0b1b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 16 May 2023 18:23:59 +0900 Subject: [PATCH 021/617] chore(argo-cd): Update redis-ha to v4.23.0 (#2058) Signed-off-by: yu-croco --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index e21296c6..edd5df2b 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.22.5 -digest: sha256:d2e927511e515fb862f23dd413ee3a356c855d808f6f9ad1d345ee62b8c7ea16 -generated: "2023-03-30T08:25:32.738257836+02:00" + version: 4.23.0 +digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c +generated: "2023-05-15T19:25:26.049618+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5eb9ac9e..6b8ec29d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.3 +version: 5.33.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.22.5 + version: 4.23.0 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Enable to add certificate to ApplicationSet Controller + - kind: changed + description: Update redis-ha to v4.23.0 From 05bc6a236dfafa88bf2366d47709dd8b1748a13c Mon Sep 17 00:00:00 2001 From: GoshaDozoretz <106976988+gosharo@users.noreply.github.com> Date: Wed, 17 May 2023 16:40:18 +0300 Subject: [PATCH 022/617] feat(argo-cd): add lifecycle hooks to repo server (#1922) * add lifesycle webhook to repo server Signed-off-by: goshado * add lifesycle webhook to repo server Signed-off-by: goshado * add lifesycle webhook to repo server Signed-off-by: goshado --------- Signed-off-by: goshado Signed-off-by: GoshaDozoretz <106976988+gosharo@users.noreply.github.com> Co-authored-by: goshado --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 4 ++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6b8ec29d..32dcb776 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.4 +version: 5.34.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update redis-ha to v4.23.0 + - kind: added + description: Add lifecycle webhook to repo server. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 4519caec..1fa388ed 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -594,6 +594,7 @@ NAME: my-release | repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | | repoServer.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods | +| repoServer.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-repo-server container | | repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 0226b48f..4f2c45bd 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -275,6 +275,10 @@ spec: {{- toYaml .Values.repoServer.resources | nindent 10 }} securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- with .Values.repoServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.repoServer.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2ad1b918..c304de7e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2059,6 +2059,9 @@ repoServer: # - secretRef: # name: secret-name + # -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container + lifecycle: {} + # -- Additional containers to be added to the repo server pod ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ ## Note: Supports use of custom Helm templates From 7347a5d78162a4d7abf5efbb27bd0327905c2c91 Mon Sep 17 00:00:00 2001 From: Jonas Eilers <133217951+jdvgh@users.noreply.github.com> Date: Wed, 17 May 2023 16:24:43 +0200 Subject: [PATCH 023/617] feat(argo-cd): Add new BitbucketCloud ssh keys in values.yaml (#2062) feat: Add new BitbucketCloud ssh keys Update configs.ssh.kownHosts in charts/argo-cd/values.yaml to match new SSHKeys from https://bitbucket.org/site/ssh (as of May 17th, 2023) Signed-off-by: jdvgh <133217951+jdvgh@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32dcb776..0c7a2d5c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.0 +version: 5.34.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Add lifecycle webhook to repo server. + description: Add new bitbucket cloud SSH key to configs.ssh.knownHosts diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c304de7e..2906eb82 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -315,6 +315,8 @@ configs: # -- Known hosts to be added to the known host list by default. # @default -- See [values.yaml] knownHosts: | + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl From c3cfd49e9679df03e37f963fcb64c6d5375572d5 Mon Sep 17 00:00:00 2001 From: Joe Lee Date: Fri, 19 May 2023 17:35:00 +0800 Subject: [PATCH 024/617] feat(argocd-apps): Generate application, applicationset, project with template (#2025) * add template for application Signed-off-by: Joe Lee * update version Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * add example for applicationsetTemplates Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * merge each of items into one Signed-off-by: Joe Lee * update readme Signed-off-by: Joe Lee * update doc Signed-off-by: Joe Lee * update version Signed-off-by: Joe Lee * add template for application Signed-off-by: Joe Lee * update version Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * merge each of items into one Signed-off-by: Joe Lee * move itemTemplates to new file Signed-off-by: Joe Lee * discard change for applications.yaml Signed-off-by: Joe Lee --------- Signed-off-by: Joe Lee --- charts/argocd-apps/Chart.yaml | 4 +- charts/argocd-apps/README.md | 1 + charts/argocd-apps/ci/item-templates.yaml | 61 +++++++++++++++++ .../argocd-apps/templates/item-templates.yaml | 15 +++++ charts/argocd-apps/values.yaml | 65 +++++++++++++++++++ 5 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 charts/argocd-apps/ci/item-templates.yaml create mode 100644 charts/argocd-apps/templates/item-templates.yaml diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 0c55671d..6d0a194f 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.0.1 +version: 1.1.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Introduce chart signing + description: Generate application, applicationset, project with template diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index bc0d0685..0e5bbbe2 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -31,6 +31,7 @@ $ helm install my-release argo/argocd-apps | applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | | applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | | extensions | list | `[]` (See [values.yaml]) | Deploy Argo UI Extensions within this helm release | +| itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | | projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | ---------------------------------------------- diff --git a/charts/argocd-apps/ci/item-templates.yaml b/charts/argocd-apps/ci/item-templates.yaml new file mode 100644 index 00000000..8a08c684 --- /dev/null +++ b/charts/argocd-apps/ci/item-templates.yaml @@ -0,0 +1,61 @@ +itemTemplates: + - items: + - name: my-appset + generators: &generators + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: "{{ .name }}" + spec: + generators: *generators + template: + metadata: + name: "{{`{{cluster}}`}}-guestbook" + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: "{{`{{cluster}}`}}" + namespace: guestbook + - items: + - name: my-appset + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: |- + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: {{ .name }} + spec: + generators: {{ toYaml .generators | nindent 4 }} + template: + metadata: + name: '{{`{{cluster}}`}}-guestbook' + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: '{{`{{cluster}}`}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/item-templates.yaml b/charts/argocd-apps/templates/item-templates.yaml new file mode 100644 index 00000000..a209cc2a --- /dev/null +++ b/charts/argocd-apps/templates/item-templates.yaml @@ -0,0 +1,15 @@ +{{- range .Values.itemTemplates }} +{{- if kindIs "string" .template }} +{{- $template := .template -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- else }} +{{- $template := .template | toYaml -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index eb0767b9..72301ace 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -133,6 +133,71 @@ applicationsets: [] # # Set Application finalizer # preserveResourcesOnDeletion: false +# -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release +# @default -- `[]` (See [values.yaml]) +## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ +itemTemplates: [] +# - items: +# - name: my-appset +# generators: &generators +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: "{{ .name }}" +# spec: +# generators: *generators +# template: +# metadata: +# name: "{{`{{cluster}}`}}-guestbook" +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: "{{`{{cluster}}`}}" +# namespace: guestbook +# - items: +# - name: my-appset +# generators: +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: |- +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: {{ .name }} +# spec: +# generators: {{ toYaml .generators | nindent 4 }} +# template: +# metadata: +# name: '{{`{{cluster}}`}}-guestbook' +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: '{{`{{cluster}}`}}' +# namespace: guestbook + # -- Deploy Argo UI Extensions within this helm release # @default -- `[]` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. From 5766533626cadb5a29c46bd3a6c513da7ca30bea Mon Sep 17 00:00:00 2001 From: Julien Michaud <103417499+julien-michaud@users.noreply.github.com> Date: Fri, 19 May 2023 12:35:33 +0200 Subject: [PATCH 025/617] feat(argo-workflows): support google ManagedCertificate, FrontendConfig & BackendConfig for gce ingress (#2066) * feat: add gke stuff Signed-off-by: julien.michaud * update readme and chart.yaml file Signed-off-by: julien.michaud * fix readme Signed-off-by: julien.michaud * docs: Apply changes from code review Signed-off-by: Marco Kilchhofer --------- Signed-off-by: julien.michaud Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 8 +++-- charts/argo-workflows/README.md | 9 +++++ charts/argo-workflows/README.md.gotmpl | 2 ++ charts/argo-workflows/templates/_helpers.tpl | 13 +++++++ .../templates/server/gke/backendconfig.yaml | 11 ++++++ .../templates/server/gke/frontendconfig.yaml | 11 ++++++ .../server/gke/managedcertificate.yaml | 12 +++++++ charts/argo-workflows/values.yaml | 36 +++++++++++++++++++ 8 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 charts/argo-workflows/templates/server/gke/backendconfig.yaml create mode 100644 charts/argo-workflows/templates/server/gke/frontendconfig.yaml create mode 100644 charts/argo-workflows/templates/server/gke/managedcertificate.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 9b232421..84e49d84 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.27.0 +version: 0.28.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,8 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow extraObjects to contain string templates + description: Add support for Google ManagedCertificate on GKE + - kind: added + description: Add support for Google FrontendConfig on GKE + - kind: added + description: Add support for Google BackendConfig on GKE diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 1dbfc155..b5612a16 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -102,6 +102,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | +| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | @@ -240,6 +241,12 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | +| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | +| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | +| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | +| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | +| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | @@ -333,6 +340,8 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 398a8788..ab8554f5 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -188,6 +188,8 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index f302f0da..f81e6fc4 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -166,3 +166,16 @@ Return the appropriate apiVersion for autoscaling {{- print "autoscaling/v2" -}} {{- end -}} {{- end -}} + +{{/* +Return the appropriate apiVersion for GKE resources +*/}} +{{- define "argo-workflows.apiVersions.cloudgoogle" -}} +{{- if .Values.apiVersionOverrides.cloudgoogle -}} +{{- print .Values.apiVersionOverrides.cloudgoogle -}} +{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} +{{- print "cloud.google.com/v1" -}} +{{- else -}} +{{- print "cloud.google.com/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml new file mode 100644 index 00000000..4597db3d --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEbackendConfig.enabled }} +apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} +kind: BackendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml new file mode 100644 index 00000000..6b81c923 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEfrontendConfig.enabled }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml new file mode 100644 index 00000000..b77c3131 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -0,0 +1,12 @@ +{{- if .Values.server.GKEmanagedCertificate.enabled }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +spec: + domains: + {{- with .Values.server.GKEmanagedCertificate.domains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 0e5af428..b65fd4f8 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -33,6 +33,8 @@ kubeVersionOverride: "" apiVersionOverrides: # -- String to override apiVersion of autoscaling rendered by this helm chart autoscaling: "" # autoscaling/v2 + # -- String to override apiVersion of GKE resources rendered by this helm chart + cloudgoogle: "" # cloud.google.com/v1 # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster @@ -576,6 +578,40 @@ server: # hosts: # - argoworkflows.example.com + ## Create a Google Backendconfig for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters + GKEbackendConfig: + # -- Enable BackendConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [BackendConfigSpec] + spec: {} + # spec: + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argoworkflows-secret + + ## Create a Google Managed Certificate for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + GKEmanagedCertificate: + # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. + enabled: false + # -- Domains for the Google Managed Certificate + domains: + - argoworkflows.example.com + + ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + GKEfrontendConfig: + # -- Enable FrontConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [FrontendConfigSpec] + spec: {} + # spec: + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. enabled: true From b651465fb23e4c252ec0391f2edbaa41fe2742f2 Mon Sep 17 00:00:00 2001 From: Yevhen Tienkaiev Date: Sat, 20 May 2023 18:39:17 +0300 Subject: [PATCH 026/617] feat(argo-rollouts): Add possibility to configure healthz and metrics ports to be compatible with Istio (#1976) --- charts/argo-rollouts/Chart.yaml | 6 ++---- charts/argo-rollouts/README.md | 4 ++++ .../templates/controller/deployment.yaml | 6 ++++-- .../templates/controller/metrics-service.yaml | 6 +++--- .../templates/controller/servicemonitor.yaml | 2 +- charts/argo-rollouts/values.yaml | 12 ++++++++++++ 6 files changed, 26 insertions(+), 10 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ecdcbb39..756734d1 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.28.0 +version: 2.29.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,7 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Rollouts to v1.5.0 - kind: added - description: Introduce chart signing + description: Ability to configure healthz and metrics ports to be compatible with Istio diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index aaed870f..70a61745 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -75,6 +75,8 @@ For full list of changes please check ArtifactHub [changelog]. | containerSecurityContext | object | `{}` | Security Context to set on container level | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.containerPorts.healthz | int | `8080` | Healthz container port | +| controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | @@ -87,6 +89,8 @@ For full list of changes please check ArtifactHub [changelog]. | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.port | int | `8090` | Metrics service port | +| controller.metrics.service.portName | string | `"metrics"` | Metrics service port name | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 95ec845f..a40dd9ed 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -37,6 +37,8 @@ spec: containers: - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" args: + - --healthzPort={{ .Values.controller.containerPorts.healthz }} + - --metricsport={{ .Values.controller.containerPorts.metrics }} {{- if not .Values.clusterInstall }} - --namespaced {{- end }} @@ -53,9 +55,9 @@ spec: imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: argo-rollouts ports: - - containerPort: 8090 + - containerPort: {{ .Values.controller.containerPorts.metrics }} name: metrics - - containerPort: 8080 + - containerPort: {{ .Values.controller.containerPorts.healthz }} name: healthz livenessProbe: {{- toYaml .Values.controller.livenessProbe | nindent 10 }} diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml index 0effcc23..e04d326a 100644 --- a/charts/argo-rollouts/templates/controller/metrics-service.yaml +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -13,10 +13,10 @@ metadata: {{- end }} spec: ports: - - name: metrics + - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP - port: 8090 - targetPort: 8090 + port: {{ .Values.controller.metrics.service.port }} + targetPort: metrics selector: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index cb489e3b..62713764 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.service.portName }} {{- with .Values.controller.metrics.serviceMonitor.relabelings }} relabelings: {{- toYaml . | nindent 6 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index d1c91e30..2ea4fbb4 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -106,9 +106,21 @@ controller: # -- flag to enable creation of cluster controller role (requires cluster RBAC) createClusterRole: true + # Controller container ports + containerPorts: + # -- Metrics container port + metrics: 8090 + # -- Healthz container port + healthz: 8080 + metrics: # -- Deploy metrics service enabled: false + service: + # -- Metrics service port name + portName: metrics + # -- Metrics service port + port: 8090 serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false From be8a4c97293de9a0e13040f7dadd57556157bd6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 21 May 2023 11:07:08 +0900 Subject: [PATCH 027/617] chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#2067) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.5.0 to 1.7.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00...fa81e57adff234b2908110485695db0f181f3c67) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 90106fc9..e7e35f8a 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0 + uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 650a9ec7effbc920043a623c8deaba89a110c199 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Sun, 21 May 2023 14:19:31 +0700 Subject: [PATCH 028/617] feat(argocd-apps): Add rollout strategy for ApplicationSet (#2063) feat(argocd-apps): add rollout strategy for ApplicationSet Signed-off-by: Khue Doan --- charts/argocd-apps/Chart.yaml | 4 +- ...licationsets-progressive-syncs-values.yaml | 41 +++++++++++++++++++ .../templates/applicationsets.yaml | 4 ++ charts/argocd-apps/values.yaml | 20 ++++++++- 4 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 6d0a194f..fc733b22 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.1.0 +version: 1.2.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Generate application, applicationset, project with template + description: Rollout strategy for ApplicationSet diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml new file mode 100644 index 00000000..2fa58978 --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -0,0 +1,41 @@ +# Test applicationsets with Progressive Syncs + +applicationsets: +- name: applicationset-progressive-syncs + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index bb8b09d1..0d3a47e9 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -26,6 +26,10 @@ spec: generators: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 72301ace..500849df 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -103,10 +103,28 @@ applicationsets: [] # directories: # - path: guestbook # - path: kustomize-* +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar # template: # metadata: # name: '{{path.basename}}' -# labels: {} +# labels: +# project: '{{path.basename}}' # annotations: {} # spec: # project: default From 1d999e055266f05639cd81a3e1b4cb7859006794 Mon Sep 17 00:00:00 2001 From: Wim Fournier Date: Mon, 22 May 2023 19:07:09 +0200 Subject: [PATCH 029/617] fix(argo-cd): don't request applicationsets if its disabled (#2069) * don't request applicationsets if its disabled Signed-off-by: Wim Fournier * Update Chart.yaml Signed-off-by: Wim Fournier --------- Signed-off-by: Wim Fournier --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/role.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0c7a2d5c..d5bdb82f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.1 +version: 5.34.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add new bitbucket cloud SSH key to configs.ssh.knownHosts + - kind: fixed + description: don't request applicationSets in the role, if applicationSets are disabled diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index f156bc18..6bfe32a4 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -23,7 +23,9 @@ rules: - argoproj.io resources: - applications + {{- if .Values.applicationSet.enabled }} - applicationsets + {{- end }} - appprojects {{- if .Values.server.extensions.enabled }} - argocdextensions From 6593901daf722c10f9b089a078cd9a7f88c1c2a5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 23 May 2023 11:46:53 +0900 Subject: [PATCH 030/617] fix(argo-cd): Align with upstream dex initContainers (#2070) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/dex/deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d5bdb82f..72042538 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.2 +version: 5.34.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: don't request applicationSets in the role, if applicationSets are disabled + description: Align with upstream dex initContainers diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 6ae17170..2acf4242 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -136,7 +136,7 @@ spec: - name: copyutil image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} - args: + command: - /bin/cp - -n - /usr/local/bin/argocd From feb7fc0bb8b2a33f0b7fc5772d597eb67775f977 Mon Sep 17 00:00:00 2001 From: Michael Weber Date: Tue, 23 May 2023 02:07:34 -0500 Subject: [PATCH 031/617] feat(argo-rollouts): add deployment annotations for controller (#2048) * feat(argo-rollouts): deployment annotations for controller, dashboard Signed-off-by: Michael Weber * chore: Apply changes from code review Signed-off-by: Marco Kilchhofer --------- Signed-off-by: Michael Weber Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 +++ charts/argo-rollouts/templates/controller/deployment.yaml | 6 ++++++ charts/argo-rollouts/templates/dashboard/deployment.yaml | 6 ++++++ charts/argo-rollouts/values.yaml | 8 ++++++++ 5 files changed, 25 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 756734d1..8d87d142 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.29.0 +version: 2.30.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Ability to configure healthz and metrics ports to be compatible with Istio + description: ability to annotate controller Deployment diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 70a61745..a7f8a060 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -49,6 +49,7 @@ For full list of changes please check ArtifactHub [changelog]. | createClusterAggregateRoles | bool | `true` | flag to enable creation of cluster aggregate roles (requires cluster RBAC) | | extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | +| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | @@ -78,6 +79,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.containerPorts.healthz | int | `8080` | Healthz container port | | controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | +| controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | | controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | @@ -127,6 +129,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` | | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | | dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | +| dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | | dashboard.enabled | bool | `false` | Deploy dashboard server | | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | | dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index a40dd9ed..966491c8 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -1,6 +1,12 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 342e1996..cae24888 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -2,6 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dashboard.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }}-dashboard namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 2ea4fbb4..6a533eaf 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -38,9 +38,15 @@ extraObjects: [] # api-key: # app-key: +global: + # -- Annotations for all deployed Deployments + deploymentAnnotations: {} + controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller + # -- Annotations to be added to the controller deployment + deploymentAnnotations: {} # -- Annotations to be added to application controller pods podAnnotations: {} # -- [Node selector] @@ -253,6 +259,8 @@ dashboard: readonly: false # -- Value of label `app.kubernetes.io/component` component: rollouts-dashboard + # -- Annotations to be added to the dashboard deployment + deploymentAnnotations: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} # -- [Node selector] From cd4c291e47f0e9c1184fb05e79d9f3b742195c5c Mon Sep 17 00:00:00 2001 From: Wim Fournier Date: Tue, 23 May 2023 22:29:26 +0200 Subject: [PATCH 032/617] fix(argo-cd): Allow to disable containerSecurityContext (#2072) * Allow to disable containerSecurityContext Add a `enabled` property to allow the whole containerSecurityContext to be disabled. Fixes https://github.com/argoproj/argo-helm/issues/2071 Signed-off-by: wim.fournier Signed-off-by: Wim Fournier * fix missing space Signed-off-by: Wim Fournier * remove enabled key Signed-off-by: Wim Fournier * fix typo Signed-off-by: Wim Fournier * missed one Signed-off-by: Wim Fournier * simplify using `with`, thx @pborn-ionos! Signed-off-by: wim.fournier * missed one Signed-off-by: wim.fournier --------- Signed-off-by: wim.fournier Signed-off-by: Wim Fournier Signed-off-by: wim.fournier Co-authored-by: wim.fournier --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-application-controller/statefulset.yaml | 4 +++- .../templates/argocd-applicationset/deployment.yaml | 4 +++- .../templates/argocd-notifications/deployment.yaml | 4 +++- .../argo-cd/templates/argocd-repo-server/deployment.yaml | 4 +++- charts/argo-cd/templates/argocd-server/deployment.yaml | 8 ++++++-- charts/argo-cd/templates/dex/deployment.yaml | 8 ++++++-- charts/argo-cd/templates/redis/deployment.yaml | 8 ++++++-- 8 files changed, 32 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 72042538..17f73eb4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.3 +version: 5.34.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Align with upstream dex initContainers + description: Allow to disable containerSecurityContext diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index c56bf0b3..26b9d2f5 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -255,8 +255,10 @@ spec: failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} securityContext: - {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} workingDir: /home/argocd volumeMounts: {{- with .Values.controller.volumeMounts }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 9033f5b4..f3ce127a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -182,8 +182,10 @@ spec: {{- end }} resources: {{- toYaml .Values.applicationSet.resources | nindent 12 }} + {{- with .Values.applicationSet.containerSecurityContext }} securityContext: - {{- toYaml .Values.applicationSet.containerSecurityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: {{- with .Values.applicationSet.extraVolumeMounts }} {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index d49944fd..d3f21b02 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -80,8 +80,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.notifications.resources | nindent 12 }} + {{- with .Values.notifications.containerSecurityContext }} securityContext: - {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} workingDir: /app volumeMounts: - name: tls-certs diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 4f2c45bd..759dc587 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -273,8 +273,10 @@ spec: failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} securityContext: - {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.repoServer.lifecycle }} lifecycle: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 7ce72e80..62436af7 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -334,8 +334,10 @@ spec: failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.server.resources | nindent 10 }} + {{- with .Values.server.containerSecurityContext }} securityContext: - {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.server.lifecycle }} lifecycle: {{- toYaml . | nindent 10 }} @@ -346,8 +348,10 @@ spec: imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }} resources: {{- toYaml .Values.server.extensions.resources | nindent 10 }} + {{- with .Values.server.extensions.containerSecurityContext }} securityContext: - {{- toYaml .Values.server.extensions.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: - name: extensions mountPath: /tmp/extensions/ diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 2acf4242..c623315f 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -117,8 +117,10 @@ spec: {{- end }} resources: {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: {{- with .Values.dex.volumeMounts }} {{- toYaml . | nindent 8 }} @@ -148,8 +150,10 @@ spec: name: dexconfig resources: {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.dex.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index fc0bebbd..bfe7c480 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -75,8 +75,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.resources | nindent 10 }} + {{- with .Values.redis.containerSecurityContext }} securityContext: - {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.redis.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} @@ -99,8 +101,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.exporter.resources | nindent 10 }} + {{- with .Values.redis.exporter.containerSecurityContext }} securityContext: - {{- toYaml .Values.redis.exporter.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- end }} {{- with .Values.redis.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} From a0d45ae19ab29cd4acb61841629b40f12cf83a68 Mon Sep 17 00:00:00 2001 From: Alex Street Date: Wed, 24 May 2023 18:23:12 -0500 Subject: [PATCH 033/617] chore(argo-cd): Upgrade Argo CD to v2.7.3 (#2075) Signed-off-by: leif013 --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 17f73eb4..423dbb44 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.2 +appVersion: v2.7.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.4 +version: 5.34.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Allow to disable containerSecurityContext + - kind: changed + description: Upgrade Argo CD to v2.7.3 From 23b94151c6f3120834167e280016e6fff5949e74 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 25 May 2023 21:30:48 +0900 Subject: [PATCH 034/617] chore(argo-workflows): Enable to configure Service Monitor port (#2076) --- charts/argo-workflows/Chart.yaml | 10 +++------- .../controller/workflow-controller-servicemonitor.yaml | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 84e49d84..0a0018c2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.28.0 +version: 0.28.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,9 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for Google ManagedCertificate on GKE - - kind: added - description: Add support for Google FrontendConfig on GKE - - kind: added - description: Add support for Google BackendConfig on GKE + - kind: changed + description: Enable to configure Service Monitor port diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index e5e8307f..6643d634 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -12,7 +12,7 @@ metadata: spec: endpoints: {{- if .Values.controller.metricsConfig.enabled }} - - port: metrics + - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} interval: 30s {{- with .Values.controller.metricsConfig.relabelings }} From cf3a8eed84ac537f0377daf230a6e5e9a8682874 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Thu, 25 May 2023 23:19:03 -0500 Subject: [PATCH 035/617] chore(argo-workflows): upgrade argo workflows to v3.4.8 (#2077) --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0a0018c2..6ac0cf5c 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.7 +appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.28.1 +version: 0.28.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Enable to configure Service Monitor port + description: Upgrade to Argo Workflows v3.4.8 From 2fbc8566375194009ed491d015f3c78b5b094aba Mon Sep 17 00:00:00 2001 From: Tal Yitzhak Date: Sat, 27 May 2023 17:51:41 +0300 Subject: [PATCH 036/617] feat(argo-rollouts): Fix cluster role missing access in argo rollouts dashboard (#2081) * docs(github): comment out notational pieces of PR template (#1969) github: comment out notational pieces of PR template - the DCO and publishing sentences are not filled out during PRs and are purely notational - comment them out with HTML comments, as is common practice - example from a repo I maintain: https://github.com/ezolenko/rollup-plugin-typescript2/blob/f6db59613a66f58c48310aa8fa785951970b5d6d/.github/issue_template.md?plain=1#L2 - I copied that from other repos too - these comments are still visible to the PR author, just not visible when rendered, keeping the PR more concise Signed-off-by: Anton Gilgur Co-authored-by: Marco Kilchhofer Signed-off-by: Tal Yitzhak * Added missing permissions for argo rollouts dashboard cluster role - for config map, should be able to get Signed-off-by: Tal Yitzhak * Added missing permissions for argo rollouts dashboard cluster role - for config map, should be able to get Signed-off-by: Tal Yitzhak --------- Signed-off-by: Anton Gilgur Signed-off-by: Tal Yitzhak Signed-off-by: Tal Yitzhak Co-authored-by: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Co-authored-by: Marco Kilchhofer Co-authored-by: Tal Yitzhak --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/dashboard/clusterrole.yaml | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 8d87d142..0acb2c64 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.30.0 +version: 2.30.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: ability to annotate controller Deployment + description: Missing get access for configmaps in argo rollouts dashboard service account role diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml index 0d69d67e..cb3e457a 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -71,6 +71,12 @@ rules: verbs: - list - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get - apiGroups: - coordination.k8s.io resources: From ec14ee0e7a9ea108b7b0e8830afc497b3025f7b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 21:42:42 +0200 Subject: [PATCH 037/617] chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 (#2084) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...0225834cc549ee0ca93cb085b92954821a145866) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7f5cbfa5..02aea3a6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3 + uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5 with: sarif_file: results.sarif From 32b86a7c31d989851b384afe9f76187ea480ea10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 14:58:10 -0500 Subject: [PATCH 038/617] chore(deps): bump actions/labeler from 4.0.3 to 4.0.4 (#2082) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index f75d7f82..1078a9bb 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3 + - uses: actions/labeler@0776a679364a9a16110aac8d0f40f5e11009e327 # v4.0.4 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From fb4a8949ec6222f0033562382b413a8b4fc65e73 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 22:32:07 +0200 Subject: [PATCH 039/617] chore(deps): bump actions/setup-python from 4.6.0 to 4.6.1 (#2083) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/57ded4d7d5e986d7296eab16560982c6dd7c923b...bd6b4b6205c4dbad673328db7b31b7fab9e241c0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer Co-authored-by: Jason Meridth --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index e7e35f8a..b750cc2c 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: 3.9 From 438f7a26b7518ec1fc4133f12f58cb0b8d1a2765 Mon Sep 17 00:00:00 2001 From: Milos Hauser <16776599+hau21um@users.noreply.github.com> Date: Mon, 29 May 2023 06:29:30 +0200 Subject: [PATCH 040/617] feat(argo-cd): Adding "appProtocol: HTTPS" to HTTPS service port of argocd-server. (#1955) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/service.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 423dbb44..0f570ca3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.5 +version: 5.34.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.3 + - kind: added + description: Option to set appProtocol for Argocd server https service port diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 5a31f0b8..b9881f88 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -31,6 +31,9 @@ spec: {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttps }} {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} {{- if eq .Values.server.service.type "LoadBalancer" }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2906eb82..cbe46d2e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1768,6 +1768,8 @@ server: servicePortHttpName: http # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https + # -- Server service https port appProtocol. (should be upper case - i.e. HTTPS) + # servicePortHttpsAppProtocol: HTTPS # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from From 2f410bb794101e2afdb714c6540c8ef09d73d5e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jun 2023 09:09:01 -0500 Subject: [PATCH 041/617] chore(deps): bump pascalgn/size-label-action from 0.4.3 to 0.5.0 (#2092) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 1078a9bb..1b6d3699 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3 + - uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 17d1d046a8f855bb67e0903f7a0c280ea3150d9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jun 2023 09:10:22 -0500 Subject: [PATCH 042/617] chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#2091) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 02aea3a6..4a207269 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5 + uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 with: sarif_file: results.sarif From 5fb6688bcbeef2b7b1e1ed8a96d4eb7d172e5c1d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 3 Jun 2023 23:40:50 +0900 Subject: [PATCH 043/617] chore(argo-workflows): Declare SSO configuration explicitly on values.yaml (#2089) Signed-off-by: yu-croco Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 4 +- charts/argo-workflows/README.md | 16 ++++- .../workflow-controller-config-map.yaml | 44 ++++++------- .../server/server-cluster-roles.yaml | 10 ++- charts/argo-workflows/values.yaml | 65 ++++++++++++------- 5 files changed, 82 insertions(+), 57 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6ac0cf5c..8f899e6c 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.28.2 +version: 0.29.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade to Argo Workflows v3.4.8 + description: Declare SSO configuration explicitly on values.yaml diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index b5612a16..f46d10e0 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -302,7 +302,21 @@ Fields to note: | server.servicePort | int | `2746` | Service port for server | | server.servicePortName | string | `""` | Service port name | | server.serviceType | string | `"ClusterIP"` | Service type for server pods | -| server.sso | object | `{}` | SSO configuration when SSO is specified as a server auth mode. | +| server.sso.clientId.key | string | `"client-id"` | Key of secret to retrieve the app OIDC client ID | +| server.sso.clientId.name | string | `"argo-server-sso"` | Name of secret to retrieve the app OIDC client ID | +| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | +| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | +| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | +| server.sso.enabled | bool | `false` | Create SSO configuration | +| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | +| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | +| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | +| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | +| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | +| server.sso.redirectUrl | string | `"https://argo/oauth2/callback"` | | +| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | +| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | +| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | | server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d30db859..ef39ddc7 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -126,37 +126,35 @@ data: {{- if .Values.controller.workflowDefaults }} workflowDefaults: {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} - {{- with .Values.server.sso }} + {{- if .Values.server.sso.enabled }} sso: - issuer: {{ .issuer }} + issuer: {{ .Values.server.sso.issuer }} clientId: - name: {{ .clientId.name }} - key: {{ .clientId.key }} + name: {{ .Values.server.sso.clientId.name }} + key: {{ .Values.server.sso.clientId.key }} clientSecret: - name: {{ .clientSecret.name }} - key: {{ .clientSecret.key }} - redirectUrl: {{ .redirectUrl }} - {{- with .rbac }} + name: {{ .Values.server.sso.clientSecret.name }} + key: {{ .Values.server.sso.clientSecret.key }} + redirectUrl: {{ .Values.server.sso.redirectUrl }} rbac: - enabled: {{ .enabled }} + enabled: {{ .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.scopes }} + scopes: {{ toYaml . | nindent 8 }} {{- end }} - {{- if .scopes }} - scopes: {{ toYaml .scopes | nindent 8 }} + {{- with .Values.server.sso.issuerAlias }} + issuerAlias: {{ toYaml . }} {{- end }} - {{- if .issuerAlias }} - issuerAlias: {{ .issuerAlias }} + {{- with .Values.server.sso.sessionExpiry }} + sessionExpiry: {{ toYaml . }} {{- end }} - {{- if .sessionExpiry }} - sessionExpiry: {{ .sessionExpiry }} + {{- with .Values.server.sso.customGroupClaimName }} + customGroupClaimName: {{ toYaml . }} {{- end }} - {{- if .customGroupClaimName }} - customGroupClaimName: {{ .customGroupClaimName }} + {{- with .Values.server.sso.userInfoPath }} + userInfoPath: {{ toYaml . }} {{- end }} - {{- if .userInfoPath }} - userInfoPath: {{ .userInfoPath }} - {{- end }} - {{- if .insecureSkipVerify }} - insecureSkipVerify: {{ .insecureSkipVerify }} + {{- with .Values.server.sso.insecureSkipVerify }} + insecureSkipVerify: {{ toYaml . }} {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} @@ -184,4 +182,4 @@ data: {{- end }} {{- with .Values.controller.podGCDeleteDelayDuration }} podGCDeleteDelayDuration: {{ . }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 96f12bfa..2a52d956 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -38,7 +38,7 @@ rules: verbs: - get - list -{{- if .Values.server.sso }} +{{- if .Values.server.sso.enabled }} - apiGroups: - "" resources: @@ -54,7 +54,7 @@ rules: - secrets verbs: - create - {{- if .Values.server.sso.rbac }} + {{- if .Values.server.sso.rbac.enabled }} - apiGroups: - "" resources: @@ -73,11 +73,9 @@ rules: - get - list - watch -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} - {{- with .Values.server.sso.rbac.secretWhitelist }} +{{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} - {{- end }} {{- end }} {{- end }} - apiGroups: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index b65fd4f8..64a81d92 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -618,35 +618,50 @@ server: # -- Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true - # -- SSO configuration when SSO is specified as a server auth mode. - sso: {} - ## All the values are required. SSO is activated by adding --auth-mode=sso - ## to the server command line. - # - ## The root URL of the OIDC identity provider. - # issuer: https://accounts.google.com - ## Name of a secret and a key in it to retrieve the app OIDC client ID from. - # clientId: - # name: argo-server-sso - # key: client-id - ## Name of a secret and a key in it to retrieve the app OIDC client secret from. - # clientSecret: - # name: argo-server-sso - # key: client-secret - ## The OIDC redirect URL. Should be in the form /oauth2/callback. - # redirectUrl: https://argo/oauth2/callback - # rbac: - # enabled: true + # SSO configuration when SSO is specified as a server auth mode. + sso: + # -- Create SSO configuration + ## SSO is activated by adding --auth-mode=sso to the server command line. + enabled: false + # -- The root URL of the OIDC identity provider + issuer: https://accounts.google.com + clientId: + # -- Name of secret to retrieve the app OIDC client ID + name: argo-server-sso + # -- Key of secret to retrieve the app OIDC client ID + key: client-id + clientSecret: + # -- Name of a secret to retrieve the app OIDC client secret + name: argo-server-sso + # -- Key of a secret to retrieve the app OIDC client secret + key: client-secret + # - The OIDC redirect URL. Should be in the form /oauth2/callback. + redirectUrl: https://argo/oauth2/callback + rbac: + # -- Adds ServiceAccount Policy to server (Cluster)Role. + enabled: true + # -- Whitelist to allow server to fetch Secrets ## When present, restricts secrets the server can read to a given list. ## You can use it to restrict the server to only be able to access the ## service account token secrets that are associated with service accounts ## used for authorization. - # secretWhitelist: [] - ## Scopes requested from the SSO ID provider. The 'groups' scope requests - ## group membership information, which is usually used for authorization - ## decisions. - # scopes: - # - groups + secretWhitelist: [] + # -- Scopes requested from the SSO ID provider + ## The 'groups' scope requests group membership information, which is usually used for authorization decisions. + scopes: [] + # - groups + # -- Define how long your login is valid for (in hours) + ## If omitted, defaults to 10h. + sessionExpiry: "" + # -- Alternate root URLs that can be included for some OIDC providers + issuerAlias: "" + # -- Override claim name for OIDC groups + customGroupClaimName: "" + # -- Specify the user info endpoint that contains the groups claim + ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta) + userInfoPath: "" + # -- Skip TLS verification for the HTTP client + insecureSkipVerify: false # -- Extra containers to be added to the server deployment extraContainers: [] From 3a7e4b1de7908a39cb979358d1562daa582cde2c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 4 Jun 2023 20:07:40 +0900 Subject: [PATCH 044/617] feat(argo-rollouts): Support Traffic Router Plugins (#2090) Signed-off-by: yu-croco Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/controller/configmap.yaml | 3 +++ charts/argo-rollouts/values.yaml | 7 +++++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 0acb2c64..67175469 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.30.1 +version: 2.31.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Missing get access for configmaps in argo rollouts dashboard service account role + description: Support Traffic Router Plugins diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index a7f8a060..5add40c3 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -111,6 +111,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | +| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | | controller.volumes | list | `[]` | Additional volumes to add to the controller pod | | podAnnotations | object | `{}` | Annotations for the all deployed pods | diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml index 8eb2bbe2..1978b2b6 100644 --- a/charts/argo-rollouts/templates/controller/configmap.yaml +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -10,3 +10,6 @@ data: {{- with .Values.controller.metricProviderPlugins }} {{- toYaml . | nindent 2 }} {{- end }} + {{- with .Values.controller.trafficRouterPlugins }} + {{- toYaml . | nindent 2 }} + {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 6a533eaf..b81ee53a 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -194,6 +194,13 @@ controller: # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + # -- Configures 3rd party traffic router plugins for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ + trafficRouterPlugins: {} + # trafficRouterPlugins: |- + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + serviceAccount: # -- Specifies whether a service account should be created create: true From 5771a0697794f592a10eae3215981205a3077e98 Mon Sep 17 00:00:00 2001 From: Alexandre Joris Date: Mon, 5 Jun 2023 16:15:07 +0200 Subject: [PATCH 045/617] fix(argo-workflows): Fixed gcs keyFormat template example in values.yaml (#2085) * fix(argo-workflows): #2073: Fixed gcs keyFormat template example in values.yaml Signed-off-by: Alexandre Joris * bumped chart version to v0.28.3 ; added artifacthub.io/changes changelog Signed-off-by: Alexandre Joris * fixed Chart.yaml trailing spaces Signed-off-by: Alexandre Joris * chore(deps): bump pascalgn/size-label-action from 0.4.3 to 0.5.0 (#2092) Signed-off-by: Alexandre Joris * chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#2091) Signed-off-by: Alexandre Joris * chore(argo-workflows): Declare SSO configuration explicitly on values.yaml (#2089) Signed-off-by: yu-croco Co-authored-by: Jason Meridth Signed-off-by: Alexandre Joris * feat(argo-rollouts): Support Traffic Router Plugins (#2090) Signed-off-by: yu-croco Co-authored-by: Jason Meridth Signed-off-by: Alexandre Joris --------- Signed-off-by: Alexandre Joris Signed-off-by: yu-croco Signed-off-by: Alexandre Joris Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Meridth Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 8f899e6c..44ba1899 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.0 +version: 0.29.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Declare SSO configuration explicitly on values.yaml + - kind: fixed + description: Fixed GCS keyFormat template example in values.yaml diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 64a81d92..8c442d97 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -724,7 +724,7 @@ artifactRepository: # @default -- `{}` (See [values.yaml]) gcs: {} # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}" + # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" # serviceAccountKeySecret is a secret selector. # It references the k8s secret named 'my-gcs-credentials'. # This secret is expected to have have the key 'serviceAccountKey', From a6a7468973946d00533ecbb07db7e475382333e3 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 5 Jun 2023 23:28:10 +0900 Subject: [PATCH 046/617] chore(argo-cd): Upgrade supported Kubernetes version to v1.23.0 (#2087) * chore(argo-cd): Upgrade supported Kubernetes version to 1.23.0 due to Amazon EKS EoL Signed-off-by: yu-croco * chore(argo-cd): modify changelog Signed-off-by: yu-croco * fix(argo-cd): simpler description Signed-off-by: yu-croco * fix(argo-cd): reflect review point Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: Jason Meridth --- charts/argo-cd/Chart.yaml | 8 ++++---- charts/argo-cd/README.md | 8 +++++++- charts/argo-cd/README.md.gotmpl | 7 +++++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0f570ca3..5be3308f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 appVersion: v2.7.3 -kubeVersion: ">=1.22.0-0" +kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.6 +version: 5.35.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Option to set appProtocol for Argocd server https service port + - kind: changed + description: Upgrade supported Kubernetes version to 1.23.0 due to Amazon EKS EoL diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 1fa388ed..bd3796fc 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,11 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.35.0 +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + ### 5.31.0 The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. @@ -356,7 +361,7 @@ server: ## Prerequisites -- Kubernetes: `>=1.22.0-0` +- Kubernetes: `>=1.23.0-0` - Helm v3.0.0+ ## Installing the Chart @@ -1215,3 +1220,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 92d7f354..6b5efffc 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,12 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.35.0 +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + + ### 5.31.0 The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. @@ -552,3 +558,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks From 2538371fecba8e3bc7a161f6484e3d752f71d1e1 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 6 Jun 2023 13:34:59 +0900 Subject: [PATCH 047/617] chore(argo-cd): Upgrade Argo CD to v2.7.4 (#2095) --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/values.yaml | 5 ++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5be3308f..b6dfe773 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.3 +appVersion: v2.7.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.35.0 +version: 5.35.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade supported Kubernetes version to 1.23.0 due to Amazon EKS EoL + description: Upgrade Argo CD to v2.7.4 + - kind: added + description: Update knownHosts diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index cbe46d2e..531b2360 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -315,8 +315,11 @@ configs: # -- Known hosts to be added to the known host list by default. # @default -- See [values.yaml] knownHosts: | - bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl From 49c2ca254826742217167ba2d0147a6eea562144 Mon Sep 17 00:00:00 2001 From: Joe Lee Date: Wed, 7 Jun 2023 16:52:02 +0800 Subject: [PATCH 048/617] feat(argo-cd): Add "global.env" for all deployed containers (#2096) * add global env for argo-cd Signed-off-by: Joe Lee * update readme Signed-off-by: Joe Lee * fix typo Signed-off-by: Joe Lee * feat(argo-cd): Add "global.env" for all deployed containers Signed-off-by: Joe Lee * update doc Signed-off-by: Joe Lee * remove note Signed-off-by: Joe Lee * update changes Signed-off-by: Joe Lee --------- Signed-off-by: Joe Lee --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 1 + .../argocd-application-controller/statefulset.yaml | 2 +- .../argo-cd/templates/argocd-applicationset/deployment.yaml | 2 +- .../argo-cd/templates/argocd-notifications/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/templates/redis/deployment.yaml | 4 ++-- charts/argo-cd/values.yaml | 3 +++ 10 files changed, 14 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b6dfe773..1c26de8d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.35.1 +version: 5.36.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.4 - kind: added - description: Update knownHosts + description: Add .Values.global.env for all deployed containers diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bd3796fc..f5a6a886 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -407,6 +407,7 @@ NAME: my-release | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | | global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 26b9d2f5..b671e245 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -99,7 +99,7 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} name: {{ .Values.controller.name }} env: - {{- with .Values.controller.env }} + {{- with (concat .Values.global.env .Values.controller.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_CONTROLLER_REPLICAS diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index f3ce127a..3ae8410c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -79,7 +79,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} env: - {{- with .Values.applicationSet.extraEnv }} + {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} - name: NAMESPACE diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index d3f21b02..8df6c8bb 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,7 +66,7 @@ spec: {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} - {{- with .Values.notifications.extraEnv }} + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} env: {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 759dc587..f438c8b5 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -77,7 +77,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.repoServer.env }} + {{- with (concat .Values.global.env .Values.repoServer.env) }} {{- toYaml . | nindent 10 }} {{- end }} {{- if .Values.openshift.enabled }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 62436af7..cc928981 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -74,7 +74,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.server.env }} + {{- with (concat .Values.global.env .Values.server.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_SERVER_INSECURE diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index c623315f..ce9741d2 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -70,7 +70,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.dex.env }} + {{- with (concat .Values.global.env .Values.dex.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_DEX_SERVER_DISABLE_TLS diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index bfe7c480..ffdaed88 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -61,7 +61,7 @@ spec: {{- with .Values.redis.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.redis.env }} + {{- with (concat .Values.global.env .Values.redis.env) }} env: {{- toYaml . | nindent 8 }} {{- end }} @@ -92,7 +92,7 @@ spec: value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} - {{- with .Values.redis.exporter.env }} + {{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- toYaml . | nindent 8 }} {{- end }} ports: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 531b2360..c2dd9b52 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -144,6 +144,9 @@ global: # maxSurge: 25% # maxUnavailable: 25% + # -- Environment variables to pass to all deployed Deployments + env: [] + ## Argo Configs configs: # General Argo CD configuration From e7c3090cbfee94128f42568b749a36a38296a6ab Mon Sep 17 00:00:00 2001 From: Simon Hewitt Date: Wed, 7 Jun 2023 20:48:05 -0700 Subject: [PATCH 049/617] feat(argo-workflows): Add support for UI columns configuration (#2098) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ charts/argo-workflows/README.md.gotmpl | 1 + .../controller/workflow-controller-config-map.yaml | 3 +++ charts/argo-workflows/values.yaml | 3 +++ 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 44ba1899..5cfc70f7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.1 +version: 0.29.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed GCS keyFormat template example in values.yaml + - kind: added + description: Add support for UI columns configuration diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index f46d10e0..6a19bba0 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -134,6 +134,7 @@ Fields to note: |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | +| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | @@ -357,6 +358,7 @@ Fields to note: [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index ab8554f5..8316e9a0 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -191,6 +191,7 @@ Fields to note: [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index ef39ddc7..22033e4c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -163,6 +163,9 @@ data: {{- with .Values.controller.links }} links: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.columns }} + columns: {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.controller.navColor }} navColor: {{ . }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8c442d97..410ce958 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -305,6 +305,9 @@ controller: # -- Configure Argo Server to show custom [links] ## Ref: https://argoproj.github.io/argo-workflows/links/ links: [] + # -- Configure Argo Server to show custom [columns] + ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 + columns: [] # -- Set ui navigation bar background color navColor: "" clusterWorkflowTemplates: From 9a79f32cd488a97ee0f95d55da05eba397d4a2ad Mon Sep 17 00:00:00 2001 From: ausias-armesto Date: Fri, 9 Jun 2023 00:52:13 +0200 Subject: [PATCH 050/617] fix(argo-cd): Allow specify redis config file (#2100) * fix(argo-cd): Allow specify redis config file Signed-off-by: ausias-armesto * fix(argo-cd): Bump version Signed-off-by: ausias-armesto --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis/deployment.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1c26de8d..aaf5fab2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.0 +version: 5.36.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add .Values.global.env for all deployed containers + - kind: fixed + description: Allow to specify redis.conf file diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index ffdaed88..419e5f31 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -54,13 +54,13 @@ spec: image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.image.imagePullPolicy }} args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} - --save - "" - --appendonly - "no" - {{- with .Values.redis.extraArgs }} - {{- toYaml . | nindent 8 }} - {{- end }} {{- with (concat .Values.global.env .Values.redis.env) }} env: {{- toYaml . | nindent 8 }} From f8f282266cf91b6e38c8ad42b837925234ff41cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 22:41:04 +0900 Subject: [PATCH 051/617] chore(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#2104) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index b750cc2c..c96b4b85 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 58d7d22d..c1d94025 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4a207269..f78b9466 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false From 04d88b65b633724646303b5a3562b74e85700c9c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 23:24:11 +0900 Subject: [PATCH 052/617] chore(deps): bump actions/labeler from 4.0.4 to 4.1.0 (#2103) Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.4 to 4.1.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/0776a679364a9a16110aac8d0f40f5e11009e327...9fcb2c2f5584144ca754f8bfe8c6f81e77753375) --- updated-dependencies: - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 1b6d3699..93cc6b01 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@0776a679364a9a16110aac8d0f40f5e11009e327 # v4.0.4 + - uses: actions/labeler@9fcb2c2f5584144ca754f8bfe8c6f81e77753375 # v4.1.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 783439b71482bdf68ecefa92a349f337e6f2491f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 23:27:52 +0900 Subject: [PATCH 053/617] chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#2102) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...cdcdbb579706841c47f7063dda365e292e5cad7a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f78b9466..6cdcfd55 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 with: sarif_file: results.sarif From aec5d9d7230a53d1b1cb7651dfe6ff13feb2e2ee Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 16 Jun 2023 23:55:17 -0500 Subject: [PATCH 054/617] chore(argo-cd): upgrade argo-cd to v2.7.5 (#2108) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index aaf5fab2..4746db47 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.4 +appVersion: v2.7.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.1 +version: 5.36.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Allow to specify redis.conf file + - kind: changed + description: Upgrade Argo CD to v2.7.5 From 68f24d146c3c08e64117d98e3d58a6f073ec27a5 Mon Sep 17 00:00:00 2001 From: Lukas Jost Date: Mon, 19 Jun 2023 05:31:38 +0200 Subject: [PATCH 055/617] chore(github): Generate release notes (#2115) chore: Generate release notes Signed-off-by: Lukas Jost --- .github/configs/cr.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index a0d425dc..154dbfbf 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -6,3 +6,7 @@ sign: true key: Argo Helm maintainers # keyring: # Set via env variable CR_KEYRING # passphrase-file: # Set via env variable CR_PASSPHRASE_FILE + +# Enable automatic generation of release notes using GitHubs release notes generator. +# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes +generate-release-notes: true From eb968668f84c7fbffeeaf67e84f59e283338b0d8 Mon Sep 17 00:00:00 2001 From: patrickli-foxtel <123523506+patrickli-foxtel@users.noreply.github.com> Date: Tue, 20 Jun 2023 10:05:25 +1000 Subject: [PATCH 056/617] fix(argo-cd): helm lint error when `extraObjects` is defined (#2116) Fix helm lint error when `extraObjects` is defined Signed-off-by: Patrick Li --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/extra-manifests.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4746db47..36e500d4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.2 +version: 5.36.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.5 + - kind: fixed + description: Fix helm lint error when `extraObjects` is defined diff --git a/charts/argo-cd/templates/extra-manifests.yaml b/charts/argo-cd/templates/extra-manifests.yaml index f17b1a93..fc9a76b8 100644 --- a/charts/argo-cd/templates/extra-manifests.yaml +++ b/charts/argo-cd/templates/extra-manifests.yaml @@ -1,6 +1,6 @@ {{ range .Values.extraObjects }} --- -{{- if typeIs "string" . }} +{{ if typeIs "string" . }} {{- tpl . $ }} {{- else }} {{- tpl (toYaml .) $ }} From 7959fee689ec3a72df5c1d966044c3d93e8f414a Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 20 Jun 2023 22:07:27 +0900 Subject: [PATCH 057/617] chore(argo-cd): Add `app.kubernetes.io/version` label (#2122) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_common.tpl | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 36e500d4..3afd1948 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.3 +version: 5.36.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix helm lint error when `extraObjects` is defined + - kind: added + description: Add `app.kubernetes.io/version` label diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index bf0c1e84..54423f99 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -46,6 +46,7 @@ helm.sh/chart: {{ include "argo-cd.chart" .context }} {{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argocd +app.kubernetes.io/version: {{ include "argo-cd.defaultTag" .context }} {{- with .context.Values.global.additionalLabels }} {{ toYaml . }} {{- end }} @@ -123,7 +124,7 @@ nodeAffinity: {{/* Common deployment strategy definition -- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite +- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite */}} {{- define "argo-cd.strategy" -}} {{- $preset := . -}} From db0484fe5182d81a91624eb5d3306d137f93433b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 21 Jun 2023 13:27:33 +0900 Subject: [PATCH 058/617] chore(argo-cd): Upgrade Argo CD to v2.7.6 (#2123) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3afd1948..35494d4d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.5 +appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.4 +version: 5.36.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add `app.kubernetes.io/version` label + - kind: changed + description: Upgrade Argo CD to v2.7.6 From c44f10eb379a620dcbdec8bf62d88bb1d62e4919 Mon Sep 17 00:00:00 2001 From: ceguimaraes <36728438+ceguimaraes@users.noreply.github.com> Date: Wed, 21 Jun 2023 22:41:34 +1000 Subject: [PATCH 059/617] fix(argo-events): add managed namespace configuration (#2121) --- charts/argo-events/Chart.yaml | 8 +++++--- charts/argo-events/README.md | 1 + .../templates/argo-events-controller/deployment.yaml | 4 ++++ charts/argo-events/values.yaml | 2 ++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index c35d0f96..bfb82ea1 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.6 +appVersion: v1.8.0 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.3 +version: 2.4.0 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: changed + description: Upgrade Argo Events to v1.8.0 - kind: added - description: Introduce chart signing + description: Add managed namespace configuration diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index f06f9d3a..0abf2c31 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -127,6 +127,7 @@ done | controller.podLabels | object | `{}` | Labels to be added to events controller pods | | controller.priorityClassName | string | `""` | Priority class for the events controller pods | | controller.rbac.enabled | bool | `true` | Create events controller RBAC | +| controller.rbac.managedNamespace | string | `""` | Additional namespace to be monitored by the controller | | controller.rbac.namespaced | bool | `false` | Restrict events controller to operate only in a single namespace instead of cluster-wide scope. | | controller.rbac.rules | list | `[]` | Additional user rules for event controller's rbac | | controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 9b7ace1b..a3614c73 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -48,6 +48,10 @@ spec: {{- if .Values.controller.rbac.namespaced }} - --namespaced {{- end }} + {{- if .Values.controller.rbac.managedNamespace }} + - --managed-namespace + - {{ .Values.controller.rbac.managedNamespace }} + {{- end }} {{- with .Values.controller.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 89a7323d..faba6939 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -138,6 +138,8 @@ controller: enabled: true # -- Restrict events controller to operate only in a single namespace instead of cluster-wide scope. namespaced: false + # -- Additional namespace to be monitored by the controller + managedNamespace: "" # -- Additional user rules for event controller's rbac rules: [] From b8c29f7db6ba38126551c1789a78763e702cde62 Mon Sep 17 00:00:00 2001 From: Tero Ahonen <85343093+teroahonen-vungle@users.noreply.github.com> Date: Wed, 21 Jun 2023 17:54:04 +0300 Subject: [PATCH 060/617] fix(argo-cd): Default applicationSet metrics port to 8085 (#2125) Change applicationSet controller metrics port to 8085 Signed-off-by: Tero Ahonen Co-authored-by: Tero Ahonen --- charts/argo-cd/Chart.yaml | 4 +++- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 35494d4d..7c5c20e7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.5 +version: 5.36.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -28,3 +28,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: Upgrade Argo CD to v2.7.6 + - kind: changed + description: applicationSet.containerPorts.metrics to 8085 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f5a6a886..6d2e0b89 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | -| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | +| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c2dd9b52..2c3fe694 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2506,7 +2506,7 @@ applicationSet: # ApplicationSet controller container ports containerPorts: # -- Metrics container port - metrics: 8080 + metrics: 8085 # -- Probe container port probe: 8081 # -- Webhook container port From 172ce600a1d686d3de1ba4967a07a8bbe7c121f1 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 23 Jun 2023 15:59:14 +0200 Subject: [PATCH 061/617] fix(argo-cd): Revert "Default applicationSet metrics port to 8085" (#2130) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7c5c20e7..edb176c7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.6 +version: 5.36.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,6 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.7.6 + description: Adapt `applicationSet.containerPorts.metrics` to 8080 (revert previous release) - kind: changed - description: applicationSet.containerPorts.metrics to 8085 + description: Adapt `applicationSet.metrics.service.servicePort` to 8080 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6d2e0b89..cde67925 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | -| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port | +| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | @@ -1075,7 +1075,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | -| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port | +| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port | | applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2c3fe694..d1687b53 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2433,7 +2433,7 @@ applicationSet: # -- Metrics service labels labels: {} # -- Metrics service port - servicePort: 8085 + servicePort: 8080 # -- Metrics service port name portName: http-metrics serviceMonitor: @@ -2506,7 +2506,7 @@ applicationSet: # ApplicationSet controller container ports containerPorts: # -- Metrics container port - metrics: 8085 + metrics: 8080 # -- Probe container port probe: 8081 # -- Webhook container port From 490ffa574c0917def580efafa94e810e28ce02cb Mon Sep 17 00:00:00 2001 From: frauniki Date: Sat, 24 Jun 2023 01:35:01 +0900 Subject: [PATCH 062/617] fix(argo-workflows): Change argo-workflows-server crb creation conditions (#2124) Change server's crb creation conditions Signed-off-by: frauniki Co-authored-by: Jason Meridth Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/server/server-crb.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 5cfc70f7..331998be 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.2 +version: 0.29.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for UI columns configuration + - kind: fixed + description: Modify to allow ClusterRoleBinding to be created even if the server's ServiceAccount is not created diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index ec4f6435..e8d6511d 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.enabled .Values.server.serviceAccount.create .Values.server.rbac.create -}} +{{- if and .Values.server.enabled .Values.server.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: RoleBinding From 4ff88759c9acc9b0b77ffae239c9b6c88a552432 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Jun 2023 08:18:56 -0500 Subject: [PATCH 063/617] chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#2131) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6cdcfd55..066d3c57 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 with: results_file: results.sarif results_format: sarif From f1526ec558709387080e5967d1475f8e7d64eef7 Mon Sep 17 00:00:00 2001 From: toyamagu <83329336+toyamagu-2021@users.noreply.github.com> Date: Sun, 25 Jun 2023 07:28:46 +0900 Subject: [PATCH 064/617] fix(argo-workflows): artifactRepository will not be configured by default (#2132) (#2134) --- charts/argo-workflows/Chart.yaml | 4 +- .../ci/enable-artifact-repo-values.yaml | 46 +++++++++++++++++++ .../workflow-controller-config-map.yaml | 8 ++-- charts/argo-workflows/values.yaml | 22 ++++----- 4 files changed, 64 insertions(+), 16 deletions(-) create mode 100644 charts/argo-workflows/ci/enable-artifact-repo-values.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 331998be..b12335a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.3 +version: 0.30.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Modify to allow ClusterRoleBinding to be created even if the server's ServiceAccount is not created + description: artifactRepository will not be configured by default diff --git a/charts/argo-workflows/ci/enable-artifact-repo-values.yaml b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml new file mode 100644 index 00000000..c20a5775 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml @@ -0,0 +1,46 @@ +# Test with artifact repository +crds: + keep: false + +useStaticCredentials: true +artifactRepository: + archiveLogs: false + s3: + accessKeySecret: + name: "{{ .Release.Name }}-minio" + key: accesskey + secretKeySecret: + name: "{{ .Release.Name }}-minio" + key: secretkey + insecure: false + bucket: + endpoint: + region: + roleARN: + useSDKCreds: true + encryptionOptions: + enableEncryption: true + gcs: + bucket: project-argo + keyFormat: "{{ `{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}` }}" + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey + azure: + endpoint: https://mystorageaccountname.blob.core.windows.net + container: my-container-name + blobNameFormat: path/in/container + useSDKCreds: true + accountKeySecret: + name: my-azure-storage-credentials + key: account-access-key + +customArtifactRepository: + artifactory: + repoUrl: https://artifactory.example.com/raw + usernameSecret: + name: artifactory-creds + key: username + passwordSecret: + name: artifactory-creds + key: password diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 22033e4c..680b436f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -55,6 +55,7 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} @@ -65,7 +66,7 @@ data: {{- with .Values.artifactRepository.azure }} azure: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- if and (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }} + {{- if .Values.artifactRepository.s3 }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: @@ -95,8 +96,9 @@ data: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- if .Values.customArtifactRepository }} - {{- toYaml .Values.customArtifactRepository | nindent 6 }} + {{- if .Values.customArtifactRepository }} + {{- toYaml .Values.customArtifactRepository | nindent 6 }} + {{- end }} {{- end }} {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 410ce958..21970f43 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -705,17 +705,17 @@ artifactRepository: archiveLogs: false # -- Store artifact in a S3-compliant object store # @default -- See [values.yaml] - s3: - # Note the `key` attribute is not the actual secret, it's the PATH to - # the contents in the associated secret, as defined by the `name` attribute. - accessKeySecret: - name: "{{ .Release.Name }}-minio" - key: accesskey - secretKeySecret: - name: "{{ .Release.Name }}-minio" - key: secretkey - # insecure will disable TLS. Primarily used for minio installs not configured with TLS - insecure: false + s3: {} + # # Note the `key` attribute is not the actual secret, it's the PATH to + # # the contents in the associated secret, as defined by the `name` attribute. + # accessKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: accesskey + # secretKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: secretkey + # # insecure will disable TLS. Primarily used for minio installs not configured with TLS + # insecure: false # bucket: # endpoint: # region: From 4d0ae17c2f8e40c60e7775c5d21ddaabdc03380e Mon Sep 17 00:00:00 2001 From: Josh Baird Date: Mon, 26 Jun 2023 10:31:20 -0400 Subject: [PATCH 065/617] feat(argo-cd): Conditionally create the argocd-cmd-params-cm ConfigMap (#2129) * Add conditional for params cm. Signed-off-by: Josh Baird * Add value for create. Signed-off-by: Josh Baird * Update CHANGELOG. Signed-off-by: Josh Baird * Extra space. Signed-off-by: Josh Baird * Update docs. Signed-off-by: Josh Baird * Extra space. Signed-off-by: Josh Baird * Bump to 5.36.9 Signed-off-by: Josh Baird --------- Signed-off-by: Josh Baird --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/README.md | 1 + .../templates/argocd-configs/argocd-cmd-params-cm.yaml | 2 ++ charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index edb176c7..ee6d023c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.7 +version: 5.36.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Adapt `applicationSet.containerPorts.metrics` to 8080 (revert previous release) - - kind: changed - description: Adapt `applicationSet.metrics.service.servicePort` to 8080 + - kind: added + description: Added `configs.params.create` value to the argo-cd chart diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index cde67925..dbf3f012 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -464,6 +464,7 @@ NAME: my-release | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | | configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". | | configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap | +| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 18fead9b..9d60d932 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.params.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -13,3 +14,4 @@ metadata: {{- end }} data: {{- include "argo-cd.config.params" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d1687b53..c7129bab 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -217,6 +217,10 @@ configs: # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: + # -- Create the argocd-cmd-params-cm configmap + # If false, it is expected the configmap will be created by something else. + create: true + # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap annotations: {} From 78e99e991119b5e982a0de6eea8c3609409033a5 Mon Sep 17 00:00:00 2001 From: Josh Baird Date: Mon, 26 Jun 2023 10:53:40 -0400 Subject: [PATCH 066/617] feat(argo-cd): Add support for configuring argo-notifications log level and format (#2127) * Add env vars for notification logging. Signed-off-by: Josh Baird * Indent. Signed-off-by: Josh Baird * Update CHANGELOG. Signed-off-by: Josh Baird * Bump chart version. Signed-off-by: Josh Baird * Remove extra line. Signed-off-by: Josh Baird * Bump to 5.6.38. Signed-off-by: Josh Baird --------- Signed-off-by: Josh Baird --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-notifications/deployment.yaml | 18 +++++++++++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ee6d023c..48461100 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.9 +version: 5.36.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added `configs.params.create` value to the argo-cd chart + description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 8df6c8bb..d2eca77f 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,10 +66,22 @@ spec: {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} - {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} env: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} From 675803c02dc5390440b9b13a089b4ad45e7645bb Mon Sep 17 00:00:00 2001 From: dchien234 Date: Fri, 30 Jun 2023 00:02:15 +0800 Subject: [PATCH 067/617] fix(argo-cd): fix gRPC service target port (#2138) * fix(argo-cd): update grpc service to use proper targetPort Signed-off-by: d.chien * fix(argo-cd): update Chart changelog Signed-off-by: d.chien --------- Signed-off-by: d.chien --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/aws/service.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 48461100..d000da10 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.10 +version: 5.36.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment + - kind: changed + description: Change `targetPort` to use proper `.Values.server.containerPorts.server` value in argo-cd/argo-server for grpc Service so that AWS ALB will not fail the health check for this extra Service. diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index 02c543d5..e9032f92 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -13,11 +13,11 @@ spec: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: server + targetPort: {{ .Values.server.containerPorts.server }} - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: server + targetPort: {{ .Values.server.containerPorts.server }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None From 8213fc37c0a98a0479637d52d9730c4c4a62f7e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jul 2023 08:39:17 -0500 Subject: [PATCH 068/617] chore(deps): bump actions/labeler from 4.1.0 to 4.2.0 (#2140) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 93cc6b01..18a87c50 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@9fcb2c2f5584144ca754f8bfe8c6f81e77753375 # v4.1.0 + - uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 7c3553de9d973594369389c5256235af455e79f2 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 2 Jul 2023 12:16:30 +0900 Subject: [PATCH 069/617] chore(argo-cd): Added note about Kubernetes Compatibility Matrix (#2141) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 3 +++ charts/argo-cd/README.md.gotmpl | 3 +++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d000da10..eacaef39 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.11 +version: 5.36.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Change `targetPort` to use proper `.Values.server.containerPorts.server` value in argo-cd/argo-server for grpc Service so that AWS ALB will not fail the health check for this extra Service. + - kind: added + description: Added note about Kubernetes Compatibility Matrix diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index dbf3f012..9c2d3c4a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -362,6 +362,8 @@ server: ## Prerequisites - Kubernetes: `>=1.23.0-0` + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -1223,3 +1225,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 6b5efffc..f1dea7f2 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -363,6 +363,8 @@ server: ## Prerequisites - {{ template "chart.kubeVersionLine" . }} + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -559,3 +561,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions From 167c112bcbbebfd4b0c18d38c9bbb063fab7f78b Mon Sep 17 00:00:00 2001 From: Elad Shmitanka Date: Sun, 2 Jul 2023 11:07:17 +0300 Subject: [PATCH 070/617] fix(argo-cd): Add usages to ArgoCD server certificate (#2143) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-server/certificate.yaml | 4 ++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eacaef39..bec859df 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.12 +version: 5.36.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added note about Kubernetes Compatibility Matrix + description: Support for setting server certificate usages diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 9c2d3c4a..907cd0fe 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -688,6 +688,7 @@ NAME: my-release | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | +| server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | | server.certificateSecret.crt | string | `""` | Certificate data | | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index eec82ae6..1ec9bb02 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -30,4 +30,8 @@ spec: privateKey: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.certificate.usages }} + usages: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c7129bab..63588ea9 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1743,6 +1743,9 @@ server: algorithm: RSA # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. size: 2048 + # -- Usages for the certificate + ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage + usages: [] # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server From b9f610e319ee725ac602303714b774c4cc7c1be8 Mon Sep 17 00:00:00 2001 From: Laurent Lavaud Date: Mon, 3 Jul 2023 19:55:01 +0200 Subject: [PATCH 071/617] fix(argo-cd): Update `argo-cd.strategy` template (#2144) - Convert `$preset.type` to string to prevent an "incompatible types for comparison" when no strategy are defined Signed-off-by: Laurent Lavaud --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_common.tpl | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bec859df..91e3285e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.13 +version: 5.36.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support for setting server certificate usages + - kind: fixed + description: Update argo-cd.strategy template diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index 54423f99..f8c84c9c 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -128,9 +128,9 @@ Common deployment strategy definition */}} {{- define "argo-cd.strategy" -}} {{- $preset := . -}} -{{- if (eq $preset.type "Recreate") }} +{{- if (eq (toString $preset.type) "Recreate") }} type: Recreate -{{- else if (eq $preset.type "RollingUpdate") }} +{{- else if (eq (toString $preset.type) "RollingUpdate") }} type: RollingUpdate {{- with $preset.rollingUpdate }} rollingUpdate: From 5c4506b4810eda6583cd89443903956d9c4df6ab Mon Sep 17 00:00:00 2001 From: Atkins Date: Tue, 4 Jul 2023 17:22:19 +0800 Subject: [PATCH 072/617] feat(argo-cd): remove necessary create entry in `argocd-cmd-params-cm` ConfigMap (#2146) fix(argo-cd): remove necessary `create` entry in `argocd-cmd-params-cm` ConfigMap Signed-off-by: Atkins Chang --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 91e3285e..c84c0f90 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.14 +version: 5.36.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update argo-cd.strategy template + description: Remove necessary `create` entry in `argocd-cmd-params-cm` ConfigMap diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2338d1c0..2786d6ed 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -207,7 +207,7 @@ applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.r Merge Argo Params Configuration with Preset Configuration */}} {{- define "argo-cd.config.params" -}} -{{- $config := omit .Values.configs.params "annotations" }} +{{- $config := omit .Values.configs.params "create" "annotations" }} {{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}} {{- range $key, $value := mergeOverwrite $preset $config }} {{ $key }}: {{ toString $value | toYaml }} From 5f55ef2c4cc16d4c91faaf1bdb7e0c1d7385435a Mon Sep 17 00:00:00 2001 From: Laurent Lavaud Date: Tue, 4 Jul 2023 16:07:03 +0200 Subject: [PATCH 073/617] feat(argo-cd): Update appset deployment template (#2145) - add cmd-params checksum annotation to the applicationSet deployment to trigger an automated rollout when changed. Signed-off-by: Laurent Lavaud Signed-off-by: Laurent Lavaud --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-applicationset/deployment.yaml | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c84c0f90..513438a5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.15 +version: 5.37.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Remove necessary `create` entry in `argocd-cmd-params-cm` ConfigMap + - kind: added + description: add applicationSet deployment cmd-params checksum diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 3ae8410c..0e00e28d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -24,12 +24,13 @@ spec: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} template: metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }} From 5e5bad5262ecad870b70d73df2465182b1e86f3d Mon Sep 17 00:00:00 2001 From: Andre Krueger <32708635+1337andre@users.noreply.github.com> Date: Thu, 6 Jul 2023 10:25:47 +0200 Subject: [PATCH 074/617] chore(argo-cd): Upgrade Argo CD to v2.7.7 (#2147) Signed-off-by: Andre Krueger <32708635+1337andre@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 513438a5..cbc97da1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.6 +appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.37.0 +version: 5.37.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add applicationSet deployment cmd-params checksum + - kind: changed + description: Upgrade Argo CD to v2.7.7 From 4f6f25198e9ebb8085c3c2a561d6750205dcb0bd Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Mon, 10 Jul 2023 01:14:16 -0700 Subject: [PATCH 075/617] feat(argo-cd): upgrade dexIDP from 2.36.0 -> 2.37.0 (#2155) feat: upgrade dexIDP from 2.36.0 -> 2.37.0 Signed-off-by: Venkata Mutyala --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index cbc97da1..32e6dfa6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.37.1 +version: 5.38.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.7.7 + description: Upgrade dexidp from v2.36.0 to v2.37.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 907cd0fe..51db4870 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -857,7 +857,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.36.0"` | Dex image tag | +| dex.image.tag | string | `"v2.37.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 63588ea9..08f3404a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -928,7 +928,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.36.0 + tag: v2.37.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 5ec59e90fa8f03229b8c49fe6cf50fb79572b1bf Mon Sep 17 00:00:00 2001 From: gussan <83329336+toyamagu-2021@users.noreply.github.com> Date: Tue, 11 Jul 2023 21:07:08 +0900 Subject: [PATCH 076/617] feat(argo-workflows): Add support for artifactRepositoryRef (#2135) Signed-off-by: tomoki-yamaguchi Co-authored-by: Aikawa Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +- charts/argo-workflows/README.md | 1 + .../ci/enable-artifact-repo-ref.yaml | 41 ++++++++++++ .../artifact-repository-ref-cm.yaml | 19 ++++++ charts/argo-workflows/values.yaml | 63 ++++++++++++++++++- 5 files changed, 124 insertions(+), 6 deletions(-) create mode 100644 charts/argo-workflows/ci/enable-artifact-repo-ref.yaml create mode 100644 charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index b12335a5..ade0d8b5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.30.0 +version: 0.31.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: artifactRepository will not be configured by default + - kind: added + description: Add support for artifactRepositoryRef diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 6a19bba0..b445df25 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -331,6 +331,7 @@ Fields to note: | artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | +| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). Each map key is the name of configmap | | customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | diff --git a/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml new file mode 100644 index 00000000..54c6c523 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml @@ -0,0 +1,41 @@ +artifactRepositoryRef: + # 1st ConfigMap + artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # 1st data + default-v1-s3-artifact-repository: + archiveLogs: true + s3: + bucket: my-bucket + endpoint: minio:9000 + insecure: true + accessKeySecret: + name: my-minio-cred + key: accesskey + secretKeySecret: + name: my-minio-cred + key: secretkey + # 2nd data + oss-artifact-repository: + archiveLogs: false + oss: + endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + bucket: $mybucket + accessKeySecret: + name: $mybucket-credentials + key: accessKey + secretKeySecret: + name: $mybucket-credentials + key: secretKey + # 2nd ConfigMap + another-artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: gcs + gcs: + archiveLogs: false + bucket: my-bucket + keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml new file mode 100644 index 00000000..ce7cd55b --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -0,0 +1,19 @@ +{{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $cm_name }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} + {{- with $cm_val.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{- range $data_key, $data_val := (omit $cm_val "annotations") }} + {{- $data_key | nindent 2 }}: | + {{- toYaml $data_val | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 21970f43..cd992c10 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -161,9 +161,13 @@ controller: # Only valid for 2.7+ ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/ workflowDefaults: {} - # spec: - # ttlStrategy: - # secondsAfterCompletion: 84600 + # spec: + # ttlStrategy: + # secondsAfterCompletion: 84600 + # # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/ + # artifactRepositoryRef: + # configMap: my-artifact-repository # default is "artifact-repositories" + # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. # -- Number of workflow workers workflowWorkers: # 32 @@ -770,6 +774,59 @@ customArtifactRepository: {} # name: artifactory-creds # key: password +# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). +# Each map key is the name of configmap +# @default -- `{}` (See [values.yaml]) +artifactRepositoryRef: {} + # # -- 1st ConfigMap + # # If you want to use this config map by default, name it "artifact-repositories". + # # Otherwise, you can provide a reference to a + # # different config map in `artifactRepositoryRef.configMap`. + # artifact-repositories: + # # -- v3.0 and after - if you want to use a specific key, put that key into this annotation. + # annotations: + # workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # # 1st data of configmap. See above artifactRepository or customArtifactRepository. + # default-v1-s3-artifact-repository: + # archiveLogs: false + # s3: + # bucket: my-bucket + # endpoint: minio:9000 + # insecure: true + # accessKeySecret: + # name: my-minio-cred + # key: accesskey + # secretKeySecret: + # name: my-minio-cred + # key: secretkey + # # 2nd data + # oss-artifact-repository: + # archiveLogs: false + # oss: + # endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + # bucket: $mybucket + # # accessKeySecret and secretKeySecret are secret selectors. + # # It references the k8s secret named 'bucket-workflow-artifect-credentials'. + # # This secret is expected to have have the keys 'accessKey' + # # and 'secretKey', containing the base64 encoded credentials + # # to the bucket. + # accessKeySecret: + # name: $mybucket-credentials + # key: accessKey + # secretKeySecret: + # name: $mybucket-credentials + # key: secretKey + # # 2nd ConfigMap + # another-artifact-repositories: + # annotations: + # workflows.argoproj.io/default-artifact-repository: gcs + # gcs: + # bucket: my-bucket + # keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey + emissary: # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. ## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary From 2fb60497519698eda8f217bf9fd3534b85c1704e Mon Sep 17 00:00:00 2001 From: Amit Ben Ami Date: Tue, 11 Jul 2023 16:01:02 +0300 Subject: [PATCH 077/617] feat(argo-cd): adding annotations option for `Certificate` (#2156) * feat(certificate): adding annotations options for the `Certificate` resources Signed-off-by: Amit Ben Ami * feat: bumping the chart version Signed-off-by: Amit Ben Ami --------- Signed-off-by: Amit Ben Ami Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 3 +++ .../templates/argocd-applicationset/certificate.yaml | 6 ++++++ charts/argo-cd/templates/argocd-server/certificate.yaml | 6 ++++++ charts/argo-cd/values.yaml | 7 +++++++ 5 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32e6dfa6..d0fcc045 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.38.0 +version: 5.38.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade dexidp from v2.36.0 to v2.37.0 + - kind: added + description: Adding the option to set `annotations` for `Certificate` resources diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 51db4870..048a62e9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -407,6 +407,7 @@ NAME: my-release | global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | | global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | +| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | @@ -676,6 +677,7 @@ NAME: my-release | server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | | server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | | server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | | server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | @@ -1036,6 +1038,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | | applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index 505a70fc..f3b7d5d1 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -2,6 +2,12 @@ apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} kind: Certificate metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 1ec9bb02..716c38ea 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -2,6 +2,12 @@ apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} kind: Certificate metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 08f3404a..b6216977 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -147,6 +147,9 @@ global: # -- Environment variables to pass to all deployed Deployments env: [] + # -- Annotations for the all deployed Certificates + certificateAnnotations: {} + ## Argo Configs configs: # General Argo CD configuration @@ -1743,6 +1746,8 @@ server: algorithm: RSA # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. size: 2048 + # -- Annotations to be applied to the Server Certificate + annotations: {} # -- Usages for the certificate ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage usages: [] @@ -2681,6 +2686,8 @@ applicationSet: algorithm: RSA # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. size: 2048 + # -- Annotations to be applied to the ApplicationSet Certificate + annotations: {} ## Notifications controller notifications: From 047ba6b24df9977ec773ca5cf0f00a70565e5c06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Sell=C3=A9s=20Rosa?= <1088313+Fsero@users.noreply.github.com> Date: Tue, 11 Jul 2023 17:39:35 +0200 Subject: [PATCH 078/617] feat(argocd-apps): add permitOnlyProjectScopedClusters flag (#2149) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabián Sellés Rosa <1088313+Fsero@users.noreply.github.com> --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/templates/projects.yaml | 3 +++ charts/argocd-apps/values.yaml | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index fc733b22..8eeb0888 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.2.0 +version: 1.3.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Rollout strategy for ApplicationSet + description: add permitOnlyProjectScopedClusters flag to Projects defaulting to false diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index f747d1b6..f4c273e8 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -22,6 +22,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- with .permitOnlyProjectScopedClusters }} + permitOnlyProjectScopedClusters: {{ . }} + {{- end }} description: {{ .description }} {{- with .sourceRepos }} sourceRepos: diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 500849df..0c329dfe 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -48,6 +48,7 @@ projects: [] # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false # finalizers: # - resources-finalizer.argocd.argoproj.io # description: Example Project From e15b7b70185f56ae98b372eca367b437d6feb271 Mon Sep 17 00:00:00 2001 From: Angelo Ross Date: Thu, 13 Jul 2023 11:05:13 -0300 Subject: [PATCH 079/617] feat(argo-cd): Allow configuring Dex's init image resources separately (#2161) Allow configuring Dex's init image resources separately Signed-off-by: Angelo Ross --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/values.yaml | 9 +++++++++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0fcc045..bd9a8de4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.38.1 +version: 5.39.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Adding the option to set `annotations` for `Certificate` resources + description: Allow configuring Dex's init image resources separately diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 048a62e9..deaad2ba 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -864,6 +864,7 @@ server: | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | | dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository | +| dex.initImage.resources | object | `{}` (defaults to dex.resources) | Argo CD init image resources | | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index ce9741d2..abca6e14 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -149,7 +149,7 @@ spec: - mountPath: /tmp name: dexconfig resources: - {{- toYaml .Values.dex.resources | nindent 10 }} + {{- toYaml (default .Values.dex.resources .Values.dex.initImage.resources) | nindent 10 }} {{- with .Values.dex.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b6216977..83ecff3e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -951,6 +951,15 @@ dex: # -- Argo CD init image imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" + # -- Argo CD init image resources + # @default -- `{}` (defaults to dex.resources) + resources: {} + # requests: + # cpu: 5m + # memory: 96Mi + # limits: + # cpu: 10m + # memory: 144Mi # -- Environment variables to pass to the Dex server env: [] From a7b65a37f999dc4c647611f1311c55eee16318e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 15:37:43 +0900 Subject: [PATCH 080/617] chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#2163) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/fa81e57adff234b2908110485695db0f181f3c67...dda0770415bac9fc20092cacbc54aa298604d140) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c96b4b85..c7c22af1 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 3821d6309fb480143b833f2a68034a51630ead9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 15:39:22 +0900 Subject: [PATCH 081/617] chore(deps): bump actions/labeler from 4.2.0 to 4.3.0 (#2164) Bumps [actions/labeler](https://github.com/actions/labeler) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/0967ca812e7fdc8f5f71402a1b486d5bd061fe20...ac9175f8a1f3625fd0d4fb234536d26811351594) --- updated-dependencies: - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 18a87c50..d22ac750 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0 + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 6dab4fa326a1beb1a468ac5d4eb69aabd0942587 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 15:53:14 +0900 Subject: [PATCH 082/617] chore(deps): bump actions/setup-python from 4.6.1 to 4.7.0 (#2165) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/bd6b4b6205c4dbad673328db7b31b7fab9e241c0...61a6322f88396a6271a6ee3565807d608ecaddd1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c7c22af1..bd8d2255 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 + uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 with: python-version: 3.9 From e053486fab0d0363e631d0742779d0af79a97b15 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Mon, 17 Jul 2023 11:56:13 +0200 Subject: [PATCH 083/617] fix(argo-cd): Ensure `app.kubernetes.io/version` label is valid (#2148) Signed-off-by: Mathieu Parent --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_common.tpl | 9 ++++++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bd9a8de4..b87afdd3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.39.0 +version: 5.39.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allow configuring Dex's init image resources separately + - kind: fixed + description: Ensure `app.kubernetes.io/version` label is valid diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index f8c84c9c..4173876c 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -38,6 +38,13 @@ Create Argo CD app version {{- default .Chart.AppVersion .Values.global.image.tag }} {{- end -}} +{{/* +Return valid version label +*/}} +{{- define "argo-cd.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + {{/* Common labels */}} @@ -46,7 +53,7 @@ helm.sh/chart: {{ include "argo-cd.chart" .context }} {{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argocd -app.kubernetes.io/version: {{ include "argo-cd.defaultTag" .context }} +app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }} {{- with .context.Values.global.additionalLabels }} {{ toYaml . }} {{- end }} From afccb2e5d469c61b327d6f47001297b5ba079422 Mon Sep 17 00:00:00 2001 From: Zach Swanson <1272954+zswanson@users.noreply.github.com> Date: Mon, 17 Jul 2023 08:20:47 -0400 Subject: [PATCH 084/617] feat(argo-cd): allow configurable hpa metrics (#2166) * allow configurable HPA metrics Signed-off-by: Zach Swanson * update docs Signed-off-by: Zach Swanson * Update chart version and changelog Signed-off-by: Zach Swanson Signed-off-by: Zach Swanson * Fix values/readme reference to repo server Signed-off-by: Zach Swanson --------- Signed-off-by: Zach Swanson Signed-off-by: Zach Swanson Signed-off-by: Zach Swanson <1272954+zswanson@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/argocd-repo-server/hpa.yaml | 4 ++++ charts/argo-cd/templates/argocd-server/hpa.yaml | 4 ++++ charts/argo-cd/values.yaml | 6 ++++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b87afdd3..3736bba1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.39.1 +version: 5.40.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Ensure `app.kubernetes.io/version` label is valid + - kind: changed + description: Allow configurable metrics in server and repoServer HPAs diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index deaad2ba..863ae8bb 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -576,6 +576,7 @@ NAME: my-release | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | | repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] | | repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] | | repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] | @@ -673,6 +674,7 @@ NAME: my-release | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | | server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] | | server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index 2cba8324..ef3d5e80 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -14,6 +14,9 @@ spec: minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} metrics: + {{- if .Values.repoServer.autoscaling.metrics }} + {{- toYaml .Values.repoServer.autoscaling.metrics | nindent 4 }} + {{- else }} {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: @@ -38,6 +41,7 @@ spec: type: Utilization {{- end }} {{- end }} + {{- end }} {{- with .Values.repoServer.autoscaling.behavior }} behavior: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index cbc17c31..c19b8943 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -14,6 +14,9 @@ spec: minReplicas: {{ .Values.server.autoscaling.minReplicas }} maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} metrics: + {{- if .Values.server.autoscaling.metrics }} + {{ toYaml .Values.server.autoscaling.metrics | nindent 4 }} + {{- else }} {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: @@ -38,6 +41,7 @@ spec: type: Utilization {{- end }} {{- end }} + {{- end}} {{- with .Values.server.autoscaling.behavior }} behavior: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 83ecff3e..38f9b2d7 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1476,6 +1476,9 @@ server: # - type: Pods # value: 2 # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] ## Argo CD server Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -2043,6 +2046,9 @@ repoServer: # - type: Pods # value: 2 # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD repo server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] ## Repo server Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ From c2f813ec6241b016a6907238c87eadf8a9feb505 Mon Sep 17 00:00:00 2001 From: Alex Souslik Date: Tue, 18 Jul 2023 09:51:14 +0300 Subject: [PATCH 085/617] feat(argo-cd): make ServiceMonitor deployment conditional on CRD existence (#2154) * made ServiceMonitor deployment conditional on CRD existence Signed-off-by: alex-souslik-hs * remove non ArgoCD changes Signed-off-by: alex-souslik-hs * add newline Signed-off-by: Alex Souslik * Change chage description Signed-off-by: Alex Souslik * Update charts/argo-cd/Chart.yaml Co-authored-by: Marco Kilchhofer Signed-off-by: Alex Souslik --------- Signed-off-by: alex-souslik-hs Signed-off-by: Alex Souslik Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-application-controller/servicemonitor.yaml | 2 +- .../templates/argocd-applicationset/servicemonitor.yaml | 2 +- .../templates/argocd-notifications/servicemonitor.yaml | 2 +- .../argo-cd/templates/argocd-repo-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- charts/argo-cd/templates/redis/servicemonitor.yaml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3736bba1..1b8a0ae1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.40.0 +version: 5.41.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Allow configurable metrics in server and repoServer HPAs + description: Make ServiceMonitor deployment conditional on CRD existence diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 10ba7767..3ce0c10d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index bb814a25..b3554675 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -1,5 +1,5 @@ {{- if .Values.applicationSet.enabled }} -{{- if and .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index de3cc5a3..18849886 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index aec96461..c41520b7 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 65d102e3..f876a1a1 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 21d12be2..00f2a238 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 46a7e32c..6f036a80 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -1,5 +1,5 @@ {{- $redisHa := (index .Values "redis-ha") -}} -{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: From 5f46ee820fd19e0b24c50f71aa9169be59192eac Mon Sep 17 00:00:00 2001 From: smcavallo Date: Wed, 19 Jul 2023 18:26:08 -0400 Subject: [PATCH 086/617] feat(argo-cd): Upgrade argocd to v2.7.8 (#2173) Signed-off-by: smcavallo --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1b8a0ae1..72c178b1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.7 +appVersion: v2.7.8 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.41.0 +version: 5.41.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Make ServiceMonitor deployment conditional on CRD existence + description: Update to app version 2.7.8 From 000d8c71285f60c7fccc8e40bfab805da7dddebb Mon Sep 17 00:00:00 2001 From: Takuma Kume Date: Fri, 21 Jul 2023 02:26:23 +0900 Subject: [PATCH 087/617] feat(argo-rollouts): Upgrade Argo Rollouts to v1.5.1 (#2174) --- charts/argo-rollouts/Chart.yaml | 8 ++++---- charts/argo-rollouts/templates/crds/rollout-crd.yaml | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 67175469..62ab9f05 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.5.0 +appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.0 +version: 2.31.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support Traffic Router Plugins + - kind: changed + description: Update to app version 1.5.1 diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 0fafbab3..45f59ee0 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3328,7 +3328,6 @@ spec: type: string required: - arn - - fullName - name type: object loadBalancer: @@ -3341,7 +3340,6 @@ spec: type: string required: - arn - - fullName - name type: object stableTargetGroup: @@ -3354,7 +3352,6 @@ spec: type: string required: - arn - - fullName - name type: object type: object From 137bb9e177f85f63a8c1214c17ec82830f069760 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Thu, 20 Jul 2023 18:19:59 -0500 Subject: [PATCH 088/617] chore(argo-workflows): Upgrade to 3.4.9 (#2175) chore(argo-workflow): Upgrade to 3.4.9 - [ ] update CRD changes Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ade0d8b5..96912cf2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.8 +appVersion: v3.4.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.31.0 +version: 0.32.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for artifactRepositoryRef + - kind: changed + description: Upgrade to Argo Workflows v3.4.9 From 83e5d83492f18c301fe62eebb56e6db98757cabb Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Sat, 22 Jul 2023 15:46:38 +0200 Subject: [PATCH 089/617] feat(argocd-apps): syncOptions for applications (#2176) Signed-off-by: Mathieu Parent Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/templates/applications.yaml | 4 ++++ charts/argocd-apps/values.yaml | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 8eeb0888..cc690f7f 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.3.0 +version: 1.4.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: add permitOnlyProjectScopedClusters flag to Projects defaulting to false + description: syncOptions for applications diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index df0ea5eb..0cf3420b 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -37,6 +37,10 @@ spec: syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .syncOptions }} + syncOptions: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .revisionHistoryLimit }} revisionHistoryLimit: {{ . }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 0c329dfe..9311a44c 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -30,6 +30,8 @@ applications: [] # automated: # prune: false # selfHeal: false +# syncOptions: +# - CreateNamespace=true # revisionHistoryLimit: null # ignoreDifferences: # - group: apps From 0453552b320712d20be65d9ba3f56644842dd84c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 23 Jul 2023 13:25:51 +0900 Subject: [PATCH 090/617] fix(argocd-apps): fix indent of syncOptions (#2181) --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/ci/applications-values.yaml | 2 ++ charts/argocd-apps/templates/applications.yaml | 4 ---- charts/argocd-apps/values.yaml | 4 ++-- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index cc690f7f..5494db99 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.4.0 +version: 1.4.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added + - kind: fixed description: syncOptions for applications diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml index 9d8b21bf..28a627ff 100644 --- a/charts/argocd-apps/ci/applications-values.yaml +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -20,6 +20,8 @@ applications: automated: prune: false selfHeal: false + syncOptions: + - ApplyOutOfSyncOnly=true revisionHistoryLimit: null ignoreDifferences: - group: apps diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index 0cf3420b..df0ea5eb 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -37,10 +37,6 @@ spec: syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncOptions }} - syncOptions: - {{- toYaml . | nindent 4 }} - {{- end }} {{- with .revisionHistoryLimit }} revisionHistoryLimit: {{ . }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 9311a44c..a7996369 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -30,8 +30,8 @@ applications: [] # automated: # prune: false # selfHeal: false -# syncOptions: -# - CreateNamespace=true +# syncOptions: +# - CreateNamespace=true # revisionHistoryLimit: null # ignoreDifferences: # - group: apps From f2da20bb753a7d9f28157f0ba39d6db62922431e Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Sun, 23 Jul 2023 19:48:47 -0400 Subject: [PATCH 091/617] chore(github): use table for Emeritus (#2182) - to matches how `argoproj` lists Alumni (https://github.com/argoproj/argoproj/blob/6011d3e17300d4b642a1ab5bdb3551c5f6da9021/MAINTAINERS.md?plain=1#L11) - though it has more details including role and affiliation. could do that here too, but I don't know what all those are, so left those columns out - fortunately everyone's name was listed on their profile, so just copy+paste those! - confirmed that all links work Signed-off-by: Anton Gilgur --- EMERITUS.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/EMERITUS.md b/EMERITUS.md index 2c299690..c0ff9674 100644 --- a/EMERITUS.md +++ b/EMERITUS.md @@ -4,9 +4,11 @@ These are the people who have been approvers in the past, and have since retired We thank them for their service to the project. -* @oliverbaehler -* @stefansedich -* @paguos -* @yann-soubeyrand -* @davidkarlsen -* @jbehling +| Emeritus | GitHub ID | +| -------- | --------- | +| Oliver Bähler | [oliverbaehler](https://github.com/oliverbaehler) | +| Stefan Sedich | [stefansedich](https://github.com/stefansedich) | +| Pablo Osinaga | [paguos](https://github.com/paguos) | +| Yann Soubeyrand | [yann-soubeyrand](https://github.com/yann-soubeyrand) | +| David J. M. Karlsen | [davidkarlsen](https://github.com/davidkarlsen) | +| John Behling | [jbehling](https://github.com/jbehling) | From 5f1d08de0b0f10a650d09609abf17b22816430d5 Mon Sep 17 00:00:00 2001 From: Artur Date: Tue, 25 Jul 2023 03:22:46 +0300 Subject: [PATCH 092/617] fix(argo-rollouts): Use annotation cont metrics (#2184) * fix(argo-rollouts): Use annotation cont metrics Signed-off-by: Artur Mudrykh * fix(argo-rollouts): add changes and bump version Signed-off-by: Artur Mudrykh * fix chart.yaml Signed-off-by: Artur Mudrykh --------- Signed-off-by: Artur Mudrykh Co-authored-by: Artur Mudrykh --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 1 + .../argo-rollouts/templates/controller/metrics-service.yaml | 5 ++++- charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 62ab9f05..c073adcb 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.1 +version: 2.31.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update to app version 1.5.1 + - kind: fixed + description: Fix use prometheus metrics service diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 5add40c3..4e028779 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -91,6 +91,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.annotations | object | `{}` | Service annotations | | controller.metrics.service.port | int | `8090` | Metrics service port | | controller.metrics.service.portName | string | `"metrics"` | Metrics service port name | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml index e04d326a..671a0837 100644 --- a/charts/argo-rollouts/templates/controller/metrics-service.yaml +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -7,8 +7,11 @@ metadata: labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} - {{- with .Values.serviceAnnotations }} annotations: + {{- with .Values.serviceAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.service.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index b81ee53a..f9d8e1cf 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -127,6 +127,8 @@ controller: portName: metrics # -- Metrics service port port: 8090 + # -- Service annotations + annotations: {} serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false From 278a32671bebe8ea503b7d73619b3cdf389105a2 Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Mon, 24 Jul 2023 19:09:41 -0700 Subject: [PATCH 093/617] chore(argo-cd): Upgrade Argo CD to v2.7.9 (#2186) feat(argo-cd): Upgrade argocd to v2.7.9 Signed-off-by: Venkata Mutyala --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 72c178b1..79b9fb03 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.8 +appVersion: v2.7.9 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.41.1 +version: 5.41.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Update to app version 2.7.8 + description: Update to app version v2.7.9 From 98da71eb87def0ea9cb57dfe86e17c6256407cd0 Mon Sep 17 00:00:00 2001 From: Andy Cobaugh Date: Thu, 27 Jul 2023 09:57:46 -0400 Subject: [PATCH 094/617] feat(argo-workflows): allow setting executor args (#2177) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 5 ++++- charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 96912cf2..681b73b9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.0 +version: 0.32.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade to Argo Workflows v3.4.9 + - kind: added + description: Add support for executor args diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index b445df25..eb57fe44 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -230,6 +230,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| executor.args | list | `[]` | Passes arguments to the executor processes | | executor.env | list | `[]` | Adds environment variables for the executor. | | executor.image.pullPolicy | string | `""` | Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. | | executor.image.registry | string | `"quay.io"` | Registry to use for the Workflow Executors | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 680b436f..d4728a30 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -42,12 +42,15 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} + {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}} executor: imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }} {{- with .Values.executor.resources }} resources: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.executor.args }} + args: {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.executor.env }} env: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index cd992c10..bfc3ce3f 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -382,6 +382,8 @@ executor: pullPolicy: "" # -- Resource limits and requests for the Workflow Executors resources: {} + # -- Passes arguments to the executor processes + args: [] # -- Adds environment variables for the executor. env: [] # -- sets security context for the executor container From c358b5e71f8a9259d937c9bb1a6a34c9f1f478d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?carlos=20gonz=C3=A1lez?= Date: Thu, 27 Jul 2023 23:44:15 +0200 Subject: [PATCH 095/617] feat(argo-cd): add labels to notifications secret (#2191) (#2192) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: carlos gonzález --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../argocd-configs/argocd-notifications-secret.yaml | 3 +++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 79b9fb03..bb918178 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.9 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.41.2 +version: 5.42.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update to app version v2.7.9 + - kind: added + description: Extra secret labels with .Values.notifications.secret.labels diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 863ae8bb..79d134b6 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1195,6 +1195,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | +| notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | | notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index cde4d555..75027ed5 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.notifications.secret.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 38f9b2d7..aa071644 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2795,6 +2795,9 @@ notifications: # -- key:value pairs of annotations to be added to the secret annotations: {} + # -- key:value pairs of labels to be added to the secret + labels: {} + # -- Generic key:value pairs to be inserted into the secret ## Can be used for templates, notification services etc. Some examples given below. ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ From 4ebeac0d8c89582f81cd9ab2daee1b158ad01cbf Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 1 Aug 2023 14:57:18 +0900 Subject: [PATCH 096/617] chore(argo-cd): Upgrade Argo CD to v2.7.10 (#2197) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bb918178..a78601a5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.9 +appVersion: v2.7.10 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.0 +version: 5.42.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Extra secret labels with .Values.notifications.secret.labels + - kind: changed + description: Upgrade Argo CD to v2.7.10 From 962342fe2acef6022ac5c1a3eb352b336308b3eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20SANCHEZ?= Date: Tue, 1 Aug 2023 11:07:17 +0200 Subject: [PATCH 097/617] fix(argo-rollouts): fix helm lint error when extraObjects is defined (#2196) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix(extra-manifests): fix helm lint error when extraObjecrts is defined Signed-off-by: Grégory SANCHEZ Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/extra-manifests.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index c073adcb..1846575d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.2 +version: 2.31.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fix use prometheus metrics service + description: Fix helm lint error when `extraObjects` is defined diff --git a/charts/argo-rollouts/templates/extra-manifests.yaml b/charts/argo-rollouts/templates/extra-manifests.yaml index f17b1a93..fc9a76b8 100644 --- a/charts/argo-rollouts/templates/extra-manifests.yaml +++ b/charts/argo-rollouts/templates/extra-manifests.yaml @@ -1,6 +1,6 @@ {{ range .Values.extraObjects }} --- -{{- if typeIs "string" . }} +{{ if typeIs "string" . }} {{- tpl . $ }} {{- else }} {{- tpl (toYaml .) $ }} From f0ac0b7cf400f9f00005e9436de41881a584547d Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sat, 5 Aug 2023 12:16:40 +0200 Subject: [PATCH 098/617] fix(argo-cd): Template configuration keys as a string instead of map (#2205) --- charts/argo-cd/Chart.yaml | 6 ++--- charts/argo-cd/templates/_helpers.tpl | 37 +++++++++++++++------------ 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a78601a5..8a4769ac 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.10 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.1 +version: 5.42.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.10 + - kind: fixed + description: Templates for global presets properly renders keys as a string instead of map diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2786d6ed..c4c814da 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -162,9 +162,11 @@ Create the name of the notifications service account to use Argo Configuration Preset Values (Incluenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} +{{- $presets := dict -}} {{- if .Values.configs.styles -}} -ui.cssurl: "./custom/custom.styles.css" +{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} +{{- toYaml $presets }} {{- end -}} {{/* @@ -183,24 +185,25 @@ Merge Argo Configuration with Preset Configuration {{/* Argo Params Default Configuration Presets +NOTE: Configuration keys must be stored as dict because YAML treats dot as separator */}} {{- define "argo-cd.config.params.presets" -}} -repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}" -server.repo.server.strict.tls: {{ .Values.repoServer.certificateSecret.enabled | toString }} -{{- with include "argo-cd.redis.server" . }} -redis.server: {{ . | quote }} -{{- end }} -{{- if .Values.dex.enabled }} -server.dex.server: {{ include "argo-cd.dex.server" . | quote }} -server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }} -{{- end }} -{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }} -{{ $component }}.log.format: {{ $.Values.global.logging.format | quote }} -{{ $component }}.log.level: {{ $.Values.global.logging.level | quote }} -{{- end }} -{{- if .Values.applicationSet.enabled }} -applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }} -{{- end }} +{{- $presets := dict -}} +{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}} +{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}} +{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}} +{{- if .Values.dex.enabled -}} +{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} +{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} +{{- end -}} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}} +{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- end -}} +{{- if .Values.applicationSet.enabled -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt (.Values.applicationSet.replicaCount | int64) 1) -}} +{{- end -}} +{{- toYaml $presets }} {{- end -}} {{/* From eae0bdd87117c2eb5e4f666196b6886f13b3f999 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 5 Aug 2023 19:26:24 +0900 Subject: [PATCH 099/617] fix(argo-rollouts): Add required ingress permission (#2207) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/controller/clusterrole.yaml | 1 + charts/argo-rollouts/templates/controller/role.yaml | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 1846575d..8cc669fb 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.3 +version: 2.31.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fix helm lint error when `extraObjects` is defined + description: Add required ingress permission diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 964daed3..ab0f7ee1 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -135,6 +135,7 @@ rules: - get - list - watch + - update - patch # job access needed for analysis template job metrics - apiGroups: diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index e3b80672..eb69db62 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -136,6 +136,7 @@ rules: - get - list - watch + - update - patch # job access needed for analysis template job metrics - apiGroups: From ebd1ad5103d3f352a4317fab935b305c91a1b9f3 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 8 Aug 2023 15:11:34 +0900 Subject: [PATCH 100/617] chore(argo-cd): Upgrade Argo CD to v2.7.11 (#2210) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8a4769ac..1e77b9db 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.10 +appVersion: v2.7.11 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.2 +version: 5.42.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Templates for global presets properly renders keys as a string instead of map + - kind: changed + description: Upgrade Argo CD to v2.7.11 From 4eae23b5806a97a5e081b0f3f877b9e3b5bf9cf1 Mon Sep 17 00:00:00 2001 From: Engin Diri Date: Tue, 8 Aug 2023 16:08:58 +0200 Subject: [PATCH 101/617] feat(github): add Helm OCI support (#2209) Signed-off-by: Engin Diri --- .github/workflows/publish.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c1d94025..c2d1dc24 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,6 +4,8 @@ on: push: branches: - main + paths: + - "charts/**" permissions: contents: read @@ -12,6 +14,7 @@ jobs: publish: permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release + packages: write # to push OCI chart package to GitHub Registry runs-on: ubuntu-latest steps: - name: Checkout @@ -60,3 +63,20 @@ jobs: config: "./.github/configs/cr.yaml" env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Login to GHCR + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push chart to GHCR + run: | + shopt -s nullglob + for pkg in .cr-release-packages/*.tgz; do + if [ -z "${pkg:-}" ]; then + break + fi + helm push "${pkg}" oci://ghcr.io/${{ github.repository }} + done From 3e35b0c7f7d758d553b17f369cc5940484ef5d89 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 8 Aug 2023 16:35:41 +0200 Subject: [PATCH 102/617] feat(argo-cd): Upgrade Argo CD to 2.8.0 (#2170) Signed-off-by: Petr Drastil Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 2 +- .../statefulset.yaml | 12 + .../argocd-applicationset/deployment.yaml | 73 +- .../argocd-repo-server/deployment.yaml | 12 + .../templates/argocd-server/deployment.yaml | 12 + .../templates/crds/crd-application.yaml | 168 +- .../templates/crds/crd-applicationset.yaml | 2002 +++++++++++++++++ charts/argo-cd/values.yaml | 2 +- 9 files changed, 2264 insertions(+), 25 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e77b9db..f85b8bb3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.11 +appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.3 +version: 5.43.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.7.11 + description: Upgrade Argo CD to 2.8.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 79d134b6..305f0923 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -461,7 +461,7 @@ NAME: my-release | configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | -| configs.params."server.enable.gzip" | bool | `false` | Enable GZIP compression | +| configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index b671e245..8faac38d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -236,6 +236,18 @@ spec: name: argocd-cmd-params-cm key: application.namespaces optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 0e00e28d..4da1597c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -93,12 +93,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -111,6 +105,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -147,6 +147,54 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.concurrent.reconciliations.max + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} @@ -199,6 +247,8 @@ spec: name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls - mountPath: /tmp name: tmp {{- with .Values.applicationSet.extraContainers }} @@ -248,6 +298,17 @@ spec: emptyDir: {} - name: tmp emptyDir: {} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt {{- with .Values.applicationSet.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index f438c8b5..b9959018 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -108,6 +108,18 @@ spec: name: argocd-cmd-params-cm key: reposerver.parallelism.limit optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.metrics.listen.address + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index cc928981..e3f322cb 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -263,6 +263,18 @@ spec: name: argocd-cmd-params-cm key: server.http.cookie.maxnumber optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index cbb480e6..b4d13a15 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -297,8 +297,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -586,8 +593,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -992,8 +1006,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1272,8 +1293,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1438,7 +1466,7 @@ spec: as part of automated sync (default: false)' type: boolean selfHeal: - description: 'SelfHeal specifes whether to revert resources + description: 'SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)' type: boolean @@ -1502,7 +1530,7 @@ spec: conditions items: description: ApplicationCondition contains details about an application - condition, which is usally an error or warning + condition, which is usually an error or warning properties: lastTransitionTime: description: LastTransitionTime is the time the condition was @@ -1521,6 +1549,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status @@ -1700,8 +1732,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1993,8 +2032,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2431,8 +2478,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over + Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2740,8 +2794,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined - as a block + as a block. ValuesObject takes precedence + over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2951,6 +3012,19 @@ spec: syncResult: description: SyncResult is the result of a Sync operation properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object resources: description: Resources contains a list of sync result items for each individual resource in a sync operation @@ -3153,8 +3227,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3457,8 +3539,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3728,6 +3817,42 @@ spec: and must be set to the Kubernetes control plane API type: string type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array source: description: Source is a reference to the application's source used for comparison @@ -3866,8 +3991,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4170,8 +4303,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index ad35b062..fa0d926a 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -40,6 +40,8 @@ spec: type: object spec: properties: + applyNestedSelectors: + type: boolean generators: items: properties: @@ -235,6 +237,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -412,6 +417,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -748,6 +756,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -925,6 +936,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1265,6 +1279,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1442,6 +1459,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1586,6 +1606,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -1758,6 +1782,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1935,6 +1962,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2279,6 +2309,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2456,6 +2489,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2792,6 +2828,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2969,6 +3008,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3309,6 +3351,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3486,6 +3531,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3630,6 +3678,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -3802,6 +3854,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3979,6 +4034,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4130,8 +4188,595 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -4168,6 +4813,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -4227,6 +4874,8 @@ spec: properties: api: type: string + insecure: + type: boolean labels: items: type: string @@ -4411,6 +5060,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4588,6 +5240,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4735,6 +5390,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -4891,6 +5566,8 @@ spec: type: string includeSubgroups: type: boolean + insecure: + type: boolean tokenRef: properties: key: @@ -5067,6 +5744,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5244,6 +5924,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5388,6 +6071,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -5574,6 +6261,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5751,6 +6441,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6095,6 +6788,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6272,6 +6968,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6608,6 +7307,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6785,6 +7487,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7125,6 +7830,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7302,6 +8010,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7446,6 +8157,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -7618,6 +8333,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7795,6 +8513,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7946,8 +8667,595 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -7984,6 +9292,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -8043,6 +9353,8 @@ spec: properties: api: type: string + insecure: + type: boolean labels: items: type: string @@ -8227,6 +9539,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8404,6 +9719,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8551,6 +9869,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -8707,6 +10045,8 @@ spec: type: string includeSubgroups: type: boolean + insecure: + type: boolean tokenRef: properties: key: @@ -8883,6 +10223,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9060,6 +10403,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9204,6 +10550,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -9394,6 +10744,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9571,6 +10924,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9719,8 +11075,595 @@ spec: - generators - mergeKeys type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -9757,6 +11700,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -9816,6 +11761,8 @@ spec: properties: api: type: string + insecure: + type: boolean labels: items: type: string @@ -10000,6 +11947,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10177,6 +12127,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10324,6 +12277,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -10480,6 +12453,8 @@ spec: type: string includeSubgroups: type: boolean + insecure: + type: boolean tokenRef: properties: key: @@ -10656,6 +12631,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10833,6 +12811,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10977,6 +12958,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -11005,6 +12990,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: @@ -11045,6 +13034,13 @@ spec: type: object syncPolicy: properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string preserveResourcesOnDeletion: type: boolean type: object @@ -11208,6 +13204,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11385,6 +13384,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index aa071644..fb1db35c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -253,7 +253,7 @@ configs: # -- Disable Argo CD RBAC for user authentication server.disable.auth: false # -- Enable GZIP compression - server.enable.gzip: false + server.enable.gzip: true # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin From b9c7b3104a8957a221362dab7e3d4daab989a9dd Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Tue, 8 Aug 2023 19:03:57 -0500 Subject: [PATCH 103/617] fix(argo-rollouts): add CI for enabling extra objects for argo-rollouts (#2198) * fix(argo-rollouts): add CI for enabling extra objects for argo-rollouts Add CI for extra objects Signed-off-by: jmeridth * fix: rename extra objects ci file to have -values suffix Signed-off-by: jmeridth --------- Signed-off-by: jmeridth Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- .../ci/enable-extra-objects-values.yaml | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 charts/argo-rollouts/ci/enable-extra-objects-values.yaml diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 8cc669fb..0bf8dfcb 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.4 +version: 2.31.5 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add required ingress permission + - kind: added + description: Add CI example for extra objects diff --git a/charts/argo-rollouts/ci/enable-extra-objects-values.yaml b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key From 51e22106314012c2b4e620ad90b59340b5afb39e Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 9 Aug 2023 10:19:54 +0200 Subject: [PATCH 104/617] fix(argo-cd): Fix global log level configuration (#2213) fix(argo-cd) - Fix global log level configuration Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f85b8bb3..6140b2cb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.0 +version: 5.43.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to 2.8.0 + - kind: fixed + description: Fixed global log level configuration diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index c4c814da..05852686 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -198,7 +198,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- end -}} {{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}} {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} -{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} {{- if .Values.applicationSet.enabled -}} {{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt (.Values.applicationSet.replicaCount | int64) 1) -}} From 4b7dcd0d31531f44a275729e86880d52c75323ed Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 9 Aug 2023 10:35:48 +0200 Subject: [PATCH 105/617] chore(argo-cd): Change applicationSet replicaCount to replicas (#2214) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/templates/NOTES.txt | 3 +++ .../templates/argocd-applicationset/deployment.yaml | 2 +- charts/argo-cd/values.yaml | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6140b2cb..821de850 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.1 +version: 5.43.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed global log level configuration + - kind: changed + description: Renamed applicationSet.replicaCount to replicas + - kind: deprecated + description: Option applicationSet.replicaCount diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 305f0923..45a97eb5 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1113,7 +1113,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | applicationSet.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| applicationSet.replicaCount | int | `1` | The number of ApplicationSet controller pods to run | +| applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index d79d95f0..afd18a1b 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -73,6 +73,9 @@ DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations {{- if hasKey .Values.configs "tlsCerts" }} DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates {{- end }} +{{- if .Values.applicationSet.replicaCount }} +DEPRECATED option applicationSet.replicaCount - Use applicationSet.replicas +{{- end }} {{- if .Values.applicationSet.logFormat }} DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 4da1597c..d8fb8cbc 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -17,7 +17,7 @@ spec: strategy: {{- trim . | nindent 4 }} {{- end }} - replicas: {{ .Values.applicationSet.replicaCount }} + replicas: {{ .Values.applicationSet.replicas | default .Values.applicationSet.replicaCount }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fb1db35c..341cf8da 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2373,7 +2373,7 @@ applicationSet: name: applicationset-controller # -- The number of ApplicationSet controller pods to run - replicaCount: 1 + replicas: 1 ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ From 23708c6a30e059aa2896dbedc4a4ec52d7674ff7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Thu, 10 Aug 2023 00:18:37 +0200 Subject: [PATCH 106/617] fix(argo-cd): add missing permissions to run actions (#2212) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mickaël Canévet --- charts/argo-cd/Chart.yaml | 8 +++----- .../argo-cd/templates/argocd-server/clusterrole.yaml | 12 ++++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 821de850..fc7614e1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.2 +version: 5.43.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Renamed applicationSet.replicaCount to replicas - - kind: deprecated - description: Option applicationSet.replicaCount + - kind: fixed + description: add missing permissions to run actions diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 0f26d470..3d2c44b5 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -45,4 +45,16 @@ rules: - list - update - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create {{- end }} From a64615414d61500835a3de0723a8a9e099540ade Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Thu, 10 Aug 2023 21:14:54 -0400 Subject: [PATCH 107/617] fix(argo-workflows): Server only needs `get` Secrets (#2211) - as of https://github.com/argoproj/argo-workflows/commit/aa366db345d794f0d330336d51eb2a88f14ebbe6, the Server no longer needs `list` or `watch` and only uses `get` - this was released as part of [v3.4.0](https://github.com/argoproj/argo-workflows/blob/master/CHANGELOG.md#v340-rc1-2022-08-09), and the current version of the chart uses v3.4.9 (per `Chart.yaml#appVersion`) - `update` is not needed either for SSO secret - manifests RBAC: https://github.com/argoproj/argo-workflows/blob/a68ea0feabc87c09d5e13d12e6f0d1a61adc5b16/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml#L18 - SSO source code only uses [`create`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L140) and [`get`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L151) - (also some `get`s above that for [`clientID`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L127) and [`clientSecret`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L106) as well) Signed-off-by: Anton Gilgur Co-authored-by: Aikawa Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/server/server-cluster-roles.yaml | 3 --- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 681b73b9..c9ae07a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.1 +version: 0.32.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for executor args + - kind: fixed + description: Removed Secrets list and watch from Server RBAC diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 2a52d956..56d4dcaa 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -47,7 +47,6 @@ rules: - sso verbs: - get - - update - apiGroups: - "" resources: @@ -71,8 +70,6 @@ rules: - secrets verbs: - get - - list - - watch {{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }} {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} From 4e0698ec43f63267e63d741f9bcb8c8489c53859 Mon Sep 17 00:00:00 2001 From: Ali Reza Date: Tue, 15 Aug 2023 10:57:28 +0200 Subject: [PATCH 108/617] docs(argo-cd): Rename comment of repositoryCredentials to credentialTemplates (#2219) Rename comment of repositoryCredentials to credentialTemplates Signed-off-by: Ali Reza --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fc7614e1..6865acb0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.3 +version: 5.43.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: add missing permissions to run actions + description: Rename comment of repositoryCredentials to credentialTemplates diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 341cf8da..d748234e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -476,7 +476,7 @@ configs: # -- Repositories list to be used by applications ## Creates a secret for each key/value specified below to create repositories - ## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials". + ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates". repositories: {} # istio-helm-repo: # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts From 3737457b0fd8e3f05da8aec80da86911be24fcf6 Mon Sep 17 00:00:00 2001 From: Nick Kampe Date: Wed, 16 Aug 2023 02:01:43 -0500 Subject: [PATCH 109/617] feat(argo-rollouts): update servicemonitor.yaml to allow for namespace to be set (#2222) * Update servicemonitor.yaml to allow for namespace to be set Signed-off-by: Nick Kampe * Update README.md Signed-off-by: Nick Kampe * Update values.yaml Signed-off-by: Nick Kampe * Update Chart.yaml Signed-off-by: Nick Kampe * Update Chart.yaml Signed-off-by: Nick Kampe * Alphabetized namespace addition in README Signed-off-by: Nick Kampe --------- Signed-off-by: Nick Kampe --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/controller/servicemonitor.yaml | 2 +- charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 0bf8dfcb..2aba36f1 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.5 +version: 2.31.6 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Add CI example for extra objects + description: Add ability to set namespace on ServiceMonitor resource diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 4e028779..b9198998 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -98,6 +98,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Namespace to be used for the ServiceMonitor | | controller.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | | controller.nodeSelector | object | `{}` | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to controller [Pod Disruption Budget] | diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index 62713764..d7ab901e 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argo-rollouts.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index f9d8e1cf..b711ee37 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -132,6 +132,8 @@ controller: serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false + # -- Namespace to be used for the ServiceMonitor + namespace: "" # -- Labels to be added to the ServiceMonitor additionalLabels: {} # -- Annotations to be added to the ServiceMonitor From 92b2724b0fa82186bb13c452947c216cc04bd5f0 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Wed, 16 Aug 2023 06:00:35 -0500 Subject: [PATCH 110/617] chore(argo-workflows): Upgrade to Argo Workflows v3.4.10 (#2220) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c9ae07a5..6413a658 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.9 +appVersion: v3.4.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.2 +version: 0.32.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Removed Secrets list and watch from Server RBAC + - kind: changed + description: Upgrade to Argo Workflows v3.4.10 From dc56fa63f3baceaf2684fe0874e6851d9f3451cb Mon Sep 17 00:00:00 2001 From: Fuochi Date: Thu, 17 Aug 2023 14:08:03 +0200 Subject: [PATCH 111/617] feat(argo-workflows): add imagePullSecret for workflow sa (#2226) Signed-off-by: Fuochi --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/controller/workflow-sa.yaml | 4 ++++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6413a658..6741d7e0 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.3 +version: 0.33.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade to Argo Workflows v3.4.10 + - kind: added + description: add imagePullSecret for workflow sa diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index eb57fe44..ef78bc5b 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -127,6 +127,7 @@ Fields to note: | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | | workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account | | workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows | +| workflow.serviceAccount.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` | ### Workflow Controller diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index 8928b32e..273487c4 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -17,5 +17,9 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with $.Values.workflow.serviceAccount.pullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index bfc3ce3f..a9c827e7 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -54,6 +54,8 @@ workflow: annotations: {} # -- Service account which is used to run workflows name: "argo-workflow" + # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` + pullSecrets: [] rbac: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) From a9acf935ab3abc442f41ccadd0a62e94ec1cd205 Mon Sep 17 00:00:00 2001 From: Jeongwon Song <46633758+jsong336@users.noreply.github.com> Date: Sat, 19 Aug 2023 01:59:46 -0400 Subject: [PATCH 112/617] chore(argo-workflows): update comment for azure artifact repository blobNameFormat (#2229) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6741d7e0..1c60fbb4 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.0 +version: 0.33.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add imagePullSecret for workflow sa + - kind: fixed + description: fixed comment in values.yaml for blobNameFormat field diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index a9c827e7..d6d22464 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -752,7 +752,7 @@ artifactRepository: azure: {} # endpoint: https://mystorageaccountname.blob.core.windows.net # container: my-container-name - # blob: path/in/container + # blobNameFormat: path/in/container ## accountKeySecret is a secret selector. ## It references the k8s secret named 'my-azure-storage-credentials'. ## This secret is expected to have have the key 'account-access-key', From 7dcc174402d4a81dcdd6324bd7be095a3c52a921 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 23 Aug 2023 12:52:03 +0900 Subject: [PATCH 113/617] chore(argo-cd): Upgrade Argo CD to v2.8.1 (#2230) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6865acb0..a9ecf561 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.0 +appVersion: v2.8.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.4 +version: 5.43.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Rename comment of repositoryCredentials to credentialTemplates + - kind: changed + description: Upgrade Argo CD to v2.8.1 From 58999c1aae652baeef4df169a5a758cabebdadf7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 25 Aug 2023 17:45:53 +0900 Subject: [PATCH 114/617] chore(argo-cd): Upgrade Argo CD to v2.8.2 (#2231) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a9ecf561..01d4e8e1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.1 +appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.5 +version: 5.43.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.8.1 + description: Upgrade Argo CD to v2.8.2 From 86d92b95964e31c2f7ef071e6cd3dcc72be52f16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joonas=20Ven=C3=A4l=C3=A4inen?= <38143731+joonvena@users.noreply.github.com> Date: Fri, 25 Aug 2023 13:52:04 +0300 Subject: [PATCH 115/617] fix(argo-cd): Fix applicationSet HA examples in README.md (#2232) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Joonas Venäläinen --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/README.md.gotmpl | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 01d4e8e1..4fa32c98 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.6 +version: 5.43.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.2 + - kind: fixed + description: Fix applicationSet HA examples in README.md diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 45a97eb5..04a78ca4 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -42,7 +42,7 @@ repoServer: minReplicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### HA mode without autoscaling @@ -61,7 +61,7 @@ repoServer: replicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### Synchronizing Changes from Original Repository diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index f1dea7f2..dce6d922 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -41,7 +41,7 @@ repoServer: minReplicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### HA mode without autoscaling @@ -60,7 +60,7 @@ repoServer: replicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### Synchronizing Changes from Original Repository From 75221849eb5888768515c4ead5702bd4f683f118 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Aug 2023 20:23:07 +0200 Subject: [PATCH 116/617] chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#2234) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/c85c95e3d7251135ab7dc9ce3241c5835cc595a9...f43a0e5ff2bd294095638e18286ca9a3d1956744) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index bd8d2255..a78bf610 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c2d1dc24..9ad42ed7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 066d3c57..3f00b6dd 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: persist-credentials: false From 2fc1fd04a01d98c6fb40b8fbad9fa01d1be2a477 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 27 Aug 2023 04:20:39 +0200 Subject: [PATCH 117/617] chore(argo-cd): Upgrade redis-exporter to 1.53.0 (#2236) Signed-off-by: Petr Drastil Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4fa32c98..dc245d83 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.7 +version: 5.43.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix applicationSet HA examples in README.md + - kind: changed + description: Upgrade redis-exporter to 1.53.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 04a78ca4..ee37a2b7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -942,7 +942,7 @@ server: | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | @@ -1003,7 +1003,7 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d748234e..fb2ca38d 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1182,7 +1182,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.45.0 + tag: 1.53.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1388,7 +1388,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.45.0 + tag: 1.53.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false From 6797f01c1b564132670cf687ba010c72d5800de0 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 27 Aug 2023 21:07:17 +0200 Subject: [PATCH 118/617] chore(argo-cd): Remove support for legacy cert-manager APIs (#2238) * chore(argo-cd): Remove support for legacy cert-manager APIs Signed-off-by: Petr Drastil * Bump minor version Signed-off-by: Petr Drastil --------- Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 - charts/argo-cd/templates/NOTES.txt | 3 +++ charts/argo-cd/templates/_versions.tpl | 18 ------------------ .../argocd-applicationset/certificate.yaml | 2 +- .../templates/argocd-server/certificate.yaml | 2 +- charts/argo-cd/values.yaml | 2 -- 7 files changed, 8 insertions(+), 26 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index dc245d83..37d6e1ae 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.8 +version: 5.44.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade redis-exporter to 1.53.0 + - kind: removed + description: Support for cert-manager APIs prior K8s 1.22 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ee37a2b7..bf76f1d6 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -384,7 +384,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | -| apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index afd18a1b..18b9a1a1 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -121,6 +121,9 @@ REMOVED option redis.containerPort - Use redis.containerPorts {{- if .Values.redis.metrics.containerPort }} REMOVED option redis.metrics.containerPort - Use redis.containerPorts {{- end }} +{{- if .Values.apiVersionOverrides.certmanager }} +REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22 +{{- end }} In order to access the server UI you have the following options: diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index 8240c4b0..b8fcc32e 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -19,24 +19,6 @@ Return the appropriate apiVersion for autoscaling {{- end -}} {{- end -}} -{{/* -Return the appropriate apiVersion for cert-manager -*/}} -{{- define "argo-cd.apiVersion.cert-manager" -}} -{{- if .Values.apiVersionOverrides.certmanager -}} -{{- print .Values.apiVersionOverrides.certmanager -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}} -{{- print "cert-manager.io/v1" -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" -}} -{{- print "cert-manager.io/v1beta1" -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" -}} -{{- print "cert-manager.io/v1alpha3" -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" -}} -{{- print "cert-manager.io/v1alpha2" -}} -{{- else -}} -{{- print "certmanager.k8s.io/v1alpha1" -}} -{{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for GKE resources diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index f3b7d5d1..76e63eb3 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -1,5 +1,5 @@ {{- if .Values.applicationSet.certificate.enabled -}} -apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} +apiVersion: cert-manager.io/v1 kind: Certificate metadata: {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 716c38ea..74066ef8 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -1,5 +1,5 @@ {{- if .Values.server.certificate.enabled -}} -apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} +apiVersion: cert-manager.io/v1 kind: Certificate metadata: {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fb2ca38d..81b96ad8 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -12,8 +12,6 @@ kubeVersionOverride: "" # If you want to template helm charts but cannot access k8s API server # you can set api versions here apiVersionOverrides: - # -- String to override apiVersion of cert-manager resources rendered by this helm chart - certmanager: "" # cert-manager.io/v1 # -- String to override apiVersion of GKE resources rendered by this helm chart cloudgoogle: "" # cloud.google.com/v1 # -- String to override apiVersion of autoscaling rendered by this helm chart From 224a227fa49b00fabfb535825c9bd5648f16a30a Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 28 Aug 2023 10:12:29 +0200 Subject: [PATCH 119/617] chore(argo-cd): Remove support for autoscaling/v1 (#2237) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 5 ++- charts/argo-cd/templates/NOTES.txt | 3 ++ charts/argo-cd/templates/_versions.tpl | 14 -------- .../templates/argocd-repo-server/hpa.yaml | 34 +++++++------------ .../argo-cd/templates/argocd-server/hpa.yaml | 34 +++++++------------ charts/argo-cd/values.yaml | 4 --- 7 files changed, 35 insertions(+), 65 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 37d6e1ae..4c262f65 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.44.0 +version: 5.45.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: removed - description: Support for cert-manager APIs prior K8s 1.22 + description: Option apiVersionOverrides.autoscaling as v2 is now GA + - kind: removed + description: Codebase for autoscaling/v1 API diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bf76f1d6..125fcf69 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -383,7 +383,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | @@ -572,7 +571,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | -| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | | repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | @@ -670,7 +669,7 @@ NAME: my-release | server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | -| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | | server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 18b9a1a1..1b626796 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -121,6 +121,9 @@ REMOVED option redis.containerPort - Use redis.containerPorts {{- if .Values.redis.metrics.containerPort }} REMOVED option redis.metrics.containerPort - Use redis.containerPorts {{- end }} +{{- if .Values.apiVersionOverrides.autoscaling }} +REMOVED option apiVersionOverrides.autoscaling - API autoscaling/v2 is GA from 1.23 +{{- end }} {{- if .Values.apiVersionOverrides.certmanager }} REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22 {{- end }} diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index b8fcc32e..5d65fcd6 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -6,20 +6,6 @@ Return the target Kubernetes version {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- end }} -{{/* -Return the appropriate apiVersion for autoscaling -*/}} -{{- define "argo-cd.apiVersion.autoscaling" -}} -{{- if .Values.apiVersionOverrides.autoscaling -}} -{{- print .Values.apiVersionOverrides.autoscaling -}} -{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}} -{{- print "autoscaling/v2beta1" -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - - {{/* Return the appropriate apiVersion for GKE resources */}} diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index ef3d5e80..ce6ed371 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -1,46 +1,38 @@ {{- if .Values.repoServer.autoscaling.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }} +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }} - name: {{ template "argo-cd.repoServer.fullname" . }}-hpa + name: {{ include "argo-cd.repoServer.fullname" . }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} metrics: - {{- if .Values.repoServer.autoscaling.metrics }} - {{- toYaml .Values.repoServer.autoscaling.metrics | nindent 4 }} + {{- with .Values.repoServer.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} {{- else }} - {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} - {{- end }} - {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} - {{- end }} + averageUtilization: {{ . }} + {{- end }} {{- end }} {{- with .Values.repoServer.autoscaling.behavior }} behavior: diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index c19b8943..a509e569 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -1,47 +1,39 @@ {{- if .Values.server.autoscaling.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }} +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }} - name: {{ template "argo-cd.server.fullname" . }}-hpa + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} minReplicas: {{ .Values.server.autoscaling.minReplicas }} maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} metrics: - {{- if .Values.server.autoscaling.metrics }} - {{ toYaml .Values.server.autoscaling.metrics | nindent 4 }} + {{- with .Values.server.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} {{- else }} - {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} - {{- end }} - {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} + averageUtilization: {{ . }} + {{- end }} {{- end }} - {{- end}} {{- with .Values.server.autoscaling.behavior }} behavior: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 81b96ad8..77501eb8 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -14,8 +14,6 @@ kubeVersionOverride: "" apiVersionOverrides: # -- String to override apiVersion of GKE resources rendered by this helm chart cloudgoogle: "" # cloud.google.com/v1 - # -- String to override apiVersion of autoscaling rendered by this helm chart - autoscaling: "" # autoscaling/v2 # -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles @@ -1460,7 +1458,6 @@ server: # -- Average memory utilization percentage for the Argo CD server [HPA] targetMemoryUtilizationPercentage: 50 # -- Configures the scaling behavior of the target in both Up and Down directions. - # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer behavior: {} # scaleDown: # stabilizationWindowSeconds: 300 @@ -2030,7 +2027,6 @@ repoServer: # -- Average memory utilization percentage for the repo server [HPA] targetMemoryUtilizationPercentage: 50 # -- Configures the scaling behavior of the target in both Up and Down directions. - # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer behavior: {} # scaleDown: # stabilizationWindowSeconds: 300 From 57da3549afc43c12d261768e69a6316db7b59e0d Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 3 Sep 2023 20:15:15 -0500 Subject: [PATCH 120/617] chore(argo-events): Upgrade argo-events to 1.8.1 (#2247) https://github.com/argoproj/argo-events/releases/tag/v1.8.1 Signed-off-by: jmeridth --- charts/argo-events/Chart.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index bfb82ea1..b9f441fe 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.8.0 +appVersion: v1.8.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.0 +version: 2.4.1 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,6 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Events to v1.8.0 - - kind: added - description: Add managed namespace configuration + description: Upgrade Argo Events to v1.8.1 From cd5b9a06e33b9a7b4b717d2d5e38dee7e16ca20d Mon Sep 17 00:00:00 2001 From: JesseBot Date: Mon, 4 Sep 2023 13:01:36 +0200 Subject: [PATCH 121/617] fix(argo-cd): Update values.yaml - update custom css styles side bar example (#2245) * Update values.yaml - update custom css styles side barexample .nav-bar is no longer the css class name Signed-off-by: JesseBot * Update Chart.yaml - update patch version for values.yaml comment update Signed-off-by: JesseBot * Update Chart.yaml - update change log Signed-off-by: JesseBot --------- Signed-off-by: JesseBot --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/values.yaml | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4c262f65..18d2d2b4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.0 +version: 5.45.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: removed - description: Option apiVersionOverrides.autoscaling as v2 is now GA - - kind: removed - description: Codebase for autoscaling/v1 API + - kind: fixed + description: fixed example for configs.styles to be sidebar instead of nav-bar diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 77501eb8..e0a60543 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -539,7 +539,7 @@ configs: ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ styles: "" # styles: | - # .nav-bar { + # .sidebar { # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); # } From 2557347583f98a34cbe2da83ec30fda68023b982 Mon Sep 17 00:00:00 2001 From: Gustav Kofoed Clausen Date: Thu, 7 Sep 2023 14:23:20 +0200 Subject: [PATCH 122/617] chore(argo-rollouts): Upgrade Argo Rollouts to v1.6.0 (#2252) * chore(argo-rollouts): Upgrade Argo Rollouts to v1.6.0 Signed-off-by: Gustav Kofoed Clausen * chore(argo-rollouts): Update CRDs to matching version Signed-off-by: Gustav Kofoed Clausen --------- Signed-off-by: Gustav Kofoed Clausen Co-authored-by: Gustav Kofoed Clausen --- charts/argo-rollouts/Chart.yaml | 8 +- .../templates/crds/analysis-run-crd.yaml | 63 +++++++++++++- .../templates/crds/analysis-template-crd.yaml | 63 +++++++++++++- .../crds/cluster-analysis-template-crd.yaml | 63 +++++++++++++- .../templates/crds/experiment-crd.yaml | 34 +++++++- .../templates/crds/rollout-crd.yaml | 85 ++++++++++++++++++- 6 files changed, 306 insertions(+), 10 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2aba36f1..457f76a0 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.5.1 +appVersion: v1.6.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.6 +version: 2.32.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add ability to set namespace on ServiceMonitor resource + - kind: changed + description: Upgrade Argo Rollouts to v1.6.0 diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index bc2e61db..7324e908 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -310,6 +310,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -372,6 +373,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -418,10 +420,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -453,6 +457,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -476,6 +481,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -519,6 +525,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -542,6 +549,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -583,6 +591,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -606,6 +615,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -649,6 +659,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -672,6 +683,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -717,6 +729,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -726,6 +739,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -741,6 +755,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -752,6 +767,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -767,6 +783,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -776,6 +793,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1316,6 +1334,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1325,6 +1344,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1340,6 +1360,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1351,6 +1372,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1366,6 +1388,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1375,6 +1398,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1889,6 +1913,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1921,6 +1946,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1930,6 +1956,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1945,6 +1972,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1956,6 +1984,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1971,6 +2000,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1980,6 +2010,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2628,6 +2659,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2775,8 +2807,37 @@ spec: properties: address: type: string + authentication: + properties: + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean query: type: string + timeout: + format: int64 + type: integer type: object skywalking: properties: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 2c73c5c9..93479097 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -306,6 +306,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -368,6 +369,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -414,10 +416,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -449,6 +453,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -472,6 +477,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -515,6 +521,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -538,6 +545,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -579,6 +587,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -602,6 +611,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -645,6 +655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -668,6 +679,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -713,6 +725,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -722,6 +735,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -737,6 +751,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -748,6 +763,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -763,6 +779,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -772,6 +789,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1312,6 +1330,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1321,6 +1340,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1336,6 +1356,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1347,6 +1368,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1362,6 +1384,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1371,6 +1394,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1885,6 +1909,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1917,6 +1942,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1926,6 +1952,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1941,6 +1968,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1952,6 +1980,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1967,6 +1996,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1976,6 +2006,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2624,6 +2655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2771,8 +2803,37 @@ spec: properties: address: type: string + authentication: + properties: + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean query: type: string + timeout: + format: int64 + type: integer type: object skywalking: properties: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 612608de..66977374 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -306,6 +306,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -368,6 +369,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -414,10 +416,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -449,6 +453,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -472,6 +477,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -515,6 +521,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -538,6 +545,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -579,6 +587,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -602,6 +611,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -645,6 +655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -668,6 +679,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -713,6 +725,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -722,6 +735,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -737,6 +751,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -748,6 +763,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -763,6 +779,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -772,6 +789,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1312,6 +1330,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1321,6 +1340,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1336,6 +1356,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1347,6 +1368,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1362,6 +1384,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1371,6 +1394,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1885,6 +1909,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1917,6 +1942,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1926,6 +1952,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1941,6 +1968,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1952,6 +1980,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1967,6 +1996,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1976,6 +2006,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2624,6 +2655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2771,8 +2803,37 @@ spec: properties: address: type: string + authentication: + properties: + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean query: type: string + timeout: + format: int64 + type: integer type: object skywalking: properties: diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index acf98935..2f60d415 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -158,6 +158,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic service: properties: name: @@ -223,6 +224,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -269,10 +271,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -304,6 +308,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -327,6 +332,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -370,6 +376,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -393,6 +400,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -434,6 +442,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -457,6 +466,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -500,6 +510,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -523,6 +534,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -568,6 +580,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -577,6 +590,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -592,6 +606,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -603,6 +618,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -618,6 +634,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -627,6 +644,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1167,6 +1185,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1176,6 +1195,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1191,6 +1211,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1202,6 +1223,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1217,6 +1239,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1226,6 +1249,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1740,6 +1764,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1772,6 +1797,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1781,6 +1807,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1796,6 +1823,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1807,6 +1835,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1822,6 +1851,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1831,6 +1861,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2479,6 +2510,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 45f59ee0..7faf3790 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -118,6 +118,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic strategy: properties: blueGreen: @@ -624,6 +625,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic service: properties: name: @@ -742,6 +744,10 @@ spec: type: string ingress: type: string + ingresses: + items: + type: string + type: array rootService: type: string servicePort: @@ -759,7 +765,6 @@ spec: - enabled type: object required: - - ingress - servicePort type: object ambassador: @@ -1003,6 +1008,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1049,10 +1055,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -1084,6 +1092,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1107,6 +1116,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1150,6 +1160,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1173,6 +1184,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1214,6 +1226,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1237,6 +1250,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1280,6 +1294,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1303,6 +1318,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1348,6 +1364,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1357,6 +1374,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1372,6 +1390,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1383,6 +1402,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1398,6 +1418,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1407,6 +1428,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1947,6 +1969,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1956,6 +1979,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1971,6 +1995,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1982,6 +2007,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1997,6 +2023,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -2006,6 +2033,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2520,6 +2548,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -2552,6 +2581,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -2561,6 +2591,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -2576,6 +2607,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -2587,6 +2619,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2602,6 +2635,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -2611,6 +2645,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -3259,6 +3294,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -3330,6 +3366,8 @@ spec: - arn - name type: object + ingress: + type: string loadBalancer: properties: arn: @@ -3355,6 +3393,49 @@ spec: - name type: object type: object + albs: + items: + properties: + canaryTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + ingress: + type: string + loadBalancer: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + stableTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + type: object + type: array availableReplicas: format: int32 type: integer From 258efc9a0c4c5d6bdd13339489f2689018652218 Mon Sep 17 00:00:00 2001 From: Tamas Szasz Date: Thu, 7 Sep 2023 16:52:17 +0300 Subject: [PATCH 123/617] fix(argo-cd): Make the PathType configurable when using single ingress resource in AWS (#2251) * Make the PathType configurable when using single ingress resource in AWS Signed-off-by: Tamas * update chart version and doc Signed-off-by: Tamas * Fix reference to value in range Signed-off-by: Tamas --------- Signed-off-by: Tamas Co-authored-by: Tamas --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 18d2d2b4..18c029e2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.1 +version: 5.45.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: fixed example for configs.styles to be sidebar instead of nav-bar + description: do not hardcode the pathtype of the grpc ingress rule when using a single ingress resource in aws alb diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 98ec1cb1..a142bb66 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -39,7 +39,7 @@ spec: {{- range $p := $paths }} {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - path: {{ $p }} - pathType: Prefix + pathType: {{ $.Values.server.ingressGrpc.pathType }} backend: service: name: {{ template "argo-cd.server.fullname" $ }}-grpc From 3bb85b7d3eb0dfec12f195b5afc06b3bda70b5c3 Mon Sep 17 00:00:00 2001 From: Alexej Disterhoft Date: Fri, 8 Sep 2023 02:08:37 +0200 Subject: [PATCH 124/617] chore(argo-cd): Upgrade Argo CD to v2.8.3 (#2254) Signed-off-by: Alexej Disterhoft --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 18c029e2..76534308 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.2 +appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.2 +version: 5.45.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: do not hardcode the pathtype of the grpc ingress rule when using a single ingress resource in aws alb + - kind: changed + description: Upgrade Argo CD to v2.8.3 From 925cd8454ca2c648273e303c06f9f7560ffdc2f1 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 8 Sep 2023 13:10:55 +0900 Subject: [PATCH 125/617] chore(argo-workflows): Upgrade Argo Workflows to v3.4.11 (#2255) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 1c60fbb4..60dd66c8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.10 +appVersion: v3.4.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.1 +version: 0.33.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: fixed comment in values.yaml for blobNameFormat field + - kind: changed + description: Upgrade Argo Workflows to v3.4.11 From 95310f995b24226b2532d28d57f2b6de8687738b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 8 Sep 2023 23:02:25 +0900 Subject: [PATCH 126/617] fix(argo-cd): Restart Repo Server and Application Controller as following the change of Argo CD CM (#2235) * fix(argo-cd): Restart Repo Server and Application Controller as following the change of Argo CD CM Signed-off-by: yu-croco * fix(argo-cd): Aligne condition to argocd-cm Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/statefulset.yaml | 3 +++ charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 3 +++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 76534308..345a2ae1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.3 +version: 5.45.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.3 + - kind: fixed + description: Restart Repo Server and Application Controller as following the change of Argo CD CM diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 8faac38d..3583a2b7 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -23,6 +23,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index b9959018..61fb545a 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -30,6 +30,9 @@ spec: {{- if .Values.repoServer.certificateSecret.enabled }} checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }} {{- end }} + {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} From 34663ae9e6528098cc54a4465634154d48b14fce Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 8 Sep 2023 16:58:05 +0200 Subject: [PATCH 127/617] docs(argo-cd): Document scheduling parameters for redis-ha (#2253) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 10 ++++++++++ charts/argo-cd/values.yaml | 37 +++++++++++++++++++++++++++++++------ 3 files changed, 44 insertions(+), 9 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 345a2ae1..39ecaeb6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.4 +version: 5.45.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Restart Repo Server and Application Controller as following the change of Argo CD CM + - kind: added + description: Documented scheduling parameters for redis-ha diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 125fcf69..49abfcea 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -998,17 +998,27 @@ The main options are listed here: | Key | Type | Default | Description | |-----|------|---------|-------------| +| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | +| redis-ha.affinity | object | `{}` | Assign custom [affinity] rules to the Redis pods. | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | +| redis-ha.haproxy.affinity | object | `{}` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | +| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | +| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | +| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | +| redis-ha.image.repository | string | `"redis"` | Redis repository | | redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index e0a60543..a9ab7ad6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1371,12 +1371,17 @@ redis: # -- Prometheus ServiceMonitor annotations annotations: {} -# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) -# the custom redis deployment is omitted -# Check the redis-ha chart for more properties +## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` +# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: # -- Enables the Redis HA subchart and disables the custom Redis single node deployment enabled: false + ## Redis image + image: + # -- Redis repository + repository: redis + # -- Redis tag + tag: 7.0.11-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1388,6 +1393,7 @@ redis-ha: persistentVolume: # -- Configures persistence on Redis nodes enabled: false + ## Redis specific configuration options redis: # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated masterGroupName: argocd @@ -1397,16 +1403,35 @@ redis-ha: # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled # @default -- `'""'` save: '""' + ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. haproxy: # -- Enabled HAProxy LoadBalancing/Proxy enabled: true metrics: # -- HAProxy enable prometheus metric scraping enabled: true - image: - # -- Redis tag - tag: 7.0.11-alpine + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + # -- Assign custom [affinity] rules to the haproxy pods. + affinity: {} + # -- [Tolerations] for use with node taints for haproxy pods. + tolerations: [] + # -- Whether the Redis server pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the Redis server pods. + additionalAffinities: {} + + # -- Assign custom [affinity] rules to the Redis pods. + affinity: {} + + # -- [Tolerations] for use with node taints for Redis pods. + tolerations: [] + + # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints From eebb8c8d489ea41ce5ba388a14208c8e05cff67a Mon Sep 17 00:00:00 2001 From: Andrew Hamilton Date: Sat, 9 Sep 2023 01:55:47 -0700 Subject: [PATCH 128/617] feat(argo-cd): adds toggle for helm-working-dir (#2249) - Adds a toggle to be able to turn off the helm-working-dir for the repo server deployment. Using a shared helm repo storage directory can cause issues when multiple helm commands are being run in parallel. The repo server also has the ability to rebuild the repos and do updates in the normal flow for checking the status of an application so it won't cause issues if it's disabled. Signed-off-by: Andrew Hamilton --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 6 ++++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 39ecaeb6..fcbd0642 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.5 +version: 5.46.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Documented scheduling parameters for redis-ha + description: added a toggle for the shared Helm working directory diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 49abfcea..5b780b0b 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -655,6 +655,7 @@ NAME: my-release | repoServer.serviceAccount.name | string | `""` | Repo server service account name | | repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | | repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | | repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 61fb545a..3080c79f 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -231,12 +231,14 @@ spec: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir + {{- end }} {{- with .Values.repoServer.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -255,8 +257,10 @@ spec: name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - mountPath: /helm-working-dir name: helm-working-dir + {{- end }} - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp @@ -349,8 +353,10 @@ spec: {{- with .Values.repoServer.volumes }} {{- toYaml . | nindent 6 }} {{- end }} + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: helm-working-dir emptyDir: {} + {{- end }} - name: plugins emptyDir: {} - name: var-files diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a9ab7ad6..22dcfcc6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2177,6 +2177,9 @@ repoServer: # - name: cmp-tmp # emptyDir: {} + # -- Toggle the usage of a ephemeral Helm working directory + useEphemeralHelmWorkingDir: true + # -- Annotations to be added to repo server Deployment deploymentAnnotations: {} From 738fe78d2096b6543114b1d94d5dba6157b78adf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Sep 2023 18:39:19 +0900 Subject: [PATCH 129/617] chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 (#2258) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/f43a0e5ff2bd294095638e18286ca9a3d1956744...3df4ab11eba7bda6032a0b82a6bb43b11571feac) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index a78bf610..52e4746b 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9ad42ed7..0c8f7cbf 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3f00b6dd..86ff1a7b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: persist-credentials: false From 366114b3db06170065a80eeb773c010ad7f251d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Sep 2023 18:40:59 +0900 Subject: [PATCH 130/617] chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#2259) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...a8a3f3ad30e3422c9c7b888a15615d19a852ae32) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 86ff1a7b..8a924219 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif From db76bbed97c6be2248446debdc00e1c75cb6f3f5 Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Sat, 9 Sep 2023 21:57:17 -0400 Subject: [PATCH 131/617] docs(argo-workflows): add an HA section (#2183) * feat(argo-workflows): add a sample HA config - a `values-ha.yaml` as an example for how one would set-up HA according to the Argo Workflows docs Signed-off-by: Anton Gilgur * docs(argo-workflows): add an HA section - plus add a test for HA, which the docs link to as an example - link back to [upstream docs](https://argoproj.github.io/argo-workflows/high-availability/) as well - follow the same basic structure as the [Argo CD chart for HA](https://github.com/argoproj/argo-helm/blob/3e35b0c7f7d758d553b17f369cc5940484ef5d89/charts/argo-cd/README.md?plain=1#L17) - as asked in review Signed-off-by: Anton Gilgur --------- Signed-off-by: Anton Gilgur Signed-off-by: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 5 +++++ charts/argo-workflows/README.md.gotmpl | 5 +++++ charts/argo-workflows/ci/ha-values.yaml | 23 +++++++++++++++++++++++ 4 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 charts/argo-workflows/ci/ha-values.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 60dd66c8..85de8f7e 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.2 +version: 0.33.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.4.11 + - kind: fixed + description: Add HA docs and example diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index ef78bc5b..732baecd 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -75,6 +75,11 @@ For full list of changes, please check ArtifactHub [changelog]. ## Usage Notes +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. + ### Workflow controller This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 8316e9a0..60aa62af 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -75,6 +75,11 @@ For full list of changes, please check ArtifactHub [changelog]. ## Usage Notes +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. + ### Workflow controller This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. diff --git a/charts/argo-workflows/ci/ha-values.yaml b/charts/argo-workflows/ci/ha-values.yaml new file mode 100644 index 00000000..3dfbb572 --- /dev/null +++ b/charts/argo-workflows/ci/ha-values.yaml @@ -0,0 +1,23 @@ +# Sample values for High Availability configuration, following https://argoproj.github.io/argo-workflows/high-availability/ + +controller: + # in v3.0+, a second controller can be ran as a hot-standby: https://argoproj.github.io/argo-workflows/high-availability/#workflow-controller + replicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 + +server: + # enable HPA with at least two Pods + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: true + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 From 95f56b534c69b33190f0db106a93e6781a7b6ed4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 11 Sep 2023 22:24:21 +0900 Subject: [PATCH 132/617] fix(argo-cd): Migrate leftover of applicationSet.replicaCount to applicationSet.replicas (#2261) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fcbd0642..291f33dc 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.0 +version: 5.46.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: added a toggle for the shared Helm working directory + - kind: fixed + description: Migrate leftover of applicationSet.replicaCount to applicationSet.replicas diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 05852686..b5d62a6a 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -201,7 +201,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} {{- if .Values.applicationSet.enabled -}} -{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt (.Values.applicationSet.replicaCount | int64) 1) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} {{- end -}} {{- toYaml $presets }} {{- end -}} From d51d3c6b692e9729869bb1180bcaa7b18ef1f771 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Mon, 11 Sep 2023 19:32:56 -0400 Subject: [PATCH 133/617] docs(argo-cd): improve changelog (#2262) * clarify 5.19.0 changes * revise wording Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/README.md.gotmpl | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 291f33dc..82e892e2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.1 +version: 5.46.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Migrate leftover of applicationSet.replicaCount to applicationSet.replicas + - kind: changed + description: Improve readme migration notes diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5b780b0b..abb6be29 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -106,7 +106,7 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. ### 5.35.0 -This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -126,7 +126,7 @@ This versions adds `global.affinity` options that are used as a presets. Overrid ### 5.19.0 -This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. ### 5.13.0 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index dce6d922..5dc048b4 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -105,7 +105,7 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. ### 5.35.0 -This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -126,7 +126,7 @@ This versions adds `global.affinity` options that are used as a presets. Overrid ### 5.19.0 -This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. ### 5.13.0 From bf1e4f2dde154a91e97c325748ca7e3681988cc9 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 13 Sep 2023 09:48:41 -0400 Subject: [PATCH 134/617] fix(github): Fix changelog spelling of versions (#2263) Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Co-authored-by: Aikawa --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1f7745b5..d67ddefc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -64,7 +64,7 @@ Each release for each chart must be immutable. Any change to a chart (even just ### Chart Versioning -Currently we require a chart version bump for every change to a chart, including updating information for older verions. This may change in the future. +Currently we require a chart version bump for every change to a chart, including updating information for older versions. This may change in the future. ### Artifact Hub Annotations From 44ddf5986426379f120f111a91a69db95c2c4498 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 14 Sep 2023 13:33:34 +0900 Subject: [PATCH 135/617] chore(argo-cd): Upgrade Argo CD to v2.8.4 (#2268) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/clusterrole.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 82e892e2..b56bf88f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.3 +appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.2 +version: 5.46.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Improve readme migration notes + description: Upgrade Argo CD to v2.8.4 diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 3d2c44b5..838016fa 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -48,6 +48,7 @@ rules: - apiGroups: - batch resources: + {{/* supports triggering jobs from UI */}} - jobs verbs: - create @@ -56,5 +57,6 @@ rules: resources: - workflows verbs: + {{/* supports triggering workflows from UI */}} - create {{- end }} From 736b82433918304b086aaa4401f84f366eecd8b9 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 15 Sep 2023 19:47:59 +0900 Subject: [PATCH 136/617] fix(argo-cd): Align redis-ha's affinity type to upstream due to warnings (#2270) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b56bf88f..49d2233c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.3 +version: 5.46.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.4 + - kind: fixed + description: Align redis-ha's affinity type to upstream due to warnings diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index abb6be29..bb51d130 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1000,13 +1000,13 @@ The main options are listed here: | Key | Type | Default | Description | |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | -| redis-ha.affinity | object | `{}` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | -| redis-ha.haproxy.affinity | object | `{}` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 22dcfcc6..fb078ac6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1415,7 +1415,7 @@ redis-ha: # -- Additional affinities to add to the haproxy pods. additionalAffinities: {} # -- Assign custom [affinity] rules to the haproxy pods. - affinity: {} + affinity: | # -- [Tolerations] for use with node taints for haproxy pods. tolerations: [] @@ -1426,7 +1426,7 @@ redis-ha: additionalAffinities: {} # -- Assign custom [affinity] rules to the Redis pods. - affinity: {} + affinity: | # -- [Tolerations] for use with node taints for Redis pods. tolerations: [] From 8d00bec86ebb64f2bbd428e3aaaf535e708ed5e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Sep 2023 07:15:00 -0500 Subject: [PATCH 137/617] chore(deps): bump docker/login-action from 2.2.0 to 3.0.0 (#2271) --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0c8f7cbf..07319d36 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -65,7 +65,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.actor }} From 5626d0536f6f3e43273d2efa3b98641e29dcb4aa Mon Sep 17 00:00:00 2001 From: Mats Willemsen <60099717+ma-ts@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:21:36 +0200 Subject: [PATCH 138/617] fix(argo-cd): make ServiceMonitor annotations in ArgoCD server conditional (#2273) * fix: add argocd servicemonitor annotations conditionally Signed-off-by: Mats Willemsen * chore(argo-cd): add changelog Signed-off-by: Mats Willemsen --------- Signed-off-by: Mats Willemsen --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 49d2233c..9b423e8f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.4 +version: 5.46.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Align redis-ha's affinity type to upstream due to warnings + description: fixed issue with argocd-server servicemonitor annotation attribute being added even when no annotations where defined diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index f876a1a1..d036a8e1 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -12,10 +12,10 @@ metadata: {{- with .Values.server.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.annotations }} annotations: - {{- range $key, $value := .Values.server.metrics.serviceMonitor.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.server.metrics.service.portName }} From 7a17fc2dc9688ce4db918079c13c83d8bd84c3d4 Mon Sep 17 00:00:00 2001 From: sibucan Date: Tue, 19 Sep 2023 05:01:42 -0400 Subject: [PATCH 139/617] fix(argo-cd): Add checksum for CMP ConfigMap in repo-server Pod annotations (#2275) Add checksum for CMP ConfigMap in repo-server This helm chart defines the plugins as ConfigMaps -- according to the docs, when the CM is modified, the repo-server Pod must be restarted to have the sidecars pick up the latest changes: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#debugging-a-cmp The changes in this helm chart allow for a checksum to be calculated from the ConfigMap and added as a Pod annotation so whenever the CM values are modified, the Pod is restarted automatically. Signed-off-by: sibucan --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9b423e8f..20d4f52a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.5 +version: 5.46.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: fixed issue with argocd-server servicemonitor annotation attribute being added even when no annotations where defined + description: fixed repo-server deployment not restarting when a cmp configmap is modified diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 3080c79f..ea54e79d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} + {{- if .Values.configs.cmp.create }} + checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} From 2a5bbf5cefdf8546bbf612ecf59c898996492142 Mon Sep 17 00:00:00 2001 From: Pieter <110168856+Pionerd@users.noreply.github.com> Date: Fri, 22 Sep 2023 17:39:58 +0200 Subject: [PATCH 140/617] fix(argo-cd): Redis to 7.0.13 to fix CVE-2022-48174 (#2279) * Redis to 7.0.13 Signed-off-by: Pieter van der Giessen * changelog Signed-off-by: Pieter van der Giessen --------- Signed-off-by: Pieter van der Giessen --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 20d4f52a..1bfed795 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.6 +version: 5.46.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: fixed repo-server deployment not restarting when a cmp configmap is modified + - kind: security + description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bb51d130..16661971 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -947,7 +947,7 @@ server: | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.11-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.13-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -1013,7 +1013,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fb078ac6..fed4e97c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1162,7 +1162,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.11-alpine + tag: 7.0.13-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1381,7 +1381,7 @@ redis-ha: # -- Redis repository repository: redis # -- Redis tag - tag: 7.0.11-alpine + tag: 7.0.13-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From 03c1be1c6d92eae55a77b4d691dcdb470f8c68c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Sep 2023 20:45:16 +0900 Subject: [PATCH 141/617] chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#2280) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/3df4ab11eba7bda6032a0b82a6bb43b11571feac...8ade135a41bc03ea155e62e844d188df1ea18608) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 52e4746b..719651ed 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 07319d36..99f0698d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8a924219..a02eda74 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: persist-credentials: false From 82081bce8ca4491a2a03e08dc04eec4f72c635cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Sep 2023 22:53:47 -0500 Subject: [PATCH 142/617] chore(deps): bump amannn/action-semantic-pull-request from 5.2.0 to 5.3.0 (#2284) --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 2d45de12..be77f1ae 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 + - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From e9f6b1a8b48c499b8124df1b7d1db33dad979974 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 07:19:01 -0500 Subject: [PATCH 143/617] chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#2290) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a02eda74..b1dc3b04 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 + uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 with: results_file: results.sarif results_format: sarif From 37069f92c953a7e1da2e281d4fdab9b368b737da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 07:37:13 -0500 Subject: [PATCH 144/617] chore(deps): bump actions/setup-python from 4.7.0 to 4.7.1 (#2289) --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 719651ed..9ac90a30 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.9 From 052454f23392d957e8374aaffc5005baba211bd5 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 12 Oct 2023 11:50:51 +0200 Subject: [PATCH 145/617] fix(argo-cd): Sync redis / redis-ha readOnlyRootFilesystem from upstream (#2294) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/values.yaml | 10 ++++++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1bfed795..5f437944 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.7 +version: 5.46.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174 + - kind: fixed + description: Sync redis / redis-ha readOnlyRootFilesystem=true option from upstream. This was part of Argo CD 2.8.0. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 16661971..b2101038 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1001,12 +1001,14 @@ The main options are listed here: |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fed4e97c..b029dfaa 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1279,6 +1279,7 @@ redis: # -- Redis container-level security context # @default -- See [values.yaml] containerSecurityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -1416,8 +1417,13 @@ redis-ha: additionalAffinities: {} # -- Assign custom [affinity] rules to the haproxy pods. affinity: | + # -- [Tolerations] for use with node taints for haproxy pods. tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true # -- Whether the Redis server pods should be forced to run on separate nodes. hardAntiAffinity: true @@ -1445,6 +1451,10 @@ redis-ha: # -- Enforcement policy, hard or soft # @default -- `""` (defaults to `ScheduleAnyway`) whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true # External Redis parameters externalRedis: From 2730dc24c7ad69b98d3206705a5ebf5cb34dd96b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 12 Oct 2023 23:14:41 +0900 Subject: [PATCH 146/617] feat(argo-workflows): Configure declarative server auth mode (#2291) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 5 +++-- .../templates/server/server-deployment.yaml | 3 +++ charts/argo-workflows/values.yaml | 16 +++++++--------- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 85de8f7e..3b1a60bd 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.3 +version: 0.34.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add HA docs and example + - kind: changed + description: Configure declarative server auth mode. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 732baecd..d5485a58 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -256,6 +256,7 @@ Fields to note: | server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | +| server.authMode | string | `""` | Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | @@ -267,7 +268,7 @@ Fields to note: | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | | server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment | | server.enabled | bool | `true` | Deploy the Argo Server | -| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. | +| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. | | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | | server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | @@ -315,7 +316,7 @@ Fields to note: | server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | -| server.sso.enabled | bool | `false` | Create SSO configuration | +| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index b2e50967..cea885da 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -52,6 +52,9 @@ spec: {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if .Values.server.authMode }} + - "--auth-mode={{ .Values.server.authMode }}" + {{- end }} - "--secure={{ .Values.server.secure }}" {{- if .Values.singleNamespace }} - "--namespaced" diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index d6d22464..1d1e60b8 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -522,14 +522,13 @@ server: # - name: FOO # value: "bar" - # -- Extra arguments to provide to the Argo server binary, such as for disabling authentication. + # -- Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. + ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + authMode: "" + + # -- Extra arguments to provide to the Argo server binary. + ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options extraArgs: [] - # If you want to disable authentication for purposes such as: - # - local dev-mode without authentication - # - gateway authentication through some other service such as KeyCloak - # uncomment the lines below and comment out the default empty list `extraArgs: []` above: - # extraArgs: - # - --auth-mode=server logging: # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) @@ -631,8 +630,7 @@ server: # SSO configuration when SSO is specified as a server auth mode. sso: - # -- Create SSO configuration - ## SSO is activated by adding --auth-mode=sso to the server command line. + # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. enabled: false # -- The root URL of the OIDC identity provider issuer: https://accounts.google.com From df9ee892b50b930e9ddd541b15298d7a59c80a4e Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 13 Oct 2023 16:59:02 -0500 Subject: [PATCH 147/617] chore(argo-workflows): Upgrade argo-workflows to 3.5.0 (#2228) Diff based on the rc1 branch currently here [3.4.10...3.5.0](https://github.com/argoproj/argo-workflows/compare/v3.4.10...v3.5.0) Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 6 +++--- .../crds/argoproj.io_workflowtaskresults.yaml | 13 +++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 3b1a60bd..79c898f5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.11 +appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.34.0 +version: 0.35.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Configure declarative server auth mode. + description: Upgrade to Argo Workflows v3.4.10 diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml index e9bb93f6..861f1df8 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml @@ -441,6 +441,8 @@ spec: type: object securityToken: type: string + useSDKCreds: + type: boolean required: - key type: object @@ -470,6 +472,17 @@ spec: type: object bucket: type: string + caSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object createBucketIfNotPresent: properties: objectLocking: From 8c72bed7796333c6f50277b58987721f5f6d818b Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 17 Oct 2023 17:40:33 +0200 Subject: [PATCH 148/617] feat(argo-workflows): Added commonLabels (#2300) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 3 +++ charts/argo-workflows/values.yaml | 3 +++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 79c898f5..babc96c5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.35.0 +version: 0.36.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade to Argo Workflows v3.4.10 + - kind: added + description: added support for commonLabels diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index d5485a58..31582fc4 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -108,6 +108,7 @@ Fields to note: |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| commonLabels | object | `{}` | Labels to set on all resources | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index f81e6fc4..0713264f 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -79,6 +79,9 @@ helm.sh/chart: {{ include "argo-workflows.chart" .context }} {{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argo-workflows +{{- with .context.Values.commonLabels }} +{{ toYaml .}} +{{- end }} {{- end }} {{/* diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 1d1e60b8..8d98b37e 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -26,6 +26,9 @@ nameOverride: # -- String to fully override "argo-workflows.fullname" template fullnameOverride: +# -- Labels to set on all resources +commonLabels: {} + # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" From 575ee244b23fa96b9dc3f118fb97f5a6c5f76863 Mon Sep 17 00:00:00 2001 From: Jonathan Raymond Date: Tue, 17 Oct 2023 17:53:16 -0600 Subject: [PATCH 149/617] fix(argo-workflows): add all crds to aggregate-roles template (#2301) fix: add all crds to aggregate-roles Signed-off-by: Jonathan Raymond --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-aggregate-roles.yaml | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index babc96c5..c90d5446 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.36.0 +version: 0.36.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: added support for commonLabels + - kind: fixed + description: added all crds to aggregate-roles diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index 977bb86b..ca2ae93e 100644 --- a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -20,6 +20,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - get - list @@ -46,6 +52,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete @@ -79,6 +91,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete From 579b91fde33ef8e469817a3507853d8fb8058632 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Oct 2023 07:48:41 -0500 Subject: [PATCH 150/617] chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2304) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 9ac90a30..bd97afe9 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 99f0698d..9d3a170f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b1dc3b04..64dd515a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false From 14e2e32bedf186c088da0804c262298ca771bc2f Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 24 Oct 2023 19:06:28 +0900 Subject: [PATCH 151/617] chore(argo-workflows): Add sample of PostgreSQL ssl entries in values.yaml (#2307) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c90d5446..4b42b7a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.36.1 +version: 0.36.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: added all crds to aggregate-roles + - kind: added + description: Add sample of PostgreSQL ssl entries in values.yaml diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8d98b37e..84cd8aef 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -161,6 +161,10 @@ controller: # passwordSecret: # name: argo-postgres-config # key: password + # ssl: true + # # sslMode must be one of: disable, require, verify-ca, verify-full + # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq + # sslMode: require # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # Only valid for 2.7+ From a67424d0c43cf0231d77fb1e086fba0a686094f7 Mon Sep 17 00:00:00 2001 From: Ujin <592652+evgeniy-khatko@users.noreply.github.com> Date: Tue, 24 Oct 2023 08:34:49 -0400 Subject: [PATCH 152/617] feat(argo-workflows): Updated supported workers parameters (#2297) * feat(argo-workflows): Updated supported workers parameters Change ------ Based on argo-workflows [scaling documents](https://argoproj.github.io/argo-workflows/scaling/) it's possible to set following workers values: `--workflow-workers`, `--workflow-ttl-workers`, `--pod-cleanup-workers` and statring 3.5 `--cron-workflow-workers`. This change allows chart consumers to take advatage of _all_ these parameters. Testing ------- ``` helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep workers helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" - "--workflow-ttl-workers" - "20" helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" - "--workflow-ttl-workers" - "20" - "--pod-cleanup-workers" - "30" helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" - "--workflow-ttl-workers" - "20" - "--pod-cleanup-workers" - "30" - "--cron-workflow-workers" - "40" ``` Signed-off-by: Evgeny Khatko Signed-off-by: Evgeny Khatko * Addressing PR feedback. Signed-off-by: Evgeny Khatko * newline Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> * Update Chart.yaml Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> * Update Chart.yaml Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> --------- Signed-off-by: Evgeny Khatko Signed-off-by: Evgeny Khatko Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> Co-authored-by: Evgeny Khatko Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 3 +++ .../controller/workflow-controller-deployment.yaml | 12 ++++++++++++ charts/argo-workflows/values.yaml | 7 +++++++ 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 4b42b7a5..44d16bab 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.36.2 +version: 0.37.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add sample of PostgreSQL ssl entries in values.yaml + - kind: changed + description: Updated supported scaling parameters based on https://argoproj.github.io/argo-workflows/scaling/ diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 31582fc4..03811169 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -142,6 +142,7 @@ Fields to note: | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | @@ -182,6 +183,7 @@ Fields to note: | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | | controller.persistence | object | `{}` | enable persistence using postgres | | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | +| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers | | controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | | controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. | | controller.podLabels | object | `{}` | Optional labels to add to the controller pods | @@ -221,6 +223,7 @@ Fields to note: | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ | | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. | | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ | +| controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers | | controller.workflowWorkers | string | `nil` | Number of workflow workers | ### Workflow Main Container diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index c391bee8..132d7f8c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -60,6 +60,18 @@ spec: - "--workflow-workers" - {{ . | quote }} {{- end }} + {{- with .Values.controller.workflowTTLWorkers }} + - "--workflow-ttl-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podCleanupWorkers }} + - "--pod-cleanup-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.cronWorkflowWorkers }} + - "--cron-workflow-workers" + - {{ . | quote }} + {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 84cd8aef..cae5f749 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -180,6 +180,13 @@ controller: # -- Number of workflow workers workflowWorkers: # 32 + # -- Number of workflow TTL workers + workflowTTLWorkers: # 4 + # -- Number of pod cleanup workers + podCleanupWorkers: # 4 + # -- Number of cron workflow workers + # Only valid for 3.5+ + cronWorkflowWorkers: # 8 # -- Restricts the Workflows that the controller will process. # Only valid for 2.9+ workflowRestrictions: {} From 804af65b38dd1c4a27a3df5fb478d18c126a6e24 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Tue, 24 Oct 2023 07:39:37 -0500 Subject: [PATCH 153/617] fix(argo-rollouts): controller replicas count comparison (#2309) --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/templates/controller/deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 457f76a0..ddc6582b 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.0 +version: 2.32.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Rollouts to v1.6.0 + - kind: fixed + description: Use integer instead of float for controller replicas diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 966491c8..23dc14cb 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -48,7 +48,7 @@ spec: {{- if not .Values.clusterInstall }} - --namespaced {{- end }} - {{- if gt .Values.controller.replicas 1.0 }} + {{- if gt (int .Values.controller.replicas) 1 }} - --leader-elect {{- end }} {{- with .Values.controller.extraArgs }} From a41b70b59cf2ff7e9495969e041d853c8e06ba0d Mon Sep 17 00:00:00 2001 From: gussan <83329336+toyamagu-2021@users.noreply.github.com> Date: Fri, 27 Oct 2023 18:43:52 +0900 Subject: [PATCH 154/617] feat(argo-cd): add terminationGracePeriodSeconds (#2310) Signed-off-by: toyamagu-2021 --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 7 +++++++ .../statefulset.yaml | 3 +++ .../argocd-applicationset/deployment.yaml | 3 +++ .../argocd-notifications/deployment.yaml | 3 +++ .../argocd-repo-server/deployment.yaml | 3 +++ .../templates/argocd-server/deployment.yaml | 3 +++ charts/argo-cd/templates/dex/deployment.yaml | 3 +++ .../argo-cd/templates/redis/deployment.yaml | 3 +++ charts/argo-cd/values.yaml | 21 +++++++++++++++++++ 10 files changed, 52 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5f437944..7302ce5e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.8 +version: 5.47.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Sync redis / redis-ha readOnlyRootFilesystem=true option from upstream. This was part of Argo CD 2.8.0. + - kind: added + description: add terminationGracePeriodSeconds diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b2101038..d870dbdc 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -561,6 +561,7 @@ NAME: my-release | controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | | controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | | controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | @@ -653,6 +654,7 @@ NAME: my-release | repoServer.serviceAccount.create | bool | `true` | Create repo server service account | | repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | | repoServer.serviceAccount.name | string | `""` | Repo server service account name | +| repoServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | | repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | @@ -807,6 +809,7 @@ NAME: my-release | server.serviceAccount.create | bool | `true` | Create server service account | | server.serviceAccount.labels | object | `{}` | Labels applied to created service account | | server.serviceAccount.name | string | `"argocd-server"` | Server service account name | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | @@ -915,6 +918,7 @@ server: | dex.servicePortHttp | int | `5556` | Service port for HTTP access | | dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | | dex.servicePortMetrics | int | `5558` | Service port for metrics access | +| dex.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex | | dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | @@ -986,6 +990,7 @@ server: | redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | | redis.serviceAccount.name | string | `""` | Service account name for redis pod | | redis.servicePort | int | `6379` | Redis service port | +| redis.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis | | redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | @@ -1136,6 +1141,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | | applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | | applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | +| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | | applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | @@ -1214,6 +1220,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | | notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | | notifications.templates | object | `{}` | The notification template is used to generate the notification content | +| notifications.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3583a2b7..31bce299 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -52,6 +52,9 @@ spec: {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} containers: - args: diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index d8fb8cbc..ed161d53 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -52,6 +52,9 @@ spec: {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.applicationSet.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} containers: - name: {{ .Values.applicationSet.name }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index d2eca77f..633e1943 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -51,6 +51,9 @@ spec: {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.notifications.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }} containers: - name: {{ .Values.notifications.name }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index ea54e79d..515984d7 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -62,6 +62,9 @@ spec: {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.repoServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} containers: - name: {{ .Values.repoServer.name }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index e3f322cb..983121a9 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -53,6 +53,9 @@ spec: {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} containers: - name: {{ .Values.server.name }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index abca6e14..9f782c8d 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -55,6 +55,9 @@ spec: {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.dex.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} containers: - name: {{ .Values.dex.name }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 419e5f31..3f272d02 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -48,6 +48,9 @@ spec: {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.redis.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }} containers: - name: {{ .Values.redis.name }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b029dfaa..0352ef2e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -731,6 +731,9 @@ controller: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Priority class for the application controller pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" @@ -1074,6 +1077,9 @@ dex: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + serviceAccount: # -- Create dex service account create: true @@ -1313,6 +1319,9 @@ redis: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + serviceAccount: # -- Create a service account for the redis pod create: false @@ -1718,6 +1727,9 @@ server: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Priority class for the Argo CD server pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" @@ -2261,6 +2273,9 @@ repoServer: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} @@ -2618,6 +2633,9 @@ applicationSet: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} @@ -2931,6 +2949,9 @@ notifications: drop: - ALL + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} From 9193d8592949969e7d05e24e066b77ada6a50b9e Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 28 Oct 2023 16:28:44 +0900 Subject: [PATCH 155/617] chore(argo-cd): Upgrade Argo CD to v2.8.5 (#2313) --- charts/argo-cd/Chart.yaml | 8 ++++---- .../templates/argocd-notifications/deployment.yaml | 8 +++++++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7302ce5e..06de55fb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.4 +appVersion: v2.8.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.47.0 +version: 5.48.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add terminationGracePeriodSeconds + - kind: changed + description: Upgrade Argo CD to v2.8.5 diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 633e1943..edee786a 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -78,13 +78,19 @@ spec: configMapKeyRef: key: notificationscontroller.log.level name: argocd-cmd-params-cm - optional: true + optional: true - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT valueFrom: configMapKeyRef: key: notificationscontroller.log.format name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} From 25d7b519bc7fc37d2820721cd648f3a3403d0e38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Oct 2023 14:21:37 +0200 Subject: [PATCH 156/617] chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#2314) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 64dd515a..3273e72d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif From 0cc17965301b838977c8b1cca2cbf86969c889a0 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 30 Oct 2023 09:51:56 +0100 Subject: [PATCH 157/617] fix(argo-cd): Update Bitbucket SSH key (#2317) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 06de55fb..ac473f03 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.48.0 +version: 5.48.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.8.5 + description: Update Bitbucket.org SSH key diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 0352ef2e..802e512c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -326,7 +326,7 @@ configs: [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= From 94c0a0a246771e0d1996de4759d3dba036407b27 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 30 Oct 2023 16:42:32 +0200 Subject: [PATCH 158/617] feat(argo-cd): add notification cluster role (#2315) * Add notification cluster role Signed-off-by: drfaust92 * Add notification cluster role Signed-off-by: drfaust92 * Add notification cluster role Signed-off-by: drfaust92 * Add notification cluster role Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 --- charts/argo-cd/Chart.yaml | 6 ++--- charts/argo-cd/README.md | 1 + .../argocd-notifications/clusterrole.yaml | 22 +++++++++++++++++++ .../clusterrolebinding.yaml | 16 ++++++++++++++ charts/argo-cd/values.yaml | 6 +++++ 5 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-notifications/clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac473f03..eaa7c2c6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.48.1 +version: 5.49.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update Bitbucket.org SSH key + - kind: added + description: Add notification cluster role support diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d870dbdc..e0e25025 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1160,6 +1160,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml new file mode 100644 index 00000000..1d2e0fd7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +rules: + {{- with .Values.notifications.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- end }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - get + - list + - watch + - update + - patch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml new file mode 100644 index 00000000..1b47bf12 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.notificationsServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 802e512c..4ec93222 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2997,6 +2997,12 @@ notifications: # -- Whether helm chart creates notifications controller config map create: true + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- List of custom rules for the notifications controller's ClusterRole resource + rules: [] + # -- Contains centrally managed global application subscriptions ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ subscriptions: [] From 4f5c75fbc7513d0359e11208e24df51474493686 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 30 Oct 2023 12:42:39 -0500 Subject: [PATCH 159/617] fix(argo-rollouts): Update AnalysisRun CRD to match upstream (#2320) --- charts/argo-rollouts/Chart.yaml | 4 +- .../templates/crds/analysis-run-crd.yaml | 51 ++++++++++++++++++- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ddc6582b..6d343fdc 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.1 +version: 2.32.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Use integer instead of float for controller replicas + description: Update AnalysisRun CRD to match upstream diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 7324e908..1dddfa7d 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -189,13 +189,22 @@ spec: datadog: properties: apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: type: string interval: + default: 5m type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query type: object graphite: properties: @@ -2809,6 +2818,19 @@ spec: type: string authentication: properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object sigv4: properties: profile: @@ -2857,6 +2879,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: From 2eb537dde00f9bc6d250ea349ad85a709565cce0 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Tue, 31 Oct 2023 12:21:05 -0500 Subject: [PATCH 160/617] fix(github): update chart testing action due to failure (#2324) Getting failure when running chart testing action pulling v2.0.0 from sigstore Updating action to see if this helps Signed-off-by: jmeridth --- .github/workflows/lint-and-test.yml | 4 ++-- scripts/lint.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index bd97afe9..b6da136f 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,10 +38,10 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 + uses: helm/chart-testing-action@b43128a8b25298e1e7b043b78ea6613844e079b1 # v2.6.0 with: # Note: Also update in scripts/lint.sh - version: v3.7.1 + version: v3.10.0 - name: List changed charts id: list-changed diff --git a/scripts/lint.sh b/scripts/lint.sh index b44a6cee..6061adb5 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -9,7 +9,7 @@ echo -e "\n-- Linting all Helm Charts --\n" docker run \ -v "$SRCROOT:/workdir" \ --entrypoint /bin/sh \ - quay.io/helmpack/chart-testing:v3.7.1 \ + quay.io/helmpack/chart-testing:v3.10.0 \ -c cd /workdir \ ct lint \ --config .github/configs/ct-lint.yaml \ From 733d84a42398cc1a1a6dea8bf75b2a7a2bf3101f Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:48:55 +0000 Subject: [PATCH 161/617] chore(argo-cd): Upgrade Argo CD to v2.8.6 (#2323) * chore(argo-cd): Upgrade Argo CD to v2.8.6 Signed-off-by: Tim Collins * fix: drop unrecognized helm timeout Signed-off-by: jmeridth --------- Signed-off-by: Tim Collins Signed-off-by: Jason Meridth Signed-off-by: jmeridth Co-authored-by: Jason Meridth --- .github/configs/ct-lint.yaml | 1 - charts/argo-cd/Chart.yaml | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/configs/ct-lint.yaml b/.github/configs/ct-lint.yaml index 1e66067a..99cb8b3c 100644 --- a/.github/configs/ct-lint.yaml +++ b/.github/configs/ct-lint.yaml @@ -7,7 +7,6 @@ chart-dirs: - charts chart-repos: - dandydeveloper=https://dandydeveloper.github.io/charts/ -helm-extra-args: "--timeout 600s" validate-chart-schema: false validate-maintainers: true validate-yaml: true diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eaa7c2c6..8114ee70 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.5 +appVersion: v2.8.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.49.0 +version: 5.50.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add notification cluster role support + - kind: changed + description: Upgrade Argo CD to v2.8.6 From 4afebb25f60aeeadb7c4365ab2fc1824185d0aa8 Mon Sep 17 00:00:00 2001 From: Denis Kadyshev Date: Thu, 2 Nov 2023 16:43:50 +0700 Subject: [PATCH 162/617] fix(argo-cd): Create notifications clusterrole and clusterrolebinding when enabled (#2326) * Create clusterrole for nitifications only when notifications enabled Signed-off-by: Denis Kadyshev * Create clusterrolebinding for nitifications only when notifications enbaled Signed-off-by: Denis Kadyshev * Bump version in Chart.yaml Signed-off-by: Denis Kadyshev * Update Chart.yaml Signed-off-by: Denis Kadyshev * Update Chart.yaml Signed-off-by: Denis Kadyshev --------- Signed-off-by: Denis Kadyshev --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-notifications/clusterrole.yaml | 2 +- .../templates/argocd-notifications/clusterrolebinding.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8114ee70..d986c987 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.50.0 +version: 5.50.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.6 + - kind: fixed + description: Create notifications clusterrole and clusterrolebinding when enabled diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index 1d2e0fd7..927d30a0 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml index 1b47bf12..3dba71a2 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: From d170cdb2df6c9a78fff7f7ec3240be7cf046afea Mon Sep 17 00:00:00 2001 From: Max! Date: Fri, 3 Nov 2023 21:39:05 +0100 Subject: [PATCH 163/617] fix(argo-workflows): Fix outdated URL in values.yaml comments (#2328) * fix outdated link branch link Branch was renamed prior, redirects to main now Signed-off-by: Max! * Update Chart.yaml Signed-off-by: Max! * add to changelog Signed-off-by: Max! --------- Signed-off-by: Max! --- charts/argo-workflows/Chart.yaml | 4 +++- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 44d16bab..53d392c2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.37.0 +version: 0.37.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -18,3 +18,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: Updated supported scaling parameters based on https://argoproj.github.io/argo-workflows/scaling/ + - kind: changed + description: Updated a url in values.yaml comments. diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index cae5f749..8d3c830d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -124,7 +124,7 @@ controller: # -- Service metrics port name servicePortName: metrics # -- ServiceMonitor relabel configs to apply to samples before scraping - ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] # -- ServiceMonitor metric relabel configs to apply to samples before ingestion ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint From a98dd96059a3c49c587ec56deba028642ac7f9ca Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 4 Nov 2023 14:57:43 +0900 Subject: [PATCH 164/617] chore(argo-workflows): Upgrade Argo Workflows to v3.5.1 (#2329) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 53d392c2..aa941d42 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.0 +appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.37.1 +version: 0.38.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,6 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Updated supported scaling parameters based on https://argoproj.github.io/argo-workflows/scaling/ - - kind: changed - description: Updated a url in values.yaml comments. + description: Upgrade Argo Workflows to v3.5.1 From 16f4c26e9cca37f3354056ae6d581bc74adf8c0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 4 Nov 2023 06:42:32 -0500 Subject: [PATCH 165/617] chore(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (#2330) chore(deps): bump amannn/action-semantic-pull-request Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/47b15d52c5c30e94a17ec87eb8dd51ff5221fed9...e9fabac35e210fea40ca5b14c0da95a099eff26f) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index be77f1ae..256b1c38 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0 + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 9f8f48386923bd7d7086798be709b3267f99f247 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 4 Nov 2023 06:43:58 -0500 Subject: [PATCH 166/617] chore(deps): bump helm/chart-releaser-action from 1.5.0 to 1.6.0 (#2331) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/be16258da8010256c6e82849661221415f031968...a917fd15b20e8b64b94d9158ad54cd6345335584) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9d3a170f..7c0e768b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -58,7 +58,7 @@ jobs: PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" - name: Run chart-releaser - uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 with: config: "./.github/configs/cr.yaml" env: From 8b17cdf924a047fb8b7c6aa819f87dbae7477492 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 4 Nov 2023 06:46:02 -0500 Subject: [PATCH 167/617] chore(deps): bump helm/chart-testing-action from 2.6.0 to 2.6.1 (#2332) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/b43128a8b25298e1e7b043b78ea6613844e079b1...e6669bcd63d7cb57cb4380c33043eebe5d111992) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index b6da136f..c2102b61 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,7 +38,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@b43128a8b25298e1e7b043b78ea6613844e079b1 # v2.6.0 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: # Note: Also update in scripts/lint.sh version: v3.10.0 From f634cf6e9c35458756a7a3b74e83a8c7c14398a8 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 6 Nov 2023 13:54:34 +0100 Subject: [PATCH 168/617] feat(argo-cd): Upgrade Argo CD to 2.9.0 (#2318) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 8 +- .../argocd-applicationset/deployment.yaml | 12 + .../argocd-repo-server/deployment.yaml | 12 + .../templates/argocd-server/clusterrole.yaml | 1 + .../templates/crds/crd-application.yaml | 389 ++++- .../templates/crds/crd-applicationset.yaml | 1471 +++++++++++++++++ 6 files changed, 1883 insertions(+), 10 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d986c987..fa544eff 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.6 +appVersion: v2.9.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.50.1 +version: 5.51.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Create notifications clusterrole and clusterrolebinding when enabled + - kind: changed + description: Upgrade Argo CD to v2.9.0 diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index ed161d53..b704650a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -90,6 +90,18 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 515984d7..90941428 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -231,6 +231,18 @@ spec: key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.helm.manifest.max.extracted.size + optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 838016fa..44d50515 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -40,6 +40,7 @@ rules: - argoproj.io resources: - applications + - applicationsets verbs: - get - list diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index b4d13a15..03401574 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -359,6 +359,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -657,6 +688,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -797,7 +859,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -805,8 +868,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster and - must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. type: string type: object ignoreDifferences: @@ -1067,6 +1131,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -1355,6 +1450,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -1796,6 +1922,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -2097,6 +2254,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -2542,6 +2730,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -2860,6 +3079,38 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -3292,6 +3543,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -3603,6 +3885,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -3804,7 +4117,8 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name + target cluster by its symbolic name. This must be set + if Server is not set. type: string namespace: description: Namespace specifies the target namespace @@ -3813,8 +4127,9 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. type: string type: object ignoreDifferences: @@ -4056,6 +4371,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -4367,6 +4713,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index fa0d926a..8d7409e5 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -269,6 +269,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -449,6 +479,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -788,6 +848,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -968,6 +1058,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1311,6 +1431,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1491,6 +1641,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1814,6 +1994,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1994,6 +2204,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -2341,6 +2581,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -2521,6 +2791,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -2860,6 +3160,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3040,6 +3370,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3383,6 +3743,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3563,6 +3953,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3886,6 +4306,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -4066,6 +4516,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -4399,6 +4879,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -4579,6 +5089,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5092,6 +5632,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5272,6 +5842,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5564,6 +6164,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -5578,6 +6180,8 @@ spec: - key - secretName type: object + topic: + type: string required: - group type: object @@ -5776,6 +6380,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5956,6 +6590,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -6293,6 +6957,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -6473,6 +7167,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -6820,6 +7544,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7000,6 +7754,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7339,6 +8123,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7519,6 +8333,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7862,6 +8706,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8042,6 +8916,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8365,6 +9269,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8545,6 +9479,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8878,6 +9842,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -9058,6 +10052,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -9571,6 +10595,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -9751,6 +10805,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10043,6 +11127,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -10057,6 +11143,8 @@ spec: - key - secretName type: object + topic: + type: string required: - group type: object @@ -10255,6 +11343,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10435,6 +11553,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10776,6 +11924,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10956,6 +12134,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -11286,6 +12494,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -11466,6 +12704,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -11979,6 +13247,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12159,6 +13457,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12451,6 +13779,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -12465,6 +13795,8 @@ spec: - key - secretName type: object + topic: + type: string required: - group type: object @@ -12663,6 +13995,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12843,6 +14205,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12994,12 +14386,31 @@ spec: items: type: string type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array preservedFields: properties: annotations: items: type: string type: array + labels: + items: + type: string + type: array type: object strategy: properties: @@ -13236,6 +14647,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -13416,6 +14857,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: From 622aee3850af8a0a3b4c7298fcc23e42f49cd799 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Mon, 6 Nov 2023 09:10:35 -0600 Subject: [PATCH 169/617] chore(github): Updated security documentation and CLOMonitor exemptions (#2333) * Updated security documentation and CLOMonitor exemptions Signed-off-by: Eddie Knight * Added license scanning exepmtion Signed-off-by: Eddie Knight * Added best practices badge to README Signed-off-by: Eddie Knight --------- Signed-off-by: Eddie Knight Co-authored-by: Jason Meridth --- .clomonitor.yml | 6 ++++++ CONTRIBUTING.md | 2 ++ README.md | 1 + SECURITY-INSIGHTS.yml | 23 +++++++++++++++++++++++ 4 files changed, 32 insertions(+) create mode 100644 SECURITY-INSIGHTS.yml diff --git a/.clomonitor.yml b/.clomonitor.yml index 9f1fff8c..c75e8a7b 100644 --- a/.clomonitor.yml +++ b/.clomonitor.yml @@ -7,6 +7,12 @@ exemptions: reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI) - check: sbom reason: "Tracking Helm dependencies is not yet a stable practice." + - check: self_assessment + reason: "Refer to self assessments supplied by the codebases Argo Helm supports." + - check: signed_releases + reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only." + - check: license_scanning + reason: "Temporary exemption: pending response from CNCF Service Desk" # TODO: # License scanning information diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d67ddefc..f9861dcb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -47,6 +47,8 @@ Any breaking changes to a chart (backwards incompatible) require: ### New Application Versions +Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release. + When selecting new application versions ensure you make the following changes: * `values.yaml`: Bump all instances of the container image version diff --git a/README.md b/README.md index b29bb3d1..0c5c6798 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7942/badge)](https://www.bestpractices.dev/projects/7942) Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml new file mode 100644 index 00000000..a983c4f1 --- /dev/null +++ b/SECURITY-INSIGHTS.yml @@ -0,0 +1,23 @@ +header: + schema-version: '1.0.0' + expiration-date: '2024-11-04T10:00:00.000Z' + project-url: https://github.com/argoproj/argo-helm +project-lifecycle: + status: active + bug-fixes-only: false + core-maintainers: + - https://github.com/mkilchhofer + - https://github.com/jmeridth +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true +distribution-points: + - https://github.com/argoproj/argo-helm/blob/main/SECURITY.md +vulnerability-reporting: + accepts-vulnerability-reports: true + email-contact: cncf-argo-maintainers@lists.cncf.io + security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md + comment: Please refer to the security policy for reporting information prior to using the email contact. +dependencies: + env-dependencies-policy: + policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions From 9840ebedc640e8f30e0f9223ff10dd9284af543e Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 9 Nov 2023 01:04:58 +0900 Subject: [PATCH 170/617] fix(argo-workflows): Accept multi auth mode for server (#2336) * fix(argo-workflows): Accept multi auth mode for server Signed-off-by: yu-croco * chore(argo-workflows): improve description of authMode Signed-off-by: yu-croco * chore(argo-workflows): keep the older value valid for now as compatibility. Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 3 ++- charts/argo-workflows/templates/NOTES.txt | 4 ++++ .../argo-workflows/templates/server/server-deployment.yaml | 3 +++ charts/argo-workflows/values.yaml | 7 +++++-- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index aa941d42..79929c7d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.38.0 +version: 0.39.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.5.1 + - kind: fixed + description: Accept multi auth mode for server. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 03811169..e3498867 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -260,7 +260,8 @@ Fields to note: | server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | -| server.authMode | string | `""` | Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. | +| server.authMode | string | `""` | Deprecated; use server.authModes instead. | +| server.authModes | list | `[]` | A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt index b4933a7d..43c1c8f8 100644 --- a/charts/argo-workflows/templates/NOTES.txt +++ b/charts/argo-workflows/templates/NOTES.txt @@ -1,3 +1,7 @@ +{{- if .Values.server.authMode }} +DEPRECATED option server.authMode - Use server.authModes +{{- end }} + 1. Get Argo Server external IP/domain by running: kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index cea885da..38c6072b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -55,6 +55,9 @@ spec: {{- if .Values.server.authMode }} - "--auth-mode={{ .Values.server.authMode }}" {{- end }} + {{- range .Values.server.authModes }} + - "--auth-mode={{ . }}" + {{- end }} - "--secure={{ .Values.server.secure }}" {{- if .Values.singleNamespace }} - "--namespaced" diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8d3c830d..10a0e5a4 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -536,10 +536,13 @@ server: # - name: FOO # value: "bar" - # -- Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. - ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + # -- Deprecated; use server.authModes instead. authMode: "" + # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. + ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + authModes: [] + # -- Extra arguments to provide to the Argo server binary. ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options extraArgs: [] From d3d9e7de238e0dab0b45d01535658173c51af3f7 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Wed, 8 Nov 2023 14:09:44 -0600 Subject: [PATCH 171/617] chore(github): Add yu-cruco to * in CODEOWNERS (#2338) chore: Add yu-cruco to * in CODEOWNERS yu-cruco is now a maintainer and will be notified on all PRs - [x] moved CODEOWNERS into .github folder where it belongs Signed-off-by: jmeridth --- CODEOWNERS => .github/CODEOWNERS | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) rename CODEOWNERS => .github/CODEOWNERS (68%) diff --git a/CODEOWNERS b/.github/CODEOWNERS similarity index 68% rename from CODEOWNERS rename to .github/CODEOWNERS index f7432a77..05c993b9 100644 --- a/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,14 +1,6 @@ -# All -* @mkilchhofer @jmeridth +* @mkilchhofer @jmeridth @yu-croco -# Argo Workflows /charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 - -# Argo CD /charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 - -# Argo Events /charts/argo-events/ @pdrastil @jmeridth @tico24 - -# Argo Rollouts /charts/argo-rollouts/ @jmeridth From 3f2654d24aacc35af23a664392438c0e5954c60d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 10 Nov 2023 21:41:09 +0900 Subject: [PATCH 172/617] fix(argo-cd): Add permission for Applications in any namespace (#2341) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/README.md.gotmpl | 1 + charts/argo-cd/templates/argocd-server/clusterrole.yaml | 3 +++ charts/argo-cd/values.yaml | 6 ++++++ 5 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fa544eff..ac684be9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.0 +version: 5.51.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.9.0 + - kind: fixed + description: Add configurations for Applications in any namespace diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index e0e25025..7b79080e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -449,6 +449,7 @@ NAME: my-release | configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | | configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | +| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | @@ -1253,3 +1254,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 5dc048b4..b8ffa4fb 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -562,3 +562,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 44d50515..bd10316b 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -21,6 +21,9 @@ rules: - events verbs: - list + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} - apiGroups: - "" resources: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 4ec93222..49dd4e70 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -263,6 +263,12 @@ configs: # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- Enables [Applications in any namespace] + ## List of additional namespaces where applications may be created in and reconciled from. + ## The namespace where Argo CD is installed to will always be allowed. + ## Set comma-separated list. (e.g. app-team-one, app-team-two) + application.namespaces: "" + # Argo CD RBAC policy configuration ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac: From 84c433962338329141010a9f5b8de1d8c919fff4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 15 Nov 2023 14:59:16 +0900 Subject: [PATCH 173/617] chore(argo-cd): Upgrade Argo CD to v2.9.1 (#2344) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac684be9..9a721124 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.0 +appVersion: v2.9.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.1 +version: 5.51.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add configurations for Applications in any namespace + - kind: changed + description: Upgrade Argo CD to v2.9.1 From a29d2165ac9ecc0f168b61cd54b945016a182d5a Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Wed, 15 Nov 2023 12:00:23 +0200 Subject: [PATCH 174/617] chore(argo-rollouts): Bump rollouts to 1.6.1 (#2345) * Bump rollouts to 1.6.2 Signed-off-by: drfaust92 * Bump to 1.6.1 Signed-off-by: drfaust92 * Bump to 1.6.1 Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6d343fdc..6b49176d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.0 +appVersion: v1.6.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.2 +version: 2.32.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Update AnalysisRun CRD to match upstream + - kind: changed + description: Upgrade Argo Rollouts to v1.6.1 From d98747224e9200760e7a1684f14c197d5b3c0cec Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Wed, 15 Nov 2023 15:09:30 +0200 Subject: [PATCH 175/617] chore(argo-rollouts): Bump rollouts to 1.6.2 (#2347) --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6b49176d..6999850f 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.1 +appVersion: v1.6.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.3 +version: 2.32.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Rollouts to v1.6.1 + description: Upgrade Argo Rollouts to v1.6.2 From 737b9724de6e829207ab48caa4b4b0a672840e78 Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Wed, 15 Nov 2023 13:17:09 +0000 Subject: [PATCH 176/617] fix(argo-workflows): Add parameters for tuning revisionHistoryLimit and emptyDir volumes (#2346) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 3 +++ .../controller/workflow-controller-deployment.yaml | 1 + .../argo-workflows/templates/server/server-deployment.yaml | 3 ++- charts/argo-workflows/values.yaml | 7 +++++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 79929c7d..327adb89 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.0 +version: 0.39.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Accept multi auth mode for server. + - kind: added + description: Add parameters for tuning revisionHistoryLimit and emptyDir volumes. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index e3498867..a5f70341 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -197,6 +197,7 @@ Fields to note: | controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. | | controller.resources | object | `{}` | Resource limits and requests for the controller | | controller.retentionPolicy | object | `{}` | Workflow retention by number of workflows | +| controller.revisionHistoryLimit | int | `10` | The number of revisions to keep. | | controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.create | bool | `true` | Create a service account for the controller | @@ -304,6 +305,7 @@ Fields to note: | server.rbac.create | bool | `true` | Adds Role and RoleBinding for the server. | | server.replicas | int | `1` | The number of server pods to run | | server.resources | object | `{}` | Resource limits and requests for the server | +| server.revisionHistoryLimit | int | `10` | The number of revisions to keep. | | server.secure | bool | `false` | Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. | | server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context | | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | @@ -331,6 +333,7 @@ Fields to note: | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | +| server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | | server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 132d7f8c..3db5f971 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -12,6 +12,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 38c6072b..182d3169 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -15,6 +15,7 @@ spec: {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.replicas }} {{- end }} + revisionHistoryLimit: {{ .Values.server.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} @@ -112,7 +113,7 @@ spec: {{- end }} volumes: - name: tmp - emptyDir: {} + {{- toYaml .Values.server.tmpVolume | nindent 8 }} {{- with .Values.server.volumes }} {{- toYaml . | nindent 6}} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 10a0e5a4..7a5f04e0 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -295,6 +295,8 @@ controller: volumes: [] # -- The number of controller pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 pdb: # -- Configure [Pod Disruption Budget] for the controller pods @@ -472,6 +474,8 @@ server: resources: {} # -- The number of server pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 ## Argo Server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server @@ -555,6 +559,9 @@ server: # -- Set the logging format (one of: `text`, `json`) format: "text" + # -- Volume to be mounted in Pods for temporary files. + tmpVolume: + emptyDir: {} # -- Additional volume mounts to the server main container. volumeMounts: [] # -- Additional volumes to the server pod. From 9496f2f1e6f5b2bf7d4149b09a787ee404868924 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 15 Nov 2023 22:32:49 +0900 Subject: [PATCH 177/617] fix(argo-workflows): Align version label (#2342) * fix(argo-workflows): Aligne version label Signed-off-by: yu-croco * fix(argo-workflows): fix typo Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/controller/workflow-controller-service.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 327adb89..f5275105 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.1 +version: 0.39.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add parameters for tuning revisionHistoryLimit and emptyDir volumes. + - kind: fixed + description: Align version label diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 5ade3d40..1959eb2e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} {{- with .Values.controller.serviceLabels }} {{ toYaml . | nindent 4 }} {{- end }} From 4c256348e85d0d2419504b0ab4eed3852b8e42ae Mon Sep 17 00:00:00 2001 From: Kripu Khadka <84505567+Kripu77@users.noreply.github.com> Date: Wed, 15 Nov 2023 19:23:26 +0545 Subject: [PATCH 178/617] docs(github): typo fix in security.md (#2343) * typo fix Signed-off-by: Kripu Khadka * Revert "typo fix" This reverts commit b02b2fb766508226eda658eb870a9216a76fed3e. Signed-off-by: Kripu Khadka * typo fix in SECURITY.md Signed-off-by: Kripu Khadka <84505567+Kripu77@users.noreply.github.com> Signed-off-by: Kripu Khadka --------- Signed-off-by: Kripu Khadka Signed-off-by: Kripu Khadka <84505567+Kripu77@users.noreply.github.com> Co-authored-by: Aikawa --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 7c30259c..f4fb6002 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions and Upstream Reporting -Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy docueent to find out how to report the security issue. +Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy document to find out how to report the security issue. * [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) * [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) From a78556018dc70fa78fb6c4b65fc66489a8e555a7 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Thu, 16 Nov 2023 12:31:53 +0000 Subject: [PATCH 179/617] chore(argo-workflows): Remove xip url from test to avoid confusion (#2350) * chore(argo-workflows): Remove xip url from test to avoid confusion Signed-off-by: Tim Collins * Bump version Signed-off-by: Tim Collins * More bumpings Signed-off-by: Tim Collins * Tim can't type Signed-off-by: Tim Collins * Swap to example.com - rfc2606 Signed-off-by: Tim Collins --------- Signed-off-by: Tim Collins --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/ci/enable-ingress-values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f5275105..0e3a49a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.2 +version: 0.39.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Align version label + - kind: changed + description: Modify test host url to avoid user confusion diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml index 05dae886..bfcc37c3 100644 --- a/charts/argo-workflows/ci/enable-ingress-values.yaml +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -5,4 +5,4 @@ server: ingress: enabled: true hosts: - - argo-workflows.127.0.0.1.xip.io + - argo-workflows.example.com From 14887dd57d15255b567108bd1d890ed0cf025aeb Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Sun, 19 Nov 2023 23:18:57 +0100 Subject: [PATCH 180/617] chore(argo-cd): Replace non-existing examples with official example domain (#2352) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9a721124..038ae63c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.2 +version: 5.51.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.9.1 + description: Replace non-existing examples with official example domain (RFC 2606) diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 49dd4e70..c4480e6c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -410,7 +410,7 @@ configs: ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters clusterCredentials: [] # - name: mycluster - # server: https://mycluster.com + # server: https://mycluster.example.com # labels: {} # annotations: {} # config: @@ -419,7 +419,7 @@ configs: # insecure: false # caData: "" # - name: mycluster2 - # server: https://mycluster2.com + # server: https://mycluster2.example.com # labels: {} # annotations: {} # namespaces: namespace1,namespace2 @@ -430,7 +430,7 @@ configs: # insecure: false # caData: "" # - name: mycluster3-project-scoped - # server: https://mycluster3.com + # server: https://mycluster3.example.com # labels: {} # annotations: {} # project: my-project1 From c18365288937157459c2fda20d5a0cdeb6478abb Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 21 Nov 2023 03:49:41 +0900 Subject: [PATCH 181/617] chore(argo-cd): Upgrade Argo CD to v2.9.2 (#2353) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 038ae63c..f0100f7f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.1 +appVersion: v2.9.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.3 +version: 5.51.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Replace non-existing examples with official example domain (RFC 2606) + description: Upgrade Argo CD to v2.9.2 From 7f95a5f9f0cf777ad564c5d90c973e17bde1b7bc Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Mon, 27 Nov 2023 07:30:08 +0100 Subject: [PATCH 182/617] chore(github): Update SECURITY-INSIGHTS.yml to include security-contacts (#2356) --- SECURITY-INSIGHTS.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index a983c4f1..e3a6aeed 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -11,13 +11,28 @@ project-lifecycle: contribution-policy: accepts-pull-requests: true accepts-automated-pull-requests: true + automated-tools-list: + - automated-tool: dependabot + action: allowed + path: + - / + contributing-policy: https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md + code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md distribution-points: - - https://github.com/argoproj/argo-helm/blob/main/SECURITY.md + - https://argoproj.github.io/argo-helm + - https://artifacthub.io/packages/search?org=argoproj&repo=argo +security-contacts: + - type: website + value: https://github.com/argoproj/argo-helm/security/advisories/new + primary: true vulnerability-reporting: accepts-vulnerability-reports: true email-contact: cncf-argo-maintainers@lists.cncf.io security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md - comment: Please refer to the security policy for reporting information prior to using the email contact. + comment: | + Our preferred contact method related to vulnerabilities is the Security tab on GitHub. + Click the button "Report a vulnerability" to open the advisory form. + Please refer to the security policy for reporting information prior to using the email contact. dependencies: env-dependencies-policy: policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions From 7261decaf8c15cc644ff8b0d8e5b3b9633a6a17d Mon Sep 17 00:00:00 2001 From: qa-florian-wende <113123884+qa-florian-wende@users.noreply.github.com> Date: Mon, 27 Nov 2023 18:44:58 +0100 Subject: [PATCH 183/617] feat(argo-workflows): Make workflow controller ConfigMap optional (#2354) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ charts/argo-workflows/templates/_helpers.tpl | 7 +++++++ .../controller/workflow-controller-config-map.yaml | 4 +++- .../controller/workflow-controller-deployment.yaml | 2 +- .../argo-workflows/templates/server/server-deployment.yaml | 2 +- charts/argo-workflows/values.yaml | 6 ++++++ 7 files changed, 23 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0e3a49a5..3e93c1f6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.3 +version: 0.39.4 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Modify test host url to avoid user confusion + - kind: added + description: Make configMap optional and allow its name to be overridden diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index a5f70341..64bd8191 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -142,6 +142,8 @@ Fields to note: | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | +| controller.configMap.name | string | `""` | ConfigMap name | | controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 0713264f..0d170ec9 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -97,6 +97,13 @@ app.kubernetes.io/component: {{ .component }} {{- end }} {{- end }} +{{/* +Create the name of the controller configMap +*/}} +{{- define "argo-workflows.controller.config-map.name" -}} +{{- .Values.controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the server service account to use */}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d4728a30..bff3e121 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -1,7 +1,8 @@ +{{- if .Values.controller.configMap.create }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "argo-workflows.controller.fullname" . }}-configmap + name: {{ template "argo-workflows.controller.config-map.name" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} @@ -191,3 +192,4 @@ data: {{- with .Values.controller.podGCDeleteDelayDuration }} podGCDeleteDelayDuration: {{ . }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 3db5f971..2cc8a903 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -45,7 +45,7 @@ spec: command: [ "workflow-controller" ] args: - "--configmap" - - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "{{ template "argo-workflows.controller.config-map.name" . }}" - "--executor-image" - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}" - "--loglevel" diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 182d3169..f44fa57d 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -49,7 +49,7 @@ spec: {{- toYaml .Values.server.securityContext | nindent 12 }} args: - server - - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + - --configmap={{ template "argo-workflows.controller.config-map.name" . }} {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 7a5f04e0..a1a101d5 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -91,6 +91,12 @@ controller: # -- Allows controller to create and update ConfigMaps. Enables memoization feature writeConfigMaps: false + configMap: + # -- Create a ConfigMap for the controller + create: true + # -- ConfigMap name + name: "" + # -- Limits the maximum number of incomplete workflows in a namespace namespaceParallelism: # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 From cabe63d2b65ef6708567c249e676fce069815b6d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 28 Nov 2023 06:12:50 +0900 Subject: [PATCH 184/617] chore(argo-workflows): Upgrade Argo Workflows to v3.5.2 (#2357) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 3e93c1f6..d71407c9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.1 +appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.4 +version: 0.39.5 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Make configMap optional and allow its name to be overridden + - kind: changed + description: Upgrade Argo Workflows to v3.5.2 From f5201e76ad3bd83bc9f093baf8a398ae15ad3f7e Mon Sep 17 00:00:00 2001 From: Abdulla Abdurakhmanov Date: Wed, 29 Nov 2023 14:34:39 +0100 Subject: [PATCH 185/617] fix(argo-rollouts): Update all rollout CRDs to match upstream (#2361) Signed-off-by: Abdulla Abdurakhmanov --- charts/argo-rollouts/Chart.yaml | 4 +- .../templates/crds/analysis-template-crd.yaml | 51 ++++++++++++++++++- .../crds/cluster-analysis-template-crd.yaml | 51 ++++++++++++++++++- 3 files changed, 100 insertions(+), 6 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6999850f..933cc9d3 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.4 +version: 2.32.5 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Rollouts to v1.6.2 + description: Upgrade Argo Rollouts CRDs to match them mainstream from v1.6.2 diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 93479097..d97a6ce9 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -185,13 +185,22 @@ spec: datadog: properties: apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: type: string interval: + default: 5m type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query type: object graphite: properties: @@ -2805,6 +2814,19 @@ spec: type: string authentication: properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object sigv4: properties: profile: @@ -2853,6 +2875,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 66977374..335f06a2 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -185,13 +185,22 @@ spec: datadog: properties: apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: type: string interval: + default: 5m type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query type: object graphite: properties: @@ -2805,6 +2814,19 @@ spec: type: string authentication: properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object sigv4: properties: profile: @@ -2853,6 +2875,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: From f4eb968c22dadd9ff40f0836dcaf14008e34d831 Mon Sep 17 00:00:00 2001 From: Andre Marcelo-Tanner Date: Wed, 29 Nov 2023 13:39:59 -0500 Subject: [PATCH 186/617] docs(argo-cd): Add migration guide to README for Config Management Plugins (#2360) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 12 ++++++++++-- charts/argo-cd/README.md.gotmpl | 12 ++++++++++-- 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f0100f7f..8853d5a3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.4 +version: 5.51.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.9.2 + - kind: added + description: "[docs] Added migration steps to README for Config Management Plugins settings available since 5.26.0" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7b79080e..fa869975 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -115,14 +115,22 @@ The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + ### 5.24.0 -This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). Default `global.affinity` rules can be disabled when `none` value is used for the preset. ### 5.22.0 -This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. ### 5.19.0 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index b8ffa4fb..7df79078 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -115,14 +115,22 @@ The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + ### 5.24.0 -This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). Default `global.affinity` rules can be disabled when `none` value is used for the preset. ### 5.22.0 -This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. ### 5.19.0 From d62aafdf629e66e23af98405698c9d0fc0f83e6c Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:14:55 -0500 Subject: [PATCH 187/617] docs(github): remove unnecessary qualifier in README (#2364) docs: remove unnecessary qualifier in README I think the sentence applies to all Argo projects. Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c5c6798..3d57db36 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Some users would prefer to install the CRDs _outside_ of the chart. You can disa Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `/templates` to address this design decision. -If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: +If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: Example: From 152c04f827d08b9e53fdf2f52ef773551c2e3707 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 2 Dec 2023 20:03:24 +0900 Subject: [PATCH 188/617] chore(argo-cd): Upgrade Argo CD to v2.9.3 (#2365) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8853d5a3..594dd161 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.2 +appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.5 +version: 5.51.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: "[docs] Added migration steps to README for Config Management Plugins settings available since 5.26.0" + - kind: changed + description: Upgrade Argo CD to v2.9.3 From 2c046f9a9a647ff1b53a81c0defcc311af95974d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 5 Dec 2023 14:55:10 +0900 Subject: [PATCH 189/617] fix(argo-workflows): Add missing permission to workflow role (#2367) --- charts/argo-workflows/Chart.yaml | 6 +++--- .../argo-workflows/templates/controller/workflow-role.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index d71407c9..9ef6fce8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.5 +version: 0.39.6 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.5.2 + - kind: fixed + description: Add missing permission to workflow role diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 51050d0f..80309119 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -38,6 +38,7 @@ rules: - workflowtaskresults verbs: - create + - patch - apiGroups: - argoproj.io resources: From 690e83be66297fd776f69bf0b44633e91f1e7388 Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Wed, 6 Dec 2023 23:23:14 -0800 Subject: [PATCH 190/617] fix(argo-workflows): Fix OAuth redirect URL autoconfig. (#2369) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 9ef6fce8..f5e725d3 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.6 +version: 0.39.7 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Add missing permission to workflow role + description: Fixes OAuth redirect URL autoconfig. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 64bd8191..c8e5f5f8 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -331,7 +331,7 @@ Fields to note: | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | | server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | | server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | -| server.sso.redirectUrl | string | `"https://argo/oauth2/callback"` | | +| server.sso.redirectUrl | string | `""` | | | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index a1a101d5..9a5fa859 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -675,7 +675,7 @@ server: # -- Key of a secret to retrieve the app OIDC client secret key: client-secret # - The OIDC redirect URL. Should be in the form /oauth2/callback. - redirectUrl: https://argo/oauth2/callback + redirectUrl: "" rbac: # -- Adds ServiceAccount Policy to server (Cluster)Role. enabled: true From d0e0ce792837ade3c49ce3540d843a3b639350ca Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Thu, 7 Dec 2023 09:06:01 +0000 Subject: [PATCH 191/617] feat(github): Use renovate to create PRs when upstream releases (#2358) * feat(github): Use renovate to create PRs when upstream releases Signed-off-by: Tim Collins * add write permissions Signed-off-by: Tim Collins * remove the 'v' in the chart version Signed-off-by: Tim Collins * switch to digests for actions Signed-off-by: Tim Collins --------- Signed-off-by: Tim Collins --- .github/workflows/chart-version-bump.yml | 53 ++++++++++++++ renovate.json | 91 ++++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 .github/workflows/chart-version-bump.yml create mode 100644 renovate.json diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml new file mode 100644 index 00000000..d09ff045 --- /dev/null +++ b/.github/workflows/chart-version-bump.yml @@ -0,0 +1,53 @@ +## Used on Renovate PRs to bump the chart version and add a changelog entry +## Reference: https://github.com/stefanzweifel/git-auto-commit-action +## Reference: https://github.com/marketplace/actions/changed-files +name: 'Chart Version Bump and Changelog' + +on: + pull_request: + types: + - labeled + +permissions: + contents: write + +jobs: + helm-bumper: + if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@https://github.com/tj-actions/changed-files/commit/1c938490c880156b746568a518594309cfb3f66b # v40.2.1 + with: + files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml + - name: "Bump Version and Changelog" + run: | + chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)" + echo "Changed chart name is: $chartName" + echo "----------------------------------------" + + parentDir="charts/${chartName}" + + # Bump the chart version by one patch version + version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}') + major=$(echo $version | cut -d. -f1) + minor=$(echo $version | cut -d. -f2) + patch=$(echo $version | cut -d. -f3) + patch=$(expr $patch + 1) + sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml + + # Add a changelog entry + appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}') + sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml + echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml + echo " - kind: changed" >> ${parentDir}/Chart.yaml + echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml + cat ${parentDir}/Chart.yaml + - name: "Commit and push changes" + uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 + with: + commit_options: '--signoff' diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..12c7f3ea --- /dev/null +++ b/renovate.json @@ -0,0 +1,91 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "kubernetes": { + "fileMatch": ["\\.yaml$", "\\.yml$"] + }, + "extends": [ + "config:base", + "docker:enableMajor" + ], + "labels": ["renovate"], + "includePaths": [ + "**/charts/argo-workflows/Chart.yaml", + "**/charts/argo-cd/Chart.yaml", + "**/charts/argo-events/Chart.yaml", + "**/charts/argo-rollouts/Chart.yaml", + "**/charts/argocd-image-updater/Chart.yaml" + ], + "regexManagers": [ + { + "fileMatch": ["charts/argo-workflows/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-workflows", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argo-cd/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-cd", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argo-events/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-events", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argo-rollouts/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-rollouts", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj-labs/argocd-image-updater", + "datasourceTemplate": "github-releases" + } + ], + "packageRules": [ + { + "matchPackagePatterns": ["argoproj/argo-workflows"], + "commitMessagePrefix": "chore(argo-workflows):" + }, + { + "matchPackagePatterns": ["argoproj/argo-cd"], + "commitMessagePrefix": "chore(argo-cd):" + }, + { + "matchPackagePatterns": ["argoproj/argo-events"], + "commitMessagePrefix": "chore(argo-events):" + }, + { + "matchPackagePatterns": ["argoproj/argo-rollouts"], + "commitMessagePrefix": "chore(argo-rollouts):" + }, + { + "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"], + "commitMessagePrefix": "chore(argocd-image-updater):" + }, + { + "matchPackagePatterns": ["redis-ha"], + "enabled": false + } + ] +} From 6cf99a08c81f4672a696eff85b58692e20fa367f Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 7 Dec 2023 21:23:52 +0900 Subject: [PATCH 192/617] chore(github): Add yu-croco to CODEOWNERS of argo-events and argo-rollouts (#2372) Signed-off-by: yu-croco --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 05c993b9..c0d0ab9d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,5 +2,5 @@ /charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 /charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 -/charts/argo-events/ @pdrastil @jmeridth @tico24 -/charts/argo-rollouts/ @jmeridth +/charts/argo-events/ @pdrastil @jmeridth @tico24 @yu-croco +/charts/argo-rollouts/ @jmeridth @yu-croco From 83c3bc811565e68bada5d095dd58d4e822640552 Mon Sep 17 00:00:00 2001 From: yyzxw <34639446+yyzxw@users.noreply.github.com> Date: Fri, 8 Dec 2023 01:49:59 +0800 Subject: [PATCH 193/617] feat(argo-rollouts): add rollout plugin contour rbac (#2371) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + .../templates/controller/clusterrole.yaml | 12 ++++++++++++ charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 933cc9d3..09b46332 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.5 +version: 2.32.6 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Rollouts CRDs to match them mainstream from v1.6.2 + description: Add Contour plugin RBAC. diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index b9198998..e74afaca 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -65,6 +65,7 @@ For full list of changes please check ArtifactHub [changelog]. | providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | | providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | | providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | +| providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | | providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | | providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | | providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index ab0f7ee1..56afb5cb 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -255,5 +255,17 @@ rules: - get - update {{- end }} +{{- if .Values.providerRBAC.providers.contour }} + # Access needed when using the Contour provider +- apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - list + - watch + - update +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index b711ee37..34c5a286 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -262,6 +262,8 @@ providerRBAC: traefik: true # -- Adds RBAC rules for the Apisix provider apisix: true + # -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` + contour: true dashboard: # -- Deploy dashboard server From c3c588038daa7c550bbd977c1298a1fd3f42d7c8 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 7 Dec 2023 20:11:53 +0100 Subject: [PATCH 194/617] fix(github): Copy-pasta error on Action digest (#2373) Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Aikawa --- .github/workflows/chart-version-bump.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index d09ff045..44c77bb8 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -19,11 +19,13 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 + - name: Get changed files id: changed-files - uses: tj-actions/changed-files@https://github.com/tj-actions/changed-files/commit/1c938490c880156b746568a518594309cfb3f66b # v40.2.1 + uses: tj-actions/changed-files@1c938490c880156b746568a518594309cfb3f66b # v40.2.1 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml + - name: "Bump Version and Changelog" run: | chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)" @@ -47,6 +49,7 @@ jobs: echo " - kind: changed" >> ${parentDir}/Chart.yaml echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml cat ${parentDir}/Chart.yaml + - name: "Commit and push changes" uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 with: From c7df8c14e6c6c807794ab2240ed67dc91b3de161 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:56:40 +0000 Subject: [PATCH 195/617] fix(github): Include PAT to trigger CI jobs on auto-push (#2376) Signed-off-by: Tim Collins --- .github/workflows/chart-version-bump.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 44c77bb8..f8aa07b2 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -18,6 +18,7 @@ jobs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: + token: ${{ secrets.PAT }} fetch-depth: 0 - name: Get changed files From 4a0f512f70d68ecd4dbb63c74b97e3c28f0c2828 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Dec 2023 15:06:40 +0000 Subject: [PATCH 196/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.3 (#2374) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.3 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: tico24 --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 09b46332..c0f40f88 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.2 +appVersion: v1.6.3 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.6 +version: 2.32.7 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add Contour plugin RBAC. + description: Bump argo-rollouts to v1.6.3 From a9e31c82fd63f42c8e56fe9bb8f19d583be83e69 Mon Sep 17 00:00:00 2001 From: Neile Havens Date: Fri, 8 Dec 2023 16:44:59 -0600 Subject: [PATCH 197/617] feat(argo-workflows): Add support for sso filterGroupsRegex (#2379) According to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups Resolves #2378 Signed-off-by: Neile Havens --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 3 +++ charts/argo-workflows/values.yaml | 5 +++++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f5e725d3..49cebfbc 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.7 +version: 0.39.8 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixes OAuth redirect URL autoconfig. + - kind: changed + description: Add support for sso filterGroupsRegex according to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index c8e5f5f8..2b24e2be 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -326,6 +326,7 @@ Fields to note: | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | | server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. | +| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index bff3e121..d311441c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -162,6 +162,9 @@ data: {{- with .Values.server.sso.insecureSkipVerify }} insecureSkipVerify: {{ toYaml . }} {{- end }} + {{- with .Values.server.sso.filterGroupsRegex }} + filterGroupsRegex: {{ toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} workflowRestrictions: {{- toYaml . | nindent 6 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 9a5fa859..1624cc4e 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -701,6 +701,11 @@ server: userInfoPath: "" # -- Skip TLS verification for the HTTP client insecureSkipVerify: false + # -- Filter the groups returned by the OIDC provider + ## A logical "OR" is used between each regex in the list + filterGroupsRegex: [] + # - ".*argo-wf.*" + # - ".*argo-workflow.*" # -- Extra containers to be added to the server deployment extraContainers: [] From 97c3589eec2374b3b88800918f1e9a650b46dae0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 15:40:06 +0100 Subject: [PATCH 198/617] chore(deps): bump actions/setup-python from 4.7.1 to 5.0.0 (#2382) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236...0a5c61591373683505ea898e09a3ea4f39ef2b9c) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c2102b61..79782374 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: 3.9 From eeffeb407d10e6e66d2c86115a139f1f1037fa8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 11:35:53 -0600 Subject: [PATCH 199/617] chore(deps): bump actions/stale from 8.0.0 to 9.0.0 (#2380) --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b0356dc7..d0813423 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From da261d0a38c020a4fe37dd61b59a069678a14875 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 20:45:04 +0100 Subject: [PATCH 200/617] chore(deps): bump actions/labeler from 4.3.0 to 5.0.0 (#2381) * chore(deps): bump actions/labeler from 4.3.0 to 5.0.0 Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/ac9175f8a1f3625fd0d4fb234536d26811351594...8558fd74291d67161a8a78ce36a881fa63b766a9) --- updated-dependencies: - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * chore: Update labeler.yaml to work with v5 Signed-off-by: Marco Maurer * fix: Adapt glob for argo-cd chart Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: dependabot[bot] Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer Co-authored-by: Jason Meridth --- .github/configs/labeler.yaml | 18 ++++++++++++------ .github/workflows/pr-sizing.yml | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/configs/labeler.yaml b/.github/configs/labeler.yaml index acd6f219..80b72ba8 100644 --- a/.github/configs/labeler.yaml +++ b/.github/configs/labeler.yaml @@ -1,17 +1,23 @@ argo-cd: - - charts/argo-cd/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-cd/** argo-events: - - charts/argo-events/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-events/** argo-rollouts: - - charts/argo-rollouts/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-rollouts/** argo-workflows: - - charts/argo-workflows/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-workflows/** argocd-image-updater: - - charts/argocd-image-updater/**/* + - changed-files: + - any-glob-to-any-file: charts/argocd-image-updater/** argocd-apps: - - charts/argocd-apps/**/* + - changed-files: + - any-glob-to-any-file: charts/argocd-apps/** diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index d22ac750..01af9781 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From e07f69fee66b214719acc032401e26d36f839c77 Mon Sep 17 00:00:00 2001 From: workwithprashant <60788667+workwithprashant@users.noreply.github.com> Date: Tue, 12 Dec 2023 00:27:39 -0600 Subject: [PATCH 201/617] fix(argo-workflows): fix helm lint error when extraObjects is defined (#2384) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/extra-manifests.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 49cebfbc..e0e1c1b9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.8 +version: 0.39.9 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add support for sso filterGroupsRegex according to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups + description: "fix(argo-workflows): fix helm lint error when extraObjects is defined and same fix as one done for argo-cd #2116" diff --git a/charts/argo-workflows/templates/extra-manifests.yaml b/charts/argo-workflows/templates/extra-manifests.yaml index f17b1a93..fc9a76b8 100644 --- a/charts/argo-workflows/templates/extra-manifests.yaml +++ b/charts/argo-workflows/templates/extra-manifests.yaml @@ -1,6 +1,6 @@ {{ range .Values.extraObjects }} --- -{{- if typeIs "string" . }} +{{ if typeIs "string" . }} {{- tpl . $ }} {{- else }} {{- tpl (toYaml .) $ }} From d9e5b727e3d11160c868213004ed0c0890c8166d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 07:59:21 +0100 Subject: [PATCH 202/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.4 (#2385) --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index c0f40f88..aaa143fa 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.3 +appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.7 +version: 2.32.8 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.6.3 + description: Bump argo-rollouts to v1.6.4 From 9ca3f06dcf84a7bed3ee09032e33e1705b9edf48 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 14 Dec 2023 07:56:27 +0000 Subject: [PATCH 203/617] feat(argo-workflows): add hostAliases to server (#2387) * workflow server hostalises Signed-off-by: drfaust92 * Update Chart.yaml Signed-off-by: Ilia Lazebnik * workflow server hostalises Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Signed-off-by: Ilia Lazebnik --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../argo-workflows/templates/server/server-deployment.yaml | 4 ++++ charts/argo-workflows/values.yaml | 6 ++++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index e0e1c1b9..acd175a7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.9 +version: 0.40.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: "fix(argo-workflows): fix helm lint error when extraObjects is defined and same fix as one done for argo-cd #2116" + description: "feat(argo-workflows): add hostAliases to server" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 2b24e2be..070bdbf2 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -280,6 +280,7 @@ Fields to note: | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | | server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | +| server.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | server.image.registry | string | `"quay.io"` | Registry to use for the server | | server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server | | server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. | diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index f44fa57d..b3aa3728 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -37,6 +37,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.server.extraInitContainers }} initContainers: {{- tpl (toYaml .) $ | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 1624cc4e..e6440439 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -458,6 +458,12 @@ server: # -- Service port name servicePortName: "" # http + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + serviceAccount: # -- Create a service account for the server create: true From bce77fa998d60cd30fc9b2c9c5c75f1c1208c45b Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 14 Dec 2023 08:39:20 +0000 Subject: [PATCH 204/617] feat(argo-rollouts): allow setting log config for rollouts (#2386) * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 +++ charts/argo-rollouts/templates/controller/deployment.yaml | 3 +++ charts/argo-rollouts/values.yaml | 7 +++++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index aaa143fa..d2a4a898 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.8 +version: 2.33.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.6.4 + description: Allow setting log config for rollouts diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index e74afaca..9b368a5a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -90,6 +90,9 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| controller.logging.kloglevel | string | `"0"` | Set the klog logging level | +| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.service.annotations | object | `{}` | Service annotations | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 23dc14cb..9b8f456e 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -45,6 +45,9 @@ spec: args: - --healthzPort={{ .Values.controller.containerPorts.healthz }} - --metricsport={{ .Values.controller.containerPorts.metrics }} + - "--loglevel={{ .Values.controller.logging.level }}" + - "--logformat={{ .Values.controller.logging.format }}" + - "--kloglevel={{ .Values.controller.logging.kloglevel }}" {{- if not .Values.clusterInstall }} - --namespaced {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 34c5a286..6eb48b9c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -55,6 +55,13 @@ controller: tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" # -- Assign custom [TopologySpreadConstraints] rules to the controller ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ From 77a4196fc31294b7abeb1d4d30df136f2b77a675 Mon Sep 17 00:00:00 2001 From: Neile Havens Date: Fri, 15 Dec 2023 01:45:22 -0600 Subject: [PATCH 205/617] fix(argo-workflows): Remove duplication in aggregated admin ClusterRole (#2389) Signed-off-by: Neile Havens --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/controller/workflow-aggregate-roles.yaml | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index acd175a7..ddd48e24 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.0 +version: 0.40.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: "feat(argo-workflows): add hostAliases to server" + - kind: fixed + description: "Remove duplication in aggregated admin ClusterRole" diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index ca2ae93e..2a407b1b 100644 --- a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -83,8 +83,6 @@ rules: - workflows/finalizers - workfloweventbindings - workfloweventbindings/finalizers - - workflowtasksets - - workflowtasksets/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows From b13acd0814653ca4574c5053cc2e3b7e3b095599 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Dec 2023 14:02:29 -0600 Subject: [PATCH 206/617] chore(deps): bump tj-actions/changed-files from 40.2.1 to 40.2.2 (#2391) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index f8aa07b2..eeb38df9 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@1c938490c880156b746568a518594309cfb3f66b # v40.2.1 + uses: tj-actions/changed-files@94549999469dbfa032becf298d95c87a14c34394 # v40.2.2 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 7f1b25402bb23681c479dc20c6c69caf49a10159 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Dec 2023 00:22:40 +0100 Subject: [PATCH 207/617] chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#2392) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3273e72d..e86279fa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: SARIF file path: results.sarif From f9e2a94bb6d1f20f42374c42c62f86e8e37b2ba9 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Fri, 22 Dec 2023 14:07:05 +0200 Subject: [PATCH 208/617] feat(argo-rollouts): add args for dashboard logs (#2388) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 2 ++ charts/argo-rollouts/templates/dashboard/deployment.yaml | 3 +++ charts/argo-rollouts/values.yaml | 5 +++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index d2a4a898..a879e08c 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.33.0 +version: 2.34.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Allow setting log config for rollouts + description: Allow setting log config for rollouts dashboard diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 9b368a5a..23f25df7 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -153,6 +153,8 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.ingress.pathType | string | `"Prefix"` | Dashboard ingress path type | | dashboard.ingress.paths | list | `["/"]` | Dashboard ingress paths | | dashboard.ingress.tls | list | `[]` | Dashboard ingress tls | +| dashboard.logging.kloglevel | string | `"0"` | Set the klog logging level | +| dashboard.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | dashboard.nodeSelector | object | `{}` | [Node selector] | | dashboard.pdb.annotations | object | `{}` | Annotations to be added to dashboard [Pod Disruption Budget] | | dashboard.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the dashboard | diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index cae24888..de7f525b 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -45,6 +45,9 @@ spec: - image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}" imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }} args: + - dashboard + - "--loglevel={{ .Values.dashboard.logging.level }}" + - "--kloglevel={{ .Values.dashboard.logging.kloglevel }}" {{- with .Values.dashboard.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 6eb48b9c..e7a5f133 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -289,6 +289,11 @@ dashboard: tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" # -- Assign custom [TopologySpreadConstraints] rules to the dashboard server ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ From 91f48f37cdb84884dc100753fb1012d293a37800 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Dec 2023 14:44:48 +0100 Subject: [PATCH 209/617] chore(deps): bump tj-actions/changed-files from 40.2.2 to 40.2.3 (#2398) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index eeb38df9..22cf61a1 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@94549999469dbfa032becf298d95c87a14c34394 # v40.2.2 + uses: tj-actions/changed-files@56284d80811fb5963a972b438f2870f175e5b7c8 # v40.2.3 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From c962ee500c06af4213d911a8947f3055949cd45b Mon Sep 17 00:00:00 2001 From: Josia Date: Sat, 23 Dec 2023 19:28:35 -0500 Subject: [PATCH 210/617] fix(argo-workflows): Prevent extra whitespace in controller ConfigMap (#2399) Signed-off-by: Josia --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/controller/workflow-controller-config-map.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ddd48e24..69b84a11 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.1 +version: 0.40.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: "Remove duplication in aggregated admin ClusterRole" + description: "Prevent extra whitespace in controller ConfigMap" diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d311441c..d3ad349b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -145,7 +145,7 @@ data: rbac: enabled: {{ .Values.server.sso.rbac.enabled }} {{- with .Values.server.sso.scopes }} - scopes: {{ toYaml . | nindent 8 }} + scopes: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.server.sso.issuerAlias }} issuerAlias: {{ toYaml . }} @@ -163,7 +163,7 @@ data: insecureSkipVerify: {{ toYaml . }} {{- end }} {{- with .Values.server.sso.filterGroupsRegex }} - filterGroupsRegex: {{ toYaml . | nindent 8 }} + filterGroupsRegex: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} From 410e73af93a4aab3aad47614f8cac58d54ae798a Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 24 Dec 2023 15:13:52 +0900 Subject: [PATCH 211/617] chore(argo-workflows): Add instruction for SSO (#2401) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 6 ++++++ charts/argo-workflows/README.md.gotmpl | 6 ++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 69b84a11..15950d66 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.2 +version: 0.40.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: "Prevent extra whitespace in controller ConfigMap" + - kind: added + description: Add instruction for SSO diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 070bdbf2..81e65359 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -56,6 +56,11 @@ spec: args: [ "hello world" ] ``` +### Argo Workflows Server SSO +In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. + +In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. + ## Installing the Chart To install the chart with the release name `my-release`: @@ -387,3 +392,4 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 60aa62af..aa296179 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -56,6 +56,11 @@ spec: args: [ "hello world" ] ``` +### Argo Workflows Server SSO +In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. + +In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. + ## Installing the Chart To install the chart with the release name `my-release`: @@ -204,3 +209,4 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac From 29c7f27b3f8b529c6756f510553aaedf58f992e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Dec 2023 09:29:42 -0600 Subject: [PATCH 212/617] chore(deps): bump tj-actions/changed-files from 40.2.3 to 41.0.1 (#2405) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 22cf61a1..30bd26ee 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@56284d80811fb5963a972b438f2870f175e5b7c8 # v40.2.3 + uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # v41.0.1 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 9b0c33fb496dccdfd98d27c9dfa700fd6c8ded46 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 31 Dec 2023 02:02:10 +0900 Subject: [PATCH 213/617] feat(argo-cd): Use new Argo CD extension mechanism (#2406) --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 13 ++- charts/argo-cd/README.md.gotmpl | 6 + charts/argo-cd/ci/extension-values.yaml | 14 +++ charts/argo-cd/templates/aggregate-roles.yaml | 9 -- .../templates/argocd-server/deployment.yaml | 26 +++-- .../argo-cd/templates/argocd-server/role.yaml | 3 - .../argo-cd/templates/crds/crd-extension.yaml | 107 ------------------ charts/argo-cd/values.yaml | 28 +++-- 9 files changed, 68 insertions(+), 142 deletions(-) create mode 100644 charts/argo-cd/ci/extension-values.yaml delete mode 100644 charts/argo-cd/templates/crds/crd-extension.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 594dd161..e955494c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.6 +version: 5.52.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.9.3 + description: Use new Argo CD extension mechanism diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index fa869975..919149b5 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.52.0 +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + ### 5.35.0 This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. @@ -718,10 +722,11 @@ NAME: my-release | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | -| server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions | +| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions | +| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | -| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image | -| server.extensions.image.tag | string | `"v0.2.1"` | Tag to use for extensions image | +| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | @@ -1263,3 +1268,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 7df79078..ba94725f 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.52.0 +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + ### 5.35.0 This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. @@ -571,3 +575,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer diff --git a/charts/argo-cd/ci/extension-values.yaml b/charts/argo-cd/ci/extension-values.yaml new file mode 100644 index 00000000..0896ca4c --- /dev/null +++ b/charts/argo-cd/ci/extension-values.yaml @@ -0,0 +1,14 @@ +# Test Argo CD extension +crds: + keep: false +# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension +server: + extensions: + enabled: true + extensionList: + - name: extension-metrics + env: + - name: EXTENSION_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + - name: EXTENSION_CHECKSUM_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt diff --git a/charts/argo-cd/templates/aggregate-roles.yaml b/charts/argo-cd/templates/aggregate-roles.yaml index b3893922..ba93d548 100644 --- a/charts/argo-cd/templates/aggregate-roles.yaml +++ b/charts/argo-cd/templates/aggregate-roles.yaml @@ -14,9 +14,6 @@ rules: {{- if .Values.applicationSet.enabled }} - applicationsets {{- end }} - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} - appprojects verbs: - get @@ -39,9 +36,6 @@ rules: {{- if .Values.applicationSet.enabled }} - applicationsets {{- end }} - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} - appprojects verbs: - create @@ -69,9 +63,6 @@ rules: {{- if .Values.applicationSet.enabled }} - applicationsets {{- end }} - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} - appprojects verbs: - create diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 983121a9..c56ea680 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -357,13 +357,22 @@ spec: lifecycle: {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.server.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }} + initContainers: + {{- with .Values.server.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} {{- if .Values.server.extensions.enabled }} - - name: argocd-extensions - image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }} - imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }} + {{- range .Values.server.extensions.extensionList }} + - name: {{ .name }} + image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }} + imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }} resources: - {{- toYaml .Values.server.extensions.resources | nindent 10 }} - {{- with .Values.server.extensions.containerSecurityContext }} + {{- toYaml $.Values.server.extensions.resources | nindent 10 }} + {{- with $.Values.server.extensions.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} {{- end }} @@ -372,13 +381,10 @@ spec: mountPath: /tmp/extensions/ - name: tmp mountPath: /tmp + env: + {{- toYaml .env | nindent 10 }} {{- end }} - {{- with .Values.server.extraContainers }} - {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with .Values.server.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }} affinity: diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 6bfe32a4..adc6f014 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -27,9 +27,6 @@ rules: - applicationsets {{- end }} - appprojects - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} verbs: - create - get diff --git a/charts/argo-cd/templates/crds/crd-extension.yaml b/charts/argo-cd/templates/crds/crd-extension.yaml deleted file mode 100644 index 30fbce70..00000000 --- a/charts/argo-cd/templates/crds/crd-extension.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if and .Values.crds.install .Values.server.extensions.enabled }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - {{- if .Values.crds.keep }} - "helm.sh/resource-policy": keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - controller-gen.kubebuilder.io/version: v0.4.1 - labels: - app.kubernetes.io/name: argocdextensions.argoproj.io - app.kubernetes.io/part-of: argocd - {{- with .Values.crds.additionalLabels }} - {{- toYaml . | nindent 4}} - {{- end }} - name: argocdextensions.argoproj.io -spec: - group: argoproj.io - names: - kind: ArgoCDExtension - listKind: ArgoCDExtensionList - plural: argocdextensions - singular: argocdextension - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ArgoCDExtension is the Schema for the argocdextensions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension - properties: - sources: - description: Sources specifies where the extension should come from - items: - description: ExtensionSource specifies where the extension should - be sourced from - properties: - git: - description: Git is specified if the extension should be sourced - from a git repository - properties: - revision: - description: Revision specifies the revision of the Repository - to fetch - type: string - url: - description: URL specifies the Git repository URL to fetch - type: string - type: object - web: - description: Web is specified if the extension should be sourced - from a web file - properties: - url: - description: URK specifies the remote file URL - type: string - type: object - type: object - type: array - required: - - sources - type: object - status: - description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension - properties: - conditions: - items: - properties: - message: - description: Message contains human-readable message indicating - details about condition - type: string - status: - description: Boolean status describing if the condition is currently - true - type: string - type: - description: Type is an ArgoCDExtension condition type - type: string - required: - - message - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true -{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c4480e6c..bc93065e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1574,29 +1574,41 @@ server: # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container lifecycle: {} - ## Argo UI extensions + ## Argo CD extensions ## This function in tech preview stage, do expect instability or breaking changes in newer versions. - ## Ref: https://github.com/argoproj-labs/argocd-extensions + ## Ref: https://github.com/argoproj-labs/argocd-extension-installer extensions: - # -- Enable support for Argo UI extensions + # -- Enable support for Argo CD extensions enabled: false - ## Argo UI extensions image + ## Argo CD extension installer image image: - # -- Repository to use for extensions image - repository: "ghcr.io/argoproj-labs/argocd-extensions" - # -- Tag to use for extensions image - tag: "v0.2.1" + # -- Repository to use for extension installer image + repository: "quay.io/argoprojlabs/argocd-extension-installer" + # -- Tag to use for extension installer image + tag: "v0.0.1" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" + # -- Extensions for Argo CD + # @default -- `[]` (See [values.yaml]) + ## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension + extensionList: [] + # - name: extension-metrics + # env: + # - name: EXTENSION_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + # - name: EXTENSION_CHECKSUM_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt + # -- Server UI extensions container-level security context # @default -- See [values.yaml] containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false + runAsUser: 1000 seccompProfile: type: RuntimeDefault capabilities: From 107bd3bc537eb4d611907c09809ebadea73936ed Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 5 Jan 2024 13:56:59 +0100 Subject: [PATCH 214/617] chore(argo-cd): DRY cleanup of ServiceAccounts (#2409) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 14 +++++++------- .../clusterrolebinding.yaml | 2 +- .../argocd-application-controller/rolebinding.yaml | 8 ++++---- .../serviceaccount.yaml | 14 +++++++------- .../argocd-application-controller/statefulset.yaml | 2 +- .../argocd-applicationset/deployment.yaml | 2 +- .../argocd-applicationset/rolebinding.yaml | 6 +++--- .../argocd-applicationset/serviceaccount.yaml | 14 +++++++------- .../argocd-notifications/clusterrolebinding.yaml | 2 +- .../templates/argocd-notifications/deployment.yaml | 2 +- .../argocd-notifications/rolebinding.yaml | 6 +++--- .../argocd-notifications/serviceaccount.yaml | 14 +++++++------- .../argocd-repo-server/clusterrolebinding.yaml | 2 +- .../templates/argocd-repo-server/deployment.yaml | 2 +- .../templates/argocd-repo-server/rolebinding.yaml | 8 ++++---- .../argocd-repo-server/serviceaccount.yaml | 14 +++++++------- .../argocd-server/clusterrolebinding.yaml | 2 +- .../templates/argocd-server/deployment.yaml | 2 +- .../templates/argocd-server/rolebinding.yaml | 6 +++--- .../templates/argocd-server/serviceaccount.yaml | 14 +++++++------- charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/templates/dex/rolebinding.yaml | 8 ++++---- charts/argo-cd/templates/dex/serviceaccount.yaml | 8 ++++---- charts/argo-cd/templates/redis/deployment.yaml | 2 +- charts/argo-cd/templates/redis/serviceaccount.yaml | 8 ++++---- 26 files changed, 84 insertions(+), 84 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e955494c..91dcac84 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.52.0 +version: 5.52.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Use new Argo CD extension mechanism + description: DRY cleanup of ServiceAccounts diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index b5d62a6a..97ba5c25 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -11,7 +11,7 @@ to 63 chars and it includes 10 chars of hash and a separating '-'. {{/* Create the name of the controller service account to use */}} -{{- define "argo-cd.controllerServiceAccountName" -}} +{{- define "argo-cd.controller.serviceAccountName" -}} {{- if .Values.controller.serviceAccount.create -}} {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} {{- else -}} @@ -40,7 +40,7 @@ Create Dex server endpoint {{/* Create the name of the dex service account to use */}} -{{- define "argo-cd.dexServiceAccountName" -}} +{{- define "argo-cd.dex.serviceAccountName" -}} {{- if .Values.dex.serviceAccount.create -}} {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} {{- else -}} @@ -78,7 +78,7 @@ Return Redis server endpoint {{/* Create the name of the redis service account to use */}} -{{- define "argo-cd.redisServiceAccountName" -}} +{{- define "argo-cd.redis.serviceAccountName" -}} {{- if .Values.redis.serviceAccount.create -}} {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} {{- else -}} @@ -96,7 +96,7 @@ Create argocd server name and version as used by the chart label. {{/* Create the name of the Argo CD server service account to use */}} -{{- define "argo-cd.serverServiceAccountName" -}} +{{- define "argo-cd.server.serviceAccountName" -}} {{- if .Values.server.serviceAccount.create -}} {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} {{- else -}} @@ -114,7 +114,7 @@ Create argocd repo-server name and version as used by the chart label. {{/* Create the name of the repo-server service account to use */}} -{{- define "argo-cd.repoServerServiceAccountName" -}} +{{- define "argo-cd.repoServer.serviceAccountName" -}} {{- if .Values.repoServer.serviceAccount.create -}} {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} {{- else -}} @@ -132,7 +132,7 @@ Create argocd application set name and version as used by the chart label. {{/* Create the name of the application set service account to use */}} -{{- define "argo-cd.applicationSetServiceAccountName" -}} +{{- define "argo-cd.applicationSet.serviceAccountName" -}} {{- if .Values.applicationSet.serviceAccount.create -}} {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }} {{- else -}} @@ -150,7 +150,7 @@ Create argocd notifications name and version as used by the chart label. {{/* Create the name of the notifications service account to use */}} -{{- define "argo-cd.notificationsServiceAccountName" -}} +{{- define "argo-cd.notifications.serviceAccountName" -}} {{- if .Values.notifications.serviceAccount.create -}} {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }} {{- else -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 39ee80a6..9ebe80ad 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -12,6 +12,6 @@ roleRef: name: {{ include "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.controllerServiceAccountName" . }} + name: {{ include "argo-cd.controller.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index 5f07f109..9a87f771 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -1,15 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index fe56d376..1b9619d6 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.controllerServiceAccountName" . }} + name: {{ include "argo-cd.controller.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.controller.serviceAccount.annotations }} + {{- with .Values.controller.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.controller.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - {{- range $key, $value := .Values.controller.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- with .Values.controller.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 31bce299..6d1d3e2f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -55,7 +55,7 @@ spec: {{- if .Values.controller.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} containers: - args: - /usr/local/bin/argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index b704650a..655e8f19 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -55,7 +55,7 @@ spec: {{- if .Values.applicationSet.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index 8a70526c..a012f1ed 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index a196626e..7c0cf017 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.applicationSet.serviceAccount.annotations }} + {{- with .Values.applicationSet.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - {{- range $key, $value := .Values.applicationSet.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- with .Values.applicationSet.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml index 3dba71a2..cfdba38a 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -11,6 +11,6 @@ roleRef: name: {{ include "argo-cd.notifications.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.notificationsServiceAccountName" . }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index edee786a..2ed9f1e8 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -54,7 +54,7 @@ spec: {{- if .Values.notifications.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} containers: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml index 7bc6e1d1..32324190 100644 --- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.notifications.fullname" . }} + name: {{ include "argo-cd.notifications.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.notifications.fullname" . }} + name: {{ include "argo-cd.notifications.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.notificationsServiceAccountName" . }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml index aa824242..8f58ff8d 100644 --- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.notificationsServiceAccountName" . }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.notifications.serviceAccount.annotations }} + {{- with .Values.notifications.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.notifications.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} - {{- range $key, $value := .Values.notifications.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- with .Values.notifications.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index c3e21edb..ba156d24 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -12,6 +12,6 @@ roleRef: name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.repoServerServiceAccountName" . }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 90941428..a9565a2e 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -65,7 +65,7 @@ spec: {{- if .Values.repoServer.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index 8834b778..ea4baded 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.repoServerServiceAccountName" . }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 7b26928f..945483fa 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.repoServerServiceAccountName" . }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.repoServer.serviceAccount.annotations }} + {{- with .Values.repoServer.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - {{- range $key, $value := .Values.repoServer.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- range $key, $value := .Values.repoServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 72e4d450..27fd13d6 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -12,6 +12,6 @@ roleRef: name: {{ include "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.serverServiceAccountName" . }} + name: {{ include "argo-cd.server.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index c56ea680..a09b5656 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -56,7 +56,7 @@ spec: {{- if .Values.server.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 93b1fa94..61276d60 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} @@ -11,5 +11,5 @@ roleRef: name: {{ template "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index 5d03aaf6..12f571fd 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.serverServiceAccountName" . }} + name: {{ include "argo-cd.server.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.server.serviceAccount.annotations }} + {{- with .Values.server.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.server.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- range $key, $value := .Values.server.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- range $key, $value := .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 9f782c8d..c8e2c929 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -58,7 +58,7 @@ spec: {{- if .Values.dex.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} + serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 08da1544..30b92c06 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.dexServiceAccountName" . }} + name: {{ include "argo-cd.dex.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 65abd57c..66bf3076 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.dexServiceAccountName" . }} + name: {{ include "argo-cd.dex.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.dex.serviceAccount.annotations }} + {{- with .Values.dex.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.dex.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 3f272d02..b3182245 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -51,7 +51,7 @@ spec: {{- if .Values.redis.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} containers: - name: {{ .Values.redis.name }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml index 503fb434..f45ece13 100644 --- a/charts/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.redisServiceAccountName" . }} + name: {{ include "argo-cd.redis.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.redis.serviceAccount.annotations }} + {{- with .Values.redis.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.redis.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- end }} From 51bb7f98069940ff6c053915f04b30bf5f546153 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 6 Jan 2024 00:28:42 +0900 Subject: [PATCH 215/617] fix(argocd-image-updater): Update outdated link on README (#2414) * fixed(argocd-image-updater): Update outdated link on README Signed-off-by: yu-croco * fix: correct "ArgoCD" to "Argo CD" Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 ++++-- charts/argocd-image-updater/README.md | 30 +++++++++++--------- charts/argocd-image-updater/README.md.gotmpl | 20 +++++++------ charts/argocd-image-updater/values.yaml | 10 +++---- 4 files changed, 39 insertions(+), 29 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 665f4bad..203c6206 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.1 +version: 0.9.2 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,5 +18,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Introduce chart signing + - kind: fixed + description: Update outdated link on README + - kind: changed + description: Refactor README diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5d5c7253..148a5073 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm helm install argocd-image-updater argo/argocd-image-updater ``` -You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). ## Prerequisites @@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc ## Configuration options -In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. -All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: ```yaml config: @@ -35,12 +35,12 @@ config: plaintext: true ``` -Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. -### ArgoCD API key +### Argo CD API key If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. -Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/). +Please also read [Configuration of Container Registries]. ```yaml config: @@ -52,7 +52,7 @@ If you specify a token value the secret will be created. ### Registries -ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): - Docker Hub - Google Container Registry @@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in - GitHub Container Registry - GitHub Docker Packages -If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. @@ -74,16 +74,16 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) | | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | | config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. | -| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. | +| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. | | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | -| config.argocd.token | string | `""` | If specified, the secret with ArgoCD API key will be created. | +| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | -| config.logLevel | string | `"info"` | ArgoCD Image Update log level | -| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | -| config.sshConfig | object | `{}` | ArgoCD Image Updater ssh client parameter configuration. | +| config.logLevel | string | `"info"` | Argo CD Image Update log level | +| config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | +| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | @@ -125,3 +125,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/README.md.gotmpl b/charts/argocd-image-updater/README.md.gotmpl index bbd2e1b5..68ddd814 100644 --- a/charts/argocd-image-updater/README.md.gotmpl +++ b/charts/argocd-image-updater/README.md.gotmpl @@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm helm install argocd-image-updater argo/argocd-image-updater ``` -You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). ## Prerequisites @@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc ## Configuration options -In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. -All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: ```yaml config: @@ -35,12 +35,12 @@ config: plaintext: true ``` -Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. -### ArgoCD API key +### Argo CD API key If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. -Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/). +Please also read [Configuration of Container Registries]. ```yaml config: @@ -52,7 +52,7 @@ If you specify a token value the secret will be created. ### Registries -ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): - Docker Hub - Google Container Registry @@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in - GitHub Container Registry - GitHub Docker Packages -If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. @@ -71,3 +71,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 90498e26..4d490572 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -77,9 +77,9 @@ config: serverAddress: "" # -- If specified, the certificate of the Argo CD API server is not verified. insecure: false - # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. + # -- If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. plaintext: false - # -- If specified, the secret with ArgoCD API key will be created. + # -- If specified, the secret with Argo CD API key will be created. token: "" # -- Disable kubernetes events @@ -94,10 +94,10 @@ config: # -- Changing the Git commit message gitCommitTemplate: "" - # -- ArgoCD Image Update log level + # -- Argo CD Image Update log level logLevel: "info" - # -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) + # -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) registries: [] # - name: Docker Hub # api_url: https://registry-1.docker.io @@ -122,7 +122,7 @@ config: # credentials: ext:/scripts/auth1.sh # credsexpire: 10h - # -- ArgoCD Image Updater ssh client parameter configuration. + # -- Argo CD Image Updater ssh client parameter configuration. sshConfig: {} # config: | From d1389a90b9906c5ad419b53ced3250ed4208f7ca Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 6 Jan 2024 13:17:33 +0900 Subject: [PATCH 216/617] chore(argo-workflows): Update doc for Argo Workflows server authentication (#2411) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 15 +++++++-------- charts/argo-workflows/README.md.gotmpl | 16 ++++++++-------- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 15950d66..2bfb706d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.3 +version: 0.40.4 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add instruction for SSO + - kind: changed + description: Update doc for Argo Workflows server authentication diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 81e65359..3a2a91d7 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -56,11 +56,6 @@ spec: args: [ "hello world" ] ``` -### Argo Workflows Server SSO -In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. - -In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. - ## Installing the Chart To install the chart with the release name `my-release`: @@ -89,9 +84,12 @@ Please see the upstream [Operator Manual's High Availability page](https://argop This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. -### Workflow server authentication +### Argo Workflows server authentication -By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting. +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. ## Values @@ -392,4 +390,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index aa296179..4d1ec4d5 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -56,11 +56,6 @@ spec: args: [ "hello world" ] ``` -### Argo Workflows Server SSO -In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. - -In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. - ## Installing the Chart To install the chart with the release name `my-release`: @@ -89,9 +84,13 @@ Please see the upstream [Operator Manual's High Availability page](https://argop This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. -### Workflow server authentication +### Argo Workflows server authentication + +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. -By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting. ## Values @@ -209,4 +208,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ From 9892e505f17a24fd13e1aef8248222e141887201 Mon Sep 17 00:00:00 2001 From: Brian Gottfried Date: Sat, 6 Jan 2024 22:30:45 -0600 Subject: [PATCH 217/617] feat(argo-rollouts): Add rollout plugin gloo platform rbac (#2404) * feat(argo-rollouts): Add rollout plugin gloo platform rbac Signed-off-by: Brian Gottfried * feat(argo-rollouts): Add rollout plugin gloo platform rbac information to README Signed-off-by: Brian Gottfried --------- Signed-off-by: Brian Gottfried Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 1 + .../argo-rollouts/templates/controller/clusterrole.yaml | 9 +++++++++ charts/argo-rollouts/templates/controller/role.yaml | 9 +++++++++ charts/argo-rollouts/values.yaml | 2 ++ 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index a879e08c..caf26b58 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.0 +version: 2.34.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Allow setting log config for rollouts dashboard + - kind: added + description: Added Gloo Platform provider RBAC rules diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 23f25df7..3627de83 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -66,6 +66,7 @@ For full list of changes please check ArtifactHub [changelog]. | providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | | providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | | providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | +| providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` | | providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | | providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | | providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 56afb5cb..35fd8215 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -267,5 +267,14 @@ rules: - watch - update {{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index eb69db62..dc656cde 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -256,5 +256,14 @@ rules: - get - update {{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e7a5f133..19ab340e 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -271,6 +271,8 @@ providerRBAC: apisix: true # -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` contour: true + # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` + glooPlatform: true dashboard: # -- Deploy dashboard server From 3a2645782ceaac12a19d630cd870dcf202cee9a2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 10:14:11 +0000 Subject: [PATCH 218/617] chore(argo-events): Update dependency argoproj/argo-events to v1.9.0 (#2417) * chore(argo-events): Update dependency argoproj/argo-events to v1.9.0 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index b9f441fe..d219afc7 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.8.1 +appVersion: v1.9.0 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.1 +version: 2.4.2 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Events to v1.8.1 + description: Bump argo-events to v1.9.0 From 5aaa79be36e9a283a75a148d85ee44b41858e768 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 16:20:25 +0900 Subject: [PATCH 219/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.3 (#2419) * chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.3 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 2bfb706d..54b893cf 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.2 +appVersion: v3.5.3 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.4 +version: 0.40.5 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Update doc for Argo Workflows server authentication + description: Bump argo-workflows to v3.5.3 From 1cc80bfe107ccf24379ba71cf024311c8240ee89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 09:09:25 -0600 Subject: [PATCH 220/617] chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#2421) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e86279fa..76b0264c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: SARIF file path: results.sarif From 524089b9dfbcd78b26ec78a502dbe9ce1e1f6df7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Jan 2024 17:10:59 +0900 Subject: [PATCH 221/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.4 (#2422) * chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.4 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 54b893cf..ed2e3048 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.3 +appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.5 +version: 0.40.6 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.3 + description: Bump argo-workflows to v3.5.4 From e6de8c47b9afaeb55aee532f35f9ed01c1323abb Mon Sep 17 00:00:00 2001 From: Aman Gupta Date: Mon, 15 Jan 2024 14:42:39 +0530 Subject: [PATCH 222/617] docs(argo-cd): Fix policy.csv block (#2423) * Minor Changes to policy.csv block Added Missing ':' Signed-off-by: Aman Gupta * Update Chart.yaml Signed-off-by: Aman Gupta * Update Changelog Signed-off-by: Aman Gupta --------- Signed-off-by: Aman Gupta --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 91dcac84..42cfbcc2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.52.1 +version: 5.52.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: DRY cleanup of ServiceAccounts + - kind: fixed + description: Missing colon for policy.csv block diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index bc93065e..8b725375 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -291,7 +291,7 @@ configs: # p, subject, resource, action, object, effect # Role definitions and bindings are in the form: # g, subject, inherited-subject - # policy.csv | + # policy.csv: | # p, role:org-admin, applications, *, */*, allow # p, role:org-admin, clusters, get, *, allow # p, role:org-admin, repositories, *, *, allow From d5b942a873af4fe0826d099895efa4fed476ecce Mon Sep 17 00:00:00 2001 From: Lucas Fernando Cardoso Nunes Date: Wed, 17 Jan 2024 04:56:17 -0300 Subject: [PATCH 223/617] docs(argo-workflows): fix wrong `artifactRepository` identations on values.yaml (#2426) * fix: wrong `artifactRepository` identations on values.yaml on `artifactRepository.gcs` the following 3 keys were in the same level: - `.serviceAccountKeySecret` - `.name` - `.key` Signed-off-by: Lucas Fernando Cardoso Nunes * Update Chart.yaml Signed-off-by: Lucas Fernando Cardoso Nunes --------- Signed-off-by: Lucas Fernando Cardoso Nunes --- charts/argo-workflows/Chart.yaml | 6 ++-- charts/argo-workflows/values.yaml | 58 +++++++++++++++---------------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ed2e3048..f529072b 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.6 +version: 0.40.7 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.4 + - kind: fixed + description: Wrong identation in artifactRepository block diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index e6440439..570f5986 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -769,41 +769,41 @@ artifactRepository: # roleARN: # useSDKCreds: true # encryptionOptions: - # enableEncryption: true + # enableEncryption: true # -- Store artifact in a GCS object store # @default -- `{}` (See [values.yaml]) gcs: {} - # bucket: -argo - # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey + # bucket: -argo + # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" + # # serviceAccountKeySecret is a secret selector. + # # It references the k8s secret named 'my-gcs-credentials'. + # # This secret is expected to have have the key 'serviceAccountKey', + # # containing the base64 encoded credentials + # # to the bucket. + # # + # # If it's running on GKE and Workload Identity is used, + # # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey # -- Store artifact in Azure Blob Storage # @default -- `{}` (See [values.yaml]) azure: {} - # endpoint: https://mystorageaccountname.blob.core.windows.net - # container: my-container-name - # blobNameFormat: path/in/container - ## accountKeySecret is a secret selector. - ## It references the k8s secret named 'my-azure-storage-credentials'. - ## This secret is expected to have have the key 'account-access-key', - ## containing the base64 encoded credentials to the storage account. - ## If a managed identity has been assigned to the machines running the - ## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity) - ## then accountKeySecret is not needed, and useSDKCreds should be - ## set to true instead: - # useSDKCreds: true - # accountKeySecret: - # name: my-azure-storage-credentials - # key: account-access-key + # endpoint: https://mystorageaccountname.blob.core.windows.net + # container: my-container-name + # blobNameFormat: path/in/container + # # accountKeySecret is a secret selector. + # # It references the k8s secret named 'my-azure-storage-credentials'. + # # This secret is expected to have have the key 'account-access-key', + # # containing the base64 encoded credentials to the storage account. + # # If a managed identity has been assigned to the machines running the + # # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity) + # # then accountKeySecret is not needed, and useSDKCreds should be + # # set to true instead: + # useSDKCreds: true + # accountKeySecret: + # name: my-azure-storage-credentials + # key: account-access-key # -- The section of custom artifact repository. # Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) From e37093f273b1843a78e01268ca55777670f6b8a8 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 18 Jan 2024 15:21:37 +0900 Subject: [PATCH 224/617] feat(argocd-image-updater): Support extra K8s manifests (#2429) * feat(argocd-image-updater): Support extra K8s manifests Signed-off-by: yu-croco * chore(argocd-image-updater): add CI for extraObjects Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 ++--- charts/argocd-image-updater/README.md | 1 + .../ci/enable-extra-objects-values.yaml | 14 +++++++++ .../templates/extra-manifests.yaml | 8 +++++ charts/argocd-image-updater/values.yaml | 29 +++++++++++++++++++ 5 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 charts/argocd-image-updater/ci/enable-extra-objects-values.yaml create mode 100644 charts/argocd-image-updater/templates/extra-manifests.yaml diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 203c6206..613f76aa 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.2 +version: 0.9.3 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,7 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Update outdated link on README - - kind: changed - description: Refactor README + - kind: added + description: Support extra K8s manifests diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 148a5073..c62e480f 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -86,6 +86,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | +| extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | | image.pullPolicy | string | `"Always"` | Default image pull policy | | image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository | diff --git a/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key diff --git a/charts/argocd-image-updater/templates/extra-manifests.yaml b/charts/argocd-image-updater/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argocd-image-updater/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 4d490572..f06edf3b 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -42,6 +42,35 @@ extraEnv: [] # - name: AWS_REGION # value: "us-west-1" +# -- Extra K8s manifests to deploy for argocd-image-updater +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argocd-image-updater-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argocd-image-updater" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argocd-image-updater-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + # -- Init containers to add to the image updater pod initContainers: [] # - name: download-tools From 508162f1cc9852ccfbac6fb46b8e7c180d95d298 Mon Sep 17 00:00:00 2001 From: Michele Sacchetti Date: Thu, 18 Jan 2024 14:56:33 +0100 Subject: [PATCH 225/617] feat(argo-cd): Add optional mapping of argocd-repo-server emptydir to custom volumes (#2410) * Add optional volumes to replace emptydir Provide user-driven option to replace emptydir volumes with desired solution Signed-off-by: Michele Sacchetti * existingVolumes default values provide default values with empy object to ensure default behavior is backward-compatible Signed-off-by: Michele Sacchetti * Update Chart.yaml bump version Signed-off-by: Michele Sacchetti * Update Chart.yaml add changelog Signed-off-by: Michele Sacchetti * fix docs fix docs on new entry Signed-off-by: Michele Sacchetti * fix readme Signed-off-by: Michele Sacchetti * Update README.md.gotmpl Signoff commit Signed-off-by: Michele Sacchetti * fix readme Signed-off-by: Michele Sacchetti * fixCamelCase Signed-off-by: Michele Sacchetti --------- Signed-off-by: Michele Sacchetti --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 5 +++++ charts/argo-cd/README.md.gotmpl | 4 ++++ .../argocd-repo-server/deployment.yaml | 20 +++++++++++++++++++ charts/argo-cd/values.yaml | 18 +++++++++++++++++ 5 files changed, 50 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 42cfbcc2..6986775f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.52.2 +version: 5.53.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Missing colon for policy.csv block + - kind: added + description: Optionally map argocd-repo-server emptydir volumes on custom volumes diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 919149b5..ed421bb4 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + ### 5.52.0 Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. @@ -609,6 +613,7 @@ NAME: my-release | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | +| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | | repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | | repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | | repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index ba94725f..bb296e6a 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + ### 5.52.0 Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index a9565a2e..2a18df6c 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -373,14 +373,30 @@ spec: {{- end }} {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: helm-working-dir + {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} + {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: plugins + {{- if .Values.repoServer.existingVolumes.plugins -}} + {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: var-files + {{- if .Values.repoServer.existingVolumes.varFiles -}} + {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.repoServer.existingVolumes.tmp -}} + {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: ssh-known-hosts configMap: name: argocd-ssh-known-hosts-cm @@ -391,7 +407,11 @@ spec: configMap: name: argocd-gpg-keys-cm - name: gpg-keyring + {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} + {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8b725375..ab8c7d0a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2217,6 +2217,24 @@ repoServer: # - name: cmp-tmp # emptyDir: {} + # -- Volumes to be used in replacement of emptydir on default volumes + existingVolumes: {} + # gpgKeyring: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-keyring + # helmWorkingDir: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-workdir + # tmp: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-tmp + # varFiles: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-varfiles + # plugins: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-plugins + # -- Toggle the usage of a ephemeral Helm working directory useEphemeralHelmWorkingDir: true From 0a851b87efd35640084a5aae09dc1103b0b3aad8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 06:48:24 +0100 Subject: [PATCH 226/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.9.4 (#2434) --- charts/argo-cd/Chart.yaml | 8 ++++---- .../templates/argocd-application-controller/role.yaml | 10 +++++++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6986775f..38cdee65 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.3 +appVersion: v2.9.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.0 +version: 5.53.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Optionally map argocd-repo-server emptydir volumes on custom volumes + - kind: changed + description: Bump argo-cd to v2.9.4 diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index 56ef17b5..ea550e1f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -34,4 +34,12 @@ rules: - events verbs: - create - - list \ No newline at end of file + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch From f2fa2ce9cb5e031225c360e53d32775ca9966a1d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 20:19:53 +0000 Subject: [PATCH 227/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.9.5 (#2436) --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 38cdee65..bd8560da 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.4 +appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.1 +version: 5.53.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.9.4 + description: Bump argo-cd to v2.9.5 From cc5b21f9adf064b1a60ee466ec727106f092badc Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 20 Jan 2024 21:07:38 +0900 Subject: [PATCH 228/617] docs(argo-cd): Add reference for Argo CD extensions (#2438) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/values.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bd8560da..33fc7c71 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.2 +version: 5.53.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.9.5 + - kind: added + description: Add reference for Argo CD extensions. diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ab8c7d0a..3863513d 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1577,6 +1577,8 @@ server: ## Argo CD extensions ## This function in tech preview stage, do expect instability or breaking changes in newer versions. ## Ref: https://github.com/argoproj-labs/argocd-extension-installer + ## When you enable extensions, you need to configure RBAC of logged in Argo CD user. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource extensions: # -- Enable support for Argo CD extensions enabled: false From 1b5f7874227c3d4cd66f540cd471860a4a0e8003 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Jan 2024 06:49:38 -0600 Subject: [PATCH 229/617] chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#2441) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 76b0264c..ebce033b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 with: name: SARIF file path: results.sarif From be7ed3d232e6369e03c8600a44fea6fcb32aa0be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Jan 2024 06:52:58 -0600 Subject: [PATCH 230/617] chore(deps): bump tj-actions/changed-files from 41.0.1 to 42.0.0 (#2440) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 30bd26ee..3f62f59b 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # v41.0.1 + uses: tj-actions/changed-files@ae82ed4ae04587b665efad2f206578aa6f0e8539 # v42.0.0 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 9e31be4a603eabab31df4b570df6e727c9ff9991 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 21 Jan 2024 22:35:46 +0900 Subject: [PATCH 231/617] feat(argo-cd): Support Azure DevOps webhook Secret (#2439) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/argocd-configs/argocd-secret.yaml | 4 ++++ charts/argo-cd/values.yaml | 6 ++++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 33fc7c71..7bd023e1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.3 +version: 5.53.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Add reference for Argo CD extensions. + description: Support Azure DevOps webhook Secret diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ed421bb4..22218736 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -493,6 +493,8 @@ NAME: my-release | configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret | | configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password | | configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` | +| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events | +| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events | | configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events | | configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events | | configs.secret.createSecret | bool | `true` | Create the argocd-secret | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 1e69bcea..3011904a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -34,6 +34,10 @@ data: {{- with .Values.configs.secret.gogsSecret }} webhook.gogs.secret: {{ . | b64enc }} {{- end }} + {{- with .Values.configs.secret.azureDevops }} + webhook.azuredevops.username: {{ .username }} + webhook.azuredevops.password: {{ .password | b64enc }} + {{- end }} {{- with .Values.configs.secret.argocdServerTlsConfig }} tls.key: {{ .key | b64enc }} tls.crt: {{ .crt | b64enc }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 3863513d..df03a58f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -516,6 +516,12 @@ configs: bitbucketUUID: "" # -- Shared secret for authenticating Gogs webhook events gogsSecret: "" + ## Azure DevOps + azureDevops: + # -- Shared secret username for authenticating Azure DevOps webhook events + username: "" + # -- Shared secret password for authenticating Azure DevOps webhook events + password: "" # -- add additional secrets to be added to argocd-secret ## Custom secrets. Useful for injecting SSO secrets into environment variables. From 53620e31022d27d0580e23ad600304e6be616130 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 22 Jan 2024 19:14:32 +0900 Subject: [PATCH 232/617] fix(argo-cd): Fix fail to render `.Values.configs.secret.azureDevops` (#2443) * fix(argo-cd): Fix fail to render `.Values.configs.secret.azureDevops` Signed-off-by: yu-croco * chore(argo-cd): Remove unnecessary comment Signed-off-by: yu-croco * fix(argo-cd): base64 username Signed-off-by: yu-croco * fix(argo-cd): correct syntax Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-configs/argocd-secret.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7bd023e1..bf53fe4f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.4 +version: 5.53.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support Azure DevOps webhook Secret + - kind: fixed + description: Fix fail to render `.Values.configs.secret.azureDevops` diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 3011904a..4561440a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} {{- end }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: {{- with .Values.configs.secret.githubSecret }} @@ -34,9 +34,9 @@ data: {{- with .Values.configs.secret.gogsSecret }} webhook.gogs.secret: {{ . | b64enc }} {{- end }} - {{- with .Values.configs.secret.azureDevops }} - webhook.azuredevops.username: {{ .username }} - webhook.azuredevops.password: {{ .password | b64enc }} + {{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }} + webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} + webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} {{- end }} {{- with .Values.configs.secret.argocdServerTlsConfig }} tls.key: {{ .key | b64enc }} From 5ac542fabb7db08f52f1551ccbcfc99f274596a6 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 22 Jan 2024 22:09:08 +0900 Subject: [PATCH 233/617] chore(argo-cd): Provide Casbin matcher explicitly (#2445) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bf53fe4f..c204c098 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.5 +version: 5.53.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix fail to render `.Values.configs.secret.azureDevops` + - kind: added + description: Provide Casbin matcher explicitly diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 22218736..cab5f054 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -485,6 +485,7 @@ NAME: my-release | configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | +| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. | | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | | configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. | | configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index df03a58f..84da62d2 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -303,6 +303,9 @@ configs: # The scope value can be a string, or a list of strings. scopes: "[groups]" + # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. + policy.matchMode: "glob" + # GnuPG public keys for commit verification ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ gpg: From c734875b81faa0e07bd567ebef4bb345d67a7d8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Estrela?= <6763969+joaoestrela@users.noreply.github.com> Date: Mon, 22 Jan 2024 23:54:49 +0000 Subject: [PATCH 234/617] chore(argo-cd): Change redis repository to public.ecr.aws (#2446) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Estrela --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c204c098..10451acf 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.6 +version: 5.53.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Provide Casbin matcher explicitly + - kind: changed + description: Change redis repository to public.ecr.aws diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index cab5f054..0fe0c966 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1041,7 +1041,7 @@ The main options are listed here: | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | -| redis-ha.image.repository | string | `"redis"` | Redis repository | +| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | | redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 84da62d2..6ad0d4bf 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1404,7 +1404,7 @@ redis-ha: ## Redis image image: # -- Redis repository - repository: redis + repository: public.ecr.aws/docker/library/redis # -- Redis tag tag: 7.0.13-alpine ## Prometheus redis-exporter sidecar From 9e70f24c64ee5fda44ce6c2edeeaa5bd73b8d7da Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Tue, 23 Jan 2024 01:07:30 +0000 Subject: [PATCH 235/617] docs(argo-cd): Update docs with the correct default for application.instanceLabelKey (#2447) docs: Update docs with the correct default for application.instanceLabelKey Signed-off-by: Matt Dainty --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 10451acf..ab8d07cd 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.7 +version: 5.53.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Change redis repository to public.ecr.aws + description: Updated documented default value for application.instanceLabelKey. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 0fe0c966..88280075 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -450,7 +450,7 @@ NAME: my-release |-----|------|---------|-------------| | configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | -| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6ad0d4bf..58560eb5 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -161,7 +161,6 @@ configs: url: "" # -- The name of tracking label used by Argo CD for resource pruning - # @default -- Defaults to app.kubernetes.io/instance application.instanceLabelKey: argocd.argoproj.io/instance # -- Enable logs RBAC enforcement From 03c26fc21f804060559ee78f9b21459d6a513667 Mon Sep 17 00:00:00 2001 From: James Slater <844263+SlaterByte@users.noreply.github.com> Date: Wed, 24 Jan 2024 18:57:56 -0500 Subject: [PATCH 236/617] fix(argo-workflows): Fix trailing whitespace in controller ConfigMap (#2451) This commit addresses two places where trailing whitespace may be generated in the workflow-controller ConfigMap. When the value `.resourceRateLimit` is not null, a trailing whitespace is added after "resourceRateLimit:". This commit trims that whitespace. When the value `.sso.redirectUrl` is left as the default of empty string, a trailing whitespace is left after "redirectUrl:" as this value is not quoted. This commit pipes this value through `quote` to ensure this whitespace is no longer trailing and instead followed by `"` pair. The main motivation of this commit is to generate a workflow-controller ConfigMap that is properly pretty-printed, which trailing whitespace prevents. Signed-off-by: James Slater Co-authored-by: James Slater --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/controller/workflow-controller-config-map.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f529072b..50f60329 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.7 +version: 0.40.8 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Wrong identation in artifactRepository block + description: Remove trailing whitespace from `.resourceRateLimit` when value is set and `.sso.redirectUrl` when value is an empty string. diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d3ad349b..2d5ebdd0 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -19,7 +19,7 @@ data: parallelism: {{ .Values.controller.parallelism }} {{- end }} {{- if .Values.controller.resourceRateLimit }} - resourceRateLimit: {{ toYaml .Values.controller.resourceRateLimit | nindent 6 }} + resourceRateLimit: {{- toYaml .Values.controller.resourceRateLimit | nindent 6 }} {{- end }} {{- with .Values.controller.namespaceParallelism }} namespaceParallelism: {{ . }} @@ -141,7 +141,7 @@ data: clientSecret: name: {{ .Values.server.sso.clientSecret.name }} key: {{ .Values.server.sso.clientSecret.key }} - redirectUrl: {{ .Values.server.sso.redirectUrl }} + redirectUrl: {{ .Values.server.sso.redirectUrl | quote }} rbac: enabled: {{ .Values.server.sso.rbac.enabled }} {{- with .Values.server.sso.scopes }} From bc89bb5dd6b4c71e5eea38bffe808307ea76ea28 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 25 Jan 2024 16:07:29 +0900 Subject: [PATCH 237/617] docs(argocd-apps): Add deprecated note for Argo CD Extensions (#2449) * docs(argocd-apps): Add deprecated note for Argo CD Extensions Signed-off-by: yu-croco * fix(argocd-apps): Remove broken CI Signed-off-by: yu-croco * chore(argocd-apps): Bump minor version due to deprecation Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/README.md | 2 +- charts/argocd-apps/ci/extensions-values.yaml | 12 ------------ charts/argocd-apps/values.yaml | 2 +- 4 files changed, 5 insertions(+), 17 deletions(-) delete mode 100644 charts/argocd-apps/ci/extensions-values.yaml diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 5494db99..ecc79c3e 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.4.1 +version: 1.5.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: syncOptions for applications + - kind: deprecated + description: Add deprecated note for Argo CD Extensions diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index 0e5bbbe2..2cc1541f 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -30,7 +30,7 @@ $ helm install my-release argo/argocd-apps |-----|------|---------|-------------| | applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | | applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | -| extensions | list | `[]` (See [values.yaml]) | Deploy Argo UI Extensions within this helm release | +| extensions | list | `[]` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | | itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | | projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | diff --git a/charts/argocd-apps/ci/extensions-values.yaml b/charts/argocd-apps/ci/extensions-values.yaml deleted file mode 100644 index 15a9fa73..00000000 --- a/charts/argocd-apps/ci/extensions-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Test with extensions - -extensions: - - name: example - namespace: default - additionalLabels: {} - additionalAnnotations: {} - sources: - - git: - url: https://github.com/argoproj-labs/argocd-example-extension.git - - web: - url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index a7996369..fb31bde1 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -219,7 +219,7 @@ itemTemplates: [] # server: '{{`{{cluster}}`}}' # namespace: guestbook -# -- Deploy Argo UI Extensions within this helm release +# -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. # @default -- `[]` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. ## Ref: https://github.com/argoproj-labs/argocd-extensions From 9bb5330eb8157c55fd34371c5056b5532fccb753 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 26 Jan 2024 00:31:11 -0600 Subject: [PATCH 238/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.5 (#2453) --- charts/argo-rollouts/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index caf26b58..38882433 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.4 +appVersion: v1.6.5 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.1 +version: 2.34.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added Gloo Platform provider RBAC rules + - kind: changed + description: Bump argo-rollouts to v1.6.5 From 1de9659d1c3f8086a9c130d4bd80647e2ac556bf Mon Sep 17 00:00:00 2001 From: Ishan Sharma <38211728+ishuar@users.noreply.github.com> Date: Fri, 26 Jan 2024 08:35:45 +0100 Subject: [PATCH 239/617] fix(argo-cd): Fix Repo server `serviceaccount` label template (#2454) Signed-off-by: ishuar Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/serviceaccount.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ab8d07cd..5cb85cc2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.8 +version: 5.53.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Updated documented default value for application.instanceLabelKey. + - kind: fixed + description: Fixed labels template for ArgoCD server service account. diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index 12f571fd..a8efe1e5 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- range $key, $value := .Values.server.serviceAccount.labels }} + {{- with .Values.server.serviceAccount.labels }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} From a2c964045a81b81477804b38f38be20c3c1af185 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 27 Jan 2024 06:02:37 +0900 Subject: [PATCH 240/617] docs(argo-workflows): Add MySQL persistence support explicitly on README (#2448) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 14 +++++++++++++- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 50f60329..778b83f7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.8 +version: 0.40.9 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Remove trailing whitespace from `.resourceRateLimit` when value is set and `.sso.redirectUrl` when value is an empty string. + - kind: added + description: Add MySQL persistence support explicitly on README diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 3a2a91d7..fa730ddc 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -186,7 +186,7 @@ Fields to note: | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | | controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time | | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | -| controller.persistence | object | `{}` | enable persistence using postgres | +| controller.persistence | object | `{}` | enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. | | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | | controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers | | controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 570f5986..101aafba 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -146,7 +146,8 @@ controller: capabilities: drop: - ALL - # -- enable persistence using postgres + # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. + ## Ref: https://argo-workflows.readthedocs.io/en/latest/workflow-archive/ persistence: {} # connectionPool: # maxIdleConns: 100 @@ -171,6 +172,17 @@ controller: # # sslMode must be one of: disable, require, verify-ca, verify-full # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq # sslMode: require + # mysql: + # host: localhost + # port: 3306 + # database: argo + # tableName: argo_workflows + # userNameSecret: + # name: argo-mysql-config + # key: username + # passwordSecret: + # name: argo-mysql-config + # key: password # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # Only valid for 2.7+ From a31b3f02de21d6273bcd92e1a22bae4fa5155c25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jan 2024 05:55:28 -0600 Subject: [PATCH 241/617] chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#2457) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ebce033b..45338c22 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: name: SARIF file path: results.sarif From b40ec3246783703920d82c7b6defc4ab1775db3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jan 2024 09:27:37 -0600 Subject: [PATCH 242/617] chore(deps): bump tj-actions/changed-files from 42.0.0 to 42.0.2 (#2458) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 3f62f59b..43b6b5ba 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@ae82ed4ae04587b665efad2f206578aa6f0e8539 # v42.0.0 + uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 47102d9768ff2a4cd1657e017a7df8631950b0b5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 29 Jan 2024 22:58:33 +0900 Subject: [PATCH 243/617] fix(argo-cd): Restart argocd-server when argocd-cm CM is updated (#2459) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/deployment.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5cb85cc2..3c17096f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.9 +version: 5.53.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed labels template for ArgoCD server service account. + description: Restart argocd-server when argocd-cm CM is updated diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index a09b5656..fc1e3f7e 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -27,6 +27,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} From 3b7a005ce359b3cc1a23b4ac4ce2ea760b847e09 Mon Sep 17 00:00:00 2001 From: Imran Ismail Date: Tue, 30 Jan 2024 13:34:04 +1300 Subject: [PATCH 244/617] feat(argocd-apps): support ignoreApplicationDifferences for appsets (#2442) * feat(argocd-apps): support ignoreApplicationDifferences Signed-off-by: imranismail * chore: bump version Signed-off-by: Imran Ismail --------- Signed-off-by: imranismail Signed-off-by: Imran Ismail Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/ci/applicationsets-values.yaml | 4 ++++ charts/argocd-apps/templates/applicationsets.yaml | 4 ++++ charts/argocd-apps/values.yaml | 4 ++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index ecc79c3e..693b73d5 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.5.0 +version: 1.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: deprecated - description: Add deprecated note for Argo CD Extensions + - kind: added + description: ability to specify ignoreApplicationDifferences for applicationsets diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index 6142b1bb..e4f9101b 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -13,6 +13,10 @@ applicationsets: directories: - path: guestbook - path: kustomize-* + # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync + ignoreApplicationDifferences: + - jsonPointers: + - /spec/syncPolicy template: metadata: name: '{{path.basename}}' diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 0d3a47e9..d3fcdd69 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -27,6 +27,10 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} {{- with .strategy }} + {{- with .ignoreApplicationDifferences }} + ignoreApplicationDifferences: + {{- toYaml . | nindent 4 }} + {{- end }} strategy: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index fb31bde1..87874dad 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -106,6 +106,10 @@ applicationsets: [] # directories: # - path: guestbook # - path: kustomize-* +# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync +# ignoreApplicationDifferences: +# - jsonPointers: +# - /spec/syncPolicy # # Progressive Syncs is an experimental feature and it must be explicitly enabled # # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs # strategy: From 1f824314d48591fb14ea633ac324594e850d651e Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Tue, 30 Jan 2024 12:46:30 +0200 Subject: [PATCH 245/617] feat(argo-cd): bump redis deps to fix cves (#2466) * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 8 ++++---- charts/argo-cd/values.yaml | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3c17096f..46942075 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.10 +version: 5.53.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Restart argocd-server when argocd-cm CM is updated + - kind: security + description: updated redis and redis exporter images to fix some cves diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 88280075..0244b6d7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -967,13 +967,13 @@ server: | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.13-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -1032,7 +1032,7 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | @@ -1042,7 +1042,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 58560eb5..dce6df2f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1182,7 +1182,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.13-alpine + tag: 7.0.15-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1198,7 +1198,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.53.0 + tag: 1.57.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1405,7 +1405,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.13-alpine + tag: 7.0.15-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1413,7 +1413,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.53.0 + tag: 1.57.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false From 8b98cf177a6a1bd0900004435ac782cee0a66ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20G=C3=A4rtner?= Date: Tue, 30 Jan 2024 17:58:02 +0100 Subject: [PATCH 246/617] fix(argo-cd): bump dex image version to fix cves (#2468) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: René Gärtner --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 46942075..3cbebd17 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.11 +version: 5.53.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: security - description: updated redis and redis exporter images to fix some cves + description: updated dex image version to fix cves diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 0244b6d7..c8420005 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -885,7 +885,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.37.0"` | Dex image tag | +| dex.image.tag | string | `"v2.38.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index dce6df2f..7b8976b3 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -944,7 +944,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.37.0 + tag: v2.38.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From dc738a111b11862afff31279655683c497c815cb Mon Sep 17 00:00:00 2001 From: Imran Ismail Date: Fri, 2 Feb 2024 22:37:27 +1300 Subject: [PATCH 247/617] fix(argocd-apps): move ignoreApplicationDifferences block up a level (#2471) Signed-off-by: imranismail --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/templates/applicationsets.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 693b73d5..811c39e8 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.6.0 +version: 1.6.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: ability to specify ignoreApplicationDifferences for applicationsets + - kind: fixed + description: move ignoreApplicationDifferences block up a level to fix render diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index d3fcdd69..10560075 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -26,11 +26,11 @@ spec: generators: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .strategy }} {{- with .ignoreApplicationDifferences }} ignoreApplicationDifferences: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} From 865f45211942624f33927ce9d8b2d60d69a206b1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Feb 2024 23:50:17 +0100 Subject: [PATCH 248/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.9.6 (#2473) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3cbebd17..e311b5c2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.5 +appVersion: v2.9.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.12 +version: 5.53.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: updated dex image version to fix cves + - kind: changed + description: Bump argo-cd to v2.9.6 From 186065e31f82319a87c56ae626c9ed0c7018e750 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 2 Feb 2024 18:44:56 -0600 Subject: [PATCH 249/617] docs(argo-workflows): update documentation links to readthedocs (#2472) argo-workflows docs moved from github pages to readthedocs Signed-off-by: jmeridth Co-authored-by: Aikawa --- CONTRIBUTING.md | 2 +- charts/argo-workflows/Chart.yaml | 8 ++++---- charts/argo-workflows/README.md | 10 +++++----- charts/argo-workflows/README.md.gotmpl | 8 ++++---- charts/argo-workflows/ci/ha-values.yaml | 4 ++-- charts/argo-workflows/values.yaml | 18 +++++++++--------- 6 files changed, 25 insertions(+), 25 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f9861dcb..c20486f6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -124,7 +124,7 @@ helm install charts/argo-workflows -n argo argo version ``` -Follow [these](https://argoproj.github.io/argo-workflows/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow. +Follow [these](https://argo-workflows.readthedocs.io/en/stable/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow. ### Testing Argo CD Changes diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 778b83f7..048385d4 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,8 +3,8 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.9 -icon: https://argoproj.github.io/argo-workflows/assets/logo.png +version: 0.40.10 +icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: - https://github.com/argoproj/argo-workflows @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add MySQL persistence support explicitly on README + - kind: fixed + description: Update argo-workflows documentation links to readthedocs diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index fa730ddc..75ecb19a 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -78,7 +78,7 @@ For full list of changes, please check ArtifactHub [changelog]. ### High Availability This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. -Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. ### Workflow controller @@ -354,7 +354,7 @@ Fields to note: | artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | -| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). Each map key is the name of configmap | +| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). Each map key is the name of configmap | | customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | @@ -381,7 +381,7 @@ Fields to note: [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters -[links]: https://argoproj.github.io/argo-workflows/links/ +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ [columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -390,5 +390,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ -[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 4d1ec4d5..69838b5a 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -78,7 +78,7 @@ For full list of changes, please check ArtifactHub [changelog]. ### High Availability This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. -Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. ### Workflow controller @@ -199,7 +199,7 @@ Fields to note: [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters -[links]: https://argoproj.github.io/argo-workflows/links/ +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ [columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -208,5 +208,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ -[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/ci/ha-values.yaml b/charts/argo-workflows/ci/ha-values.yaml index 3dfbb572..2f495169 100644 --- a/charts/argo-workflows/ci/ha-values.yaml +++ b/charts/argo-workflows/ci/ha-values.yaml @@ -1,7 +1,7 @@ -# Sample values for High Availability configuration, following https://argoproj.github.io/argo-workflows/high-availability/ +# Sample values for High Availability configuration, following https://argo-workflows.readthedocs.io/en/stable/high-availability/ controller: - # in v3.0+, a second controller can be ran as a hot-standby: https://argoproj.github.io/argo-workflows/high-availability/#workflow-controller + # in v3.0+, a second controller can be ran as a hot-standby: https://argo-workflows.readthedocs.io/en/stable/high-availability/#workflow-controller replicas: 2 # should be strictly greater than PDB minAvailable # enable PDB with at least one Pod pdb: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 101aafba..5ec3bac2 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -147,7 +147,7 @@ controller: drop: - ALL # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. - ## Ref: https://argo-workflows.readthedocs.io/en/latest/workflow-archive/ + ## Ref: https://argo-workflows.readthedocs.io/en/stable/workflow-archive/ persistence: {} # connectionPool: # maxIdleConns: 100 @@ -186,12 +186,12 @@ controller: # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # Only valid for 2.7+ - ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/ + ## See more: https://argo-workflows.readthedocs.io/en/stable/default-workflow-specs/ workflowDefaults: {} # spec: # ttlStrategy: # secondsAfterCompletion: 84600 - # # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/ + # # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/ # artifactRepositoryRef: # configMap: my-artifact-repository # default is "artifact-repositories" # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. @@ -343,7 +343,7 @@ controller: priorityClassName: "" # -- Configure Argo Server to show custom [links] - ## Ref: https://argoproj.github.io/argo-workflows/links/ + ## Ref: https://argo-workflows.readthedocs.io/en/stable/links/ links: [] # -- Configure Argo Server to show custom [columns] ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 @@ -556,7 +556,7 @@ server: # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. ## See the following documentation for more details on secure mode: - ## https://argoproj.github.io/argo-workflows/tls/ + ## https://argo-workflows.readthedocs.io/en/stable/tls/ secure: false # -- Extra environment variables to provide to the argo-server container @@ -568,11 +568,11 @@ server: authMode: "" # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. - ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ authModes: [] # -- Extra arguments to provide to the Argo server binary. - ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server/#options extraArgs: [] logging: @@ -829,7 +829,7 @@ customArtifactRepository: {} # name: artifactory-creds # key: password -# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). +# -- The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). # Each map key is the name of configmap # @default -- `{}` (See [values.yaml]) artifactRepositoryRef: {} @@ -884,7 +884,7 @@ artifactRepositoryRef: {} emissary: # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. - ## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary + ## See more: https://argo-workflows.readthedocs.io/en/stable/workflow-executors/#emissary-emissary images: [] # argoproj/argosay:v2: # cmd: [/argosay] From 4a50afcc77ed8e06b076d69f220b21f9b186f069 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 5 Feb 2024 08:25:42 +0200 Subject: [PATCH 250/617] chore(argo-cd): refresh from upstream (#2474) * refresh from upstream Signed-off-by: drfaust92 * refresh from upstream Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 --- charts/argo-cd/Chart.yaml | 4 +-- .../argocd-notifications/clusterrole.yaml | 33 +++++++++++++++++-- .../templates/argocd-server/deployment.yaml | 6 ++++ .../argo-cd/templates/crds/crd-project.yaml | 8 +++-- 4 files changed, 44 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e311b5c2..67714f08 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.13 +version: 5.53.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.9.6 + description: refresh from upstream diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index 927d30a0..793bb5d3 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -10,13 +10,42 @@ rules: {{- toYaml . | nindent 2 }} {{- end }} - apiGroups: - - "argoproj.io" + - argoproj.io resources: - - "applications" + - applications + - appprojects verbs: - get - list - watch - update - patch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch + {{- if .Values.notifications.cm.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get + {{- end }} + {{- if .Values.notifications.secret.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index fc1e3f7e..130aa623 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -299,6 +299,12 @@ spec: name: argocd-cmd-params-cm key: server.enable.proxy.extension optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 0a6da4f0..8a6bbd95 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -99,7 +99,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -107,8 +108,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array From 5da598289d1fb0494a53ccaa1a7f9f0017ad424b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Blondel?= Date: Tue, 6 Feb 2024 14:11:23 +0100 Subject: [PATCH 251/617] feat(argo-cd): Add Probes for redis (#2400) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argo-cd): Add Probes for redis Signed-off-by: François Blondel * fix: redis: move probes scripts from tpl file into configmap Signed-off-by: François Blondel * Version Bump Signed-off-by: François Blondel * feat: set Redis probes optionnal and disabled by default Signed-off-by: François Blondel --------- Signed-off-by: François Blondel Co-authored-by: François Blondel --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 24 ++++++++ .../argo-cd/templates/redis/deployment.yaml | 58 ++++++++++++++++++- .../templates/redis/health-configmap.yaml | 35 +++++++++++ charts/argo-cd/values.yaml | 58 +++++++++++++++++++ 5 files changed, 176 insertions(+), 5 deletions(-) create mode 100644 charts/argo-cd/templates/redis/health-configmap.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 67714f08..941238ac 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.14 +version: 5.54.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: refresh from upstream + - kind: added + description: Add Probes for redis diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c8420005..95ed6468 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -968,6 +968,18 @@ server: | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | +| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter (optional) | +| redis.exporter.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | @@ -976,6 +988,12 @@ server: | redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | +| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.metrics.enabled | bool | `false` | Deploy metrics service | | redis.metrics.service.annotations | object | `{}` | Metrics service annotations | | redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | @@ -1003,6 +1021,12 @@ server: | redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | | redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | | redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods | +| redis.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index b3182245..94c445c8 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -72,6 +72,32 @@ spec: envFrom: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} ports: - name: redis containerPort: {{ .Values.redis.containerPorts.redis }} @@ -82,8 +108,10 @@ spec: securityContext: {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.redis.volumeMounts }} volumeMounts: + - mountPath: /health + name: health + {{- with .Values.redis.volumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} {{- if .Values.redis.exporter.enabled }} @@ -102,6 +130,28 @@ spec: - name: metrics containerPort: {{ .Values.redis.containerPorts.metrics }} protocol: TCP + {{- if .Values.redis.exporter.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.exporter.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.redis.exporter.resources | nindent 10 }} {{- with .Values.redis.exporter.containerSecurityContext }} @@ -139,8 +189,12 @@ spec: {{- end }} {{- end }} {{- end }} - {{- with .Values.redis.volumes }} volumes: + - name: health + configMap: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + defaultMode: 0755 + {{- with .Values.redis.volumes }} {{- toYaml . | nindent 8}} {{- end }} {{- with .Values.redis.dnsConfig }} diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml new file mode 100644 index 00000000..fd0ecff7 --- /dev/null +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -0,0 +1,35 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7b8976b3..b3fc3ef5 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1215,6 +1215,35 @@ redis: drop: - ALL + ## Probes for Redis exporter (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter (optional) + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + # -- Resource limits and requests for redis-exporter sidecar resources: {} # limits: @@ -1244,6 +1273,35 @@ redis: # - secretRef: # name: secret-name + ## Probes for Redis server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + # -- Additional containers to be added to the redis pod ## Note: Supports use of custom Helm templates extraContainers: [] From 0b79f5e5c1beb4912e32c473c5a1f77fbf1f2e8b Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 7 Feb 2024 08:10:12 +0100 Subject: [PATCH 252/617] feat(argo-cd): Upgrade Argo CD to 2.10.0 (#2476) * chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.0 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update CRDs to v2.10.0 Signed-off-by: Petr Drastil * Add variables for new features Signed-off-by: Petr Drastil * Fix version in Chart.yaml Signed-off-by: Petr Drastil --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Petr Drastil Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 +- .../statefulset.yaml | 42 ++++ .../argocd-applicationset/deployment.yaml | 6 + .../argocd-notifications/deployment.yaml | 6 + .../argocd-repo-server/deployment.yaml | 24 +++ .../templates/argocd-server/deployment.yaml | 24 +++ .../templates/crds/crd-application.yaml | 76 +++++++ .../templates/crds/crd-applicationset.yaml | 194 ++++++++++++++++++ .../argo-cd/templates/crds/crd-project.yaml | 2 +- 9 files changed, 377 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 941238ac..09ccbc76 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.6 +appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.54.0 +version: 5.55.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add Probes for redis + - kind: changed + description: Upgrade argo-cd to v2.10.0 diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 6d1d3e2f..5a8c3745 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -122,6 +122,18 @@ spec: name: argocd-cm key: timeout.hard.reconciliation optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -236,6 +248,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -254,6 +278,24 @@ spec: name: argocd-cmd-params-cm key: controller.kubectl.parallelism.limit optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 655e8f19..4a5f75a5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -210,6 +210,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.allowed.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 2ed9f1e8..f9b766f4 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -91,6 +91,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 2a18df6c..c47fb1f7 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -201,6 +201,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -249,6 +261,18 @@ spec: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 130aa623..08ef3650 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -287,6 +287,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -299,6 +311,18 @@ spec: name: argocd-cmd-params-cm key: server.enable.proxy.extension optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true - name: ARGOCD_API_CONTENT_TYPES valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 03401574..9869efbb 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -330,6 +330,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for @@ -658,6 +664,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -1103,6 +1115,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps @@ -1421,6 +1439,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize @@ -1892,6 +1916,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -2224,6 +2254,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -2700,6 +2736,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations @@ -3049,6 +3092,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations @@ -3513,6 +3563,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -3855,6 +3911,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -4341,6 +4404,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -4683,6 +4752,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 8d7409e5..02623f6c 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -255,6 +255,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -465,6 +469,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -834,6 +842,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1044,6 +1056,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1417,6 +1433,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1627,6 +1647,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1980,6 +2004,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2190,6 +2218,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2567,6 +2599,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2777,6 +2813,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3146,6 +3186,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3356,6 +3400,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3729,6 +3777,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3939,6 +3991,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4292,6 +4348,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4502,6 +4562,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4865,6 +4929,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5075,6 +5143,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5618,6 +5690,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5828,6 +5904,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6366,6 +6446,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6576,6 +6660,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6943,6 +7031,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7153,6 +7245,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7530,6 +7626,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7740,6 +7840,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8109,6 +8213,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8319,6 +8427,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8692,6 +8804,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8902,6 +9018,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9255,6 +9375,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9465,6 +9589,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9828,6 +9956,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10038,6 +10170,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10581,6 +10717,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10791,6 +10931,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11329,6 +11473,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11539,6 +11687,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11910,6 +12062,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12120,6 +12276,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12480,6 +12640,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12690,6 +12854,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13233,6 +13401,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13443,6 +13615,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13981,6 +14157,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14191,6 +14371,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14633,6 +14817,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14843,6 +15031,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -15002,6 +15194,8 @@ spec: - metadata - spec type: object + templatePatch: + type: string required: - generators - template diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 8a6bbd95..38801469 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -14,7 +14,7 @@ metadata: app.kubernetes.io/part-of: argocd {{- with .Values.crds.additionalLabels }} {{- toYaml . | nindent 4}} - {{- end }} + {{- end }} name: appprojects.argoproj.io spec: group: argoproj.io From b8212e0b300e2cf68249802df892dfa561d475f8 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 7 Feb 2024 22:40:05 +0100 Subject: [PATCH 253/617] chore(argo-cd): Remove deprecated features and redesign Ingress (#2407) * chore(argo-cd): Remove deprecated features Signed-off-by: Petr Drastil * Remove wildcard catch all ingress rule Signed-off-by: Petr Drastil * Add ingress extra rules Signed-off-by: Petr Drastil * Remove unnecessary ingress variables Signed-off-by: Petr Drastil * Improve documentation Signed-off-by: Petr Drastil * Replace ingress paths and hosts with single backend service Signed-off-by: Petr Drastil * Use only port number to support all ingress controllers Signed-off-by: Petr Drastil * Minor gRPC fixes Signed-off-by: Petr Drastil * Simplify TLS configuration Signed-off-by: Petr Drastil * Decouple AWS and GKE ALB from generic ingress Signed-off-by: Petr Drastil * Remove map nesting for ApplicationSet ingress Signed-off-by: Petr Drastil * Use example.com domain Signed-off-by: Petr Drastil * Remove fallback for argocd-cm checksum annotation Signed-off-by: Petr Drastil * Add revisionHistoryLimit for controller Signed-off-by: Petr Drastil * Update README Signed-off-by: Petr Drastil * Update README Signed-off-by: Petr Drastil --------- Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 12 +- charts/argo-cd/README.md | 136 +++++-- charts/argo-cd/README.md.gotmpl | 69 ++++ charts/argo-cd/templates/NOTES.txt | 132 +------ charts/argo-cd/templates/_helpers.tpl | 2 +- charts/argo-cd/templates/_versions.tpl | 13 - .../clusterrole.yaml | 3 +- .../clusterrolebinding.yaml | 3 +- .../statefulset.yaml | 35 +- .../argocd-applicationset/deployment.yaml | 16 +- .../argocd-applicationset/ingress.yaml | 64 ++++ .../webhook-ingress.yaml | 73 ---- .../templates/argocd-configs/argocd-cm.yaml | 4 +- .../argocd-configs/argocd-gpg-keys-cm.yaml | 4 +- .../argocd-configs/argocd-rbac-cm.yaml | 6 +- .../argocd-configs/argocd-secret.yaml | 6 +- .../argocd-ssh-known-hosts-cm.yaml | 8 +- .../argocd-configs/argocd-tls-certs-cm.yaml | 8 +- .../argocd-repo-server/clusterrole.yaml | 3 +- .../clusterrolebinding.yaml | 3 +- .../argocd-repo-server/deployment.yaml | 8 - .../templates/argocd-server/aws/ingress.yaml | 71 ++++ .../templates/argocd-server/aws/service.yaml | 6 +- .../templates/argocd-server/clusterrole.yaml | 5 +- .../argocd-server/clusterrolebinding.yaml | 3 +- .../templates/argocd-server/deployment.yaml | 10 +- .../argocd-server/gke/backendconfig.yaml | 10 +- .../argocd-server/gke/frontendconfig.yaml | 8 +- .../templates/argocd-server/gke/ingress.yaml | 69 ++++ .../argocd-server/gke/managedcertificate.yaml | 11 +- .../templates/argocd-server/ingress-grpc.yaml | 70 ++-- .../templates/argocd-server/ingress.yaml | 90 ++--- charts/argo-cd/values.yaml | 358 ++++++++++-------- 33 files changed, 685 insertions(+), 634 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-applicationset/ingress.yaml delete mode 100644 charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml create mode 100644 charts/argo-cd/templates/argocd-server/aws/ingress.yaml create mode 100644 charts/argo-cd/templates/argocd-server/gke/ingress.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 09ccbc76..14b62197 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.55.0 +version: 6.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,13 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: removed + description: Support for deprecated features + - kind: removed + description: Wildcard catch all ingress rule + - kind: added + description: Ingress extra rules to allow custom ingress custom rules + - kind: added + description: Dedicated ingress implementation for AWS and GKE Application Load Balancers - kind: changed - description: Upgrade argo-cd to v2.10.0 + description: Support for multiple ingress hosts and paths refactored into `extraHosts` and `extraPaths` diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 95ed6468..862a818e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,15 +105,84 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Specific ingress implementations for cloud providers were decoupled from generic ingress resource. + +To configure AWS Application Load Balancer: + +```yaml +server: + ingress: + enabled: true + controller: aws + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + aws: + backendProtocolVersion: HTTP2 + serviceType: NodePort +``` + +To configure GKE Application Load Balancer: + +```yaml +configs: + params: + "server.insecure": true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true +``` + ### 5.53.0 Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() ### 5.52.0 + Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. ### 5.35.0 + This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -399,7 +468,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides | object | `{}` | | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | @@ -516,7 +585,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | -| controller.args | object | `{}` | DEPRECATED - Application controller commandline flags | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | @@ -575,6 +643,7 @@ NAME: my-release | controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | +| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -686,12 +755,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | -| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | -| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | -| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | -| server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | -| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | @@ -744,28 +807,37 @@ NAME: my-release | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | +| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | -| server.ingress.extraPaths | list | `[]` | Additional ingress paths | -| server.ingress.hosts | list | `[]` | List of ingress hosts | -| server.ingress.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration | +| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | +| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | +| server.ingress.hostname | string | `"argocd.example.com"` | Argo CD server hostname | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.path | string | `"/"` | The path to Argo CD server | | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingress.paths | list | `["/"]` | List of ingress paths | -| server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` | | server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | -| server.ingressGrpc.awsALB.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | -| server.ingressGrpc.awsALB.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | | server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | -| server.ingressGrpc.extraPaths | list | `[]` | Additional ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.hosts | list | `[]` | List of ingress hosts for dedicated [gRPC-ingress] | -| server.ingressGrpc.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` | Argo CD server hostname for dedicated [gRPC-ingress] | | server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | | server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB | | server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | +| server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | | server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingressGrpc.paths | list | `["/"]` | List of ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.tls | list | `[]` | Ingress TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` | | server.initContainers | list | `[]` | Init containers to add to the server pod | | server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container | | server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | @@ -1101,7 +1173,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | @@ -1125,7 +1196,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | -| applicationSet.extraArgs | list | `[]` | List of extra cli args to add | +| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | | applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | | applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the ApplicationSet controller | @@ -1135,6 +1206,18 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller | | applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller | | applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.ingress.annotations | object | `{}` | Additional ingress annotations | +| applicationSet.ingress.enabled | bool | `false` | Enable an ingress resource for ApplicationSet webhook | +| applicationSet.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | +| applicationSet.ingress.hostname | string | `"argocd.example.com"` | Argo CD ApplicationSet hostname | +| applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | +| applicationSet.ingress.labels | object | `{}` | Additional ingress labels | +| applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | +| applicationSet.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| applicationSet.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` | | applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod | | applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | | applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | @@ -1190,15 +1273,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | -| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | -| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks | -| applicationSet.webhook.ingress.extraPaths | list | `[]` | Additional ingress paths | -| applicationSet.webhook.ingress.hosts | list | `[]` | List of ingress hosts | -| applicationSet.webhook.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | -| applicationSet.webhook.ingress.labels | object | `{}` | Additional ingress labels | -| applicationSet.webhook.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| applicationSet.webhook.ingress.paths | list | `["/api/webhook"]` | List of ingress paths | -| applicationSet.webhook.ingress.tls | list | `[]` | Ingress TLS configuration | ## Notifications diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index bb296e6a..5dc99217 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,15 +104,84 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Specific ingress implementations for cloud providers were decoupled from generic ingress resource. + +To configure AWS Application Load Balancer: + +```yaml +server: + ingress: + enabled: true + controller: aws + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + aws: + backendProtocolVersion: HTTP2 + serviceType: NodePort +``` + +To configure GKE Application Load Balancer: + +```yaml +configs: + params: + "server.insecure": true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true +``` + ### 5.53.0 Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() ### 5.52.0 + Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. ### 5.35.0 + This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 1b626796..f2dbdfab 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,133 +1,3 @@ -{{- if .Values.controller.args.statusProcessors }} -DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors -{{- end }} -{{- if .Values.controller.args.operationProcessors }} -DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors -{{- end }} -{{- if .Values.controller.args.appResyncPeriod }} -DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation -{{- end }} -{{- if .Values.controller.args.appHardResyncPeriod }} -DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation -{{- end }} -{{- if .Values.controller.args.selfHealTimeout }} -DEPRECATED option controller.args.selfHealTimeout - Use configs.params.controller.self.heal.timeout.seconds -{{- end }} -{{- if .Values.controller.args.repoServerTimeoutSeconds }} -DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds -{{- end }} -{{- if .Values.controller.logFormat }} -DEPRECATED option controller.logFormat - Use configs.params.controller.log.format -{{- end }} -{{- if .Values.controller.logLevel }} -DEPRECATED option controller.logLevel - Use configs.params.controller.log.level -{{- end }} -{{- if .Values.server.logFormat }} -DEPRECATED option server.logFormat - Use configs.params.server.log.format -{{- end }} -{{- if .Values.server.logLevel }} -DEPRECATED option server.logLevel - Use configs.params.server.log.level -{{- end }} -{{- if has "--insecure" .Values.server.extraArgs }} -DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure -{{- end }} -{{- if .Values.repoServer.logFormat }} -DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format -{{- end }} -{{- if .Values.repoServer.logLevel }} -DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level -{{- end }} -{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }} -DEPRECATED option server.config - Use configs.cm -{{- end }} -{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }} -DEPRECATED option server.rbacConfig - Use configs.rbac -{{- end }} -{{- if .Values.configs.secret.argocdServerTlsConfig }} -DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret -{{- end }} -{{- if .Values.configs.gpgKeys }} -DEPRECATED option configs.gpgKeys - Use config.gpg.keys -{{- end }} -{{- if .Values.configs.gpgKeysAnnotations }} -DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations -{{- end }} -{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if .Values.configs.knownHostsAnnotations }} -DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations -{{- end }} -{{- if hasKey .Values.configs "knownHosts" }} -DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts -{{- end }} -{{- if .Values.configs.tlsCertsAnnotations }} -DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations -{{- end }} -{{- if hasKey .Values.configs "tlsCerts" }} -DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates -{{- end }} -{{- if .Values.applicationSet.replicaCount }} -DEPRECATED option applicationSet.replicaCount - Use applicationSet.replicas -{{- end }} -{{- if .Values.applicationSet.logFormat }} -DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format -{{- end }} -{{- if .Values.applicationSet.logLevel }} -DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level -{{- end }} -{{- if .Values.applicationSet.args.policy }} -DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy -{{- end }} -{{- if .Values.applicationSet.args.dryRun }} -DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun -{{- end }} -{{- if .Values.controller.service }} -REMOVED option controller.service - Use controller.metrics -{{- end }} -{{- if .Values.repoServer.copyutil }} -REMOVED option repoSever.copyutil.resources - Use repoServer.resources -{{- end }} -{{- if .Values.applicationSet.args.debug }} -REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug -{{- end }} -{{- if .Values.applicationSet.args.enableLeaderElection }} -REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas -{{- end }} -{{- if .Values.controller.containerPort }} -REMOVED option controller.containerPort - Use controller.containerPorts -{{- end }} -{{- if .Values.server.containerPort }} -REMOVED option server.containerPort - Use server.containerPorts -{{- end }} -{{- if .Values.repoServer.containerPort }} -REMOVED option repoServer.containerPort - Use repoServer.containerPorts -{{- end }} -{{- if .Values.applicationSet.args.metricsAddr }} -REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts -{{- end }} -{{- if .Values.applicationSet.args.probeBindAddr }} -REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts -{{- end }} -{{- if .Values.redis.containerPort }} -REMOVED option redis.containerPort - Use redis.containerPorts -{{- end }} -{{- if .Values.redis.metrics.containerPort }} -REMOVED option redis.metrics.containerPort - Use redis.containerPorts -{{- end }} -{{- if .Values.apiVersionOverrides.autoscaling }} -REMOVED option apiVersionOverrides.autoscaling - API autoscaling/v2 is GA from 1.23 -{{- end }} -{{- if .Values.apiVersionOverrides.certmanager }} -REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22 -{{- end }} - In order to access the server UI you have the following options: 1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 @@ -139,7 +9,7 @@ In order to access the server UI you have the following options: - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts -{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}} +{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 97ba5c25..4898172f 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -173,7 +173,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration) Merge Argo Configuration with Preset Configuration */}} {{- define "argo-cd.config.cm" -}} -{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}} +{{- $config := omit .Values.configs.cm "create" "annotations" -}} {{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}} {{- range $key, $value := mergeOverwrite $preset $config }} {{- $fmted := $value | toString }} diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index 5d65fcd6..966dad97 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -5,16 +5,3 @@ Return the target Kubernetes version {{- define "argo-cd.kubeVersion" -}} {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- end }} - -{{/* -Return the appropriate apiVersion for GKE resources -*/}} -{{- define "argo-cd.apiVersions.cloudgoogle" -}} -{{- if .Values.apiVersionOverrides.cloudgoogle -}} -{{- print .Values.apiVersionOverrides.cloudgoogle -}} -{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} -{{- print "cloud.google.com/v1" -}} -{{- else -}} -{{- print "cloud.google.com/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 5ebe00b3..615b56f9 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.controller.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 9ebe80ad..7b6df782 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.controller.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 5a8c3745..c08a4a34 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -13,8 +13,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: replicas: {{ .Values.controller.replicas }} - # TODO: Remove for breaking release as history limit cannot be patched - revisionHistoryLimit: 5 + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} serviceName: {{ include "argo-cd.controller.fullname" . }} selector: matchLabels: @@ -66,38 +65,6 @@ spec: - {{ . }} {{- end }} {{- end }} - {{- with .Values.controller.args.statusProcessors }} - - --status-processors - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.operationProcessors }} - - --operation-processors - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.appResyncPeriod }} - - --app-resync - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.appHardResyncPeriod }} - - --app-hard-resync - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.selfHealTimeout }} - - --self-heal-timeout-seconds - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.repoServerTimeoutSeconds }} - - --repo-server-timeout-seconds - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 4a5f75a5..96fc3804 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -17,7 +17,7 @@ spec: strategy: {{- trim . | nindent 4 }} {{- end }} - replicas: {{ .Values.applicationSet.replicas | default .Values.applicationSet.replicaCount }} + replicas: {{ .Values.applicationSet.replicas }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: @@ -65,20 +65,6 @@ spec: - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} - {{- with .Values.applicationSet.args.policy }} - - --policy={{ . }} - {{- end }} - {{- with .Values.applicationSet.args.dryRun }} - - --dry-run={{ . }} - {{- end }} - {{- with .Values.applicationSet.logFormat }} - - --logformat - - {{ . }} - {{- end }} - {{- with .Values.applicationSet.logLevel }} - - --loglevel - - {{ . }} - {{- end }} {{- with .Values.applicationSet.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml new file mode 100644 index 00000000..ce01e7c6 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -0,0 +1,64 @@ +{{- if and .Values.applicationSet.enabled .Values.applicationSet.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + {{- if .Values.applicationSet.ingress.hostname }} + - host: {{ .Values.applicationSet.ingress.hostname }} + http: + paths: + {{- with .Values.applicationSet.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.applicationSet.ingress.path }} + pathType: {{ $.Values.applicationSet.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- end }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" . }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- end }} + {{- with .Values.applicationSet.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} + tls: + {{- if .Values.applicationSet.ingress.tls }} + - hosts: + - {{ .Values.applicationSet.ingress.hostname }} + secretName: argocd-application-controller-tls + {{- end }} + {{- with .Values.applicationSet.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml deleted file mode 100644 index d98f9423..00000000 --- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}} -{{- $servicePort := .Values.applicationSet.service.portName -}} -{{- $paths := .Values.applicationSet.webhook.ingress.paths -}} -{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}} -{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - {{- with .Values.applicationSet.webhook.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.applicationSet.webhook.ingress.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - {{- with .Values.applicationSet.webhook.ingress.ingressClassName }} - ingressClassName: {{ . }} - {{- end }} - rules: - {{- if .Values.applicationSet.webhook.ingress.hosts }} - {{- range $host := .Values.applicationSet.webhook.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.applicationSet.webhook.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index 829a6776..c0c8bc86 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -1,4 +1,4 @@ -{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} +{{- if .Values.configs.cm.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }} + {{- with .Values.configs.cm.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index 982867f9..f94113a2 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -5,13 +5,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} - {{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}} + {{- with .Values.configs.gpg.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}} +{{- with .Values.configs.gpg.keys }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index c882cb39..f9b62f76 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -1,4 +1,4 @@ -{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }} +{{- if .Values.configs.rbac.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,13 +6,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }} + {{- with .Values.configs.rbac.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }} +{{- with (omit .Values.configs.rbac "create" "annotations") }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 4561440a..9e25e376 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} {{- end }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: {{- with .Values.configs.secret.githubSecret }} @@ -38,10 +38,6 @@ data: webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} {{- end }} - {{- with .Values.configs.secret.argocdServerTlsConfig }} - tls.key: {{ .key | b64enc }} - tls.crt: {{ .crt | b64enc }} - {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index a7f3abdf..845d219d 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }} + {{- with .Values.configs.ssh.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -13,11 +13,7 @@ metadata: {{- end }} data: ssh_known_hosts: | - {{- if hasKey .Values.configs "knownHosts" }} - {{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }} - {{- else }} - {{- .Values.configs.ssh.knownHosts | nindent 4 }} - {{- end }} + {{- .Values.configs.ssh.knownHosts | nindent 4 }} {{- with .Values.configs.ssh.extraHosts }} {{- . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 6a5a95e5..fa6e7433 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -5,19 +5,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }} + {{- with .Values.configs.tls.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- if hasKey .Values.configs "tlsCerts" }} - {{- with .Values.configs.tlsCerts }} - {{- toYaml . | nindent 0 }} - {{- end }} -{{- else }} {{- with .Values.configs.tls.certificates }} data: {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml index 21dff1a9..e6efa08a 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index ba156d24..f15b1cec 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index c47fb1f7..2d232591 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -74,14 +74,6 @@ spec: - /usr/local/bin/argocd-repo-server - --port={{ .Values.repoServer.containerPorts.server }} - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} - {{- with .Values.repoServer.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.repoServer.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.repoServer.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml new file mode 100644 index 00000000..181e2b9d --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }}-grpc + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index e9032f92..376699e3 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} apiVersion: v1 kind: Service metadata: annotations: - alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }} + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }} labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc @@ -21,5 +21,5 @@ spec: selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None - type: {{ .Values.server.ingressGrpc.awsALB.serviceType }} + type: {{ .Values.server.ingress.aws.serviceType }} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index bd10316b..f4877980 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.server.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -31,7 +30,7 @@ rules: - pods/log verbs: - get - {{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }} + {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" resources: diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 27fd13d6..1e5a98fa 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.server.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 08ef3650..6de12319 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -27,7 +27,7 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} - {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + {{- if .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} @@ -68,14 +68,6 @@ spec: - /usr/local/bin/argocd-server - --port={{ .Values.server.containerPorts.server }} - --metrics-port={{ .Values.server.containerPorts.metrics }} - {{- with .Values.server.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.server.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml index e2ae3d84..cd040c90 100644 --- a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -1,11 +1,13 @@ -{{- if .Values.server.GKEbackendConfig.enabled }} -apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }} +apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.backendConfig }} spec: - {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} + {{- toYaml . | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index 31687596..d8b3b1ea 100644 --- a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -1,11 +1,13 @@ -{{- if .Values.server.GKEfrontendConfig.enabled }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }} apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.frontendConfig }} spec: - {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} + {{- toYaml . | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml new file mode 100644 index 00000000..ffa583e4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + ingressClassName: "gce" + {{- if .Values.server.ingress.gke.managedCertificate.create }} + networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- if .Values.server.ingress.gke.frontendConfig }} + networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ .Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 942c6b3f..569063be 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -1,12 +1,15 @@ -{{- if .Values.server.GKEmanagedCertificate.enabled }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }} apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: domains: - {{- with .Values.server.GKEmanagedCertificate.domains }} - {{- toYaml . | nindent 4 }} + - {{ .Values.server.ingress.hostname }} + {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index b671f86f..c4ce93c3 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,8 +1,7 @@ -{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} -{{- $paths := .Values.server.ingressGrpc.paths -}} -{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} -{{- $pathType := .Values.server.ingressGrpc.pathType -}} +{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} +{{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -24,50 +23,43 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.server.ingressGrpc.hosts }} - {{- range $host := .Values.server.ingressGrpc.hosts }} - - host: {{ $host }} + - host: {{ $hostname }} http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} + {{- with .Values.server.ingressGrpc.extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ .Values.server.ingressGrpc.path }} + pathType: {{ .Values.server.ingressGrpc.pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" $ }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingressGrpc.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ default .Values.server.ingressGrpc.path .path }} + pathType: {{ default .Values.server.ingressGrpc.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" $ }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.server.ingressGrpc.tls }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingressGrpc.tls }} + - hosts: + - {{ $hostname }} + secretName: {{ printf "%s-tls" $hostname }} + {{- end }} + {{- with .Values.server.ingressGrpc.tls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index a142bb66..5d8959e7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -1,8 +1,6 @@ -{{- if .Values.server.ingress.enabled -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} -{{- $paths := .Values.server.ingress.paths -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $pathType := .Values.server.ingress.pathType -}} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -13,78 +11,54 @@ metadata: {{- with .Values.server.ingress.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.server.ingress.annotations }} + {{- with .Values.server.ingress.annotations }} annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} - alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | - [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] - {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host | quote }} + - host: {{ .Values.server.ingress.hostname }} http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} - {{- range $p := $paths }} - {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - - path: {{ $p }} - pathType: {{ $.Values.server.ingressGrpc.pathType }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} backend: service: - name: {{ template "argo-cd.server.fullname" $ }}-grpc + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.server.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" $ }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.server.ingress.tls }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b3fc3ef5..146dac34 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -11,9 +11,7 @@ kubeVersionOverride: "" # Override APIVersions # If you want to template helm charts but cannot access k8s API server # you can set api versions here -apiVersionOverrides: - # -- String to override apiVersion of GKE resources rendered by this helm chart - cloudgoogle: "" # cloud.google.com/v1 +apiVersionOverrides: {} # -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles @@ -442,16 +440,6 @@ configs: # insecure: false # caData: "" - # DEPRECATED - Moved to configs.ssh.annotations - # knownHostsAnnotations: {} - # DEPRECATED - Moved to configs.ssh.knownHosts - # knownHosts: {} - - # DEPRECATED - Moved to configs.tls.annotations - # tlsCertsAnnotations: {} - # DEPRECATED - Moved to configs.tls.certificates - # tlsCerts: {} - # -- Repository credentials to be used as Templates for other repos ## Creates a secret for each key/value specified below to create repository credentials credentialTemplates: {} @@ -533,12 +521,6 @@ configs: {} # LDAP_PASSWORD: "mypassword" - # -- Argo TLS Data - # DEPRECATED - Use server.certificate or server.certificateSecret - # argocdServerTlsConfig: - # key: '' - # crt: '' - # -- Bcrypt hashed admin password ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` @@ -595,6 +577,9 @@ controller: # Additional replicas will cause sharding of managed clusters across number of replicas. replicas: 1 + # -- Maximum number of controller revisions that will be maintained in StatefulSet history + revisionHistoryLimit: 5 + ## Application controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -627,22 +612,6 @@ controller: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- DEPRECATED - Application controller commandline flags - args: {} - # DEPRECATED - Use configs.params to override - # # -- define the application controller `--status-processors` - # statusProcessors: "20" - # # -- define the application controller `--operation-processors` - # operationProcessors: "10" - # # -- define the application controller `--app-hard-resync` - # appHardResyncPeriod: "0" - # # -- define the application controller `--app-resync` - # appResyncPeriod: "180" - # # -- define the application controller `--self-heal-timeout-seconds` - # selfHealTimeout: "5" - # # -- define the application controller `--repo-server-timeout-seconds` - # repoServerTimeoutSeconds: "60" - # -- Additional command line arguments to pass to application controller extraArgs: [] @@ -1992,29 +1961,47 @@ server: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # Argo CD server ingress configuration ingress: # -- Enable an ingress resource for the Argo CD server enabled: false - # -- Additional ingress annotations - annotations: {} + # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke` + ## Additional configuration might be required in related configuration sections + controller: generic # -- Additional ingress labels labels: {} + # -- Additional ingress annotations + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + annotations: {} + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # -- Defines which ingress controller will implement the resource ingressClassName: "" - # -- List of ingress hosts - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argocd.example.com + # -- Argo CD server hostname + ## NOTE: Hostname must be provided if Ingress is enabled + hostname: argocd.example.com + + # -- The path to Argo CD server + path: / - # -- List of ingress paths - paths: - - / # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` + ## You can create this secret via `certificate` or `certificateSecret` option + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) extraPaths: [] # - path: /* # pathType: Prefix @@ -2024,17 +2011,70 @@ server: # port: # name: use-annotation - # -- Ingress TLS configuration - tls: [] - # - secretName: your-certificate-name - # hosts: - # - argocd.example.com + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false + # -- Additional TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - hosts: + # - argocd.example.com + # secretName: your-certificate-name - # dedicated ingress for gRPC as documented at - # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ + # AWS specific options for Application Load Balancer + # Applies only when `serv.ingress.controller` is set to `aws` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode + aws: + # -- Backend protocol version for the AWS ALB gRPC service + ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features + backendProtocolVersion: HTTP2 + # -- Service type for the AWS ALB gRPC service + ## Can be of type NodePort or ClusterIP depending on which mode you are running. + ## Instance mode needs type NodePort, IP mode needs type ClusterIP + ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic + serviceType: NodePort + + # Google specific options for Google Application Load Balancer + # Applies only when `server.ingress.controller` is set to `gke` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress + gke: + # -- Google [BackendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + backendConfig: {} + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + + # -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + frontendConfig: {} + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + + # Managed GKE certificate for ingress hostname + managedCertificate: + # -- Create ManagedCertificate resource and annotations for Google Load balancer + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + create: true + # -- Additional domains for ManagedCertificate resource + extraDomains: [] + # - argocd.example.com + + # Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts ingressGrpc: # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] enabled: false @@ -2047,32 +2087,27 @@ server: # -- Defines which ingress controller will implement the resource [gRPC-ingress] ingressClassName: "" - awsALB: - # -- Service type for the AWS ALB gRPC service - ## Service Type if isAWSALB is set to true - ## Can be of type NodePort or ClusterIP depending on which mode you are - ## are running. Instance mode needs type NodePort, IP mode needs type - ## ClusterIP - ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic - serviceType: NodePort - # -- Backend protocol version for the AWS ALB gRPC service - ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features - backendProtocolVersion: HTTP2 + # -- Argo CD server hostname for dedicated [gRPC-ingress] + hostname: "" - # -- List of ingress hosts for dedicated [gRPC-ingress] - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - ## - hosts: [] - # - argocd.example.com + # -- Argo CD server ingress path for dedicated [gRPC-ingress] + path: / - # -- List of ingress paths for dedicated [gRPC-ingress] - paths: - - / # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` + ## TLS certificate will be retrieved from a TLS secret with name: `-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: grpc.argocd.example.com + # path: / + # -- Additional ingress paths for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) extraPaths: [] # - path: /* # pathType: Prefix @@ -2082,15 +2117,25 @@ server: # port: # name: use-annotation - # -- Ingress TLS configuration for dedicated [gRPC-ingress] - tls: [] + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http + + # -- Additional TLS configuration for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + extraTls: [] # - secretName: your-certificate-name # hosts: # - argocd.example.com - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false - # Create a OpenShift Route with SSL passthrough for UI and CLI # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: @@ -2107,38 +2152,6 @@ server: # -- Termination policy of Openshift Route termination_policy: None - GKEbackendConfig: - # -- Enable BackendConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [BackendConfigSpec] - spec: {} - # spec: - # iap: - # enabled: true - # oauthclientCredentials: - # secretName: argocd-secret - - ## Create a Google Managed Certificate for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs - GKEmanagedCertificate: - # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. - enabled: false - # -- Domains for the Google Managed Certificate - domains: - - argocd.example.com - - ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters - GKEfrontendConfig: - # -- Enable FrontConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [FrontendConfigSpec] - spec: {} - # spec: - # redirectToHttps: - # enabled: true - # responseCodeName: RESPONSE_CODE - ## Repo Server repoServer: # -- Repo server name @@ -2558,16 +2571,7 @@ applicationSet: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- DEPRECATED - ApplicationSet controller command line flags - args: {} - # DEPRECATED - Use configs.params.applicationsetcontroller.policy to override - # -- How application is synced between the generator and the cluster - # policy: sync - # DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override - # -- Enable dry run mode - # dryRun: false - - # -- List of extra cli args to add + # -- ApplicationSet controller command line flags extraArgs: [] # -- Environment variables to pass to the ApplicationSet controller @@ -2772,51 +2776,6 @@ applicationSet: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" - ## Webhook for the Git Generator - ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) - webhook: - ingress: - # -- Enable an ingress resource for Webhooks - enabled: false - # -- Additional ingress annotations - annotations: {} - # -- Additional ingress labels - labels: {} - # -- Defines which ingress ApplicationSet controller will implement the resource - ingressClassName: "" - - # -- List of ingress hosts - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argocd-applicationset.example.com - - # -- List of ingress paths - paths: - - /api/webhook - # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` - pathType: Prefix - # -- Additional ingress paths - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - # -- Ingress TLS configuration - tls: [] - # - secretName: argocd-applicationset-tls - # hosts: - # - argocd-applicationset.example.com - # TLS certificate configuration via cert-manager ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration certificate: @@ -2858,6 +2817,69 @@ applicationSet: # -- Annotations to be applied to the ApplicationSet Certificate annotations: {} + ## Ingress for the Git Generator webhook + ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) + ingress: + # -- Enable an ingress resource for ApplicationSet webhook + enabled: false + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + annotations: {} + + # -- Defines which ingress ApplicationSet controller will implement the resource + ingressClassName: "" + + # -- Argo CD ApplicationSet hostname + ## NOTE: Hostname must be provided if Ingress is enabled + hostname: argocd.example.com + + # -- List of ingress paths + path: /api/webhook + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-application-controller-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http + + # -- Additional ingress TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: argocd-applicationset-tls + # hosts: + # - argocd-applicationset.example.com + ## Notifications controller notifications: # -- Enable notifications controller From e785763b59a43b16ed95b25ea1053f1d2f55ba38 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 8 Feb 2024 11:58:53 +0100 Subject: [PATCH 254/617] fix(argo-cd): Fix ingress extraHosts (#2479) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 14 +++------- .../argocd-applicationset/ingress.yaml | 26 +++++++++---------- .../templates/argocd-server/aws/ingress.yaml | 6 ++--- .../templates/argocd-server/gke/ingress.yaml | 6 ++--- .../templates/argocd-server/ingress-grpc.yaml | 6 ++--- .../templates/argocd-server/ingress.yaml | 6 ++--- 6 files changed, 28 insertions(+), 36 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 14b62197..a69f6fb0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.0 +version: 6.0.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,13 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: removed - description: Support for deprecated features - - kind: removed - description: Wildcard catch all ingress rule - - kind: added - description: Ingress extra rules to allow custom ingress custom rules - - kind: added - description: Dedicated ingress implementation for AWS and GKE Application Load Balancers - - kind: changed - description: Support for multiple ingress hosts and paths refactored into `extraHosts` and `extraPaths` + - kind: fixed + description: Fixed rendering of ingress extraHosts sections diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index ce01e7c6..ad2db865 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -28,25 +28,25 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} - path: {{ .Values.applicationSet.ingress.path }} - pathType: {{ $.Values.applicationSet.ingress.pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - number: {{ .Values.applicationSet.service.port }} - {{- end }} - {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + pathType: {{ .Values.applicationSet.ingress.pathType }} backend: service: name: {{ include "argo-cd.applicationSet.fullname" . }} port: number: {{ .Values.applicationSet.service.port }} {{- end }} + {{- range .Values.applicationSet.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.applicationSet.ingress.path .path }} + pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ $.Values.applicationSet.service.port }} + {{- end }} {{- with .Values.applicationSet.ingress.extraRules }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index 181e2b9d..940ed427 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -46,11 +46,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index ffa583e4..31d98e10 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -44,11 +44,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index c4ce93c3..29d8e421 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -40,11 +40,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingressGrpc.path .path }} - pathType: {{ default .Values.server.ingressGrpc.pathType .pathType }} + - path: {{ default $.Values.server.ingressGrpc.path .path }} + pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 5d8959e7..dda08082 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -39,11 +39,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} From 5f2f0edad09d73e388d3a66b153b4eaff4312034 Mon Sep 17 00:00:00 2001 From: Matthias Baur Date: Thu, 8 Feb 2024 15:26:21 +0100 Subject: [PATCH 255/617] fix(argo-cd): Fix ingressGrpc extraTls (#2480) Signed-off-by: Matthias Baur --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a69f6fb0..40c10b7b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.1 +version: 6.0.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of ingress extraHosts sections + description: Fixed rendering of ingressGrpc extraTls sections diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 29d8e421..bfa9a242 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -58,7 +58,7 @@ spec: - {{ $hostname }} secretName: {{ printf "%s-tls" $hostname }} {{- end }} - {{- with .Values.server.ingressGrpc.tls }} + {{- with .Values.server.ingressGrpc.extraTls }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} From b1f9827b1711a9e6ed27cbd4bee08afb46365e20 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 8 Feb 2024 18:46:47 +0100 Subject: [PATCH 256/617] fix(argo-cd): Fix applicationset network policy when webhook is enabled (#2484) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-applicationset/networkpolicy.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 40c10b7b..85f07b9a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.2 +version: 6.0.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of ingressGrpc extraTls sections + description: Fixed rendering of network policy when applicationset webhook is enabled diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index 81020f54..c6333f88 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }} +{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: ingress: - {{- if .Values.applicationSet.webhook.ingress.enabled }} + {{- if .Values.applicationSet.ingress.enabled }} - ports: - port: webhook {{- end }} From 3c29c6f543f73f1e90e06a74a9a0ba96188fb3b2 Mon Sep 17 00:00:00 2001 From: Sjouke de Vries Date: Fri, 9 Feb 2024 12:45:54 +0100 Subject: [PATCH 257/617] fix(argo-cd): add hostname of extraHost to tls hosts (#2485) * fix(argo-cd): add hostname of extraHost to tls hosts Signed-off-by: Sjouke de Vries * fix(argo-cd): bump chart to 6.0.4 Signed-off-by: Sjouke de Vries * chore(argo-cd): update artifacthub.io/changes for 6.0.4 Signed-off-by: Sjouke de Vries --------- Signed-off-by: Sjouke de Vries --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress.yaml | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 85f07b9a..45b70a3a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.3 +version: 6.0.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of network policy when applicationset webhook is enabled + description: Also added extraHosts defined to the TLS hostnames diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index dda08082..627f56b9 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -55,6 +55,11 @@ spec: {{- if .Values.server.ingress.tls }} - hosts: - {{ .Values.server.ingress.hostname }} + {{- range .Values.server.ingress.extraHosts }} + {{- if .name }} + - {{ .name }} + {{- end }} + {{- end }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} From d2b9b34c8cf8cb69f810c0e8f0943c4f8124e844 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 9 Feb 2024 13:14:05 +0100 Subject: [PATCH 258/617] docs(argo-cd): Document various ingress setups (#2486) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 235 +++++++++++++++++++++---------- charts/argo-cd/README.md.gotmpl | 236 ++++++++++++++++++++++---------- 3 files changed, 334 insertions(+), 143 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 45b70a3a..5346f909 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.4 +version: 6.0.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Also added extraHosts defined to the TLS hostnames + - kind: changed + description: Improved documentation for various ingress setups diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 862a818e..e8369d23 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -64,7 +64,170 @@ applicationSet: replicas: 2 ``` -### Synchronizing Changes from Original Repository +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +certificate: + enabled: true + domain: argocd.example.com + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + hostname: grpc.argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect" '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + hostname: argocd.example.com + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + +## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -124,53 +287,7 @@ Please review your setup and adjust to new configuration options: * additional hostnames and routing can be provided via `extraHosts` configuration section * additional TLS secrets can be provided via `extraTls` configuration section -Specific ingress implementations for cloud providers were decoupled from generic ingress resource. - -To configure AWS Application Load Balancer: - -```yaml -server: - ingress: - enabled: true - controller: aws - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - aws: - backendProtocolVersion: HTTP2 - serviceType: NodePort -``` - -To configure GKE Application Load Balancer: - -```yaml -configs: - params: - "server.insecure": true - -server: - service: - annotations: - cloud.google.com/neg: '{"ingress": true}' - cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' - - ingress: - enabled: true - controller: gke - gke: - backendConfig: - healthCheck: - checkIntervalSec: 30 - timeoutSec: 5 - healthyThreshold: 1 - unhealthyThreshold: 2 - type: HTTP - requestPath: /healthz - port: 8080 - frontendConfig: - redirectToHttps: - enabled: true -``` +Please refer to [ingress configuration](#ingress-configuration) for examples. ### 5.53.0 @@ -909,28 +1026,6 @@ NAME: my-release | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | | server.volumes | list | `[]` | Additional volumes to the server pod | -### Using AWS ALB Ingress Controller With GRPC - -If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. - -Example: - -```yaml -server: - ingress: - enabled: true - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - ingressGrpc: - enabled: true - isAWSALB: true - awsALB: - serviceType: ClusterIP -``` - ## Dex | Key | Type | Default | Description | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 5dc99217..27f13c7e 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -63,7 +63,171 @@ applicationSet: replicas: 2 ``` -### Synchronizing Changes from Original Repository +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +certificate: + enabled: true + domain: argocd.example.com + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + hostname: grpc.argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect" '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + hostname: argocd.example.com + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + + +## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -123,53 +287,7 @@ Please review your setup and adjust to new configuration options: * additional hostnames and routing can be provided via `extraHosts` configuration section * additional TLS secrets can be provided via `extraTls` configuration section -Specific ingress implementations for cloud providers were decoupled from generic ingress resource. - -To configure AWS Application Load Balancer: - -```yaml -server: - ingress: - enabled: true - controller: aws - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - aws: - backendProtocolVersion: HTTP2 - serviceType: NodePort -``` - -To configure GKE Application Load Balancer: - -```yaml -configs: - params: - "server.insecure": true - -server: - service: - annotations: - cloud.google.com/neg: '{"ingress": true}' - cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' - - ingress: - enabled: true - controller: gke - gke: - backendConfig: - healthCheck: - checkIntervalSec: 30 - timeoutSec: 5 - healthyThreshold: 1 - unhealthyThreshold: 2 - type: HTTP - requestPath: /healthz - port: 8080 - frontendConfig: - redirectToHttps: - enabled: true -``` +Please refer to [ingress configuration](#ingress-configuration) for examples. ### 5.53.0 @@ -525,28 +643,6 @@ NAME: my-release {{- end }} {{- end }} -### Using AWS ALB Ingress Controller With GRPC - -If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. - -Example: - -```yaml -server: - ingress: - enabled: true - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - ingressGrpc: - enabled: true - isAWSALB: true - awsALB: - serviceType: ClusterIP -``` - ## Dex | Key | Type | Default | Description | From c25c83b0db957226008331afea578b29768daf11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Feb 2024 13:12:28 +0100 Subject: [PATCH 259/617] chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#2490) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 45338c22..3ccb86fe 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif From 5d20cfa70c8eff645125d4b0de1586cdf6442a08 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 11 Feb 2024 15:52:23 +0100 Subject: [PATCH 260/617] fix(argo-cd): Fix ports and TLS for dedicated gRPC ingress (#2497) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 ++++-- charts/argo-cd/README.md | 3 +-- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 8 +++----- charts/argo-cd/values.yaml | 6 +++--- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5346f909..392d00ed 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.5 +version: 6.0.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: fixed + description: Dedicated gRPC ingress should route to HTTPS port even when running with insecure server - kind: changed - description: Improved documentation for various ingress setups + description: Dedicated gRPC ingress TLS secret changed to argocd-server-grpc-tls based on feedback diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index e8369d23..ad9ceb6e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -948,9 +948,8 @@ NAME: my-release | server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | | server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | | server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | -| server.ingressGrpc.hostname | string | `""` | Argo CD server hostname for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` (defaults to grpc.`server.ingress.hostname`) | Argo CD server hostname for dedicated [gRPC-ingress] | | server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | -| server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB | | server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | | server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | | server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index bfa9a242..f9c27346 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,7 +1,5 @@ {{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} {{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} -{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} -{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -35,7 +33,7 @@ spec: service: name: {{ include "argo-cd.server.fullname" . }} port: - number: {{ $servicePort }} + number: {{ .Values.server.service.servicePortHttps }} {{- range .Values.server.ingressGrpc.extraHosts }} - host: {{ .name | quote }} http: @@ -46,7 +44,7 @@ spec: service: name: {{ include "argo-cd.server.fullname" $ }} port: - number: {{ $servicePort }} + number: {{ $.Values.server.service.servicePortHttps }} {{- end }} {{- with .Values.server.ingressGrpc.extraRules }} {{- toYaml . | nindent 4 }} @@ -56,7 +54,7 @@ spec: {{- if .Values.server.ingressGrpc.tls }} - hosts: - {{ $hostname }} - secretName: {{ printf "%s-tls" $hostname }} + secretName: argocd-server-grpc-tls {{- end }} {{- with .Values.server.ingressGrpc.extraTls }} {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 146dac34..8b115102 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -236,6 +236,7 @@ configs: ## Server properties # -- Run server without TLS + ## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template. server.insecure: false # -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / server.basehref: / @@ -2078,8 +2079,6 @@ server: ingressGrpc: # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] enabled: false - # -- Setup up gRPC ingress to work with an AWS ALB - isAWSALB: false # -- Additional ingress annotations for dedicated [gRPC-ingress] annotations: {} # -- Additional ingress labels for dedicated [gRPC-ingress] @@ -2088,6 +2087,7 @@ server: ingressClassName: "" # -- Argo CD server hostname for dedicated [gRPC-ingress] + # @default -- `""` (defaults to grpc.`server.ingress.hostname`) hostname: "" # -- Argo CD server ingress path for dedicated [gRPC-ingress] @@ -2097,7 +2097,7 @@ server: pathType: Prefix # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` - ## TLS certificate will be retrieved from a TLS secret with name: `-tls` + ## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls` tls: false # -- The list of additional hostnames to be covered by ingress record From b44f9a0eb5e92089c54380edef73f5feed46eb65 Mon Sep 17 00:00:00 2001 From: nikolay-o <83726016+nikolay-o@users.noreply.github.com> Date: Mon, 12 Feb 2024 21:36:39 +0300 Subject: [PATCH 261/617] =?UTF-8?q?feat(argo-cd):=20Add=20scrapeTimeout=20?= =?UTF-8?q?property=20to=20server=20and=20application=E2=80=A6=20(#2489)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit feat(argo-cd): Add scrapeTimeout property to server and application, applicationset controllers. Signed-off-by: Nikolay Osmolovskiy Co-authored-by: Nikolay Osmolovskiy --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 4 ++++ .../argocd-application-controller/servicemonitor.yaml | 3 +++ .../templates/argocd-applicationset/servicemonitor.yaml | 3 +++ .../templates/argocd-repo-server/servicemonitor.yaml | 3 +++ .../argo-cd/templates/argocd-server/servicemonitor.yaml | 3 +++ charts/argo-cd/values.yaml | 8 ++++++++ 7 files changed, 26 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 392d00ed..5e066489 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.6 +version: 6.0.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Dedicated gRPC ingress should route to HTTPS port even when running with insecure server - kind: changed - description: Dedicated gRPC ingress TLS secret changed to argocd-server-grpc-tls based on feedback + description: Added scrapeTimeout property for server and application,applicationSet controllers. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ad9ceb6e..5846b2e2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -727,6 +727,7 @@ NAME: my-release | controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace | | controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | +| controller.metrics.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | controller.metrics.service.annotations | object | `{}` | Metrics service annotations | | controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | controller.metrics.service.labels | object | `{}` | Metrics service labels | @@ -832,6 +833,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | repoServer.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| repoServer.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | repoServer.name | string | `"repo-server"` | Repo server name | @@ -976,6 +978,7 @@ NAME: my-release | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | server.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| server.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | server.name | string | `"server"` | Argo CD server name | @@ -1334,6 +1337,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | applicationSet.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | applicationSet.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| applicationSet.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 3ce0c10d..342dbc01 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -22,6 +22,9 @@ spec: {{- with .Values.controller.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.controller.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index b3554675..8bcb6ca0 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -23,6 +23,9 @@ spec: {{- with .Values.applicationSet.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index c41520b7..9ca16e74 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -22,6 +22,9 @@ spec: {{- with .Values.repoServer.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index d036a8e1..e8820768 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -22,6 +22,9 @@ spec: {{- with .Values.server.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.server.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8b115102..bcc630ed 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -759,6 +759,8 @@ controller: metrics: # -- Deploy metrics service enabled: false + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" applicationLabels: # -- Enables additional labels in argocd_app_labels metric enabled: false @@ -1931,6 +1933,8 @@ server: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2475,6 +2479,8 @@ repoServer: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2623,6 +2629,8 @@ applicationSet: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion From 2139f15727151f75e79577ecae44112d17d6f3a3 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 13 Feb 2024 09:23:39 +0100 Subject: [PATCH 262/617] fix(argo-cd): Use correct protocols for Istio service discovery (#2500) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5e066489..f77a7adb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.7 +version: 6.0.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Added scrapeTimeout property for server and application,applicationSet controllers. + - kind: fixed + description: Fixed port name for argocd-repo-server and applicationset webhook for Istio service discovery diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5846b2e2..be66568e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -857,7 +857,7 @@ NAME: my-release | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | -| repoServer.service.portName | string | `"https-repo-server"` | Repo server service port name | +| repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | | repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | repoServer.serviceAccount.create | bool | `true` | Create repo server service account | @@ -1361,7 +1361,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | -| applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name | +| applicationSet.service.portName | string | `"http-webhook"` | ApplicationSet service port name | | applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type | | applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index bcc630ed..7fad7539 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2455,7 +2455,7 @@ repoServer: # -- Repo server service port port: 8081 # -- Repo server service port name - portName: https-repo-server + portName: tcp-repo-server ## Repo server metrics service configuration metrics: @@ -2661,7 +2661,7 @@ applicationSet: # -- ApplicationSet service port port: 7000 # -- ApplicationSet service port name - portName: webhook + portName: http-webhook serviceAccount: # -- Create ApplicationSet controller service account From 79a24410b5fe781fabdc9986cbcbe54094599471 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 13 Feb 2024 12:13:41 +0100 Subject: [PATCH 263/617] chore(argo-cd): Remove server.config leftovers (#2504) --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/role.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f77a7adb..c2dc5617 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.8 +version: 6.0.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed port name for argocd-repo-server and applicationset webhook for Istio service discovery + description: Conditions that still checked for old configuration sections diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index c08a4a34..8c929e41 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -22,7 +22,7 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} - {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + {{- if .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 2d232591..9f72d33b 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -30,7 +30,7 @@ spec: {{- if .Values.repoServer.certificateSecret.enabled }} checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }} {{- end }} - {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + {{- if .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} {{- if .Values.configs.cmp.create }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index adc6f014..1a2b3851 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -42,7 +42,7 @@ rules: verbs: - create - list -{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }} +{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" resources: From 866ee08bc06036fadd167e0a6d576c63c1be068a Mon Sep 17 00:00:00 2001 From: Luke Date: Tue, 13 Feb 2024 04:27:08 -0700 Subject: [PATCH 264/617] chore(argo-cd): update notifications links to latest documentation (#2503) Signed-off-by: lukepatrick Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c2dc5617..32dec045 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.9 +version: 6.0.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Conditions that still checked for old configuration sections + description: Update notifications links to updated documentation diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7fad7539..7d58a699 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2967,7 +2967,7 @@ notifications: extraVolumes: [] # -- Define user-defined context - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/#defining-user-defined-context + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context context: {} # region: east # environmentName: staging @@ -2984,19 +2984,19 @@ notifications: # -- Generic key:value pairs to be inserted into the secret ## Can be used for templates, notification services etc. Some examples given below. - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ items: {} # slack-token: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/slack/ + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/ # grafana-apiKey: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/grafana/ + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/ # webhooks-github-token: # email-username: # email-password: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/ + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/ metrics: # -- Enables prometheus metrics server @@ -3038,7 +3038,7 @@ notifications: # -- Configures notification services such as slack, email or custom webhook # @default -- See [values.yaml] - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ notifiers: {} # service.slack: | # token: $slack-token @@ -3138,7 +3138,7 @@ notifications: rules: [] # -- Contains centrally managed global application subscriptions - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/ subscriptions: [] # # subscription for on-sync-status-unknown trigger notifications # - recipients: @@ -3154,7 +3154,7 @@ notifications: # - on-sync-status-unknown # -- The notification template is used to generate the notification content - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/ templates: {} # template.app-deployed: | # email: @@ -3371,7 +3371,7 @@ notifications: # }] # -- The trigger defines the condition when the notification should be sent - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ triggers: {} # trigger.on-deployed: | # - description: Application is synced and healthy. Triggered once per commit. @@ -3405,6 +3405,6 @@ notifications: # - app-sync-succeeded # when: app.status.operationState.phase in ['Succeeded'] # - # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown From 6c47b2a69bf076c371f35d46785b1271ea32b31b Mon Sep 17 00:00:00 2001 From: Florian Blampey Date: Tue, 13 Feb 2024 12:42:29 +0100 Subject: [PATCH 265/617] fix(argo-cd): Use `with` instead of `range` on reposerver serviceaccount (#2506) fixes #2505 with instead of range serviceaccount reposerver Signed-off-by: Florian Blampey Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 4 ++-- .../argo-cd/templates/argocd-repo-server/serviceaccount.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32dec045..95b46b16 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.10 +version: 6.0.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update notifications links to updated documentation + description: Use `with` instead of `range` on reposerver serviceaccount diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 945483fa..2facd9af 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - {{- range $key, $value := .Values.repoServer.serviceAccount.labels }} + {{- with .Values.repoServer.serviceAccount.labels }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} From c0b7a7e074ff1eb0bee134a04fed351f3de9b633 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 13 Feb 2024 16:26:29 +0100 Subject: [PATCH 266/617] chore(argo-cd): Disable argocd-repo-server cluster role by default (#2498) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-repo-server/clusterrole.yaml | 6 +++--- .../templates/argocd-repo-server/clusterrolebinding.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 95b46b16..8ad20a03 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.11 +version: 6.0.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Use `with` instead of `range` on reposerver serviceaccount + - kind: security + description: Argo CD repo-server cluster role is not deployed by default diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml index e6efa08a..23439b18 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -6,8 +6,8 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: - {{- if .Values.repoServer.clusterRoleRules.enabled }} - {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }} + {{- with .Values.repoServer.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} {{- else }} - apiGroups: - '*' diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index f15b1cec..8531520c 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: From e351448b0573e40896584e22d534e1b2a53162be Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 09:50:00 +0100 Subject: [PATCH 267/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.6 (#2508) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.6 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 38882433..2db0614d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.5 +appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.2 +version: 2.34.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.6.5 + description: Bump argo-rollouts to v1.6.6 From d8c64b80fea155370d4a54e37d7da0af566608e9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 09:52:44 +0100 Subject: [PATCH 268/617] chore(argo-events): Update dependency argoproj/argo-events to v1.9.1 (#2510) * chore(argo-events): Update dependency argoproj/argo-events to v1.9.1 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] Co-authored-by: Petr Drastil --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index d219afc7..99f3b601 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.0 +appVersion: v1.9.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.2 +version: 2.4.3 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-events to v1.9.0 + description: Bump argo-events to v1.9.1 From 5915340fc7040a356e101150e84d068dd3cd23c9 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 14 Feb 2024 11:52:32 +0100 Subject: [PATCH 269/617] fix(argo-cd): Fix secret name for applicationset webhook ingress (#2511) Signed-off-by: Petr Drastil Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/README.md | 2 +- .../argo-cd/templates/argocd-applicationset/ingress.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8ad20a03..aa182352 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.12 +version: 6.0.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: Argo CD repo-server cluster role is not deployed by default + - kind: fixed + description: Use argocd-applicationset-controller-tls secret for ApplicationSet certificate + - kind: fixed + description: Use argocd-applicationset-controller-tls secret for ApplicationSet webhook ingress diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index be66568e..d8e213f3 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1283,7 +1283,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | -| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | +| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index ad2db865..bc411704 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -55,7 +55,7 @@ spec: {{- if .Values.applicationSet.ingress.tls }} - hosts: - {{ .Values.applicationSet.ingress.hostname }} - secretName: argocd-application-controller-tls + secretName: argocd-applicationset-controller-tls {{- end }} {{- with .Values.applicationSet.ingress.extraTls }} {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7d58a699..7f3b26c7 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2790,7 +2790,7 @@ applicationSet: # -- Deploy a Certificate resource (requires cert-manager) enabled: false # -- The name of the Secret that will be automatically created and managed by this Certificate resource - secretName: argocd-application-controller-tls + secretName: argocd-applicationset-controller-tls # -- Certificate primary domain (commonName) domain: argocd.example.com # -- Certificate Subject Alternate Names (SANs) @@ -2849,7 +2849,7 @@ applicationSet: pathType: Prefix # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` - ## TLS certificate will be retrieved from a TLS secret with name:`argocd-application-controller-tls` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls` tls: false # -- The list of additional hostnames to be covered by ingress record From ba20d9518291fba3b7fc218957cea145d9d2bcdd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 22:04:20 +0100 Subject: [PATCH 270/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.1 (#2514) * chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.1 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index aa182352..369061fa 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.0 +appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.13 +version: 6.0.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Use argocd-applicationset-controller-tls secret for ApplicationSet certificate - - kind: fixed - description: Use argocd-applicationset-controller-tls secret for ApplicationSet webhook ingress + - kind: changed + description: Bump argo-cd to v2.10.1 From f8b1fecd81edf915bb0df9997ff2d3f61f1ae476 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 16 Feb 2024 15:44:51 +0100 Subject: [PATCH 271/617] feat(argo-cd): Add global domain configuration (#2499) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +-- charts/argo-cd/README.md | 44 ++++++++++++------- charts/argo-cd/README.md.gotmpl | 32 ++++++++++---- charts/argo-cd/templates/_helpers.tpl | 1 + .../argocd-applicationset/certificate.yaml | 4 +- .../argocd-applicationset/ingress.yaml | 4 +- .../argocd-notifications-cm.yaml | 2 +- .../templates/argocd-server/certificate.yaml | 4 +- .../templates/argocd-server/ingress-grpc.yaml | 4 +- .../templates/argocd-server/ingress.yaml | 4 +- charts/argo-cd/values.yaml | 24 +++++----- 11 files changed, 80 insertions(+), 49 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 369061fa..d0293d82 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.14 +version: 6.1.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.1 + - kind: added + description: Configuration option global.domain that is tied to all components diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d8e213f3..39bd3544 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -74,14 +74,15 @@ below corespond to their respective sections. The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. ```yaml +global: + domain: argocd.example.com + certificate: enabled: true - domain: argocd.example.com server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -92,6 +93,9 @@ server: ### SSL Termination at Ingress Controller ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -99,7 +103,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -119,6 +122,9 @@ server: Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -126,7 +132,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -135,7 +140,6 @@ server: ingressGrpc: enabled: true - hostname: grpc.argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -146,10 +150,12 @@ server: ### Multiple ingress domains ```yaml +global: + domain: argocd.example.com + server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: "" @@ -169,6 +175,9 @@ The provided example assumes you are using TLS off-loading via AWS ACM service. > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -176,7 +185,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com controller: aws ingressClassName: alb annotations: @@ -184,7 +192,7 @@ server: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/ssl-redirect" '443' + alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip backendProtocolVersion: GRPC @@ -196,6 +204,9 @@ The implementation will populate `ingressClassName`, `networking.gke.io/managed- automatically if you provide configuration for GKE resources. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -208,7 +219,6 @@ server: ingress: enabled: true - hostname: argocd.example.com controller: gke gke: backendConfig: @@ -268,6 +278,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.1.0 + +Added support for global domain used by all components. + ### 6.0.0 This version **removes support for**: @@ -610,6 +624,7 @@ NAME: my-release | global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.domain | string | `"argocd.example.com"` | Default domain used by all components | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | @@ -643,7 +658,6 @@ NAME: my-release | configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | | configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | | configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] | -| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO | | configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap | | configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap | | configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm | @@ -884,7 +898,7 @@ NAME: my-release | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | | server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | -| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | | server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | @@ -938,7 +952,7 @@ NAME: my-release | server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | | server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | | server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | -| server.ingress.hostname | string | `"argocd.example.com"` | Argo CD server hostname | +| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.labels | object | `{}` | Additional ingress labels | | server.ingress.path | string | `"/"` | The path to Argo CD server | @@ -1272,7 +1286,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | -| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | | applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | @@ -1309,7 +1323,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | | applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | | applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | -| applicationSet.ingress.hostname | string | `"argocd.example.com"` | Argo CD ApplicationSet hostname | +| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname | | applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | | applicationSet.ingress.labels | object | `{}` | Additional ingress labels | | applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | @@ -1377,7 +1391,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | | notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 27f13c7e..6c7c035a 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -73,14 +73,15 @@ below corespond to their respective sections. The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. ```yaml +global: + domain: argocd.example.com + certificate: enabled: true - domain: argocd.example.com server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -91,6 +92,9 @@ server: ### SSL Termination at Ingress Controller ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -98,7 +102,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -118,6 +121,9 @@ server: Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -125,7 +131,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -134,7 +139,6 @@ server: ingressGrpc: enabled: true - hostname: grpc.argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -145,10 +149,12 @@ server: ### Multiple ingress domains ```yaml +global: + domain: argocd.example.com + server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: "" @@ -168,6 +174,9 @@ The provided example assumes you are using TLS off-loading via AWS ACM service. > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -175,7 +184,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com controller: aws ingressClassName: alb annotations: @@ -183,7 +191,7 @@ server: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/ssl-redirect" '443' + alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip backendProtocolVersion: GRPC @@ -195,6 +203,9 @@ The implementation will populate `ingressClassName`, `networking.gke.io/managed- automatically if you provide configuration for GKE resources. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -207,7 +218,6 @@ server: ingress: enabled: true - hostname: argocd.example.com controller: gke gke: backendConfig: @@ -268,6 +278,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.1.0 + +Added support for global domain used by all components. + ### 6.0.0 This version **removes support for**: diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 4898172f..5dc957a2 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -163,6 +163,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} +{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} {{- if .Values.configs.styles -}} {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index 76e63eb3..3f623614 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -14,9 +14,9 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: secretName: {{ .Values.applicationSet.certificate.secretName }} - commonName: {{ .Values.applicationSet.certificate.domain | quote }} + commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.applicationSet.certificate.domain | quote }} + - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} {{- range .Values.applicationSet.certificate.additionalHosts }} - {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index bc411704..dda61550 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -20,8 +20,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.applicationSet.ingress.hostname }} - - host: {{ .Values.applicationSet.ingress.hostname }} + - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.applicationSet.ingress.extraPaths }} @@ -34,7 +33,6 @@ spec: name: {{ include "argo-cd.applicationSet.fullname" . }} port: number: {{ .Values.applicationSet.service.port }} - {{- end }} {{- range .Values.applicationSet.ingress.extraHosts }} - host: {{ .name | quote }} http: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index c8cdefc4..2a18a2fc 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: context: | - argocdUrl: {{ .Values.notifications.argocdUrl | quote }} + argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }} {{- with .Values.notifications.context }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 74066ef8..84a0e62c 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -14,9 +14,9 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: secretName: {{ .Values.server.certificate.secretName }} - commonName: {{ .Values.server.certificate.domain | quote }} + commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.server.certificate.domain | quote }} + - {{ .Values.server.certificate.domain | default .Values.global.domain }} {{- range .Values.server.certificate.additionalHosts }} - {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index f9c27346..3c6e5303 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,5 +1,5 @@ {{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} -{{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} +{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -21,7 +21,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ $hostname }} + - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }} http: paths: {{- with .Values.server.ingressGrpc.extraPaths }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 627f56b9..b09b6a95 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -22,7 +22,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -57,7 +57,7 @@ spec: - {{ .Values.server.ingress.hostname }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ .name }} {{- end }} {{- end }} secretName: argocd-server-tls diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7f3b26c7..bf12c547 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -37,6 +37,10 @@ crds: ## Globally shared configuration global: + # -- Default domain used by all components + ## Used for ingresses, certificates, SSO, notifications, etc. + domain: argocd.example.com + # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -155,9 +159,6 @@ configs: # -- Annotations to be added to argocd-cm configmap annotations: {} - # -- Argo CD's externally facing base URL (optional). Required when configuring SSO - url: "" - # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance @@ -1828,7 +1829,8 @@ server: # -- The name of the Secret that will be automatically created and managed by this Certificate resource secretName: argocd-server-tls # -- Certificate primary domain (commonName) - domain: argocd.example.com + # @default -- `""` (defaults to global.domain) + domain: "" # -- Certificate Subject Alternate Names (SANs) additionalHosts: [] # -- The requested 'duration' (i.e. lifetime) of the certificate. @@ -1985,8 +1987,8 @@ server: ingressClassName: "" # -- Argo CD server hostname - ## NOTE: Hostname must be provided if Ingress is enabled - hostname: argocd.example.com + # @default -- `""` (defaults to global.domain) + hostname: "" # -- The path to Argo CD server path: / @@ -2792,7 +2794,8 @@ applicationSet: # -- The name of the Secret that will be automatically created and managed by this Certificate resource secretName: argocd-applicationset-controller-tls # -- Certificate primary domain (commonName) - domain: argocd.example.com + # @default -- `""` (defaults to global.domain) + domain: "" # -- Certificate Subject Alternate Names (SANs) additionalHosts: [] # -- The requested 'duration' (i.e. lifetime) of the certificate. @@ -2839,8 +2842,8 @@ applicationSet: ingressClassName: "" # -- Argo CD ApplicationSet hostname - ## NOTE: Hostname must be provided if Ingress is enabled - hostname: argocd.example.com + # @default -- `""` (defaults to global.domain) + hostname: "" # -- List of ingress paths path: /api/webhook @@ -2897,7 +2900,8 @@ notifications: name: notifications-controller # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates - argocdUrl: + # @default -- `""` (defaults to https://`global.domain`) + argocdUrl: "" ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ From 0cf32acff2d69471698c5dfaa852ec05e893fa2d Mon Sep 17 00:00:00 2001 From: Alexis Dondon <63847345+alexisdondon@users.noreply.github.com> Date: Sat, 17 Feb 2024 10:14:34 +0100 Subject: [PATCH 272/617] feat(argo-workflows): add caSecret in s3 configuration (#2519) * add caSecret Signed-off-by: Dondon Alexis * bump chart version Signed-off-by: Dondon Alexis * add changelog Signed-off-by: Dondon Alexis --------- Signed-off-by: Dondon Alexis Co-authored-by: Dondon Alexis Co-authored-by: Vlad Losev --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/controller/workflow-controller-config-map.yaml | 5 +++++ charts/argo-workflows/values.yaml | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 048385d4..6110c4c1 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.10 +version: 0.40.11 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update argo-workflows documentation links to readthedocs + description: Add caSecret in the artifactory.s3 configuration values. diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 2d5ebdd0..0fefd01f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -83,6 +83,11 @@ data: bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.caSecret }} + caSecret: + name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }} + key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }} + {{- end }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 5ec3bac2..def967b1 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -775,6 +775,9 @@ artifactRepository: # key: secretkey # # insecure will disable TLS. Primarily used for minio installs not configured with TLS # insecure: false + # caSecret: + # name: ca-root + # key: cert.pem # bucket: # endpoint: # region: From 4f382e5db1b5aa43fe1714f91221ff74c88bce07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Feb 2024 12:00:07 +0100 Subject: [PATCH 273/617] chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#2522) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/dda0770415bac9fc20092cacbc54aa298604d140...99576bfa6ddf9a8e612d83b513da5a75875caced) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 79782374..faf003de 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 75b48cef3c6ddbe820ee72e53e3418c4c457bd55 Mon Sep 17 00:00:00 2001 From: Etienne <995474+etiennetremel@users.noreply.github.com> Date: Sun, 18 Feb 2024 19:44:25 +0100 Subject: [PATCH 274/617] feat(argocd-image-updater): allow defining additional labels to service account (#2517) --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/README.md | 1 + charts/argocd-image-updater/templates/serviceaccount.yaml | 3 +++ charts/argocd-image-updater/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 613f76aa..856e5621 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.3 +version: 0.9.4 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support extra K8s manifests + description: Allow defining additional labels to Service Account diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index c62e480f..955e4370 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -115,6 +115,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | securityContext | object | `{}` | Security context settings for the deployment | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.labels | object | `{}` | Labels to add to the service account | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Kubernetes toleration settings for the deployment | | updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones | diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index c755731d..3e5d60f0 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index f06edf3b..1b645fc7 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -178,6 +178,8 @@ serviceAccount: create: true # -- Annotations to add to the service account annotations: {} + # -- Labels to add to the service account + labels: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" From 1808903a6bbae9f7c46651bbceebb9dbf5150e02 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 19 Feb 2024 00:06:23 +0200 Subject: [PATCH 275/617] feat(argo-cd): bump redis chart dep and redis exporter (#2524) * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Co-authored-by: Aikawa --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 8 ++++---- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index edd5df2b..bc11a715 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.23.0 -digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c -generated: "2023-05-15T19:25:26.049618+09:00" + version: 4.26.1 +digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41 +generated: "2024-02-18T19:42:53.135599+02:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0293d82..6432e687 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.1.0 +version: 6.2.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.23.0 + version: 4.26.1 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Configuration option global.domain that is tied to all components + - kind: changed + description: bumped redis chart and redis exporter diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 39bd3544..a8775ecb 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1150,7 +1150,7 @@ NAME: my-release | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -1239,7 +1239,7 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index bf12c547..11fae55f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1171,7 +1171,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.57.0 + tag: 1.58.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1444,7 +1444,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.57.0 + tag: 1.58.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false From aa69a7769109d414391970468e5189a748ac4dfd Mon Sep 17 00:00:00 2001 From: Laurent Lavaud Date: Mon, 19 Feb 2024 09:37:38 +0100 Subject: [PATCH 276/617] fix(argo-cd): Add missing `global.domain` default values (#2525) Signed-off-by: Laurent Lavaud --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-applicationset/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-server/aws/ingress.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/gke/ingress.yaml | 4 ++-- .../templates/argocd-server/gke/managedcertificate.yaml | 2 +- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-server/openshift/route.yaml | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6432e687..a6c03d2f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.0 +version: 6.2.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: bumped redis chart and redis exporter + - kind: fixed + description: Add missing `global.domain` default values diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index dda61550..88c45f62 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -52,7 +52,7 @@ spec: tls: {{- if .Values.applicationSet.ingress.tls }} - hosts: - - {{ .Values.applicationSet.ingress.hostname }} + - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} secretName: argocd-applicationset-controller-tls {{- end }} {{- with .Values.applicationSet.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index 940ed427..b44d1739 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -22,7 +22,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -61,7 +61,7 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index 31d98e10..c2644491 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -27,7 +27,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -59,7 +59,7 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 569063be..63c089b8 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: domains: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index b09b6a95..1739de4f 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -54,7 +54,7 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - {{ .name }} diff --git a/charts/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml index 59313798..01cb6aed 100644 --- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} {{- end }} spec: - host: {{ .Values.server.route.hostname | quote }} + host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }} to: kind: Service name: {{ template "argo-cd.server.fullname" . }} From f198eecc231b2decad86c41773412f4185755879 Mon Sep 17 00:00:00 2001 From: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> Date: Tue, 20 Feb 2024 12:38:50 +0100 Subject: [PATCH 277/617] fix(argo-cd): Fix path order in AWS Ingress declaration (#2531) * fix(ingress-aws): Fix path order in AWS Ingress declaration Fix path order to evaluate GRPc endpoint first Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> * chore: update Chart version Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> * chore: add aritfacthub description Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> --------- Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-server/aws/ingress.yaml | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a6c03d2f..0ca54554 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.1 +version: 6.2.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Add missing `global.domain` default values + description: AWS gRPC Ingress rule ordering diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index b44d1739..2238acbc 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -28,13 +28,6 @@ spec: {{- with .Values.server.ingress.extraPaths }} {{- toYaml . | nindent 10 }} {{- end }} - - path: {{ .Values.server.ingress.path }} - pathType: {{ $.Values.server.ingress.pathType }} - backend: - service: - name: {{ include "argo-cd.server.fullname" . }} - port: - number: {{ $servicePort }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingressGrpc.pathType }} backend: @@ -42,6 +35,13 @@ spec: name: {{ include "argo-cd.server.fullname" $ }}-grpc port: number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - host: {{ .name | quote }} http: From 43337b5e14f715f172c0f7987d66db9d63e2d221 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 20 Feb 2024 13:04:59 +0100 Subject: [PATCH 278/617] chore(argo-cd): Update Redis image to 7.2.4 (#2533) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0ca54554..32424032 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.2 +version: 6.2.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: AWS gRPC Ingress rule ordering + - kind: changed + description: Updated Redis image tag to 7.2.4 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index a8775ecb..7b6fd58b 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1168,7 +1168,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | +| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1249,7 +1249,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 11fae55f..b8fcdc55 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1155,7 +1155,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.15-alpine + tag: 7.2.4-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1436,7 +1436,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.15-alpine + tag: 7.2.4-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From 394d6f17c803f87deac46a14a3dcc0217d7743b8 Mon Sep 17 00:00:00 2001 From: LucasBoisserie Date: Fri, 23 Feb 2024 13:15:47 +0100 Subject: [PATCH 279/617] feat(argo-cd): Format redis health check confimap mode in decimal (#2535) feat: format redis health check confimap mode in decimal Signed-off-by: lucas boisserie --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis/deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32424032..ddf2bfa8 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.3 +version: 6.2.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Updated Redis image tag to 7.2.4 + - kind: fixed + description: Format redis health check confimap mode in decimal. diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 94c445c8..a25c1bd8 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -193,7 +193,7 @@ spec: - name: health configMap: name: {{ include "argo-cd.redis.fullname" . }}-health-configmap - defaultMode: 0755 + defaultMode: 493 {{- with .Values.redis.volumes }} {{- toYaml . | nindent 8}} {{- end }} From 2f913784220fd24610d13efbde9efe70d40c261f Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 23 Feb 2024 14:58:13 +0100 Subject: [PATCH 280/617] fix(argo-cd): Allow to use dedicated gRCP ingress with GKE implementation (#2541) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ddf2bfa8..baadb98c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.4 +version: 6.2.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Format redis health check confimap mode in decimal. + description: Dedicated gRPC ingress could be used with GKE ingress implementation diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 3c6e5303..118fb2f9 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} +{{- if .Values.server.ingressGrpc.enabled -}} {{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} apiVersion: networking.k8s.io/v1 kind: Ingress From 30836b841cd6d1e03fa1172f107a3eb1bea7ed0f Mon Sep 17 00:00:00 2001 From: Florian Boulanger Date: Fri, 23 Feb 2024 15:17:55 +0100 Subject: [PATCH 281/617] feat(argo-cd): Allow modification of path and port for dex liveness and readiness probes (#2542) feat(argo-cd): allow defining custom dex probes Signed-off-by: Florian Boulanger Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++++ charts/argo-cd/templates/dex/deployment.yaml | 8 ++++---- charts/argo-cd/values.yaml | 8 ++++++++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index baadb98c..9fc66045 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.5 +version: 6.3.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Dedicated gRPC ingress could be used with GKE ingress implementation + - kind: changed + description: Allow modification of path and port for dex liveness and readiness probes diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7b6fd58b..2a47a0cc 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1077,6 +1077,8 @@ NAME: my-release | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | +| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | @@ -1109,6 +1111,8 @@ NAME: my-release | dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods | | dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | +| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index c8e2c929..3b21649a 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -99,8 +99,8 @@ spec: {{- if .Values.dex.livenessProbe.enabled }} livenessProbe: httpGet: - path: /healthz/live - port: metrics + path: {{ .Values.dex.livenessProbe.httpPort }} + port: {{ .Values.dex.livenessProbe.httpPath }} initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} @@ -110,8 +110,8 @@ spec: {{- if .Values.dex.readinessProbe.enabled }} readinessProbe: httpGet: - path: /healthz/ready - port: metrics + path: {{ .Values.dex.readinessProbe.httpPort }} + port: {{ .Values.dex.readinessProbe.httpPath }} initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b8fcdc55..8c1b2985 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1039,6 +1039,10 @@ dex: livenessProbe: # -- Enable Kubernetes liveness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the liveness probe + httpPath: /healthz/live + # -- Http port to use for the liveness probe + httpPort: metrics # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -1053,6 +1057,10 @@ dex: readinessProbe: # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the readiness probe + httpPath: /healthz/ready + # -- Http port to use for the readiness probe + httpPort: metrics # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated From 285ff7a2263639b216534a9e49c676829e31bd8f Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 23 Feb 2024 19:05:19 +0100 Subject: [PATCH 282/617] fix(argo-cd): Fix dex probes (#2546) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/dex/deployment.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9fc66045..ea35dab2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.3.0 +version: 6.3.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Allow modification of path and port for dex liveness and readiness probes + - kind: fixed + description: Fix templated values for Dex probes diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 3b21649a..7c40622c 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -99,8 +99,8 @@ spec: {{- if .Values.dex.livenessProbe.enabled }} livenessProbe: httpGet: - path: {{ .Values.dex.livenessProbe.httpPort }} - port: {{ .Values.dex.livenessProbe.httpPath }} + path: {{ .Values.dex.livenessProbe.httpPath }} + port: {{ .Values.dex.livenessProbe.httpPort }} initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} @@ -110,8 +110,8 @@ spec: {{- if .Values.dex.readinessProbe.enabled }} readinessProbe: httpGet: - path: {{ .Values.dex.readinessProbe.httpPort }} - port: {{ .Values.dex.readinessProbe.httpPath }} + path: {{ .Values.dex.readinessProbe.httpPath }} + port: {{ .Values.dex.readinessProbe.httpPort }} initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} From 42b20e0b6b8d871aa28416c8519d1621d6c26683 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Feb 2024 21:31:01 +0900 Subject: [PATCH 283/617] chore(deps): bump tj-actions/changed-files from 42.0.2 to 42.0.4 (#2548) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 42.0.2 to 42.0.4. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/90a06d6ba9543371ab4df8eeca0be07ca6054959...3f54ebb830831fc121d3263c1857cfbdc310cdb9) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 43b6b5ba..e6020c95 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2 + uses: tj-actions/changed-files@3f54ebb830831fc121d3263c1857cfbdc310cdb9 # v42.0.4 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 7c8fab5a7f8c330a4608186d1bbcf5f26950a92d Mon Sep 17 00:00:00 2001 From: Oscar Wieman Date: Sun, 25 Feb 2024 13:47:00 +0100 Subject: [PATCH 284/617] feat(argo-cd): Add support for application controller dynamic cluster distribution. (#2539) * Add support for application controller dynamic cluster distribution. Signed-off-by: Oscar Wieman * Added env variables to handle the non-standard names generated by the helm chart. https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/ https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252 Signed-off-by: Oscar Wieman --------- Signed-off-by: Oscar Wieman --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 12 + charts/argo-cd/README.md.gotmpl | 9 + .../argo-cd/ci/dynamic-sharding-values.yaml | 6 + .../deployment.yaml | 357 ++++++++++++++++++ .../statefulset.yaml | 4 + .../argocd-repo-server/deployment.yaml | 2 + .../templates/argocd-server/deployment.yaml | 2 + charts/argo-cd/values.yaml | 17 + 9 files changed, 413 insertions(+), 2 deletions(-) create mode 100644 charts/argo-cd/ci/dynamic-sharding-values.yaml create mode 100644 charts/argo-cd/templates/argocd-application-controller/deployment.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ea35dab2..d1824528 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.3.1 +version: 6.4.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: changed + description: Added support for application controller dynamic cluster distribution. - kind: fixed - description: Fix templated values for Dex probes + description: Added env variables to handle the non-standard names generated by the helm chart. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2a47a0cc..9ef7c481 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + ### 6.1.0 Added support for global domain used by all components. @@ -720,12 +729,15 @@ NAME: my-release | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | | controller.dnsConfig | object | `{}` | [DNS configuration] | | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | +| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution | | controller.hostNetwork | bool | `false` | Host Network for application controller pods | | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 6c7c035a..62c1759d 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + ### 6.1.0 Added support for global domain used by all components. diff --git a/charts/argo-cd/ci/dynamic-sharding-values.yaml b/charts/argo-cd/ci/dynamic-sharding-values.yaml new file mode 100644 index 00000000..e0b72e73 --- /dev/null +++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml @@ -0,0 +1,6 @@ +# Test application controller dynamic cluster distribution +crds: + keep: false + +controller: + dynamicClusterDistribution: true diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml new file mode 100644 index 00000000..e0c12135 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -0,0 +1,357 @@ +{{- if .Values.controller.dynamicClusterDistribution }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + containers: + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + env: + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.heartbeatTime | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + emptyDir: {} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 8c929e41..3b72d19f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.controller.dynamicClusterDistribution | default false }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -77,6 +78,8 @@ spec: {{- end }} - name: ARGOCD_CONTROLLER_REPLICAS value: {{ .Values.controller.replicas | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -350,3 +353,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9f72d33b..d27c15d9 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -85,6 +85,8 @@ spec: - name: USER_NAME value: argocd {{- end }} + - name: ARGOCD_REPO_SERVER_NAME + value: {{ template "argo-cd.repoServer.fullname" . }} - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 6de12319..6d614b0f 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -75,6 +75,8 @@ spec: {{- with (concat .Values.global.env .Values.server.env) }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_SERVER_NAME + value: {{ template "argo-cd.server.fullname" . }} - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8c1b2985..20ecf6e9 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -577,8 +577,22 @@ controller: # -- The number of application controller pods to run. # Additional replicas will cause sharding of managed clusters across number of replicas. + ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully + ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha) replicas: 1 + # -- Enable dynamic cluster distribution (alpha) + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution + ## This is done using a deployment instead of a statefulSet + ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the + ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, + ## like round-robin, then the shards will be well-balanced. + dynamicClusterDistribution: false + + # -- Application controller heartbeat time + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution + heartbeatTime: 10 + # -- Maximum number of controller revisions that will be maintained in StatefulSet history revisionHistoryLimit: 5 @@ -662,6 +676,9 @@ controller: # -- Annotations for the application controller StatefulSet statefulsetAnnotations: {} + # -- Annotations for the application controller Deployment + deploymentAnnotations: {} + # -- Annotations to be added to application controller pods podAnnotations: {} From fa85e824f014ef7bf19163d4ecf7e9b8eb01f6b9 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 25 Feb 2024 22:11:42 +0900 Subject: [PATCH 285/617] feat(argocd-apps): Support Template Patch to ApplicationSet (#2549) Signed-off-by: yu-croco Co-authored-by: Petr Drastil --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/ci/applicationsets-values.yaml | 13 +++++++++++++ charts/argocd-apps/templates/applicationsets.yaml | 4 ++++ charts/argocd-apps/values.yaml | 14 ++++++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 811c39e8..0b550fb4 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.6.1 +version: 1.6.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: move ignoreApplicationDifferences block up a level to fix render + - kind: added + description: Support Template Patch to ApplicationSet diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index e4f9101b..375367ca 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -46,6 +46,19 @@ applicationsets: syncPolicy: # Set Application finalizer preserveResourcesOnDeletion: false + templatePatch: | + spec: + source: + helm: + valueFiles: + {{- range $valueFile := .valueFiles }} + - {{ $valueFile }} + {{- end }} + {{- if .autoSync }} + syncPolicy: + automated: + prune: {{ .prune }} + {{- end }} - name: applicationset-list-generator generators: - list: diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 10560075..72c8f2e2 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -84,4 +84,8 @@ spec: {{- end }} {{- end -}} {{- end }} + {{- with .templatePatch }} + templatePatch: | + {{- . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 87874dad..41ee1ef9 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -157,6 +157,20 @@ applicationsets: [] # syncPolicy: # # Set Application finalizer # preserveResourcesOnDeletion: false +# # Templating is only available on string type +# templatePatch: | +# spec: +# source: +# helm: +# valueFiles: +# {{- range $valueFile := .valueFiles }} +# - {{ $valueFile }} +# {{- end }} +# {{- if .autoSync }} +# syncPolicy: +# automated: +# prune: {{ .prune }} +# {{- end }} # -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release # @default -- `[]` (See [values.yaml]) From 2f82fb5992fe1e390d1ebdbc4be6d5d6c6549a37 Mon Sep 17 00:00:00 2001 From: Florian Boulanger Date: Wed, 28 Feb 2024 07:28:35 +0100 Subject: [PATCH 286/617] chore(argo-cd): add support for http probe scheme for dex (#2550) --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/dex/deployment.yaml | 2 ++ charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d1824528..ac3128a5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.4.0 +version: 6.4.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,6 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Added support for application controller dynamic cluster distribution. - - kind: fixed - description: Added env variables to handle the non-standard names generated by the helm chart. + description: Added support for http probe scheme for dex liveness and readiness diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 9ef7c481..bddda8e2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1091,6 +1091,7 @@ NAME: my-release | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | | dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | +| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | @@ -1125,6 +1126,7 @@ NAME: my-release | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | | dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | +| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 7c40622c..61f3fe86 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -101,6 +101,7 @@ spec: httpGet: path: {{ .Values.dex.livenessProbe.httpPath }} port: {{ .Values.dex.livenessProbe.httpPort }} + scheme: {{ .Values.dex.livenessProbe.httpScheme }} initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} @@ -112,6 +113,7 @@ spec: httpGet: path: {{ .Values.dex.readinessProbe.httpPath }} port: {{ .Values.dex.readinessProbe.httpPort }} + scheme: {{ .Values.dex.readinessProbe.httpScheme }} initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 20ecf6e9..565320a8 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1060,6 +1060,8 @@ dex: httpPath: /healthz/live # -- Http port to use for the liveness probe httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -1078,6 +1080,8 @@ dex: httpPath: /healthz/ready # -- Http port to use for the readiness probe httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated From 48824664e904bc165ebef4ef7630d6296743cd1c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 29 Feb 2024 20:24:21 +0900 Subject: [PATCH 287/617] fix(argo-cd): Pass argocd-server's ALB health check (#2553) * fix(argo-cd): Pass argocd-server's ALB health check Signed-off-by: yu-croco * fix: changelog lint Signed-off-by: yu-croco * fix: revert unnecessary diffs Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 5 +++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac3128a5..8e66db48 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.4.1 +version: 6.4.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Added support for http probe scheme for dex liveness and readiness + - kind: fixed + description: Pass argocd-server's ALB health check diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bddda8e2..d1c95206 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -952,7 +952,7 @@ NAME: my-release | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.ingress.annotations | object | `{}` | Additional ingress annotations | -| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service | | server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | | server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 565320a8..2bee3895 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2071,8 +2071,9 @@ server: ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode aws: # -- Backend protocol version for the AWS ALB gRPC service - ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features - backendProtocolVersion: HTTP2 + ## This tells AWS to send traffic from the ALB using gRPC. + ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings + backendProtocolVersion: GRPC # -- Service type for the AWS ALB gRPC service ## Can be of type NodePort or ClusterIP depending on which mode you are running. ## Instance mode needs type NodePort, IP mode needs type ClusterIP From e0f6a16ce87159d613e7315ceb28d4456ce37ef5 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 29 Feb 2024 19:54:21 +0100 Subject: [PATCH 288/617] chore(github): Migrate to renovate GH action (#2520) chore: Migrate to renovate GH action Signed-off-by: Marco Maurer --- .github/configs/renovate-config.js | 7 +++ .github/workflows/chart-version-bump.yml | 57 ------------------------ .github/workflows/renovate.yaml | 36 +++++++++++++++ renovate.json | 48 ++++++++++++-------- scripts/renovate-bump-version.sh | 31 +++++++++++++ 5 files changed, 104 insertions(+), 75 deletions(-) create mode 100644 .github/configs/renovate-config.js delete mode 100644 .github/workflows/chart-version-bump.yml create mode 100644 .github/workflows/renovate.yaml create mode 100755 scripts/renovate-bump-version.sh diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js new file mode 100644 index 00000000..9118ffe9 --- /dev/null +++ b/.github/configs/renovate-config.js @@ -0,0 +1,7 @@ +module.exports = { + platform: 'github', + gitAuthor: 'renovate[bot] ', + autodiscover: false, + allowPostUpgradeCommandTemplating: true, + allowedPostUpgradeCommands: [".*"], + }; diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml deleted file mode 100644 index e6020c95..00000000 --- a/.github/workflows/chart-version-bump.yml +++ /dev/null @@ -1,57 +0,0 @@ -## Used on Renovate PRs to bump the chart version and add a changelog entry -## Reference: https://github.com/stefanzweifel/git-auto-commit-action -## Reference: https://github.com/marketplace/actions/changed-files -name: 'Chart Version Bump and Changelog' - -on: - pull_request: - types: - - labeled - -permissions: - contents: write - -jobs: - helm-bumper: - if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: ${{ secrets.PAT }} - fetch-depth: 0 - - - name: Get changed files - id: changed-files - uses: tj-actions/changed-files@3f54ebb830831fc121d3263c1857cfbdc310cdb9 # v42.0.4 - with: - files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml - - - name: "Bump Version and Changelog" - run: | - chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)" - echo "Changed chart name is: $chartName" - echo "----------------------------------------" - - parentDir="charts/${chartName}" - - # Bump the chart version by one patch version - version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}') - major=$(echo $version | cut -d. -f1) - minor=$(echo $version | cut -d. -f2) - patch=$(echo $version | cut -d. -f3) - patch=$(expr $patch + 1) - sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml - - # Add a changelog entry - appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}') - sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml - echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml - echo " - kind: changed" >> ${parentDir}/Chart.yaml - echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml - cat ${parentDir}/Chart.yaml - - - name: "Commit and push changes" - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 - with: - commit_options: '--signoff' diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 00000000..4f938beb --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,36 @@ +name: Renovate +on: + # The "*" (#42, asterisk) character has special semantics in YAML, so this + # string has to be quoted. + schedule: + - cron: '0 * * * *' + # Manual trigger is also possible + workflow_dispatch: {} + +permissions: + contents: read + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Get token + uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1.8.0 + id: get_token + with: + app-id: ${{ vars.RENOVATE_APP_ID }} + private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@2d90417499f45ff78a09586f7b9874b19817dba3 # v40.1.0 + with: + configurationFile: .github/configs/renovate-config.js + # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate + renovate-version: 37.192.1 + token: '${{ steps.get_token.outputs.token }}' + env: + LOG_LEVEL: 'debug' + RENOVATE_REPOSITORIES: '${{ github.repository }}' diff --git a/renovate.json b/renovate.json index 12c7f3ea..cb8bacc8 100644 --- a/renovate.json +++ b/renovate.json @@ -4,7 +4,7 @@ "fileMatch": ["\\.yaml$", "\\.yml$"] }, "extends": [ - "config:base", + "config:recommended", "docker:enableMajor" ], "labels": ["renovate"], @@ -13,10 +13,12 @@ "**/charts/argo-cd/Chart.yaml", "**/charts/argo-events/Chart.yaml", "**/charts/argo-rollouts/Chart.yaml", - "**/charts/argocd-image-updater/Chart.yaml" + "**/charts/argocd-image-updater/Chart.yaml", + "**/.github/workflows/renovate.yaml" ], - "regexManagers": [ + "customManagers": [ { + "customType": "regex", "fileMatch": ["charts/argo-workflows/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -26,6 +28,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-cd/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -35,6 +38,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-events/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -44,6 +48,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-rollouts/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -53,6 +58,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -60,28 +66,34 @@ "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", "depNameTemplate": "argoproj-labs/argocd-image-updater", "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)\\s+.+version: (?.*)" + ] } ], "packageRules": [ { - "matchPackagePatterns": ["argoproj/argo-workflows"], - "commitMessagePrefix": "chore(argo-workflows):" - }, - { - "matchPackagePatterns": ["argoproj/argo-cd"], - "commitMessagePrefix": "chore(argo-cd):" - }, - { - "matchPackagePatterns": ["argoproj/argo-events"], - "commitMessagePrefix": "chore(argo-events):" - }, - { - "matchPackagePatterns": ["argoproj/argo-rollouts"], - "commitMessagePrefix": "chore(argo-rollouts):" + "matchPackagePatterns": [ + "argoproj/argo-workflows", + "argoproj/argo-cd", + "argoproj/argo-events", + "argoproj/argo-rollouts" + ], + "commitMessagePrefix": "chore({{{replace 'argoproj/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } }, { "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"], - "commitMessagePrefix": "chore(argocd-image-updater):" + "commitMessagePrefix": "chore({{{replace 'argoproj-labs/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } }, { "matchPackagePatterns": ["redis-ha"], diff --git a/scripts/renovate-bump-version.sh b/scripts/renovate-bump-version.sh new file mode 100755 index 00000000..1ec6e125 --- /dev/null +++ b/scripts/renovate-bump-version.sh @@ -0,0 +1,31 @@ +#!/bin/bash +depName="${1}" +if [ -z "${depName}" ]; then + echo "Missing argument 'depName'" >&2 + echo "Example usage: $0 argoproj/argo-cd" >&2 + exit 1 +fi + +chartName=$(echo "$depName" | sed -e "s+^argoproj/++" -e "s+^argoproj-labs/++") +echo "Changed chart name is: $chartName" +echo "----------------------------------------" + +parentDir="charts/${chartName}" + +# Bump the chart version by one patch version +version=$(grep '^version:' "${parentDir}/Chart.yaml" | awk '{print $2}') +major=$(echo "${version}" | cut -d. -f1) +minor=$(echo "${version}" | cut -d. -f2) +patch=$(echo "${version}" | cut -d. -f3) +patch=$((patch + 1)) +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${parentDir}/Chart.yaml" + +# Add a changelog entry +appVersion=$(grep '^appVersion:' "${parentDir}/Chart.yaml" | awk '{print $2}') +sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${parentDir}/Chart.yaml" +{ + echo " artifacthub.io/changes: |" + echo " - kind: changed" + echo " description: Bump ${chartName} to ${appVersion}" +} >> "${parentDir}/Chart.yaml" +cat "${parentDir}/Chart.yaml" From d684a9f4e8a88329962d7be176d9574c5205d9bd Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 19:57:22 +0100 Subject: [PATCH 289/617] chore(deps): update renovatebot/github-action action to v40.1.2 (#2558) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4f938beb..22932e35 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@2d90417499f45ff78a09586f7b9874b19817dba3 # v40.1.0 + uses: renovatebot/github-action@a6e57359b32af9a54d5b3b6603011f50629a0a05 # v40.1.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 31de7d359455bb752618b5c952ec497c26c534f8 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 20:00:49 +0100 Subject: [PATCH 290/617] chore(deps): update actions/create-github-app-token action to v1.8.1 (#2557) Co-authored-by: renovate[bot] Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 22932e35..87a6f906 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1.8.0 + uses: actions/create-github-app-token@e8e39f73bb84fdf315a015fa3104f314c0a258b4 # v1.8.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 74fbd561b74f7b290531ace2ac8b90e225d5a2a6 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 29 Feb 2024 20:45:29 +0100 Subject: [PATCH 291/617] feat(argo-cd): Add templating of ingress extra paths and rules (#2530) Signed-off-by: Petr Drastil Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +-- .../argocd-applicationset/ingress.yaml | 4 +- .../templates/argocd-server/aws/ingress.yaml | 4 +- .../templates/argocd-server/gke/ingress.yaml | 4 +- .../templates/argocd-server/ingress-grpc.yaml | 4 +- .../templates/argocd-server/ingress.yaml | 4 +- charts/argo-cd/values.yaml | 44 +++++++++++-------- 7 files changed, 39 insertions(+), 31 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8e66db48..13ded9d9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.4.2 +version: 6.5.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Pass argocd-server's ALB health check + - kind: added + description: Support for templating ingress extraPaths and extraRules diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index 88c45f62..fbaa862b 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -24,7 +24,7 @@ spec: http: paths: {{- with .Values.applicationSet.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.applicationSet.ingress.path }} pathType: {{ .Values.applicationSet.ingress.pathType }} @@ -46,7 +46,7 @@ spec: number: {{ $.Values.applicationSet.service.port }} {{- end }} {{- with .Values.applicationSet.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index 2238acbc..ffe0b79b 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -26,7 +26,7 @@ spec: http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingressGrpc.pathType }} @@ -55,7 +55,7 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index c2644491..160308bd 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -31,7 +31,7 @@ spec: http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ .Values.server.ingress.pathType }} @@ -53,7 +53,7 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 118fb2f9..73f447bf 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -25,7 +25,7 @@ spec: http: paths: {{- with .Values.server.ingressGrpc.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingressGrpc.path }} pathType: {{ .Values.server.ingressGrpc.pathType }} @@ -47,7 +47,7 @@ spec: number: {{ $.Values.server.service.servicePortHttps }} {{- end }} {{- with .Values.server.ingressGrpc.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 1739de4f..cfd0696d 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -26,7 +26,7 @@ spec: http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingress.pathType }} @@ -48,7 +48,7 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2bee3895..68581a3c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2038,6 +2038,7 @@ server: # -- Additional ingress paths # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraPaths: [] # - path: /* # pathType: Prefix @@ -2049,15 +2050,17 @@ server: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / + # - http: + # paths: + # - path: / + # pathType: Prefix # backend: # service: - # name: example-svc + # name: '{{ include "argo-cd.server.fullname" . }}' # port: - # name: http + # name: '{{ .Values.server.service.servicePortHttpsName }}' # -- Additional TLS configuration # @default -- `[]` (See [values.yaml]) @@ -2144,6 +2147,7 @@ server: # -- Additional ingress paths for dedicated [gRPC-ingress] # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraPaths: [] # - path: /* # pathType: Prefix @@ -2155,15 +2159,17 @@ server: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / + # - http: + # paths: + # - path: / + # pathType: Prefix # backend: # service: - # name: example-svc + # name: '{{ include "argo-cd.server.fullname" . }}' # port: - # name: http + # name: '{{ .Values.server.service.servicePortHttpName }}' # -- Additional TLS configuration for dedicated [gRPC-ingress] # @default -- `[]` (See [values.yaml]) @@ -2904,15 +2910,17 @@ applicationSet: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / - # backend: - # service: - # name: example-svc - # port: - # name: http + # - http: + # paths: + # - path: /api/webhook + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.applicationSet.fullname" . }}' + # port: + # name: '{{ .Values.applicationSet.service.portName }}' # -- Additional ingress TLS configuration # @default -- `[]` (See [values.yaml]) From ebd499140728a4a5718291fcfb738c02ee85112a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 09:02:40 +0900 Subject: [PATCH 292/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.5 (#2561) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6110c4c1..4acf4e9d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.4 +appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.11 +version: 0.40.12 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add caSecret in the artifactory.s3 configuration values. + - kind: changed + description: Bump argo-workflows to v3.5.5 From 09679ae4d3492c2a1466354c46e369076baa47ef Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 09:11:05 +0900 Subject: [PATCH 293/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.221.0 (#2560) Co-authored-by: renovate[bot] Co-authored-by: Aikawa --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 87a6f906..acd15404 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -29,7 +29,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.192.1 + renovate-version: 37.221.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From fba54d4597e93536b2fcb8faf76a66b3b03f5bec Mon Sep 17 00:00:00 2001 From: Braden Wright Date: Fri, 1 Mar 2024 01:41:23 -0700 Subject: [PATCH 294/617] feat(argocd-image-updater): Add ability to set .Values.namespaceOverride (#2562) Signed-off-by: Braden Wright --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/README.md | 1 + charts/argocd-image-updater/templates/_helpers.tpl | 7 +++++++ .../templates/configmap-authscripts.yaml | 2 +- .../templates/configmap-sshconfig.yaml | 2 +- charts/argocd-image-updater/templates/configmap.yaml | 2 +- charts/argocd-image-updater/templates/deployment.yaml | 2 +- charts/argocd-image-updater/templates/metrics-service.yaml | 2 +- charts/argocd-image-updater/templates/rbac.yaml | 5 +++-- charts/argocd-image-updater/templates/secret.yaml | 2 +- charts/argocd-image-updater/templates/serviceaccount.yaml | 2 +- charts/argocd-image-updater/templates/servicemonitor.yaml | 4 ++-- charts/argocd-image-updater/values.yaml | 2 ++ 13 files changed, 24 insertions(+), 13 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 856e5621..43d69f51 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.4 +version: 0.9.5 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow defining additional labels to Service Account + description: Allow overriding of .Release.Namespace with .Values.namespaceOverride diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 955e4370..f094d77a 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -105,6 +105,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | +| namespaceOverride | string | `""` | Global namespace (argocd-image-updater.namespace in _helpers.tpl) override | | nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | | podAnnotations | object | `{}` | Pod Annotations for the deployment | | podLabels | object | `{}` | Pod Labels for the deployment | diff --git a/charts/argocd-image-updater/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl index 934d894c..abfba11e 100644 --- a/charts/argocd-image-updater/templates/_helpers.tpl +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -24,6 +24,13 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Override .Release.Namespace +*/}} +{{- define "argocd-image-updater.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index 3659fbaf..fbb345e3 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-authscripts - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 45554c0e..9233137c 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -4,7 +4,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 75f69b13..57ef2197 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-config - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} applications_api: {{ . }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 9cc71fe3..6a4f592c 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} spec: diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml index 186abb41..8ca83b53 100644 --- a/charts/argocd-image-updater/templates/metrics-service.yaml +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -14,7 +14,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "argocd-image-updater.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} spec: ports: - name: metrics diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index c6316f42..685b0b89 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -6,7 +6,7 @@ metadata: labels: {{ include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: - apiGroups: - '' @@ -39,6 +39,7 @@ metadata: labels: {{ include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -46,5 +47,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argocd-image-updater.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} {{- end }} diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index c4cb7781..08955095 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-image-updater-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} type: Opaque diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index 3e5d60f0..a676f6fb 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argocd-image-updater.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} diff --git a/charts/argocd-image-updater/templates/servicemonitor.yaml b/charts/argocd-image-updater/templates/servicemonitor.yaml index 969f1190..de9bcd52 100644 --- a/charts/argocd-image-updater/templates/servicemonitor.yaml +++ b/charts/argocd-image-updater/templates/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argocd-image-updater.fullname" . }}-metrics - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argocd-image-updater.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.metrics.serviceMonitor.selector }} @@ -29,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argocd-image-updater.namespace" . | quote }} selector: matchLabels: {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 1b645fc7..fb5aad1a 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -17,6 +17,8 @@ imagePullSecrets: [] nameOverride: "" # -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override fullnameOverride: "" +# -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override +namespaceOverride: "" # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry From d0cf368fcd955143536d0b0f1a0d01797e581823 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 09:45:12 +0100 Subject: [PATCH 295/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.221.1 (#2563) Co-authored-by: renovate[bot] Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index acd15404..94afae3f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -29,7 +29,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.221.0 + renovate-version: 37.221.1 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From d0647e4a50932aa081dc69e3601b56647eb1b100 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 1 Mar 2024 11:08:44 +0000 Subject: [PATCH 296/617] chore(github): Disable some GH actions on forks (#2566) Signed-off-by: Tim Collins --- .github/workflows/publish.yml | 1 + .github/workflows/renovate.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7c0e768b..788bd8e0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,6 +12,7 @@ permissions: jobs: publish: + if: github.repository == 'argoproj/argo-helm' permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release packages: write # to push OCI chart package to GitHub Registry diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 94afae3f..b536061e 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -12,6 +12,7 @@ permissions: jobs: renovate: + if: github.repository == 'argoproj/argo-helm' runs-on: ubuntu-latest steps: - name: Get token From 29e341091c4ac4343bf9a76a2ce1fb9260a80587 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:17:04 +0000 Subject: [PATCH 297/617] feat(argo-workflows): Disable leader election on single repl controllers (#2565) Signed-off-by: Tim Collins Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-deployment.yaml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 4acf4e9d..b59241fa 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.12 +version: 0.40.13 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.5 + - kind: added + description: Disable leader election if only 1 repl of the Workflow Controller diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 2cc8a903..4a4e9f64 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -89,6 +89,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name + {{- if eq (int .Values.controller.replicas) 1 }} + - name: LEADER_ELECTION_DISABLE + value: "true" + {{- end }} {{- with .Values.controller.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} From 5c256cce1844f66be85db340b018d09d6b676dcf Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 22:05:37 +0100 Subject: [PATCH 298/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.222.0 (#2567) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b536061e..b9ba882c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.221.1 + renovate-version: 37.222.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 075a8a634f257b356c98dd47da684d249b12a054 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 1 Mar 2024 22:48:29 +0100 Subject: [PATCH 299/617] chore(github): Update renovate image only monthly (#2568) --- renovate.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/renovate.json b/renovate.json index cb8bacc8..4e068215 100644 --- a/renovate.json +++ b/renovate.json @@ -98,6 +98,10 @@ { "matchPackagePatterns": ["redis-ha"], "enabled": false + }, + { + "matchPackageNames": ["ghcr.io/renovatebot/renovate"], + "extends": ["schedule:monthly"] } ] } From baa566bd6b00ca2641ecce57cc43cd91a7a4fe34 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 22:26:54 +0000 Subject: [PATCH 300/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.2 (#2570) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 13ded9d9..22f637bd 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.1 +appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.5.0 +version: 6.5.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support for templating ingress extraPaths and extraRules + - kind: changed + description: Bump argo-cd to v2.10.2 From f7a6060fce7ed0b1fa8cd2379c2bba8fba31c061 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 2 Mar 2024 09:29:24 +0900 Subject: [PATCH 301/617] chore(deps): update actions/create-github-app-token action to v1.9.0 (#2569) Co-authored-by: renovate[bot] Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b9ba882c..488c65f2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@e8e39f73bb84fdf315a015fa3104f314c0a258b4 # v1.8.1 + uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From de462b7e809b06472a706f0c9d23ef2f5727ae35 Mon Sep 17 00:00:00 2001 From: mugi <62197019+mugioka@users.noreply.github.com> Date: Sat, 2 Mar 2024 20:20:12 +0900 Subject: [PATCH 302/617] feat(argo-cd): support ApplicationSet in any namespace. (#2402) * chore(argo-cd): support ApplicationSet in any namespace. Signed-off-by: mugioka * chore: apply feedback by maintainer. Signed-off-by: mugioka * fix: docs is not generated. Signed-off-by: mugioka --------- Signed-off-by: mugioka --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 1 + .../argocd-applicationset/clusterrole.yaml | 89 +++++++++++++++++++ .../clusterrolebinding.yaml | 17 ++++ charts/argo-cd/values.yaml | 3 +- 5 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 22f637bd..680b5d04 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.5.1 +version: 6.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.2 + description: Support ApplicationSet in any namespace. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d1c95206..eab256f7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1302,6 +1302,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml new file mode 100644 index 00000000..6ac4c1e7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -0,0 +1,89 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml new file mode 100644 index 00000000..152b31f4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 68581a3c..42b44183 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2928,7 +2928,8 @@ applicationSet: # - secretName: argocd-applicationset-tls # hosts: # - argocd-applicationset.example.com - + # -- Enable ApplicationSet in any namespace feature + allowAnyNamespace: false ## Notifications controller notifications: # -- Enable notifications controller From 1af4bf5f48c6d7de31600b60366649d71fb19e39 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 4 Mar 2024 04:12:41 +0900 Subject: [PATCH 303/617] feat(argo-workflows): Add ability to set .Values.namespaceOverride (#2564) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 8 ++++++++ .../templates/controller/artifact-repository-ref-cm.yaml | 2 +- .../controller/workflow-controller-cluster-roles.yaml | 2 +- .../controller/workflow-controller-config-map.yaml | 2 +- .../templates/controller/workflow-controller-crb.yaml | 6 +++--- .../controller/workflow-controller-deployment-pdb.yaml | 2 +- .../controller/workflow-controller-deployment.yaml | 2 +- .../templates/controller/workflow-controller-sa.yaml | 2 +- .../templates/controller/workflow-controller-service.yaml | 2 +- .../controller/workflow-controller-servicemonitor.yaml | 4 ++-- .../argo-workflows/templates/controller/workflow-rb.yaml | 2 +- .../templates/controller/workflow-role.yaml | 2 +- .../argo-workflows/templates/controller/workflow-sa.yaml | 2 +- .../templates/server/gke/backendconfig.yaml | 2 +- .../templates/server/gke/frontendconfig.yaml | 2 +- .../templates/server/gke/managedcertificate.yaml | 2 +- .../templates/server/server-cluster-roles.yaml | 2 +- charts/argo-workflows/templates/server/server-crb.yaml | 6 +++--- .../templates/server/server-deployment-hpa.yaml | 2 +- .../templates/server/server-deployment-pdb.yaml | 2 +- .../templates/server/server-deployment.yaml | 2 +- .../argo-workflows/templates/server/server-ingress.yaml | 2 +- charts/argo-workflows/templates/server/server-sa.yaml | 2 +- .../argo-workflows/templates/server/server-service.yaml | 2 +- charts/argo-workflows/values.yaml | 4 ++++ 27 files changed, 43 insertions(+), 30 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index b59241fa..99b190bc 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.13 +version: 0.40.14 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Disable leader election if only 1 repl of the Workflow Controller + description: Support namespaceOverride diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 75ecb19a..785bf9f8 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -124,6 +124,7 @@ Fields to note: | images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. | ### Workflow diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 0d170ec9..118f9a52 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -189,3 +189,11 @@ Return the appropriate apiVersion for GKE resources {{- print "cloud.google.com/v1beta1" -}} {{- end -}} {{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-workflows.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml index ce7cd55b..81c1d0a7 100644 --- a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $cm_name }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" $ | quote }} labels: {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} {{- with $cm_val.annotations }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index c2d2a771..1b01b117 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -8,7 +8,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.controller.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 0fefd01f..1997d9d3 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "argo-workflows.controller.config-map.name" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} data: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 9fa7a7f6..69883f60 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -8,7 +8,7 @@ kind: ClusterRoleBinding metadata: name: {{ template "argo-workflows.controller.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} @@ -23,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- @@ -40,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index ee38445f..bee7c199 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 4a4e9f64..b3db5f4e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index c6a8bf66..fd1db89f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 1959eb2e..51362c4f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 6643d634..df318fc2 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceMonitor.additionalLabels }} @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace | quote }} + - {{ include "argo-workflows.namespace" . | quote }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 6f9ba23d..4402a722 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 80309119..14265372 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index 273487c4..c6fff691 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.serviceAccount.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: v1 kind: ServiceAccount diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml index 4597db3d..0d439b62 100644 --- a/charts/argo-workflows/templates/server/gke/backendconfig.yaml +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} kind: BackendConfig metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml index 6b81c923..32cfc3a1 100644 --- a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml index b77c3131..4d1f840e 100644 --- a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} spec: domains: {{- with .Values.server.GKEmanagedCertificate.domains }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 56d4dcaa..dbb5ff9f 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -8,7 +8,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.server.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index e8d6511d..4ffb9107 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -8,7 +8,7 @@ kind: ClusterRoleBinding metadata: name: {{ template "argo-workflows.server.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} @@ -23,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.server.clusterWorkflowTemplates.enabled }} --- @@ -40,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end -}} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml index 9194bbd9..142bc31b 100644 --- a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} kind: HorizontalPodAutoscaler metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index 7ea6d465..47f8394d 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index b3aa3728..a4b8df7b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index 36209f5b..db69b012 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.ingress.labels }} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index 382d565e..d2c9c535 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index f7096a8d..7f81bd39 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index def967b1..0f2d6ca7 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -26,6 +26,10 @@ nameOverride: # -- String to fully override "argo-workflows.fullname" template fullnameOverride: +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" + # -- Labels to set on all resources commonLabels: {} From c4d79885816f09214287e39cc36bee06d1411278 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 23:52:59 +0900 Subject: [PATCH 304/617] chore(deps): update renovatebot/github-action action to v40.1.3 (#2573) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 488c65f2..f159b705 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@a6e57359b32af9a54d5b3b6603011f50629a0a05 # v40.1.2 + uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From fc620a3d51afb448fd3a14ed86a8949ed3e47af6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 17:26:10 +0900 Subject: [PATCH 305/617] chore(deps): update renovatebot/github-action action to v40.1.4 (#2579) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f159b705..a61d4b9c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3 + uses: renovatebot/github-action@c134f38c01867794a23c35e86660bd9609caf30c # v40.1.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From b9615e451cd1637c13d4b6881ce53cb4e95e24c7 Mon Sep 17 00:00:00 2001 From: Ran Rubin Date: Mon, 11 Mar 2024 20:26:07 +0200 Subject: [PATCH 306/617] feat(argo-cd): Support setting ArgoCD Notifications secret (#2577) * chore(deps): update renovatebot/github-action action to v40.1.3 (#2573) Co-authored-by: renovate[bot] Signed-off-by: ranrubin * feat(argo-cd): Support for existing Secret in ArgoCD Notifications, and ability to set its name. Signed-off-by: ranrubin * feat(argo-cd): Pass Secret name to Notification controller Signed-off-by: ranrubin * chore(deps): update renovatebot/github-action action to v40.1.4 (#2579) Co-authored-by: renovate[bot] Signed-off-by: ranrubin * feat(argo-cd): Remove redundant useExistingSecret, and assume existence of a secret Signed-off-by: ranrubin --------- Signed-off-by: ranrubin Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../argocd-configs/argocd-notifications-secret.yaml | 2 +- .../argo-cd/templates/argocd-notifications/clusterrole.yaml | 4 +--- .../argo-cd/templates/argocd-notifications/deployment.yaml | 1 + charts/argo-cd/templates/argocd-notifications/role.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++++ 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 680b5d04..f77df4c1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.6.0 +version: 6.7.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Support ApplicationSet in any namespace. + - kind: Added + description: Support for existing Secret for ArgoCD Notifications, and ability to set its name. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index eab256f7..d43a0fda 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1465,6 +1465,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | | notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | +| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name | | notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index 75027ed5..9c261c6a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-notifications-secret + name: {{ .Values.notifications.secret.name }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index 793bb5d3..edb957f3 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -38,14 +38,12 @@ rules: verbs: - get {{- end }} - {{- if .Values.notifications.secret.create }} - apiGroups: - "" resourceNames: - - argocd-notifications-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: - get - {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index f9b766f4..674639f4 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,6 +66,7 @@ spec: - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - --namespace={{ .Release.Namespace }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --secret-name={{ .Values.notifications.secret.name }} {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 128c24f5..22eaa473 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -37,7 +37,7 @@ rules: - apiGroups: - "" resourceNames: - - argocd-notifications-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 42b44183..a281d019 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3017,8 +3017,12 @@ notifications: secret: # -- Whether helm chart creates notifications controller secret + ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name. create: true + # -- notifications controller Secret name + name: "argocd-notifications-secret" + # -- key:value pairs of annotations to be added to the secret annotations: {} From 6a58945969d2711cb476901ce08fb1a998b9d888 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6ran=20P=C3=B6hner?= <10630407+groundhog2k@users.noreply.github.com> Date: Tue, 12 Mar 2024 00:08:20 +0100 Subject: [PATCH 307/617] fix(argo-cd): Fixed default tls hosts for grpc ingress endpoint (#2580) * Fixed default tls hosts for grpc ingress endpoint Signed-off-by: Goeran Poehner * Increased chart version Signed-off-by: Goeran Poehner * Added changelog entry Signed-off-by: Goeran Poehner * Updated changelog Signed-off-by: Goeran Poehner --------- Signed-off-by: Goeran Poehner Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f77df4c1..8a461c90 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.0 +version: 6.7.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: Added - description: Support for existing Secret for ArgoCD Notifications, and ability to set its name. + - kind: changed + description: Fixed a bug for TLS host value in GRPC ingress endpoint diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 73f447bf..2d15b9d7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -53,7 +53,7 @@ spec: tls: {{- if .Values.server.ingressGrpc.tls }} - hosts: - - {{ $hostname }} + - {{ .Values.server.ingressGrpc.hostname | default $hostname }} secretName: argocd-server-grpc-tls {{- end }} {{- with .Values.server.ingressGrpc.extraTls }} From 1786f6e54488f90ff0e0df321d3775a302cc8f7e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 07:26:50 -0500 Subject: [PATCH 308/617] chore(deps): update actions/checkout action to v4.1.2 (#2582) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index a61d4b9c..f3cd30ae 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate uses: renovatebot/github-action@c134f38c01867794a23c35e86660bd9609caf30c # v40.1.4 From b4e645c75fa5b3c843fb7b76dcfbe78dd70b6ab9 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 20:45:56 +0000 Subject: [PATCH 309/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.3 (#2583) --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8a461c90..d0155755 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.2 +appVersion: v2.10.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.1 +version: 6.7.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Fixed a bug for TLS host value in GRPC ingress endpoint + description: Bump argo-cd to v2.10.3 From 718589628b97194a586926df7893ccc851340eb0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 13:18:13 +0900 Subject: [PATCH 310/617] chore(deps): update renovatebot/github-action action to v40.1.5 (#2584) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f3cd30ae..6e9edaa0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@c134f38c01867794a23c35e86660bd9609caf30c # v40.1.4 + uses: renovatebot/github-action@89bd050bafa5a15de5d9383e3129edf210422004 # v40.1.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From a148991ff83c0a3b36aeef2fbd69da873f8c0c7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 07:32:19 -0500 Subject: [PATCH 311/617] chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#2587) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index faf003de..895cbe52 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 788bd8e0..fb1de5ea 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3ccb86fe..971961e7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: persist-credentials: false From e7ad44173de7c56f86a73966ca61608aaf2f692b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 07:37:38 -0500 Subject: [PATCH 312/617] chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#2586) --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index fb1de5ea..3a3b41d6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} From 85de0a16e70df7501ad6ea3d3922dbc1c602180e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 09:36:40 +0000 Subject: [PATCH 313/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.4 (#2588) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0155755..2cbf4bd0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.3 +appVersion: v2.10.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.2 +version: 6.7.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.3 + description: Bump argo-cd to v2.10.4 From e248b6b3166491e187f7cdf499b28fb9fbf70408 Mon Sep 17 00:00:00 2001 From: Abdullah Alaqeel Date: Thu, 21 Mar 2024 02:52:58 +0300 Subject: [PATCH 314/617] fix(argocd-image-updater): Properly quoting the config map values (and other fixes) (#2512) fix(argocd-image-updater): Properly quoting the config map values fix(argocd-image-updater): Only adding a data field to argocd-image-updater-ssh-config when there's data to be added fix(argocd-image-updater): Only include config.argocd if config.applicationsAPIKind is set to 'argocd' chore(argocd-image-updater): removing unneeded whitespace in Role and RoleBinding Signed-off-by: Abdullah Alaqeel --- charts/argocd-image-updater/Chart.yaml | 10 +++++-- .../templates/configmap-sshconfig.yaml | 4 +-- .../templates/configmap.yaml | 28 ++++++++++--------- .../argocd-image-updater/templates/rbac.yaml | 4 +-- charts/argocd-image-updater/values.yaml | 1 + 5 files changed, 27 insertions(+), 20 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 43d69f51..2e34fad6 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.5 +version: 0.9.6 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,5 +18,9 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allow overriding of .Release.Namespace with .Values.namespaceOverride + - kind: fixed + description: Properly quoting the config map values + - kind: fixed + description: Only adding a data field to argocd-image-updater-ssh-config when there's data to be added + - kind: changed + description: Only include config.argocd if config.applicationsAPIKind is set to 'argocd' diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 9233137c..9fd83d92 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -5,7 +5,7 @@ metadata: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- with .Values.config.sshConfig }} data: - {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} - {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 57ef2197..84eb6875 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -8,30 +8,32 @@ metadata: namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} - applications_api: {{ . }} + applications_api: {{ . | quote }} + {{- if eq . "argocd" }} + argocd.grpc_web: {{ $.Values.config.argocd.grpcWeb | quote }} + {{- with $.Values.config.argocd.serverAddress }} + argocd.server_addr: {{ . | quote }} {{- end }} - argocd.grpc_web: {{ .Values.config.argocd.grpcWeb | quote }} - {{- with .Values.config.argocd.serverAddress }} - argocd.server_addr: {{ . }} + argocd.insecure: {{ $.Values.config.argocd.insecure | quote }} + argocd.plaintext: {{ $.Values.config.argocd.plaintext | quote }} + {{- end -}} {{- end }} - argocd.insecure: {{ .Values.config.argocd.insecure | quote }} - argocd.plaintext: {{ .Values.config.argocd.plaintext | quote }} {{- with .Values.config.logLevel }} - log.level: {{ . }} + log.level: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitUser }} - git.user: {{ . }} + git.user: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitMail }} - git.email: {{ . }} + git.email: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitTemplate }} git.commit-message-template: | {{- nindent 4 . }} {{- end }} kube.events: {{ .Values.config.disableKubeEvents | quote }} + {{- with .Values.config.registries }} registries.conf: | - {{- with .Values.config.registries }} - registries: - {{- toYaml . | nindent 6 }} - {{- end }} + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 685b0b89..50d75876 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: @@ -37,7 +37,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index fb5aad1a..7cbbe05b 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -101,6 +101,7 @@ config: applicationsAPIKind: "" # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + # Note: this is only relevant if config.applicationsAPIKind == 'argocd' argocd: # -- Use the gRPC-web protocol to connect to the Argo CD API grpcWeb: true From 8a4c87529520a05a2026bc7ae1bfc743cace8d89 Mon Sep 17 00:00:00 2001 From: amcamina Date: Fri, 22 Mar 2024 17:09:43 +0100 Subject: [PATCH 315/617] feat(argo-rollouts): Allow customizing additional RBAC rules for other providers (#2556) * Allow customizing additional RBAC rules for other providers Signed-off-by: Alvaro.Camina * Changing additionalRules from dict to list Signed-off-by: Alvaro.Camina * Changing additionalRules from dict to list and addressing comment Signed-off-by: Alvaro.Camina * Runing `./scripts/helm-docs.sh` to update the README Signed-off-by: Alvaro.Camina --------- Signed-off-by: Alvaro.Camina Co-authored-by: Alvaro.Camina Co-authored-by: Aikawa Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 1 + .../templates/controller/clusterrole.yaml | 21 +++++++++++-------- charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2db0614d..5d6ccc7d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.3 +version: 2.34.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-rollouts to v1.6.6 + - kind: added + description: Allow customizing additional RBAC rules for other providers diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 3627de83..adf27530 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -60,6 +60,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | | providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole | | providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider | | providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 35fd8215..a60070b3 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -258,23 +258,26 @@ rules: {{- if .Values.providerRBAC.providers.contour }} # Access needed when using the Contour provider - apiGroups: - - projectcontour.io + - projectcontour.io resources: - - httpproxies + - httpproxies verbs: - - get - - list - - watch - - update + - get + - list + - watch + - update {{- end }} {{- if .Values.providerRBAC.providers.glooPlatform }} # Access needed when using the Gloo Platform provider - apiGroups: - - networking.gloo.solo.io + - networking.gloo.solo.io resources: - - routetables + - routetables verbs: - - '*' + - '*' +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 19ab340e..1a4a9ede 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -273,6 +273,8 @@ providerRBAC: contour: true # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` glooPlatform: true + # -- Additional RBAC rules for others providers + additionalRules: [] dashboard: # -- Deploy dashboard server From 393402cb1b914a5eced42c0c0256c49b0796a5b5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 23 Mar 2024 20:06:54 +0900 Subject: [PATCH 316/617] feat(argo-events): Support ability to set .Values.namespaceOverride (#2594) * feat(argo-events): Support ability to set .Values.namespaceOverride Signed-off-by: yu-croco * fix(argo-events): update README Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/README.md | 1 + charts/argo-events/templates/_helpers.tpl | 8 ++++++++ .../templates/argo-events-controller/config.yaml | 2 +- .../templates/argo-events-controller/deployment.yaml | 2 +- .../argo-events/templates/argo-events-controller/pdb.yaml | 2 +- .../templates/argo-events-controller/rbac.yaml | 4 ++-- .../templates/argo-events-controller/service.yaml | 2 +- .../templates/argo-events-controller/serviceaccount.yaml | 2 +- .../templates/argo-events-controller/servicemonitor.yaml | 4 ++-- .../templates/argo-events-webhook/clusterrolebinding.yaml | 2 +- .../templates/argo-events-webhook/deployment.yaml | 2 +- charts/argo-events/templates/argo-events-webhook/pdb.yaml | 2 +- .../templates/argo-events-webhook/service.yaml | 2 +- .../templates/argo-events-webhook/serviceaccount.yaml | 2 +- charts/argo-events/values.yaml | 3 +++ 16 files changed, 29 insertions(+), 17 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 99f3b601..aed0dfdc 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.3 +version: 2.4.4 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-events to v1.9.1 + - kind: added + description: Support ability to set .Values.namespaceOverride diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 0abf2c31..c9cd5083 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -87,6 +87,7 @@ done | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | | nameOverride | string | `"argo-events"` | Provide a name in place of `argo-events` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | openshift | bool | `false` | Deploy on OpenShift | ### Controller diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index d18f2ca9..93069ca3 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -136,3 +136,11 @@ Define Pdb apiVersion {{- printf "policy/v1beta1" -}} {{- end }} {{- end }} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-events.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index b3293385..119c10f5 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} data: diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index a3614c73..75d0cdb2 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml index 0451ecd7..269e2de4 100644 --- a/charts/argo-events/templates/argo-events-controller/pdb.yaml +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml index aa9c7c2b..69a0adcb 100644 --- a/charts/argo-events/templates/argo-events-controller/rbac.yaml +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -4,7 +4,7 @@ kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} metadata: name: {{ include "argo-events.controller.fullname" . }} {{- if .Values.controller.rbac.namespaced }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} @@ -122,5 +122,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml index fe36320b..55fe9361 100644 --- a/charts/argo-events/templates/argo-events-controller/service.yaml +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-events.controller.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.controller.metrics.service.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml index 3b8a9c81..bd697989 100644 --- a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml index 55cda1d4..371794ee 100644 --- a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-events.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-events.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} @@ -29,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace | quote }} + - {{ include "argo-events.namespace" . | quote }} selector: matchLabels: {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml index 89226483..c701c8d7 100644 --- a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml index 0445484e..0b995ba2 100644 --- a/charts/argo-events/templates/argo-events-webhook/deployment.yaml +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: events-webhook - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml index a3daa745..26ee675d 100644 --- a/charts/argo-events/templates/argo-events-webhook/pdb.yaml +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.webhook.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} {{- with .Values.webhook.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index 15563d0e..e1f2b2ee 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: events-webhook - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml index e3e2ac5b..0efad0c2 100644 --- a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.webhook.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index faba6939..b959e6cd 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -6,6 +6,9 @@ nameOverride: argo-events # -- String to fully override "argo-events.fullname" template fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" # -- Deploy on OpenShift openshift: false From 237493a4ab1478a0c33cb1253767f65ce4ec007c Mon Sep 17 00:00:00 2001 From: irizzant Date: Sat, 23 Mar 2024 16:38:56 +0100 Subject: [PATCH 317/617] feat(argocd-apps)!: use maps instead of lists (#2538) * feat(argocd-apps)!: use maps instead of lists Signed-off-by: irizzant * fix(chart): add artifacthub annotations Signed-off-by: irizzant * fix: remove not needed lines Signed-off-by: irizzant * fix: use the right range function Signed-off-by: irizzant * fix(argocd-apps): fix issues Signed-off-by: irizzant * fix: fix newline issue in values.yaml Signed-off-by: irizzant * fix: Use range function properly (revert complex changes on item-templates) Signed-off-by: Marco Maurer --------- Signed-off-by: irizzant Signed-off-by: Marco Maurer Co-authored-by: Jason Meridth Co-authored-by: Marco Maurer Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 4 +- charts/argocd-apps/README.md | 8 +- .../applications-multiple-sources-values.yaml | 50 +-- .../argocd-apps/ci/applications-values.yaml | 60 ++-- ...plicationsets-multiple-sources-values.yaml | 42 +-- ...licationsets-progressive-syncs-values.yaml | 76 ++-- .../ci/applicationsets-values.yaml | 172 ++++----- .../argocd-apps/templates/applications.yaml | 28 +- .../templates/applicationsets.yaml | 27 +- charts/argocd-apps/templates/extensions.yaml | 12 +- charts/argocd-apps/templates/projects.yaml | 38 +- charts/argocd-apps/values.yaml | 340 +++++++++--------- 12 files changed, 428 insertions(+), 429 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 0b550fb4..397e9db6 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.6.2 +version: 2.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support Template Patch to ApplicationSet + description: make the chart use maps instead of lists diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index 2cc1541f..447df733 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -28,11 +28,11 @@ $ helm install my-release argo/argocd-apps | Key | Type | Default | Description | |-----|------|---------|-------------| -| applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | -| applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | -| extensions | list | `[]` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | +| applications | object | `{}` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | +| applicationsets | object | `{}` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | +| extensions | object | `{}` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | | itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | -| projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | +| projects | object | `{}` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml index 4d21403b..f1023424 100644 --- a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml +++ b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml @@ -1,28 +1,28 @@ # Test with multi-source applications applications: -- name: argocd-application-multiple-sources - additionalLabels: {} - additionalAnnotations: {} - finalizers: - - resources-finalizer.argocd.argoproj.io - project: default - sources: - - chart: elasticsearch - repoURL: https://helm.elastic.co - targetRevision: 8.5.1 - - repoURL: https://github.com/argoproj/argocd-example-apps.git - path: guestbook - targetRevision: HEAD - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas + argocd-application-multiple-sources: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml index 28a627ff..4f742748 100644 --- a/charts/argocd-apps/ci/applications-values.yaml +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -1,33 +1,33 @@ # Test with applications applications: -- name: argocd-application - additionalLabels: {} - additionalAnnotations: {} - finalizers: - - resources-finalizer.argocd.argoproj.io - project: default - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - syncOptions: - - ApplyOutOfSyncOnly=true - revisionHistoryLimit: null - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - info: - - name: url - value: https://argoproj.github.io/ + argocd-application: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - ApplyOutOfSyncOnly=true + revisionHistoryLimit: null + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ diff --git a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml index f1dd7cda..d8fe500c 100644 --- a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml @@ -1,24 +1,24 @@ # Test with multi-source applicationsets applicationsets: -- name: applicationset-multiple-sources - generators: - - list: - elements: - - cluster: default-cluster - url: https://kubernetes.default.svc - template: - metadata: - name: '{{cluster}}-guestbook' - spec: - project: default - sources: - - chart: elasticsearch - repoURL: https://helm.elastic.co - targetRevision: 8.5.1 - - repoURL: https://github.com/argoproj/argocd-example-apps.git - path: guestbook - targetRevision: HEAD - destination: - server: '{{url}}' - namespace: default + applicationset-multiple-sources: + generators: + - list: + elements: + - cluster: default-cluster + url: https://kubernetes.default.svc + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: '{{url}}' + namespace: default diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml index 2fa58978..a225e7c5 100644 --- a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -1,41 +1,41 @@ # Test applicationsets with Progressive Syncs applicationsets: -- name: applicationset-progressive-syncs - generators: - - list: - elements: - - cluster: engineering-dev - url: https://1.2.3.4 - env: env-dev - - cluster: engineering-prod - url: https://9.8.7.6/ - env: env-prod - strategy: - type: RollingSync - rollingSync: - steps: - - matchExpressions: - - key: envLabel - operator: In - values: - - env-dev - - matchExpressions: - - key: envLabel - operator: In - values: - - env-prod - template: - metadata: - name: '{{.cluster}}-guestbook' - labels: - envLabel: '{{.env}}' - spec: - project: my-project - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook/{{.cluster}} - destination: - server: '{{.url}}' - namespace: guestbook + applicationset-progressive-syncs: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index 375367ca..ed84c5fb 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -1,90 +1,90 @@ # Test with applicationsets applicationsets: -- name: applicationset - additionalLabels: {} - additionalAnnotations: {} - # See PR #10026 (ArgoCD v2.5 or later) - # goTemplate: false - generators: - - git: - repoURL: https://github.com/argoproj/argocd-example-apps.git - revision: HEAD - directories: - - path: guestbook - - path: kustomize-* - # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync - ignoreApplicationDifferences: - - jsonPointers: - - /spec/syncPolicy - template: - metadata: - name: '{{path.basename}}' - labels: {} - annotations: {} - spec: - project: default - source: + applicationset: + additionalLabels: {} + additionalAnnotations: {} + # See PR #10026 (ArgoCD v2.5 or later) + # goTemplate: false + generators: + - git: repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: '{{path}}' - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - info: - - name: url - value: https://argoproj.github.io/ - syncPolicy: - # Set Application finalizer - preserveResourcesOnDeletion: false - templatePatch: | - spec: - source: - helm: - valueFiles: - {{- range $valueFile := .valueFiles }} - - {{ $valueFile }} - {{- end }} - {{- if .autoSync }} - syncPolicy: - automated: - prune: {{ .prune }} - {{- end }} -- name: applicationset-list-generator - generators: - - list: - elements: - - cluster: engineering-dev - url: https://kubernetes.default.svc - template: - metadata: {} - spec: - project: '{{cluster}}' - source: - targetRevision: HEAD - repoURL: https://github.com/argoproj/argo-cd.git - # New path value is generated here: - path: 'applicationset/examples/template-override/{{cluster}}-override' - destination: {} - template: - metadata: - name: '{{cluster}}-guestbook' - spec: - project: '{{cluster}}' - source: - repoURL: https://github.com/argoproj/argo-cd.git - targetRevision: HEAD - # This 'default' value is not used: it is is replaced by the generator's template path, above - path: applicationset/examples/template-override/default - destination: - server: '{{url}}' - namespace: guestbook + revision: HEAD + directories: + - path: guestbook + - path: kustomize-* + # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync + ignoreApplicationDifferences: + - jsonPointers: + - /spec/syncPolicy + template: + metadata: + name: '{{path.basename}}' + labels: {} + annotations: {} + spec: + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: '{{path}}' + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ + syncPolicy: + # Set Application finalizer + preserveResourcesOnDeletion: false + templatePatch: | + spec: + source: + helm: + valueFiles: + {{- range $valueFile := .valueFiles }} + - {{ $valueFile }} + {{- end }} + {{- if .autoSync }} + syncPolicy: + automated: + prune: {{ .prune }} + {{- end }} + applicationset-list-generator: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + template: + metadata: {} + spec: + project: '{{cluster}}' + source: + targetRevision: HEAD + repoURL: https://github.com/argoproj/argo-cd.git + # New path value is generated here: + path: 'applicationset/examples/template-override/{{cluster}}-override' + destination: {} + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: '{{cluster}}' + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + # This 'default' value is not used: it is is replaced by the generator's template path, above + path: applicationset/examples/template-override/default + destination: + server: '{{url}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index df0ea5eb..b26b6684 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -1,50 +1,50 @@ -{{- range .Values.applications }} +{{- range $appName, $appData:= .Values.applications }} --- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - {{- with .additionalAnnotations }} + {{- with $appData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $appData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $appName }} + {{- with $appData.namespace }} namespace: {{ . }} {{- end }} - {{- with .finalizers }} + {{- with $appData.finalizers }} finalizers: {{- toYaml . | nindent 4 }} {{- end }} spec: - project: {{ tpl .project $ }} - {{- with .source }} + project: {{ tpl $appData.project $ }} + {{- with $appData.source }} source: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .sources }} + {{- with $appData.sources }} sources: {{- toYaml . | nindent 4 }} {{- end }} destination: - {{- toYaml .destination | nindent 4 }} - {{- with .syncPolicy }} + {{- toYaml $appData.destination | nindent 4 }} + {{- with $appData.syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .revisionHistoryLimit }} + {{- with $appData.revisionHistoryLimit }} revisionHistoryLimit: {{ . }} {{- end }} - {{- with .ignoreDifferences }} + {{- with $appData.ignoreDifferences }} ignoreDifferences: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .info }} + {{- with $appData.info }} info: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 72c8f2e2..e8ae2134 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -1,44 +1,43 @@ - -{{- range .Values.applicationsets }} +{{- range $appSetName, $appSetData:= .Values.applicationsets }} --- apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - {{- with .additionalAnnotations }} + {{- with $appSetData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $appSetData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $appSetName }} + {{- with $appSetData.namespace }} namespace: {{ . }} {{- end }} spec: - {{- if hasKey . "goTemplate" }} - goTemplate: {{ .goTemplate }} + {{- if hasKey $appSetData "goTemplate" }} + goTemplate: {{ $appSetData.goTemplate }} {{- end }} - {{- with .generators }} + {{- with $appSetData.generators }} generators: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .ignoreApplicationDifferences }} + {{- with $appSetData.ignoreApplicationDifferences }} ignoreApplicationDifferences: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .strategy }} + {{- with $appSetData.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncPolicy }} + {{- with $appSetData.syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .template }} + {{- with $appSetData.template }} template: {{- with .metadata }} metadata: @@ -84,7 +83,7 @@ spec: {{- end }} {{- end -}} {{- end }} - {{- with .templatePatch }} + {{- with $appSetData.templatePatch }} templatePatch: | {{- . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/templates/extensions.yaml b/charts/argocd-apps/templates/extensions.yaml index 1893c2a7..8a19e3a5 100644 --- a/charts/argocd-apps/templates/extensions.yaml +++ b/charts/argocd-apps/templates/extensions.yaml @@ -1,25 +1,25 @@ -{{- range .Values.extensions }} +{{- range $extensionName, $extensionData:= .Values.extensions }} --- apiVersion: argoproj.io/v1alpha1 kind: ArgoCDExtension metadata: - name: {{ .name }} - {{- with .namespace }} + name: {{ $extensionName }} + {{- with $extensionData.namespace }} namespace: {{ . }} {{- end }} finalizers: - extensions-finalizer.argocd.argoproj.io - {{- with .additionalLabels }} + {{- with $extensionData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .additionalAnnotations }} + {{- with $extensionData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- with .sources }} +{{- with $extensionData.sources }} spec: sources: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index f4c273e8..34a865ea 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -1,72 +1,72 @@ -{{- range .Values.projects }} +{{- range $projectName, $projectData := .Values.projects }} --- apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: - {{- with .additionalAnnotations }} + {{- with $projectData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $projectData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $projectName }} + {{- with $projectData.namespace }} namespace: {{ . }} {{- end }} - {{- with .finalizers }} + {{- with $projectData.finalizers }} finalizers: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- with .permitOnlyProjectScopedClusters }} + {{- with $projectData.permitOnlyProjectScopedClusters }} permitOnlyProjectScopedClusters: {{ . }} {{- end }} - description: {{ .description }} - {{- with .sourceRepos }} + description: {{ $projectData.description }} + {{- with $projectData.sourceRepos }} sourceRepos: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .destinations }} + {{- with $projectData.destinations }} destinations: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .clusterResourceWhitelist }} + {{- with $projectData.clusterResourceWhitelist }} clusterResourceWhitelist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .clusterResourceBlacklist }} + {{- with $projectData.clusterResourceBlacklist }} clusterResourceBlacklist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .namespaceResourceBlacklist }} + {{- with $projectData.namespaceResourceBlacklist }} namespaceResourceBlacklist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .namespaceResourceWhitelist }} + {{- with $projectData.namespaceResourceWhitelist }} namespaceResourceWhitelist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .orphanedResources }} + {{- with $projectData.orphanedResources }} orphanedResources: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .roles }} + {{- with $projectData.roles }} roles: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncWindows }} + {{- with $projectData.syncWindows }} syncWindows: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .signatureKeys }} + {{- with $projectData.signatureKeys }} signatureKeys: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .sourceNamespaces }} + {{- with $projectData.sourceNamespaces }} sourceNamespaces: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 41ee1ef9..1fad3941 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -1,176 +1,176 @@ # -- Deploy Argo CD Applications within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ -applications: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# project: guestbook -# source: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# targetRevision: HEAD -# path: guestbook -# directory: -# recurse: true -# # ArgoCD v2.6 or later -# sources: +applications: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# project: guestbook +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: guestbook +# directory: +# recurse: true +# # ArgoCD v2.6 or later +# sources: # - chart: elasticsearch # repoURL: https://helm.elastic.co # targetRevision: 8.5.1 # - repoURL: https://github.com/argoproj/argocd-example-apps.git # path: guestbook # targetRevision: HEAD -# destination: -# server: https://kubernetes.default.svc -# namespace: guestbook -# syncPolicy: -# automated: -# prune: false -# selfHeal: false -# syncOptions: -# - CreateNamespace=true -# revisionHistoryLimit: null -# ignoreDifferences: -# - group: apps -# kind: Deployment -# jsonPointers: -# - /spec/replicas -# info: -# - name: url -# value: https://argoproj.github.io/ +# destination: +# server: https://kubernetes.default.svc +# namespace: guestbook +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# syncOptions: +# - CreateNamespace=true +# revisionHistoryLimit: null +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ # -- Deploy Argo CD Projects within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ -projects: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# permitOnlyProjectScopedClusters: false -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# description: Example Project -# sourceRepos: -# - '*' -# destinations: -# - namespace: guestbook -# server: https://kubernetes.default.svc -# clusterResourceWhitelist: [] -# clusterResourceBlacklist: [] -# namespaceResourceBlacklist: -# - group: '' -# kind: ResourceQuota -# - group: '' -# kind: LimitRange -# - group: '' -# kind: NetworkPolicy -# orphanedResources: {} -# roles: [] -# namespaceResourceWhitelist: -# - group: 'apps' -# kind: Deployment -# - group: 'apps' -# kind: StatefulSet -# orphanedResources: {} -# roles: [] -# syncWindows: -# - kind: allow -# schedule: '10 1 * * *' -# duration: 1h -# applications: -# - '*-prod' -# manualSync: true -# signatureKeys: -# - keyID: ABCDEF1234567890 -# sourceNamespaces: -# - argocd +projects: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# description: Example Project +# sourceRepos: +# - '*' +# destinations: +# - namespace: guestbook +# server: https://kubernetes.default.svc +# clusterResourceWhitelist: [] +# clusterResourceBlacklist: [] +# namespaceResourceBlacklist: +# - group: '' +# kind: ResourceQuota +# - group: '' +# kind: LimitRange +# - group: '' +# kind: NetworkPolicy +# orphanedResources: {} +# roles: [] +# namespaceResourceWhitelist: +# - group: 'apps' +# kind: Deployment +# - group: 'apps' +# kind: StatefulSet +# orphanedResources: {} +# roles: [] +# syncWindows: +# - kind: allow +# schedule: '10 1 * * *' +# duration: 1h +# applications: +# - '*-prod' +# manualSync: true +# signatureKeys: +# - keyID: ABCDEF1234567890 +# sourceNamespaces: +# - argocd # -- Deploy Argo CD ApplicationSets within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ -applicationsets: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# # See PR #10026 (ArgoCD v2.5 or later) -# # goTemplate: false -# generators: -# - git: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# revision: HEAD -# directories: -# - path: guestbook -# - path: kustomize-* -# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync -# ignoreApplicationDifferences: -# - jsonPointers: -# - /spec/syncPolicy -# # Progressive Syncs is an experimental feature and it must be explicitly enabled -# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs -# strategy: -# type: RollingSync -# rollingSync: -# steps: -# - matchExpressions: -# - key: project -# operator: In -# values: -# - guestbook -# - matchExpressions: -# - key: project -# operator: In -# values: -# - kustomize-foo -# - kustomize-bar -# template: -# metadata: -# name: '{{path.basename}}' -# labels: -# project: '{{path.basename}}' -# annotations: {} -# spec: -# project: default -# source: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# targetRevision: HEAD -# path: '{{path}}' -# destination: -# server: https://kubernetes.default.svc -# namespace: default -# syncPolicy: -# automated: -# prune: false -# selfHeal: false -# ignoreDifferences: -# - group: apps -# kind: Deployment -# jsonPointers: -# - /spec/replicas -# info: -# - name: url -# value: https://argoproj.github.io/ -# syncPolicy: -# # Set Application finalizer -# preserveResourcesOnDeletion: false -# # Templating is only available on string type -# templatePatch: | -# spec: -# source: -# helm: -# valueFiles: -# {{- range $valueFile := .valueFiles }} -# - {{ $valueFile }} -# {{- end }} -# {{- if .autoSync }} -# syncPolicy: -# automated: -# prune: {{ .prune }} -# {{- end }} +applicationsets: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# # See PR #10026 (ArgoCD v2.5 or later) +# # goTemplate: false +# generators: +# - git: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# revision: HEAD +# directories: +# - path: guestbook +# - path: kustomize-* +# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync +# ignoreApplicationDifferences: +# - jsonPointers: +# - /spec/syncPolicy +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar +# template: +# metadata: +# name: '{{path.basename}}' +# labels: +# project: '{{path.basename}}' +# annotations: {} +# spec: +# project: default +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: '{{path}}' +# destination: +# server: https://kubernetes.default.svc +# namespace: default +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ +# syncPolicy: +# # Set Application finalizer +# preserveResourcesOnDeletion: false +# # Templating is only available on string type +# templatePatch: | +# spec: +# source: +# helm: +# valueFiles: +# {{- range $valueFile := .valueFiles }} +# - {{ $valueFile }} +# {{- end }} +# {{- if .autoSync }} +# syncPolicy: +# automated: +# prune: {{ .prune }} +# {{- end }} # -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release # @default -- `[]` (See [values.yaml]) @@ -238,16 +238,16 @@ itemTemplates: [] # namespace: guestbook # -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. ## Ref: https://github.com/argoproj-labs/argocd-extensions -extensions: [] - # - name: example - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # sources: - # - git: - # url: https://github.com/argoproj-labs/argocd-example-extension.git - # - web: - # url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar +extensions: {} +# example: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# sources: +# - git: +# url: https://github.com/argoproj-labs/argocd-example-extension.git +# - web: +# url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar From 19b3d7271817910c51f0f5c6052b01735d4b301f Mon Sep 17 00:00:00 2001 From: Matthew Peterson <51802441+mpeters0n@users.noreply.github.com> Date: Sat, 23 Mar 2024 13:47:03 -0700 Subject: [PATCH 318/617] feat(argo-rollouts): Added Deployment labels to values.yaml (#2590) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 +++ charts/argo-rollouts/templates/controller/deployment.yaml | 3 +++ charts/argo-rollouts/templates/dashboard/deployment.yaml | 3 +++ charts/argo-rollouts/values.yaml | 6 ++++++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 5d6ccc7d..740aba28 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.4 +version: 2.35.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow customizing additional RBAC rules for other providers + description: Added Deployment labels diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index adf27530..0bd3560a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -50,6 +50,7 @@ For full list of changes please check ArtifactHub [changelog]. | extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | | global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | +| global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | @@ -83,6 +84,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | | controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | +| controller.deploymentLabels | object | `{}` | Labels to be added to the controller deployment | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | | controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | @@ -139,6 +141,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | | dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | | dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | +| dashboard.deploymentLabels | object | `{}` | Labels to be added to the dashboard deployment | | dashboard.enabled | bool | `false` | Deploy dashboard server | | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | | dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 9b8f456e..25301e22 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -10,6 +10,9 @@ metadata: name: {{ include "argo-rollouts.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index de7f525b..1c1d70c3 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -11,6 +11,9 @@ metadata: name: {{ include "argo-rollouts.fullname" . }}-dashboard namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dashboard.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 1a4a9ede..9cc4042d 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -41,12 +41,16 @@ extraObjects: [] global: # -- Annotations for all deployed Deployments deploymentAnnotations: {} + # -- Labels for all deployed Deployments + deploymentLabels: {} controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller # -- Annotations to be added to the controller deployment deploymentAnnotations: {} + # -- Labels to be added to the controller deployment + deploymentLabels: {} # -- Annotations to be added to application controller pods podAnnotations: {} # -- [Node selector] @@ -285,6 +289,8 @@ dashboard: component: rollouts-dashboard # -- Annotations to be added to the dashboard deployment deploymentAnnotations: {} + # -- Labels to be added to the dashboard deployment + deploymentLabels: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} # -- [Node selector] From a28780fb195fb1488f65bc7af95dcd389266e60f Mon Sep 17 00:00:00 2001 From: Carlos M <1761056+cmontemuino@users.noreply.github.com> Date: Sun, 24 Mar 2024 21:26:55 +0100 Subject: [PATCH 319/617] feat(argo-workflows): check prometheus CRD for ServiceMonitor (#2430) * chore: Apply changes from code review Signed-off-by: Marco Maurer --------- Signed-off-by: cmontemuino <1761056+cmontemuino@users.noreply.github.com> Signed-off-by: Marco Maurer Co-authored-by: Jason Meridth Co-authored-by: Marco Maurer --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 11 +++++++++++ .../workflow-controller-servicemonitor.yaml | 5 +++-- charts/argo-workflows/values.yaml | 2 ++ 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 99b190bc..6223ffc6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.14 +version: 0.41.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support namespaceOverride + description: Check Prometheus CRDs are available before creating Service Monitor resource(s) diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 785bf9f8..3a387546 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -111,6 +111,7 @@ Fields to note: |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides.monitoring | string | `""` | String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart | | commonLabels | object | `{}` | Labels to set on all resources | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 118f9a52..f46af22f 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -190,6 +190,17 @@ Return the appropriate apiVersion for GKE resources {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for monitoring CRDs +*/}} +{{- define "argo-workflows.apiVersions.monitoring" -}} +{{- if .Values.apiVersionOverrides.monitoring -}} +{{- print .Values.apiVersionOverrides.monitoring -}} +{{- else -}} +{{- print "monitoring.coreos.com/v1" -}} +{{- end -}} +{{- end -}} + {{/* Expand the namespace of the release. Allows overriding it for multi-namespace deployments in combined charts. diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index df318fc2..1695f96d 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -1,5 +1,6 @@ -{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 +{{- $apiVersion := include "argo-workflows.apiVersions.monitoring" . }} +{{- if and (.Capabilities.APIVersions.Has $apiVersion) (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: {{ $apiVersion }} kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 0f2d6ca7..3c361c9c 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -42,6 +42,8 @@ apiVersionOverrides: autoscaling: "" # autoscaling/v2 # -- String to override apiVersion of GKE resources rendered by this helm chart cloudgoogle: "" # cloud.google.com/v1 + # -- String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart + monitoring: "" # monitoring.coreos.com/v1 # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster From 3e8653a7651678dadb951892d69fc49399cffd23 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:26:28 +0900 Subject: [PATCH 320/617] chore(deps): update renovatebot/github-action action to v40.1.6 (#2602) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6e9edaa0..6f180fc5 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@89bd050bafa5a15de5d9383e3129edf210422004 # v40.1.5 + uses: renovatebot/github-action@23b01dbf6f38965076a36aff87f802263164f204 # v40.1.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 776c19db6377eea7b42a81eae5e2befde52b9861 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 21:39:36 +0000 Subject: [PATCH 321/617] chore(deps): update actions/create-github-app-token action to v1.9.1 (#2604) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6f180fc5..08cfce31 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0 + uses: actions/create-github-app-token@78e5f2ddc08efcb88fbbee6cfa3fed770ba550c3 # v1.9.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 38900afada6cbc51e469d53fbf20ebba6f1cb07b Mon Sep 17 00:00:00 2001 From: Connor Given <47261237+congiv@users.noreply.github.com> Date: Tue, 26 Mar 2024 04:35:50 -0400 Subject: [PATCH 322/617] feat(argo-rollouts): add minimum RBAC for Gateway API (#2599) --- charts/argo-rollouts/Chart.yaml | 4 +-- charts/argo-rollouts/README.md | 1 + .../templates/controller/clusterrole.yaml | 27 +++++++++++++++ .../templates/controller/role.yaml | 33 +++++++++++++++++-- charts/argo-rollouts/values.yaml | 2 ++ 5 files changed, 62 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 740aba28..307965b9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.0 +version: 2.35.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added Deployment labels + description: Allow minimum set of RBAC rules for Gateway API resources diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 0bd3560a..eb30e7ee 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -68,6 +68,7 @@ For full list of changes please check ArtifactHub [changelog]. | providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | | providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | | providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | +| providerRBAC.providers.gatewayAPI | bool | `true` | Adds RBAC rules for the Gateway API provider | | providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` | | providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | | providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index a60070b3..a80708b6 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -94,11 +94,22 @@ rules: - "" resources: - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - configmaps verbs: - get - list - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -276,6 +287,22 @@ rules: verbs: - '*' {{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update +{{- end }} {{- with .Values.providerRBAC.additionalRules }} {{ toYaml . }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index dc656cde..584587b9 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -95,11 +95,22 @@ rules: - "" resources: - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - configmaps verbs: - get - list - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -259,11 +270,27 @@ rules: {{- if .Values.providerRBAC.providers.glooPlatform }} # Access needed when using the Gloo Platform provider - apiGroups: - - networking.gloo.solo.io + - networking.gloo.solo.io resources: - - routetables + - routetables verbs: - - '*' + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 9cc4042d..8f3f10b4 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -277,6 +277,8 @@ providerRBAC: contour: true # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` glooPlatform: true + # -- Adds RBAC rules for the Gateway API provider + gatewayAPI: true # -- Additional RBAC rules for others providers additionalRules: [] From e56bda239d7871acfe7162def5a327d6a53dae8c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 28 Mar 2024 08:44:07 +0100 Subject: [PATCH 323/617] chore(deps): update renovatebot/github-action action to v40.1.7 (#2608) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 08cfce31..6b290f1d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@23b01dbf6f38965076a36aff87f802263164f204 # v40.1.6 + uses: renovatebot/github-action@7d358366277001f3316d7fa54ff49a81c0158948 # v40.1.7 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 6043017f34a4aab9eed905c3eec3dfe796252d1f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 28 Mar 2024 18:29:52 +0100 Subject: [PATCH 324/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.5 (#2610) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2cbf4bd0..7cc1ab23 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.4 +appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.3 +version: 6.7.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.4 + description: Bump argo-cd to v2.10.5 From e9a3381d739f4c07069753bf5a2db4cd462ec014 Mon Sep 17 00:00:00 2001 From: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> Date: Fri, 29 Mar 2024 09:13:31 +0100 Subject: [PATCH 325/617] fix(argo-cd): Properly support "application in any namespace" for the argocd-server ClusterRole (#2609) * Properly support "application in any namespace" for the argocd-server ClusterRole Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> * Add changelog Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> * notification controller can handle self-managed notification in any namespace Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> * Bump argo-cd chart to v6.7.5 Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> --------- Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- .../templates/argocd-notifications/clusterrole.yaml | 3 +++ .../argo-cd/templates/argocd-server/clusterrole.yaml | 11 +++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7cc1ab23..41acb075 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.4 +version: 6.7.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.5 + - kind: fixed + description: Fixed the ClusterRole of argocd-server and notification when using "application in any namespace" diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index edb957f3..eba5973f 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -28,6 +28,9 @@ rules: verbs: - list - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} {{- if .Values.notifications.cm.create }} - apiGroups: - "" diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index f4877980..0867a1b1 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -48,6 +48,17 @@ rules: - list - update - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch + {{- end }} - apiGroups: - batch resources: From d6063b9595c5692c122302fe913f28c66376747c Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Fri, 29 Mar 2024 19:13:26 +0300 Subject: [PATCH 326/617] fix(argo-cd): add missing crd change from 2.10.5 (#2612) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/crds/crd-applicationset.yaml | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41acb075..fa41352d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.5 +version: 6.7.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed the ClusterRole of argocd-server and notification when using "application in any namespace" + description: added missing crd change for 2.10.5 diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 02623f6c..323beb27 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -2381,8 +2381,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: properties: @@ -4725,8 +4723,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: x-kubernetes-preserve-unknown-fields: true @@ -9752,8 +9748,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: x-kubernetes-preserve-unknown-fields: true From 3a56a3e64d8edb4522531498fe9686ddafbb975a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Mar 2024 12:33:40 -0500 Subject: [PATCH 327/617] chore(deps): bump actions/setup-python from 5.0.0 to 5.1.0 (#2615) --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 895cbe52..46cf47cd 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: 3.9 From d64b7e2d0c378635c9ce1e3ee8e800d11156dd88 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 10:18:04 +0900 Subject: [PATCH 328/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.278.0 (#2617) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6b290f1d..d5280ec2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.222.0 + renovate-version: 37.278.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 7b87ff19e5c034b3e4b628a9220516fe5f6ceaa3 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 19:27:32 +0200 Subject: [PATCH 329/617] chore(deps): update actions/create-github-app-token action to v1.9.2 (#2618) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d5280ec2..22e06e11 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@78e5f2ddc08efcb88fbbee6cfa3fed770ba550c3 # v1.9.1 + uses: actions/create-github-app-token@6c406e8a244fdf6bbf79e6cc8a91504a48d2c2ce # v1.9.2 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 30fd5202b0c195ad8bda0406dab33eec85c3781d Mon Sep 17 00:00:00 2001 From: edmondshtogu Date: Tue, 2 Apr 2024 07:03:37 +0200 Subject: [PATCH 330/617] feat(argo-cd): enabled server cluster role permissions overriding (#2606) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/argocd-server/clusterrole.yaml | 4 ++++ charts/argo-cd/values.yaml | 8 ++++++++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fa41352d..f86a8d52 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.6 +version: 6.7.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: added missing crd change for 2.10.5 + - kind: added + description: Support for Overriding Argo CD Server ClusterRole Permissions diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d43a0fda..70679f23 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -928,6 +928,8 @@ NAME: my-release | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | | server.certificateSecret.key | string | `""` | Private Key of the certificate | | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | +| server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource | +| server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource | | server.containerPorts.metrics | int | `8083` | Metrics container port | | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 0867a1b1..c1439b0c 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: + {{- if .Values.server.clusterRoleRules.enabled }} + {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }} + {{- else }} - apiGroups: - '*' resources: @@ -73,4 +76,5 @@ rules: verbs: {{/* supports triggering workflows from UI */}} - create + {{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a281d019..000f94a3 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2194,6 +2194,14 @@ server: # -- Termination policy of Openshift Route termination_policy: None + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the server's ClusterRole resource + enabled: false + # -- List of custom rules for the server's ClusterRole resource + rules: [] + ## Repo Server repoServer: # -- Repo server name From 72f0a50d7038ba2883a5ea87b5012824f9a7884f Mon Sep 17 00:00:00 2001 From: Pierre Blais <109473352+pierreblais@users.noreply.github.com> Date: Tue, 2 Apr 2024 15:36:34 +0200 Subject: [PATCH 331/617] feat(argo-cd): Add sizeLimit parameters on emptyDir (#2607) * feat(argo-cd): Add sizeLimit parameters on emptyDir Signed-off-by: Pierre BLAIS * feat(argo-cd): Bumping chart version Signed-off-by: Pierre BLAIS * Fix(argo-cd): Add missing new line Signed-off-by: Pierre BLAIS --------- Signed-off-by: Pierre BLAIS Signed-off-by: Pierre Blais <109473352+pierreblais@users.noreply.github.com> Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 +-- charts/argo-cd/README.md | 5 +++ .../deployment.yaml | 6 ++++ .../statefulset.yaml | 5 +++ .../argocd-applicationset/deployment.yaml | 10 ++++++ .../argocd-repo-server/deployment.yaml | 25 +++++++++++++ .../templates/argocd-server/deployment.yaml | 15 ++++++++ charts/argo-cd/templates/dex/deployment.yaml | 10 ++++++ charts/argo-cd/values.yaml | 35 +++++++++++++++++++ 9 files changed, 113 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f86a8d52..b645755d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.7 +version: 6.7.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support for Overriding Argo CD Server ClusterRole Permissions + description: Add sizeLimit params on EmptyDir Volume diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 70679f23..244c2641 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -733,6 +733,7 @@ NAME: my-release | controller.dnsConfig | object | `{}` | [DNS configuration] | | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | +| controller.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for application controller | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | @@ -827,6 +828,7 @@ NAME: my-release | repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | | repoServer.dnsConfig | object | `{}` | [DNS configuration] | | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | +| repoServer.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for repo server | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | | repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | @@ -937,6 +939,7 @@ NAME: my-release | server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | | server.dnsConfig | object | `{}` | [DNS configuration] | | server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | +| server.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for the Argo CD server | | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | @@ -1075,6 +1078,7 @@ NAME: my-release | dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | | dex.dnsConfig | object | `{}` | [DNS configuration] | | dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | +| dex.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for Dex server | | dex.enabled | bool | `true` | Enable dex | | dex.env | list | `[]` | Environment variables to pass to the Dex server | | dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | @@ -1327,6 +1331,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | +| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | | applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index e0c12135..232ce267 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -334,7 +334,13 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3b72d19f..80535e67 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -333,7 +333,12 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 96fc3804..795f18d0 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -302,9 +302,19 @@ spec: configMap: name: argocd-gpg-keys-cm - name: gpg-keyring + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index d27c15d9..590e5387 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -394,26 +394,46 @@ spec: {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} {{- end }} - name: plugins {{- if .Values.repoServer.existingVolumes.plugins -}} {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: var-files {{- if .Values.repoServer.existingVolumes.varFiles -}} {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: tmp {{- if .Values.repoServer.existingVolumes.tmp -}} {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: ssh-known-hosts configMap: @@ -428,7 +448,12 @@ spec: {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: argocd-repo-server-tls secret: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 6d614b0f..faaf1c26 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -442,12 +442,27 @@ spec: {{- end }} {{- if .Values.server.extensions.enabled }} - name: extensions + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: plugins-home + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: ssh-known-hosts configMap: name: argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 61f3fe86..3c293e7c 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -187,9 +187,19 @@ spec: {{- end }} volumes: - name: static-files + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: dexconfig + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-dex-server-tls secret: secretName: argocd-dex-server-tls diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 000f94a3..1285eccf 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -673,6 +673,13 @@ controller: # - name: custom-tools # emptyDir: {} + ## Application controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for application controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Annotations for the application controller StatefulSet statefulsetAnnotations: {} @@ -989,6 +996,13 @@ dex: # -- Additional volumes to the dex pod volumes: [] + ## Dex server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for Dex server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. @@ -1744,6 +1758,13 @@ server: # - name: custom-tools # emptyDir: {} + ## Argo CD server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for the Argo CD server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Annotations to be added to server Deployment deploymentAnnotations: {} @@ -2366,6 +2387,13 @@ repoServer: # persistentVolumeClaim: # claimName: pvc-argocd-repo-server-plugins + ## RepoServer emptyDir volumes + emptyDir: + # -- EmptyDir size limit for repo server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Toggle the usage of a ephemeral Helm working directory useEphemeralHelmWorkingDir: true @@ -2653,6 +2681,13 @@ applicationSet: # -- List of extra volumes to add extraVolumes: [] + ## ApplicationSet controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for applicationSet controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + ## Metrics service configuration metrics: # -- Deploy metrics service From c30f1984e418bc12953bd967fcc8dd2598173a65 Mon Sep 17 00:00:00 2001 From: Karl Lyons <7.lyonsy@gmail.com> Date: Tue, 2 Apr 2024 13:26:07 -0400 Subject: [PATCH 332/617] feat(argo-workflows): Add the ability to use headless service for workflow controller (#2620) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../templates/controller/workflow-controller-service.yaml | 3 +++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6223ffc6..0243bcd7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.0 +version: 0.41.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Check Prometheus CRDs are available before creating Service Monitor resource(s) + description: Add the ability to use a headless service for the workflow controller diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 3a387546..e8d99b6d 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -170,6 +170,7 @@ Fields to note: | controller.logging.globallevel | string | `"0"` | Set the glog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | +| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 51362c4f..0cd8a75b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -32,6 +32,9 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} + clusterIP: None + {{- end }} {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 3c361c9c..89fa1753 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -135,6 +135,8 @@ controller: servicePort: 8080 # -- Service metrics port name servicePortName: metrics + # -- Flag to enable headless service + headlessService: false # -- ServiceMonitor relabel configs to apply to samples before scraping ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] From 1a5bded746dfcd27d8bc143b427246034606324b Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 4 Apr 2024 20:47:21 +0200 Subject: [PATCH 333/617] fix(argo-cd): Add required label for CLI on redis-ha-haproxy pod (#2627) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b645755d..2bef9887 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.8 +version: 6.7.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add sizeLimit params on EmptyDir Volume + - kind: fixed + description: Add required label for CLI to redis-ha-haproxy pods diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 244c2641..c8401dd2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1269,6 +1269,7 @@ The main options are listed here: | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1285eccf..09968523 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1505,6 +1505,9 @@ redis-ha: haproxy: # -- Enabled HAProxy LoadBalancing/Proxy enabled: true + # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true From b35d6e3618a6fd37341f2a39b618599979a009dd Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:25:31 -0500 Subject: [PATCH 334/617] chore(deps): update actions/create-github-app-token action to v1.9.3 (#2626) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 22e06e11..13242aaf 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@6c406e8a244fdf6bbf79e6cc8a91504a48d2c2ce # v1.9.2 + uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From b583d7742ffb460f2900244789c1eb2a098828e0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 5 Apr 2024 05:59:50 +0100 Subject: [PATCH 335/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.6 (#2630) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2bef9887..94a33897 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.5 +appVersion: v2.10.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.9 +version: 6.7.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add required label for CLI to redis-ha-haproxy pods + - kind: changed + description: Bump argo-cd to v2.10.6 From af50be59ed31a371f811ad586bd72a762291b810 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 13:38:36 +0200 Subject: [PATCH 336/617] chore(deps): update renovatebot/github-action action to v40.1.8 (#2633) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 13242aaf..f5963f3c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@7d358366277001f3316d7fa54ff49a81c0158948 # v40.1.7 + uses: renovatebot/github-action@10b0dbf049fea8f04c079c8802145f3eac72d9e7 # v40.1.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From f42e0e1fd586d48459d99db69e65f2540a5cd209 Mon Sep 17 00:00:00 2001 From: Stefan Caraiman Date: Wed, 10 Apr 2024 23:05:47 +0300 Subject: [PATCH 337/617] fix(argo-cd): make automountServiceAccountToken configurable (#2625) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 7 +++++++ .../deployment.yaml | 1 + .../statefulset.yaml | 1 + .../argocd-applicationset/deployment.yaml | 1 + .../argocd-notifications/deployment.yaml | 1 + .../argocd-repo-server/deployment.yaml | 1 + .../templates/argocd-server/deployment.yaml | 1 + charts/argo-cd/templates/dex/deployment.yaml | 1 + .../argo-cd/templates/redis/deployment.yaml | 1 + charts/argo-cd/values.yaml | 21 +++++++++++++++++++ 11 files changed, 39 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 94a33897..51d91732 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.10 +version: 6.7.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.6 + - kind: added + description: Add configurable automountServiceAccountToken diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c8401dd2..a9c7c446 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -725,6 +725,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| controller.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | @@ -806,6 +807,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| repoServer.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | @@ -903,6 +905,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | @@ -1064,6 +1067,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| dex.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | | dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | | dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | @@ -1160,6 +1164,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| redis.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | redis.containerPorts.metrics | int | `9121` | Metrics container port | | redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | @@ -1310,6 +1315,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | +| applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | @@ -1419,6 +1425,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 232ce267..c0dc1460 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -55,6 +55,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} containers: - args: - /usr/local/bin/argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 80535e67..14c3653e 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -56,6 +56,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} containers: - args: - /usr/local/bin/argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 795f18d0..0b6a51fb 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -56,6 +56,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 674639f4..eaf35623 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -55,6 +55,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }} containers: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 590e5387..84804ac6 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -66,6 +66,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index faaf1c26..dee9cf43 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -60,6 +60,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 3c293e7c..b6c94f90 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -59,6 +59,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index a25c1bd8..56ceae93 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -52,6 +52,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.redis.automountServiceAccountToken }} containers: - name: {{ .Values.redis.name }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 09968523..5f6d0d0b 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -768,6 +768,9 @@ controller: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create a service account for the application controller create: true @@ -1110,6 +1113,9 @@ dex: # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create dex service account create: true @@ -1410,6 +1416,9 @@ redis: # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create a service account for the redis pod create: false @@ -2009,6 +2018,9 @@ server: # -- Prometheus ServiceMonitor annotations annotations: {} + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create server service account create: true @@ -2586,6 +2598,9 @@ repoServer: # -- List of custom rules for the Repo server's Cluster Role resource rules: [] + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + ## Repo server service account ## If create is set to true, make sure to uncomment the name and update the rbac section below serviceAccount: @@ -2747,6 +2762,9 @@ applicationSet: # -- ApplicationSet service port name portName: http-webhook + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create ApplicationSet controller service account create: true @@ -3208,6 +3226,9 @@ notifications: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create notifications controller service account create: true From a51380a144fa2a6ca42879faac2756f0b703d4b4 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 12 Apr 2024 01:55:23 -0500 Subject: [PATCH 338/617] chore(deps): update renovatebot/github-action action to v40.1.9 (#2638) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f5963f3c..90c0570f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@10b0dbf049fea8f04c079c8802145f3eac72d9e7 # v40.1.8 + uses: renovatebot/github-action@74811c93da74bf38cb37f41489065619930fba44 # v40.1.9 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 7aca86035924ff9015d836669ffe5dc5a8eee38d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Apr 2024 08:42:06 -0500 Subject: [PATCH 339/617] chore(deps): bump azure/setup-helm from 3.5 to 4 (#2640) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 46cf47cd..d28d2fce 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 with: version: v3.10.1 # Also update in publish.yaml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3a3b41d6..9584e09a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 with: version: v3.10.1 # Also update in lint-and-test.yaml From ebbe2eefad39f0f0c38ded984eeeb8d0c4816e80 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 11:42:55 +0100 Subject: [PATCH 340/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.7 (#2643) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 51d91732..06a52163 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.6 +appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.11 +version: 6.7.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add configurable automountServiceAccountToken + - kind: changed + description: Bump argo-cd to v2.10.7 From 8abf55a807aec83640ee6479fca13b07cf1e7dd6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 17 Apr 2024 22:48:41 +0200 Subject: [PATCH 341/617] chore(deps): update renovatebot/github-action action to v40.1.10 (#2645) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 90c0570f..f3a6ac6b 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@74811c93da74bf38cb37f41489065619930fba44 # v40.1.9 + uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From a12dbf812c9b1eb0a1065734159e9a3c9c03fc03 Mon Sep 17 00:00:00 2001 From: Marc Brugger Date: Thu, 18 Apr 2024 23:41:24 +0200 Subject: [PATCH 342/617] feat(argocd-image-updater): Allow defining extraEnvFrom for the deployment (#2646) Signed-off-by: bakito --- charts/argocd-image-updater/Chart.yaml | 10 +++------- charts/argocd-image-updater/README.md | 1 + charts/argocd-image-updater/templates/deployment.yaml | 4 ++++ charts/argocd-image-updater/values.yaml | 7 +++++++ 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 2e34fad6..7f299aef 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.6 +version: 0.9.7 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,9 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Properly quoting the config map values - - kind: fixed - description: Only adding a data field to argocd-image-updater-ssh-config when there's data to be added - - kind: changed - description: Only include config.argocd if config.applicationsAPIKind is set to 'argocd' + - kind: added + description: Allow defining extraEnvFrom for the deployment diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index f094d77a..a8d28699 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -86,6 +86,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | +| extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | | extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | | image.pullPolicy | string | `"Always"` | Default image pull policy | diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 6a4f592c..cfd87a47 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -104,6 +104,10 @@ spec: {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 7cbbe05b..0f2a4e33 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -44,6 +44,13 @@ extraEnv: [] # - name: AWS_REGION # value: "us-west-1" +# -- Extra envFrom to pass to argocd-image-updater +extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + # -- Extra K8s manifests to deploy for argocd-image-updater ## Note: Supports use of custom Helm templates extraObjects: [] From 598a3c48c5c628a32a41078dd0d46e96e4dfa6fb Mon Sep 17 00:00:00 2001 From: Aleksei Sviridkin <3811295@gmail.com> Date: Fri, 19 Apr 2024 18:07:22 +0400 Subject: [PATCH 343/617] feat(argo-cd): Bump argocd-extension-installer to 0.0.5 (#2647) * Bump argocd-extension-installer to v0.0.5 Signed-off-by: Aleksey Sviridkin * Update docs Signed-off-by: Aleksey Sviridkin --------- Signed-off-by: Aleksey Sviridkin --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 06a52163..ae6fae89 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.12 +version: 6.7.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.7 + description: Bump argocd-extension-installer to v0.0.5 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index a9c7c446..5035e24d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -950,7 +950,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5f6d0d0b..f7053281 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1682,7 +1682,7 @@ server: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.1" + tag: "v0.0.5" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From b7ccf969ad85e27b29af749ce7a02535be0a7393 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 05:55:00 +0100 Subject: [PATCH 344/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.6 (#2651) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0243bcd7..50c88749 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.5 +appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.1 +version: 0.41.2 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add the ability to use a headless service for the workflow controller + - kind: changed + description: Bump argo-workflows to v3.5.6 From 03003fff0e348113464c9687737d13cfca560d21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 19:47:40 +0200 Subject: [PATCH 345/617] chore(deps): bump azure/setup-helm from 4.1.0 to 4.2.0 (#2652) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index d28d2fce..aee46a66 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.10.1 # Also update in publish.yaml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9584e09a..c84c90f7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.10.1 # Also update in lint-and-test.yaml From 71899cb56a763c23b3ba841b7d40da528c97a350 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 19:49:00 +0200 Subject: [PATCH 346/617] chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#2654) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/renovate.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index aee46a66..f3c26ae6 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c84c90f7..f1403a97 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f3a6ac6b..8de05921 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Self-hosted Renovate uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 971961e7..6683eb3b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false From ae7fd924dc5a6fee6fefde587866ab1f6ba174f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 20:09:35 +0200 Subject: [PATCH 347/617] chore(deps): bump pascalgn/size-label-action from 0.5.0 to 0.5.2 (#2653) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 01af9781..04d2b6b4 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0 + - uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 895b26a3cbf9cb475d92a1a4bece76bbff9845d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 21:17:51 +0200 Subject: [PATCH 348/617] chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#2655) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6683eb3b..eb0fcbf1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 with: name: SARIF file path: results.sarif From 7ad09a972f2610ed8d65e8d090df090cd1eed5b5 Mon Sep 17 00:00:00 2001 From: Bojan Raic Date: Sun, 21 Apr 2024 22:54:13 +0200 Subject: [PATCH 349/617] feat(argo-cd): Pre-set `statusbadge.url` value to `global.domain` (#2657) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ae6fae89..b5a874df 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.13 +version: 6.7.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-extension-installer to v0.0.5 + description: Pre-set statusbadge.url value to global.domain value diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 5dc957a2..f8b64780 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -164,6 +164,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration) {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} {{- if .Values.configs.styles -}} {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} From da0068075833e9a58d129f3963fb915819d8a062 Mon Sep 17 00:00:00 2001 From: Bojan Raic Date: Wed, 24 Apr 2024 09:07:57 +0200 Subject: [PATCH 350/617] fix(argo-cd): Pre-set `statusbadge.url` only when statusbadge is enabled (#2658) - Add `statusbadge.enabled` to values.yaml as `false` - Pre-set `statusbadge.url` to `global.domain` URL only when `statusbadge.enabled` is `true` - Update README.md - Fix a minor comment typo Signed-off-by: Bojan Raic --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/_helpers.tpl | 4 +++- charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b5a874df..80e944ca 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.14 +version: 6.7.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Pre-set statusbadge.url value to global.domain value + description: Pre-set statusbadge.url to global.domain when statusbadge is enabled diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5035e24d..b76423fa 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -663,6 +663,7 @@ NAME: my-release | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | +| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | | configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | | configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index f8b64780..589dd002 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -159,12 +159,14 @@ Create the name of the notifications service account to use {{- end -}} {{/* -Argo Configuration Preset Values (Incluenced by Values configuration) +Argo Configuration Preset Values (Influenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}} {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} +{{- end -}} {{- if .Values.configs.styles -}} {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f7053281..529e6d94 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -180,6 +180,10 @@ configs: # -- Timeout to refresh application data as well as target manifests cache timeout.hard.reconciliation: 0s + # -- Enable Status Badge + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/ + statusbadge.enabled: false + # Dex configuration # dex.config: | # connectors: From 93b7a946503d2b0a7cfe09ac619d91e7c9d16c83 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 25 Apr 2024 23:12:35 +0900 Subject: [PATCH 351/617] chore(deps): update actions/checkout action to v4.1.4 (#2662) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 8de05921..cbfae5ad 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Self-hosted Renovate uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 From d82efb40cb1f491735b353b05a5954e9e4e178ce Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 26 Apr 2024 15:21:13 +0100 Subject: [PATCH 352/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.8 (#2665) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 80e944ca..9d237a9f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.7 +appVersion: v2.10.8 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.15 +version: 6.7.16 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Pre-set statusbadge.url to global.domain when statusbadge is enabled + description: Bump argo-cd to v2.10.8 From 42bfba2cc83633c75b8aa0fd32ae58ed749cd8b6 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 26 Apr 2024 20:35:49 +0100 Subject: [PATCH 353/617] feat(argo-cd): added jq path expression timeout (#2666) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../templates/argocd-application-controller/deployment.yaml | 6 ++++++ .../argocd-application-controller/statefulset.yaml | 6 ++++++ charts/argo-cd/values.yaml | 6 ++++++ 5 files changed, 22 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9d237a9f..9be5d54e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.8 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.16 +version: 6.7.17 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.8 + - kind: added + description: JQ Path expression timeout diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b76423fa..7c3e4d4a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -678,6 +678,7 @@ NAME: my-release | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | +| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index c0dc1460..dc26a8db 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -268,6 +268,12 @@ spec: name: argocd-cmd-params-cm key: controller.diff.server.side optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 14c3653e..208f358f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -267,6 +267,12 @@ spec: name: argocd-cmd-params-cm key: controller.diff.server.side optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 529e6d94..4ab533d0 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -272,6 +272,12 @@ configs: ## Set comma-separated list. (e.g. app-team-one, app-team-two) application.namespaces: "" + # -- JQ Path expression timeout + ## By default, the evaluation of a JQPathExpression is limited to one second. + ## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression + ## that requires more time to evaluate, you can extend the timeout period. + controller.ignore.normalizer.jq.timeout: "1s" + # Argo CD RBAC policy configuration ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac: From 95b9a947011a940821c6a99d77480d0827e3beb2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:23:23 +0900 Subject: [PATCH 354/617] chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#2671) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.3...0ad4b8fadaa221de15dcec353f45205ec38ea70b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index f3c26ae6..4aac42e5 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f1403a97..619e19d7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index eb0fcbf1..a4ec53c6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: persist-credentials: false From 937a1702a1fb3158a19ad298f4a1e2652634ddae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:26:20 +0900 Subject: [PATCH 355/617] chore(deps): bump helm/kind-action from 1.9.0 to 1.10.0 (#2670) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/99576bfa6ddf9a8e612d83b513da5a75875caced...0025e74a8c7512023d06dc019c617aa3cf561fde) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 4aac42e5..41ec8336 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From dafe207ae1a274f04bf632a97933c679dda78072 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:30:59 +0900 Subject: [PATCH 356/617] chore(deps): bump amannn/action-semantic-pull-request from 5.4.0 to 5.5.2 (#2669) chore(deps): bump amannn/action-semantic-pull-request Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5.4.0 to 5.5.2. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/e9fabac35e210fea40ca5b14c0da95a099eff26f...cfb60706e18bc85e8aec535e3c577abe8f70378e) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 256b1c38..9828761b 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 1119c0d8ccab5c0df03e487255c4ace4508f3345 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:31:51 +0900 Subject: [PATCH 357/617] chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#2668) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/1746f4ab65b179e0ea60a494b83293b640dd5bba...65462800fd760344b1a7b4382951275a0abb4808) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a4ec53c6..96b1ed0b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif From 9c1e15abf3c0a24bfe45ef83bcb12131a6d25862 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 29 Apr 2024 22:56:09 +0900 Subject: [PATCH 358/617] chore(deps): update renovatebot/github-action action to v40.1.11 (#2672) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index cbfae5ad..e1e47026 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Self-hosted Renovate - uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 + uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 65e99a1c04bad5cbc47398204f92a136e3e57bb3 Mon Sep 17 00:00:00 2001 From: Mykyta Orlov Date: Mon, 29 Apr 2024 23:29:49 +0300 Subject: [PATCH 359/617] fix(argo-workflows): hyphen typo in values.yaml comment (#2673) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 50c88749..1b9d5109 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.2 +version: 0.41.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.6 + description: Fix hyphen typo in values.yaml comments diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index e8d99b6d..da4c388c 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -339,7 +339,7 @@ Fields to note: | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | | server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | | server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | -| server.sso.redirectUrl | string | `""` | | +| server.sso.redirectUrl | string | `""` | The OIDC redirect URL. Should be in the form /oauth2/callback. | | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 89fa1753..6bc461f2 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -700,7 +700,7 @@ server: name: argo-server-sso # -- Key of a secret to retrieve the app OIDC client secret key: client-secret - # - The OIDC redirect URL. Should be in the form /oauth2/callback. + # -- The OIDC redirect URL. Should be in the form /oauth2/callback. redirectUrl: "" rbac: # -- Adds ServiceAccount Policy to server (Cluster)Role. From b9e4a3fd3413ca0adeb6036536ab678badfee319 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 18:14:03 +0100 Subject: [PATCH 360/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.9 (#2674) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9be5d54e..8c0db468 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.8 +appVersion: v2.10.9 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.17 +version: 6.7.18 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: JQ Path expression timeout + - kind: changed + description: Bump argo-cd to v2.10.9 From 6c0874513635516da103ca0d8c78566f27eb1779 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 1 May 2024 10:49:58 +0100 Subject: [PATCH 361/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.332.0 (#2675) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e1e47026..ff81e146 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.278.0 + renovate-version: 37.332.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 966b745e7b2bed105bc838e35b1a0396cb8040ea Mon Sep 17 00:00:00 2001 From: Daniel Beilin <144586547+dbeilin@users.noreply.github.com> Date: Wed, 1 May 2024 06:37:24 -0700 Subject: [PATCH 362/617] feat(argo-workflows): Allow adding additional ServiceAccounts to RoleBinding (#2676) remove unnecessary if statements Signed-off-by: Daniel Beilin Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ .../templates/controller/workflow-controller-crb.yaml | 5 +++++ .../argo-workflows/templates/controller/workflow-rb.yaml | 9 ++++++--- charts/argo-workflows/values.yaml | 8 ++++++++ 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 1b9d5109..942eeadf 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.3 +version: 0.41.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Fix hyphen typo in values.yaml comments + - kind: added + description: Added option to add service accounts to RoleBindings diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index da4c388c..662b63fd 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -134,6 +134,7 @@ Fields to note: |-----|------|---------|-------------| | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | +| workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | | workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account | @@ -146,6 +147,7 @@ Fields to note: |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | +| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | | controller.configMap.name | string | `""` | ConfigMap name | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 69883f60..93e0557b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -41,5 +41,10 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ include "argo-workflows.namespace" . | quote }} +{{- range .Values.controller.clusterWorkflowTemplates.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 4402a722..ec5ac172 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -17,8 +17,11 @@ roleRef: subjects: - kind: ServiceAccount name: {{ $.Values.workflow.serviceAccount.name }} - {{- with $namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ $namespace }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 6bc461f2..0c5e624d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -69,6 +69,10 @@ workflow: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) create: true + # -- Extra service accounts to be added to the RoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace controller: image: @@ -361,6 +365,10 @@ controller: clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. enabled: true + # -- Extra service accounts to be added to the ClusterRoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace # -- Extra containers to be added to the controller deployment extraContainers: [] From 35bc505bec7c8e5ada964772e1d2dbe1625c2374 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 2 May 2024 16:57:37 +0200 Subject: [PATCH 363/617] chore(deps): update actions/create-github-app-token action to v1.10.0 (#2677) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ff81e146..9487c1fe 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3 + uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 0882bfcbd69d1405afc383733cfc328c2970ff29 Mon Sep 17 00:00:00 2001 From: mitchell amihod Date: Sun, 5 May 2024 20:24:13 -0400 Subject: [PATCH 364/617] feat(argo-rollouts): Add podLabels at the controller & dashboard level (#2678) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 2 ++ charts/argo-rollouts/templates/controller/deployment.yaml | 2 +- charts/argo-rollouts/templates/dashboard/deployment.yaml | 2 +- charts/argo-rollouts/values.yaml | 4 ++++ 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 307965b9..6a4645f9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.1 +version: 2.35.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow minimum set of RBAC rules for Gateway API resources + description: Added pod labels for the controller and the dashboard components diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index eb30e7ee..d5d11c26 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -116,6 +116,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | controller.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to the application controller pods | | controller.priorityClassName | string | `""` | [priorityClassName] for the controller | | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | @@ -168,6 +169,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | dashboard.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | | dashboard.podAnnotations | object | `{}` | Annotations to be added to application dashboard pods | +| dashboard.podLabels | object | `{}` | Labels to be added to the application dashboard pods | | dashboard.podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | dashboard.priorityClassName | string | `""` | [priorityClassName] for the dashboard server | | dashboard.readonly | bool | `false` | Set cluster role to readonly | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 25301e22..0d4c5281 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -34,7 +34,7 @@ spec: labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.controller.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.controller.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 1c1d70c3..e2918f40 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -35,7 +35,7 @@ spec: labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.dashboard.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.dashboard.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 8f3f10b4..f9ae582c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -53,6 +53,8 @@ controller: deploymentLabels: {} # -- Annotations to be added to application controller pods podAnnotations: {} + # -- Labels to be added to the application controller pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints @@ -295,6 +297,8 @@ dashboard: deploymentLabels: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} + # -- Labels to be added to the application dashboard pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints From 1098ce1287de74ac0d189b5f5d099e98abd9914b Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Wed, 8 May 2024 09:21:09 +0300 Subject: [PATCH 365/617] feat(argo-cd): Upgrade argocd to 2.11.0 + crd changes (#2681) --- charts/argo-cd/Chart.yaml | 6 +- .../argocd-repo-server/deployment.yaml | 6 ++ .../templates/crds/crd-application.yaml | 68 +++++++++++++ .../templates/crds/crd-applicationset.yaml | 96 +++++++++++++++++++ 4 files changed, 173 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8c0db468..204e9d31 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.9 +appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.18 +version: 6.8.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.9 + description: Bump argo-cd to v2.11.0 diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 84804ac6..dca27426 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -268,6 +268,12 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 9869efbb..686626ba 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -353,6 +353,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -688,6 +692,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1137,6 +1145,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1462,6 +1474,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1736,6 +1752,19 @@ spec: description: ID is an auto incrementing identifier of the RevisionHistory format: int64 type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object revision: description: Revision holds the revision the sync was performed against @@ -1940,6 +1969,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2278,6 +2311,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2761,6 +2799,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3117,6 +3160,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3587,6 +3635,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3936,6 +3989,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4428,6 +4486,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4777,6 +4840,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 323beb27..032c24ea 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -267,6 +267,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -481,6 +483,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -854,6 +858,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1068,6 +1074,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1445,6 +1453,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1659,6 +1669,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2016,6 +2028,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2230,6 +2244,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2609,6 +2625,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2823,6 +2841,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3196,6 +3216,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3410,6 +3432,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3787,6 +3811,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4001,6 +4027,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4358,6 +4386,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4572,6 +4602,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4937,6 +4969,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5151,6 +5185,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5698,6 +5734,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5912,6 +5950,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6454,6 +6494,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6668,6 +6710,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7039,6 +7083,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7253,6 +7299,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7634,6 +7682,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7848,6 +7898,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8221,6 +8273,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8435,6 +8489,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8812,6 +8868,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9026,6 +9084,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9383,6 +9443,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9597,6 +9659,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9962,6 +10026,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10176,6 +10242,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10723,6 +10791,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10937,6 +11007,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11479,6 +11551,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11693,6 +11767,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12068,6 +12144,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12282,6 +12360,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12646,6 +12726,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12860,6 +12942,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13407,6 +13491,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13621,6 +13707,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14163,6 +14251,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14377,6 +14467,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14823,6 +14915,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -15037,6 +15131,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: From dcdcff217698f414a4dd9e4394705e6a442ece3f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 8 May 2024 22:58:26 -0500 Subject: [PATCH 366/617] chore(deps): update actions/checkout action to v4.1.5 (#2683) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 9487c1fe..4aa9875a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Self-hosted Renovate uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 From 63306b32f8033ac02a5a2425b67ea3011dce408c Mon Sep 17 00:00:00 2001 From: Thomas Decaux Date: Fri, 10 May 2024 04:32:34 -0400 Subject: [PATCH 367/617] feat(argo-cd): Always install applicationset crd (#2682) * Install applicationset crd always ApplicationSet is required by argocd-server, cannot be "opt-out". If ApplicationSet CRD is not installed, we see lot of errors: ``` W0507 19:44:33.469804 7 reflector.go:424] pkg/mod/k8s.io/client-go@v0.26.11/tools/cache/reflector.go:169: failed to list *v1alpha1.ApplicationSet: the server could not find the requested resource (get applicationsets.argoproj.io) E0507 19:44:33.469828 7 reflector.go:140] pkg/mod/k8s.io/client-go@v0.26.11/tools/cache/reflector.go:169: Failed to watch *v1alpha1.ApplicationSet: failed to list *v1alpha1.ApplicationSet: the server could not find the requested resource (get applicationsets.argoproj.io) ``` Signed-off-by: Thomas Decaux * Bump chart version Signed-off-by: Thomas Decaux * Bump Chart.yaml patch version Signed-off-by: Thomas Decaux * Update Chart.yaml changelog Signed-off-by: Thomas Decaux --------- Signed-off-by: Thomas Decaux Co-authored-by: Petr Drastil Co-authored-by: yuki.kitakata --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/crds/crd-applicationset.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 204e9d31..fd726110 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.8.0 +version: 6.8.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.0 + description: Always install applicationset crd diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 032c24ea..6414d832 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.crds.install .Values.applicationSet.enabled }} +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: From 8e2f3d5bc07848604664236065e2d1194c1a8681 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 May 2024 05:04:44 -0500 Subject: [PATCH 368/617] chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#2687) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 41ec8336..50bb6a84 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 619e19d7..2894d4fc 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 96b1ed0b..714f2976 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: persist-credentials: false From 3693ed427028c581ce806a96da12627b9743ccfe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 May 2024 19:08:12 +0900 Subject: [PATCH 369/617] chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#2686) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 714f2976..b81bf415 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif From 510261328f083edfb206f85da8c6be7898ac9762 Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Mon, 13 May 2024 13:31:48 +0900 Subject: [PATCH 370/617] fix(argo-cd): Always create ApplicationSet as following upstream (#2688) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 4 +++- charts/argo-cd/README.md.gotmpl | 3 +++ charts/argo-cd/templates/_helpers.tpl | 4 +--- charts/argo-cd/templates/aggregate-roles.yaml | 6 ------ .../argo-cd/templates/argocd-applicationset/deployment.yaml | 2 -- charts/argo-cd/templates/argocd-applicationset/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-applicationset/metrics.yaml | 2 +- .../templates/argocd-applicationset/networkpolicy.yaml | 2 +- charts/argo-cd/templates/argocd-applicationset/pdb.yaml | 2 +- charts/argo-cd/templates/argocd-applicationset/role.yaml | 2 -- .../templates/argocd-applicationset/rolebinding.yaml | 2 -- charts/argo-cd/templates/argocd-applicationset/service.yaml | 2 -- .../templates/argocd-applicationset/serviceaccount.yaml | 2 +- .../templates/argocd-applicationset/servicemonitor.yaml | 2 -- .../argo-cd/templates/argocd-repo-server/networkpolicy.yaml | 2 -- charts/argo-cd/templates/argocd-server/role.yaml | 2 -- charts/argo-cd/values.yaml | 3 --- 18 files changed, 14 insertions(+), 34 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fd726110..3d992838 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.8.1 +version: 6.9.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Always install applicationset crd + description: Always create ApplicationSet as following upstream diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7c3e4d4a..984b3c61 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,9 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + ### 6.4.0 Added support for application controller dynamic cluster distribution. @@ -1341,7 +1344,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | | applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | -| applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | | applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | | applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 62c1759d..97a967df 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,9 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + ### 6.4.0 Added support for application controller dynamic cluster distribution. diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 589dd002..5ec03d90 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -196,6 +196,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}} {{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}} {{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} {{- if .Values.dex.enabled -}} {{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} {{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} @@ -204,9 +205,6 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} -{{- if .Values.applicationSet.enabled -}} -{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} -{{- end -}} {{- toYaml $presets }} {{- end -}} diff --git a/charts/argo-cd/templates/aggregate-roles.yaml b/charts/argo-cd/templates/aggregate-roles.yaml index ba93d548..12d0e006 100644 --- a/charts/argo-cd/templates/aggregate-roles.yaml +++ b/charts/argo-cd/templates/aggregate-roles.yaml @@ -11,9 +11,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - get @@ -33,9 +31,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - create @@ -60,9 +56,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - create diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 0b6a51fb..1c75150d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -332,4 +331,3 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.applicationSet.dnsPolicy }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index fbaa862b..f7fb4142 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.ingress.enabled -}} +{{- if .Values.applicationSet.ingress.enabled -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index ad26d22d..16154c81 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.metrics.enabled }} +{{- if .Values.applicationSet.metrics.enabled }} apiVersion: v1 kind: Service metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index c6333f88..fee5a80c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} +{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml index 8f179032..16134160 100644 --- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.pdb.enabled }} +{{- if .Values.applicationSet.pdb.enabled }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index f8f55405..f33e776d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -86,4 +85,3 @@ rules: - patch - update - watch -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index a012f1ed..daf8c799 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -14,4 +13,3 @@ subjects: - kind: ServiceAccount name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index e3a07b6f..199c8374 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: v1 kind: Service metadata: @@ -23,4 +22,3 @@ spec: targetPort: webhook selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index 7c0cf017..07839606 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.serviceAccount.create }} +{{- if .Values.applicationSet.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 8bcb6ca0..11ddd553 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} {{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -49,4 +48,3 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 08a1c214..8d2b66b5 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -20,11 +20,9 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }} {{- end }} - {{- if .Values.applicationSet.enabled }} - podSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} - {{- end }} ports: - port: repo-server protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 1a2b3851..570d07fd 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -23,9 +23,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - create diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 4ab533d0..c3cbf9be 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2638,9 +2638,6 @@ repoServer: ## ApplicationSet controller applicationSet: - # -- Enable ApplicationSet controller - enabled: true - # -- ApplicationSet controller name string name: applicationset-controller From 87f717656a2a10af0277d3df6805a0c89ae85a27 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 14 May 2024 00:59:03 +0200 Subject: [PATCH 371/617] fix(argo-cd): Fix Service configuration for Argo server (#2690) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 10 ++-- charts/argo-cd/README.md | 5 +- .../templates/argocd-server/service.yaml | 53 +++++++++---------- charts/argo-cd/values.yaml | 12 +++-- 4 files changed, 44 insertions(+), 36 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3d992838..bea2c90e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.0 +version: 6.9.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,9 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Always create ApplicationSet as following upstream + - kind: fixed + description: Service option externalIPs is available for all service types + - kind: fixed + description: Service option externalTrafficPolicy is available only for Service types LoadBalancer and NodePort + - kind: fixed + description: Load balancer options are available only for Service type LoadBalancer diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 984b3c61..596caabd 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1044,7 +1044,7 @@ NAME: my-release | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | -| server.service.externalTrafficPolicy | string | `""` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | +| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | | server.service.labels | object | `{}` | Server service labels | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | @@ -1053,8 +1053,9 @@ NAME: my-release | server.service.servicePortHttp | int | `80` | Server service http port | | server.service.servicePortHttpName | string | `"http"` | Server service http port name, can be used to route traffic via istio | | server.service.servicePortHttps | int | `443` | Server service https port | +| server.service.servicePortHttpsAppProtocol | string | `""` | Server service https port appProtocol | | server.service.servicePortHttpsName | string | `"https"` | Server service https port name, can be used to route traffic via istio | -| server.service.sessionAffinity | string | `""` | Used to maintain session affinity. Supports `ClientIP` and `None` | +| server.service.sessionAffinity | string | `"None"` | Used to maintain session affinity. Supports `ClientIP` and `None` | | server.service.type | string | `"ClusterIP"` | Server service type | | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index b9881f88..61ad81d0 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -1,21 +1,37 @@ apiVersion: v1 kind: Service metadata: -{{- if .Values.server.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} name: {{ template "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.service.labels }} -{{- toYaml .Values.server.service.labels | nindent 4 }} -{{- end }} + {{- with .Values.server.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: type: {{ .Values.server.service.type }} + {{- with .Values.server.service.externalIPs }} + externalIPs: {{ . }} + {{- end }} + {{- if or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP @@ -36,21 +52,4 @@ spec: {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} -{{- if eq .Values.server.service.type "LoadBalancer" }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }} -{{- end }} -{{- if .Values.server.service.externalIPs }} - externalIPs: {{ .Values.server.service.externalIPs }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end -}} -{{- with .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ . }} -{{- end }} -{{- with .Values.server.service.sessionAffinity }} - sessionAffinity: {{ . }} -{{- end }} + diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c3cbf9be..5df19e89 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1972,18 +1972,22 @@ server: servicePortHttpName: http # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https - # -- Server service https port appProtocol. (should be upper case - i.e. HTTPS) - # servicePortHttpsAppProtocol: HTTPS + # -- Server service https port appProtocol + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + servicePortHttpsAppProtocol: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - externalTrafficPolicy: "" + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: Cluster # -- Used to maintain session affinity. Supports `ClientIP` and `None` - sessionAffinity: "" + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + sessionAffinity: None ## Server metrics service configuration metrics: From 7be9b016fb061e325cc5a4751739242c3bc45d59 Mon Sep 17 00:00:00 2001 From: Andres Vara <46708607+andres-vara@users.noreply.github.com> Date: Tue, 14 May 2024 17:17:31 +0200 Subject: [PATCH 372/617] feat(argo-cd): Support ability to set .Values.namespaceOverride (#2679) * feat(argo-workflows): Allow adding additional ServiceAccounts to RoleBinding (#2676) remove unnecessary if statements Signed-off-by: Daniel Beilin Co-authored-by: Aikawa Signed-off-by: Andres Vara Parsegov * feat(argo-cd): Support ability to set .Values.namespaceOverride Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typo Signed-off-by: Andres Vara Parsegov * chore(deps): update actions/create-github-app-token action to v1.10.0 (#2677) Co-authored-by: renovate[bot] Signed-off-by: Andres Vara Parsegov * feat(argo-rollouts): Add podLabels at the controller & dashboard level (#2678) Signed-off-by: Andres Vara Parsegov * feat(argo-cd): Support ability to set .Values.namespaceOverride Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typo Signed-off-by: Andres Vara Parsegov * fix(argo-cd): autocorrection Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typos Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typos Signed-off-by: Andres Vara Parsegov * removed auota Signed-off-by: Andres Vara Parsegov * Update Chart.yaml Signed-off-by: Andres Vara <46708607+andres-vara@users.noreply.github.com> --------- Signed-off-by: Daniel Beilin Signed-off-by: Andres Vara Parsegov Signed-off-by: Andres Vara <46708607+andres-vara@users.noreply.github.com> Co-authored-by: Daniel Beilin <144586547+dbeilin@users.noreply.github.com> Co-authored-by: Aikawa Co-authored-by: Andres Vara Parsegov Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] Co-authored-by: mitchell amihod --- charts/argo-cd/Chart.yaml | 10 +++------- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/_helpers.tpl | 8 ++++++++ .../clusterrolebinding.yaml | 2 +- .../argocd-application-controller/deployment.yaml | 2 +- .../argocd-application-controller/metrics.yaml | 2 +- .../argocd-application-controller/networkpolicy.yaml | 2 +- .../templates/argocd-application-controller/pdb.yaml | 2 +- .../templates/argocd-application-controller/role.yaml | 2 +- .../argocd-application-controller/rolebinding.yaml | 8 ++++---- .../argocd-application-controller/serviceaccount.yaml | 2 +- .../argocd-application-controller/servicemonitor.yaml | 2 +- .../argocd-application-controller/statefulset.yaml | 2 +- .../templates/argocd-applicationset/certificate.yaml | 2 +- .../templates/argocd-applicationset/clusterrole.yaml | 2 +- .../argocd-applicationset/clusterrolebinding.yaml | 4 ++-- .../templates/argocd-applicationset/deployment.yaml | 2 +- .../templates/argocd-applicationset/ingress.yaml | 2 +- .../templates/argocd-applicationset/metrics.yaml | 2 +- .../templates/argocd-applicationset/networkpolicy.yaml | 2 +- .../argo-cd/templates/argocd-applicationset/pdb.yaml | 2 +- .../argo-cd/templates/argocd-applicationset/role.yaml | 2 +- .../templates/argocd-applicationset/rolebinding.yaml | 4 ++-- .../templates/argocd-applicationset/service.yaml | 2 +- .../argocd-applicationset/serviceaccount.yaml | 2 +- .../argocd-applicationset/servicemonitor.yaml | 2 +- charts/argo-cd/templates/argocd-configs/argocd-cm.yaml | 2 +- .../templates/argocd-configs/argocd-cmd-params-cm.yaml | 2 +- .../templates/argocd-configs/argocd-cmp-cm.yaml | 2 +- .../argocd-configs/argocd-dex-server-tls-secret.yaml | 2 +- .../templates/argocd-configs/argocd-gpg-keys-cm.yaml | 2 +- .../argocd-configs/argocd-notifications-cm.yaml | 2 +- .../argocd-configs/argocd-notifications-secret.yaml | 2 +- .../templates/argocd-configs/argocd-rbac-cm.yaml | 2 +- .../argocd-configs/argocd-repo-server-tls-secret.yaml | 2 +- .../templates/argocd-configs/argocd-secret.yaml | 2 +- .../argocd-configs/argocd-server-tls-secret.yaml | 2 +- .../argocd-configs/argocd-ssh-known-hosts-cm.yaml | 2 +- .../templates/argocd-configs/argocd-styles-cm.yaml | 2 +- .../templates/argocd-configs/argocd-tls-certs-cm.yaml | 2 +- .../templates/argocd-configs/externalredis-secret.yaml | 2 +- .../argocd-notifications/clusterrolebinding.yaml | 2 +- .../templates/argocd-notifications/deployment.yaml | 4 ++-- .../templates/argocd-notifications/metrics.yaml | 2 +- .../templates/argocd-notifications/networkpolicy.yaml | 2 +- charts/argo-cd/templates/argocd-notifications/pdb.yaml | 2 +- .../argo-cd/templates/argocd-notifications/role.yaml | 2 +- .../templates/argocd-notifications/rolebinding.yaml | 4 ++-- .../templates/argocd-notifications/serviceaccount.yaml | 2 +- .../templates/argocd-notifications/servicemonitor.yaml | 2 +- .../argocd-repo-server/clusterrolebinding.yaml | 2 +- .../templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/hpa.yaml | 2 +- .../argo-cd/templates/argocd-repo-server/metrics.yaml | 2 +- .../templates/argocd-repo-server/networkpolicy.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/pdb.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/role.yaml | 2 +- .../templates/argocd-repo-server/rolebinding.yaml | 4 ++-- .../argo-cd/templates/argocd-repo-server/service.yaml | 4 ++-- .../templates/argocd-repo-server/serviceaccount.yaml | 2 +- .../templates/argocd-repo-server/servicemonitor.yaml | 2 +- .../argo-cd/templates/argocd-server/aws/ingress.yaml | 2 +- .../argo-cd/templates/argocd-server/aws/service.yaml | 2 +- .../argo-cd/templates/argocd-server/certificate.yaml | 2 +- .../templates/argocd-server/clusterrolebinding.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- .../templates/argocd-server/gke/backendconfig.yaml | 2 +- .../templates/argocd-server/gke/frontendconfig.yaml | 2 +- .../argo-cd/templates/argocd-server/gke/ingress.yaml | 2 +- .../argocd-server/gke/managedcertificate.yaml | 2 +- charts/argo-cd/templates/argocd-server/hpa.yaml | 2 +- .../argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-server/metrics.yaml | 2 +- .../argo-cd/templates/argocd-server/networkpolicy.yaml | 2 +- .../templates/argocd-server/openshift/route.yaml | 2 +- charts/argo-cd/templates/argocd-server/pdb.yaml | 2 +- charts/argo-cd/templates/argocd-server/role.yaml | 2 +- .../argo-cd/templates/argocd-server/rolebinding.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/service.yaml | 2 +- .../templates/argocd-server/serviceaccount.yaml | 2 +- .../templates/argocd-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/templates/dex/networkpolicy.yaml | 2 +- charts/argo-cd/templates/dex/pdb.yaml | 2 +- charts/argo-cd/templates/dex/role.yaml | 4 ++-- charts/argo-cd/templates/dex/rolebinding.yaml | 4 ++-- charts/argo-cd/templates/dex/service.yaml | 2 +- charts/argo-cd/templates/dex/serviceaccount.yaml | 2 +- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- .../argo-cd/templates/networkpolicy-default-deny.yaml | 2 +- charts/argo-cd/templates/redis/deployment.yaml | 2 +- charts/argo-cd/templates/redis/health-configmap.yaml | 2 +- charts/argo-cd/templates/redis/metrics.yaml | 2 +- charts/argo-cd/templates/redis/networkpolicy.yaml | 2 +- charts/argo-cd/templates/redis/pdb.yaml | 2 +- charts/argo-cd/templates/redis/service.yaml | 2 +- charts/argo-cd/templates/redis/serviceaccount.yaml | 2 +- charts/argo-cd/templates/redis/servicemonitor.yaml | 2 +- charts/argo-cd/values.yaml | 3 +++ 100 files changed, 123 insertions(+), 115 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bea2c90e..83409042 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.1 +version: 6.9.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,9 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Service option externalIPs is available for all service types - - kind: fixed - description: Service option externalTrafficPolicy is available only for Service types LoadBalancer and NodePort - - kind: fixed - description: Load balancer options are available only for Service type LoadBalancer + - kind: added + description: Support ability to set .Values.namespaceOverride diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 596caabd..3f196f82 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -622,6 +622,7 @@ NAME: my-release | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | ## Global Configs diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 5ec03d90..67af632c 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -218,3 +218,11 @@ Merge Argo Params Configuration with Preset Configuration {{ $key }}: {{ toString $value | toYaml }} {{- end }} {{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-cd.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 7b6df782..6076c531 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index dc26a8db..23d2a7ad 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index 01b7a779..c3ceb047 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.controller.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} {{- with .Values.controller.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml index e7448c52..db1ee7c2 100644 --- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml index 7eaf28e1..bef09799 100644 --- a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index ea550e1f..f2aa2cfd 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index 9a87f771..48681637 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: @@ -10,6 +10,6 @@ roleRef: kind: Role name: {{ include "argo-cd.controller.fullname" . }} subjects: -- kind: ServiceAccount - name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index 1b9619d6..575cbf6d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 342dbc01..4a09daf3 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 208f358f..07191359 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index 3f623614..c2d2b279 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 6ac4c1e7..9c9b9193 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index 152b31f4..af6d5297 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 1c75150d..060d20c5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index f7fb4142..5cdf0cfe 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index 16154c81..06253a81 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} {{- with .Values.applicationSet.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index fee5a80c..3a295f77 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml index 16134160..5d0ebc88 100644 --- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index f33e776d..69ebf7ee 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index daf8c799..5d4f1e4a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 199c8374..91c082aa 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.service.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index 07839606..4869cad0 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.applicationSet.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 11ddd553..9c236c45 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index c0c8bc86..6bd19f5c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} {{- with .Values.configs.cm.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 9d60d932..f0c81b24 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} {{- if .Values.configs.params.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml index a3400605..a5d29f6c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmp-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} {{- with .Values.configs.cmp.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml index c543e8a7..747fa13c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-dex-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} {{- with .Values.dex.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index f94113a2..ed299b59 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-gpg-keys-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} {{- with .Values.configs.gpg.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index 2a18a2fc..663862e2 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-notifications-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index 9c261c6a..f64a91f5 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Values.notifications.secret.name }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.secret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index f9b62f76..ae48404e 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} {{- with .Values.configs.rbac.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml index 4e1b3dc9..8635d64e 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} {{- with .Values.repoServer.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 9e25e376..9462be26 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} {{- with .Values.configs.secret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml index c612a62c..97116472 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} {{- with .Values.server.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 845d219d..b0695ed3 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-ssh-known-hosts-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} {{- with .Values.configs.ssh.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml index b98e40df..77421542 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-styles-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index fa6e7433..db582e6d 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-tls-certs-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} {{- with .Values.configs.tls.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index 9bfcd983..c4166d1b 100644 --- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .Values.externalRedis.secretAnnotations }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml index cfdba38a..9a6fa7c5 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index eaf35623..4bdb24f6 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: @@ -65,7 +65,7 @@ spec: - --metrics-port={{ .Values.notifications.containerPorts.metrics }} - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - - --namespace={{ .Release.Namespace }} + - --namespace={{ include "argo-cd.namespace" . }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - --secret-name={{ .Values.notifications.secret.name }} {{- range .Values.notifications.extraArgs }} diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index b5ce611d..b7dcfe6a 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.notifications.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} {{- with .Values.notifications.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml index 011a7c33..b03c26ca 100644 --- a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/pdb.yaml index 71619547..4bdf211a 100644 --- a/charts/argo-cd/templates/argocd-notifications/pdb.yaml +++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 22eaa473..800a937a 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml index 32324190..e2259621 100644 --- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml index 8f58ff8d..3da8f27c 100644 --- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.notifications.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 18849886..03599a6d 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index 8531520c..d8bd88aa 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index dca27426..745150e7 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index ce6ed371..7615a412 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index 514595a2..6b82796c 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.repoServer.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} {{- with .Values.repoServer.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 8d2b66b5..c11ab129 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml index 658a1fe3..f79af3d7 100644 --- a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml index 5f9324d5..596874d4 100644 --- a/charts/argo-cd/templates/argocd-repo-server/role.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index ea4baded..2bc88b66 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index c2c43463..4412a8c9 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -13,7 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ports: - name: {{ .Values.repoServer.service.portName }} @@ -21,4 +21,4 @@ spec: port: {{ .Values.repoServer.service.port }} targetPort: repo-server selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} \ No newline at end of file + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 2facd9af..9b5777f1 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.repoServer.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 9ca16e74..38041de3 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index ffe0b79b..46d24d3c 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index 376699e3..a98ddfa2 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -7,7 +7,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ports: - name: {{ .Values.server.service.servicePortHttpName }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 84a0e62c..629d0e95 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 1e5a98fa..ce4a4d70 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index dee9cf43..8c02805a 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml index cd040c90..515e6d74 100644 --- a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.gke.backendConfig }} diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index d8b3b1ea..ae460a38 100644 --- a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.gke.frontendConfig }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index 160308bd..b030435b 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 63c089b8..2dd6f5e9 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index a509e569..51fe559d 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 2d15b9d7..3ad5a519 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -4,7 +4,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }}-grpc - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingressGrpc.labels }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index cfd0696d..84668373 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index 3844820e..f0797552 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.server.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} {{- with .Values.server.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml index 443ff359..4621e24f 100644 --- a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - {} diff --git a/charts/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml index 01cb6aed..b018f724 100644 --- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -3,7 +3,7 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.route.annotations }} diff --git a/charts/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo-cd/templates/argocd-server/pdb.yaml index adc47aec..6bc93305 100644 --- a/charts/argo-cd/templates/argocd-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-server/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 570d07fd..8d12e30d 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 61276d60..4d635aa9 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 61ad81d0..2b9872be 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.service.labels }} diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index a8efe1e5..9789e1d0 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.server.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index e8820768..2f96ca0a 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index b6c94f90..007e0ee1 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml index cb0fcc55..6d0c9789 100644 --- a/charts/argo-cd/templates/dex/networkpolicy.yaml +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/dex/pdb.yaml b/charts/argo-cd/templates/dex/pdb.yaml index c0adc73f..12161024 100644 --- a/charts/argo-cd/templates/dex/pdb.yaml +++ b/charts/argo-cd/templates/dex/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.pdb.labels }} diff --git a/charts/argo-cd/templates/dex/role.yaml b/charts/argo-cd/templates/dex/role.yaml index 49d40891..e79b3cf7 100644 --- a/charts/argo-cd/templates/dex/role.yaml +++ b/charts/argo-cd/templates/dex/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} rules: @@ -16,4 +16,4 @@ rules: - get - list - watch -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 30b92c06..792a465a 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.dex.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 73c98483..8825a7ea 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- if .Values.dex.metrics.service.annotations }} annotations: {{- range $key, $value := .Values.dex.metrics.service.annotations }} diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 66bf3076..aeff2441 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.dex.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.dex.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 00f2a238..3faa667a 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -40,7 +40,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml index b499ab03..06d1979a 100644 --- a/charts/argo-cd/templates/networkpolicy-default-deny.yaml +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} name: {{ template "argo-cd.fullname" . }}-default-deny - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: podSelector: {} policyTypes: diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 56ceae93..de9c29b1 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml index fd0ecff7..0d4005d6 100644 --- a/charts/argo-cd/templates/redis/health-configmap.yaml +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-cd.redis.fullname" . }}-health-configmap - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/redis/metrics.yaml b/charts/argo-cd/templates/redis/metrics.yaml index 67b4c3ac..040f5ebf 100644 --- a/charts/argo-cd/templates/redis/metrics.yaml +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.redis.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.service.labels }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml index cd8150e1..d602a931 100644 --- a/charts/argo-cd/templates/redis/networkpolicy.yaml +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml index 59423b47..c614144d 100644 --- a/charts/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.pdb.labels }} diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index 31f497d7..a4a94140 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.service.labels }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml index f45ece13..bc942e22 100644 --- a/charts/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.redis.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.redis.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 6f036a80..2126bafb 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -41,7 +41,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 6 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5df19e89..15171656 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -6,6 +6,9 @@ nameOverride: argocd # -- String to fully override `"argo-cd.fullname"` fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" # Override APIVersions From 39e1322df2b15446796356d9bf027250c5d75c35 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 20:06:49 +0900 Subject: [PATCH 373/617] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.13.0 (#2692) * chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.13.0 * feat(argocd-image-updater): update deployment as following upstream Signed-off-by: yu-croco * fix(argocd-image-updater): correct doc Signed-off-by: yu-croco * fix(argocd-image-updater): fix manifest Signed-off-by: yu-croco * chore(argocd-image-updater): bump version Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 ++++---- charts/argocd-image-updater/README.md | 2 +- .../templates/deployment.yaml | 11 +++++------ charts/argocd-image-updater/values.yaml | 17 ++++++++++------- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 7f299aef..d3143726 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.7 -appVersion: v0.12.2 +version: 0.10.0 +appVersion: v0.13.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allow defining extraEnvFrom for the deployment + - kind: changed + description: Bump argocd-image-updater to v0.13.0 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index a8d28699..ea57d402 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -114,7 +114,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | rbac.enabled | bool | `true` | Enable RBAC creation | | replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. | | resources | object | `{}` | Pod memory and cpu resource settings for the deployment | -| securityContext | object | `{}` | Security context settings for the deployment | +| securityContext | object | See [values.yaml] | Security context settings for the deployment | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.labels | object | `{}` | Labels to add to the service account | diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index cfd87a47..b6aa13fe 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -34,8 +34,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} - command: - - /usr/local/bin/argocd-image-updater + args: - run {{- with .Values.extraArgs }} {{- toYaml . | nindent 12 }} @@ -136,12 +135,12 @@ spec: volumeMounts: - mountPath: /app/config name: image-updater-conf - - mountPath: /tmp - name: tmp-dir - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/.ssh name: ssh-config + - mountPath: /tmp + name: tmp {{- if .Values.authScripts.enabled }} - mountPath: /scripts name: authscripts @@ -165,8 +164,6 @@ spec: name: argocd-image-updater-authscripts name: authscripts {{- end }} - - emptyDir: {} - name: tmp-dir - configMap: name: argocd-ssh-known-hosts-cm optional: true @@ -175,6 +172,8 @@ spec: name: argocd-image-updater-ssh-config optional: true name: ssh-config + - emptyDir: {} + name: tmp {{- with .Values.volumes }} {{- toYaml . | nindent 6}} {{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 0f2a4e33..2791890a 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -205,13 +205,16 @@ podSecurityContext: {} # fsGroup: 2000 # -- Security context settings for the deployment -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +# @default -- See [values.yaml] +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault rbac: # -- Enable RBAC creation From 4ce5e9be2efe51d64754e3a3e1e9c2f49f0a258f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 23:27:52 +0200 Subject: [PATCH 374/617] chore(deps): update actions/checkout action to v4.1.6 (#2696) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4aa9875a..c270cb2a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Self-hosted Renovate uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 From 66c39a06d83da91713a98f912f4bf9f75184fce0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Kemp-Rousseau?= <36542216+etiennnr@users.noreply.github.com> Date: Fri, 17 May 2024 11:18:13 -0400 Subject: [PATCH 375/617] fix(argo-cd): Adding checksum for argocd-cm to dex pod (#2695) Adding checksum to argocd-cm to dex pod Signed-off-by: Etienne Kemp-Rousseau Co-authored-by: yuki.kitakata --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/dex/deployment.yaml | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 83409042..f27ae34d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.2 +version: 6.9.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support ability to set .Values.namespaceOverride + - kind: fixed + description: Restarting dex pod when `argocd-cm` configmap changes diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 007e0ee1..bc9b4530 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -26,6 +26,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (index .Values.configs.cm "dex.config") }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- if .Values.dex.certificateSecret.enabled }} checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }} {{- end }} From 5d3e581b117e89b916231729510725cf8c046a81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 May 2024 19:02:45 +0900 Subject: [PATCH 376/617] chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#2700) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.5...a5ac7e51b41094c92402da3b24376905380afc29) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 50bb6a84..8335fc7c 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2894d4fc..07dde599 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b81bf415..2d72cdb0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false From b95e14aa021873a995822fa38f00e758678b25d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 May 2024 20:13:16 +0900 Subject: [PATCH 377/617] chore(deps): bump github/codeql-action from 2.13.4 to 3.25.5 (#2699) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.13.4 to 3.25.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cdcdbb579706841c47f7063dda365e292e5cad7a...b7cec7526559c32f1616476ff32d17ba4c59b2d6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: yuki.kitakata --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2d72cdb0..0074ed3d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif From 4611a164637f626b6d55ab9362d229dd9f05b523 Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Sun, 19 May 2024 16:34:24 +0900 Subject: [PATCH 378/617] fix(argo-workflows): Correct sample of secondsAfterCompletion (#2702) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 942eeadf..2c6c24df 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.4 +version: 0.41.5 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added option to add service accounts to RoleBindings + - kind: fixed + description: Correct sample of secondsAfterCompletion diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 0c5e624d..15a42ec4 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -202,7 +202,7 @@ controller: workflowDefaults: {} # spec: # ttlStrategy: - # secondsAfterCompletion: 84600 + # secondsAfterCompletion: 86400 # # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/ # artifactRepositoryRef: # configMap: my-artifact-repository # default is "artifact-repositories" From f9eb0b394ca7856a42e69e9f3e58671646052c25 Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Sun, 19 May 2024 19:22:17 +0900 Subject: [PATCH 379/617] fix(argo-workflows): Add missing serviceLabels to server service (#2698) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/server/server-service.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 2c6c24df..e897eab6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.5 +version: 0.41.6 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Correct sample of secondsAfterCompletion + description: Add missing serviceLabels to server service diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 7f81bd39..7517d659 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -7,6 +7,9 @@ metadata: labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} + {{- with .Values.server.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} {{- with .Values.server.serviceAnnotations }} annotations: {{- toYaml . | nindent 4 }} From fcee9a60460b3784b1f1656fd3cd3fb1f53eef6b Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 21 May 2024 18:36:32 +0200 Subject: [PATCH 380/617] fix(argo-cd): Enable Redis authentication in the default installation (#2705) --- charts/argo-cd/Chart.yaml | 10 +-- charts/argo-cd/README.md | 60 ++++++++++++++++ charts/argo-cd/README.md.gotmpl | 48 +++++++++++++ charts/argo-cd/templates/_helpers.tpl | 19 +++++ .../deployment.yaml | 8 ++- .../statefulset.yaml | 8 ++- .../argocd-configs/externalredis-secret.yaml | 2 +- .../argocd-repo-server/deployment.yaml | 8 ++- .../templates/argocd-server/deployment.yaml | 8 ++- .../templates/redis-secret-init/job.yaml | 54 +++++++++++++++ .../templates/redis-secret-init/role.yaml | 27 ++++++++ .../redis-secret-init/rolebinding.yaml | 19 +++++ .../redis-secret-init/serviceaccount.yaml | 16 +++++ .../argo-cd/templates/redis/deployment.yaml | 8 ++- .../templates/redis/health-configmap.yaml | 2 + charts/argo-cd/values.yaml | 69 +++++++++++++++++++ 16 files changed, 352 insertions(+), 14 deletions(-) create mode 100644 charts/argo-cd/templates/redis-secret-init/job.yaml create mode 100644 charts/argo-cd/templates/redis-secret-init/role.yaml create mode 100644 charts/argo-cd/templates/redis-secret-init/rolebinding.yaml create mode 100644 charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f27ae34d..eb512089 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.0 +appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.3 +version: 6.10.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Restarting dex pod when `argocd-cm` configmap changes + - kind: security + description: Enable Redis authentication in the default installation (GHSA-9766-5277-j5hr) + - kind: changed + description: Bump argo-cd to v2.11.1 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3f196f82..4452d4ed 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + ### 6.9.0 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). @@ -1271,8 +1304,10 @@ The main options are listed here: |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | | redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | @@ -1316,6 +1351,29 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations | | externalRedis.username | string | `""` | External Redis username | +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | +| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | +| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | +| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | +| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | +| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | +| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | + ## ApplicationSet | Key | Type | Default | Description | @@ -1507,8 +1565,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 97a967df..6ab46ffc 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + ### 6.9.0 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). @@ -722,6 +755,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide {{- end }} {{- end }} +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "redisSecretInit" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + ## ApplicationSet | Key | Type | Default | Description | @@ -750,8 +796,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 67af632c..f0470be3 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -86,6 +86,25 @@ Create the name of the redis service account to use {{- end -}} {{- end -}} + +{{/* +Create Redis secret-init name +*/}} +{{- define "argo-cd.redisSecretInit.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Redis secret-init service account to use +*/}} +{{- define "argo-cd.redisSecretInit.serviceAccountName" -}} +{{- if .Values.redisSecretInit.serviceAccount.create -}} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redisSecretInit.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd server name and version as used by the chart label. */}} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 23d2a7ad..7c4a2a6d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -199,15 +199,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 07191359..947307d7 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -198,15 +198,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index c4166d1b..2cfefde9 100644 --- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.redis.fullname" . }} + name: argocd-redis namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 745150e7..3cacf124 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -175,15 +175,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 8c02805a..125328a5 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -243,15 +243,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml new file mode 100644 index 00000000..04536932 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -0,0 +1,54 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.jobAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +spec: + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - argocd + - admin + - redis-initial-password + image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }} + name: secret-init + resources: + {{- toYaml .Values.redisSecretInit.resources | nindent 10 }} + {{- with .Values.redisSecretInit.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.redisSecretInit.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml new file mode 100644 index 00000000..52bdf0a3 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -0,0 +1,27 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml new file mode 100644 index 00000000..536c847d --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.redisSecretInit.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml new file mode 100644 index 00000000..0dc9979a --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index de9c29b1..9a8d1b91 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -65,8 +65,14 @@ spec: - "" - --appendonly - "no" - {{- with (concat .Values.global.env .Values.redis.env) }} + - --requirepass $(REDIS_PASSWORD) env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.env) }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.redis.envFrom }} diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml index 0d4005d6..7443625f 100644 --- a/charts/argo-cd/templates/redis/health-configmap.yaml +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -11,6 +11,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ -h localhost \ -p {{ .Values.redis.containerPorts.redis }} \ ping @@ -23,6 +24,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ -h localhost \ -p {{ .Values.redis.containerPorts.redis }} \ ping diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 15171656..46635276 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1547,6 +1547,12 @@ redis-ha: containerSecurityContext: readOnlyRootFilesystem: true + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: argocd-redis + # -- Whether the Redis server pods should be forced to run on separate nodes. hardAntiAffinity: true @@ -1594,6 +1600,69 @@ externalRedis: # -- External Redis Secret annotations secretAnnotations: {} +redisSecretInit: + # -- Redis secret-init name + name: redis-secret-init + + image: + # -- Repository to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Redis secret-init Job + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Annotations to be added to the Redis secret-init Job + jobAnnotations: {} + + # -- Annotations to be added to the Redis secret-init Job + podAnnotations: {} + + # -- Labels to be added to the Redis secret-init Job + podLabels: {} + + # -- Resource limits and requests for Redis secret-init Job + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # -- Redis secret-init Job pod-level security context + securityContext: {} + + serviceAccount: + # -- Create a service account for the redis pod + create: true + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Server server: # -- Argo CD server name From f431e9b2bed6d812b86a0df2609fb85e56f90a1a Mon Sep 17 00:00:00 2001 From: Pavan Kumar <64532630+pavankumar-go@users.noreply.github.com> Date: Wed, 22 May 2024 12:47:05 +0530 Subject: [PATCH 381/617] chore(argo-cd): add nodeselector and tolerations to redis-secret-init job (#2708) chore(argo-cd): add nodeselector and tolerations to redis-secret-init-job Signed-off-by: Pavan Co-authored-by: Pavan --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/redis-secret-init/job.yaml | 8 ++++++++ charts/argo-cd/values.yaml | 7 +++++++ 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eb512089..ccbb3374 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.10.0 +version: 6.10.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: Enable Redis authentication in the default installation (GHSA-9766-5277-j5hr) - - kind: changed - description: Bump argo-cd to v2.11.1 + - kind: added + description: Added node selector and tolerations for the redis secret init job diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 4452d4ed..55e1e0d1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1365,6 +1365,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | | redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | | redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | | redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | | redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | @@ -1373,6 +1374,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | | redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | +| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job | ## ApplicationSet diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 04536932..96a81d99 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -50,5 +50,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} restartPolicy: OnFailure + {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 46635276..903a866f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1662,6 +1662,13 @@ redisSecretInit: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # -- Node selector to be added to the Redis secret-init Job + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- Tolerations to be added to the Redis secret-init Job + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] ## Server server: From 3174f52ffcfe3bb0d2ad6118411eacbaf20b0c7d Mon Sep 17 00:00:00 2001 From: tberreis <88875030+tberreis@users.noreply.github.com> Date: Wed, 22 May 2024 13:20:34 +0200 Subject: [PATCH 382/617] chore(argo-cd): add priorityClassName to redis-secret-init job (#2709) Signed-off-by: Thomas Berreis --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis-secret-init/job.yaml | 3 +++ charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ccbb3374..ccd8c0c4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.10.1 +version: 6.10.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added node selector and tolerations for the redis secret init job + description: Added priorityClassName for the redis secret init job diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 55e1e0d1..fcfcd27f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1368,6 +1368,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | | redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | | redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job | | redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | | redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | | redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 96a81d99..0e3baf0a 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -49,6 +49,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} restartPolicy: OnFailure {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 903a866f..6d193720 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1662,6 +1662,10 @@ redisSecretInit: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # -- Priority class for Redis secret-init Job + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} From e6776415a40038b113368c88716eb3fd7660475e Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Thu, 23 May 2024 16:29:52 +0900 Subject: [PATCH 383/617] feat(argo-rollouts): Support revisionHistoryLimit (#2712) * feat(argo-rollouts): Support revisionHistoryLimit Signed-off-by: yu-croco * chore(argo-rollouts): Align to argo-cd's configuration Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/controller/deployment.yaml | 1 + charts/argo-rollouts/templates/dashboard/deployment.yaml | 1 + charts/argo-rollouts/values.yaml | 2 ++ 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6a4645f9..ecb6f19b 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.2 +version: 2.35.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added pod labels for the controller and the dashboard components + description: Support revisionHistoryLimit diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index d5d11c26..4647c419 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -51,6 +51,7 @@ For full list of changes please check ArtifactHub [changelog]. | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | | global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | | global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | +| global.revisionHistoryLimit | int | `10` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 0d4c5281..2bfdb912 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -23,6 +23,7 @@ spec: strategy: type: Recreate replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: metadata: {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index e2918f40..ec0114ba 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -24,6 +24,7 @@ spec: strategy: type: Recreate replicas: {{ .Values.dashboard.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: metadata: {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index f9ae582c..64181c99 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -43,6 +43,8 @@ global: deploymentAnnotations: {} # -- Labels for all deployed Deployments deploymentLabels: {} + # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected. + revisionHistoryLimit: 10 controller: # -- Value of label `app.kubernetes.io/component` From 728b6e732693dbaac4b46e1090578c655c557a5a Mon Sep 17 00:00:00 2001 From: Michael Vittrup Larsen Date: Thu, 23 May 2024 14:36:49 +0200 Subject: [PATCH 384/617] feat(argo-cd): Make redis secret initialization optional (#2713) * Make redis secret initialization optional Signed-off-by: michaelvl * Remove artifacthub.io/changes from previous change Signed-off-by: michaelvl --------- Signed-off-by: michaelvl --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/role.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/rolebinding.yaml | 2 +- .../argo-cd/templates/redis-secret-init/serviceaccount.yaml | 2 +- charts/argo-cd/values.yaml | 2 ++ 7 files changed, 9 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ccd8c0c4..9c085f53 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.10.2 +version: 6.11.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added priorityClassName for the redis secret init job + description: Made Redis secret initialization optional with default enabled diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index fcfcd27f..b390056f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1359,6 +1359,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | | redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | | redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 0e3baf0a..27837465 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml index 52bdf0a3..ac5fd313 100644 --- a/charts/argo-cd/templates/redis-secret-init/role.yaml +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml index 536c847d..7ea1de96 100644 --- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml index 0dc9979a..d6b95f13 100644 --- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6d193720..f9ee4674 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1601,6 +1601,8 @@ externalRedis: secretAnnotations: {} redisSecretInit: + # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods + enabled: true # -- Redis secret-init name name: redis-secret-init From fa2fb1c5c15e8753a850865c2db86091a6fd8c87 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 16:37:05 +0100 Subject: [PATCH 385/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.2 (#2715) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9c085f53..350c8596 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.1 +appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.11.0 +version: 6.11.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Made Redis secret initialization optional with default enabled + - kind: changed + description: Bump argo-cd to v2.11.2 From fb807031a28b136be3901601f7aca69e6cfa23fe Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Fri, 24 May 2024 05:04:54 +0200 Subject: [PATCH 386/617] fix(argo-events): support for additional labels (#2714) Signed-off-by: Nicolas Lamirault Co-authored-by: yuki.kitakata Co-authored-by: Jason Meridth --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/templates/_helpers.tpl | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index aed0dfdc..6a548402 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.4 +version: 2.4.5 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support ability to set .Values.namespaceOverride + - kind: fixed + description: Support additional labels diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index 93069ca3..79c7051d 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -104,6 +104,9 @@ helm.sh/chart: {{ include "argo-events.chart" .context }} {{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argo-events +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} {{- end }} {{/* From 165c6518d25f08d29601a73675799e7c9ec48253 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 23:19:47 +0200 Subject: [PATCH 387/617] chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 (#2718) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0074ed3d..9c6c360b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif From 408500c5ccdb704ce4b731308f9697dee2559192 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 27 May 2024 17:09:26 +0900 Subject: [PATCH 388/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.7 (#2720) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index e897eab6..896f6606 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.6 +appVersion: v3.5.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.6 +version: 0.41.7 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add missing serviceLabels to server service + - kind: changed + description: Bump argo-workflows to v3.5.7 From 5652e66777047634c7fa7b9a9b01be5d79afdb64 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 07:32:32 +0200 Subject: [PATCH 389/617] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.13.1 (#2722) --- charts/argocd-image-updater/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index d3143726..963db659 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.10.0 -appVersion: v0.13.0 +version: 0.10.1 +appVersion: v0.13.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.13.0 + description: Bump argocd-image-updater to v0.13.1 From 2c05baf7416bfac007540a16713240624c3d0bce Mon Sep 17 00:00:00 2001 From: Nacho Barrientos Date: Tue, 28 May 2024 15:38:23 +0200 Subject: [PATCH 390/617] feat(argo-cd): represent cluster credentials as a map (#2648) So it can be merged with values coming from different sources. Closes #2592 Signed-off-by: Nacho Barrientos --- charts/argo-cd/Chart.yaml | 4 +-- charts/argo-cd/README.md | 2 +- .../argocd-configs/cluster-secrets.yaml | 26 +++++++++---------- charts/argo-cd/values.yaml | 10 +++---- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 350c8596..876e36f1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.11.1 +version: 7.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.2 + description: Represent cluster credentials as a map diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b390056f..7b94e90b 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -695,7 +695,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 83b1c15d..2682e70e 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -1,17 +1,17 @@ -{{- range .Values.configs.clusterCredentials }} +{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} namespace: {{ $.Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} - {{- with .labels }} + {{- with $cluster_value.labels }} {{- toYaml . | nindent 4 }} {{- end }} argocd.argoproj.io/secret-type: cluster - {{- with .annotations }} + {{- with $cluster_value.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -19,17 +19,17 @@ metadata: {{- end }} type: Opaque stringData: - name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} - server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} - {{- if .namespaces }} - namespaces: {{ .namespaces }} - {{- if .clusterResources }} - clusterResources: {{ .clusterResources | quote }} + name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} + server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} + {{- if $cluster_value.namespaces }} + namespaces: {{ $cluster_value.namespaces }} + {{- if $cluster_value.clusterResources }} + clusterResources: {{ $cluster_value.clusterResources | quote }} {{- end }} {{- end }} - {{- if .project }} - project: {{ .project | quote }} + {{- if $cluster_value.project }} + project: {{ $cluster_value.project | quote }} {{- end }} config: | - {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }} + {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f9ee4674..cf89fb1e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -418,13 +418,13 @@ configs: # command: [sh, -c, find . -name env.yaml] # -- Provide one or multiple [external cluster credentials] - # @default -- `[]` (See [values.yaml]) + # @default -- `{}` (See [values.yaml]) ## Ref: ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters - clusterCredentials: [] - # - name: mycluster + clusterCredentials: {} + # mycluster: # server: https://mycluster.example.com # labels: {} # annotations: {} @@ -433,7 +433,7 @@ configs: # tlsClientConfig: # insecure: false # caData: "" - # - name: mycluster2 + # mycluster2: # server: https://mycluster2.example.com # labels: {} # annotations: {} @@ -444,7 +444,7 @@ configs: # tlsClientConfig: # insecure: false # caData: "" - # - name: mycluster3-project-scoped + # mycluster3-project-scoped: # server: https://mycluster3.example.com # labels: {} # annotations: {} From 0a97419aa9346feb1bee4d7d28361808e83ea3dd Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 31 May 2024 11:01:54 +0200 Subject: [PATCH 391/617] docs(github): Charts use Helm "Capabilities" (#2730) Signed-off-by: Marco Maurer --- README.md | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/README.md b/README.md index 3d57db36..c4092e07 100644 --- a/README.md +++ b/README.md @@ -42,3 +42,63 @@ Please refer to [SECURITY.md](SECURITY.md) for details on how to report security ### Changelog Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). + +## Charts use Helm "Capabilities" + +Our charts make use of the Helm built-in object "Capabilities": +> This provides information about what capabilities the Kubernetes cluster supports. +> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/* + +Today we use: + +- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster +- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1") + +If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster. + +For this you need to pass the `--api-versions` parameter to the `helm template` command: + +```bash +helm template argocd \ + oci://ghcr.io/argoproj/argo-helm/argo-cd \ + --api-versions monitoring.coreos.com/v1 \ + --values my-argocd-values.yaml +``` + +If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options. + +Example with Kustomize: + +```yaml +# kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: +- name: argo-cd + repo: oci://ghcr.io/argoproj/argo-helm + version: x.y.z + releaseName: argocd + apiVersions: + - monitoring.coreos.com/v1 + valuesFile: my-argocd-values.yaml +``` + +Example with helmfile: + +```yaml +# helmfile.yaml +repositories: + - name: argo + url: https://argoproj.github.io/argo-helm + +apiVersions: + - monitoring.coreos.com/v1 + +releases: + - name: argocd + namespace: argocd + chart: argo/argo-cd + values: + - my-argocd-values.yaml +``` From 45ff5666146afa95eaccad682f6960cf78607efc Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Fri, 31 May 2024 14:04:50 +0200 Subject: [PATCH 392/617] feat(argo-cd): add support for dual stack clusters (#2649) * feat(argo-cd): add support for dual stack clusters Signed-off-by: Ludovic Ortega * fix: add suggested change Signed-off-by: Ludovic Ortega * fix: metric template & add suggested change Signed-off-by: Ludovic Ortega * fix: remove changelog in README.md.gotmpl Signed-off-by: Ludovic Ortega * fix: applicationset metric template Signed-off-by: Ludovic Ortega * fix: add changelog as annotation Signed-off-by: Ludovic Ortega * feat: use a global setting to enable dual stack Signed-off-by: Ludovic Ortega --------- Signed-off-by: Ludovic Ortega Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Aikawa Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/_helpers.tpl | 12 ++++++++++++ .../argocd-application-controller/metrics.yaml | 1 + .../templates/argocd-applicationset/metrics.yaml | 1 + .../templates/argocd-applicationset/service.yaml | 1 + .../templates/argocd-notifications/metrics.yaml | 1 + .../templates/argocd-repo-server/metrics.yaml | 1 + .../templates/argocd-repo-server/service.yaml | 1 + .../argo-cd/templates/argocd-server/aws/service.yaml | 1 + charts/argo-cd/templates/argocd-server/metrics.yaml | 1 + charts/argo-cd/templates/argocd-server/service.yaml | 1 + charts/argo-cd/templates/dex/service.yaml | 1 + charts/argo-cd/templates/redis/service.yaml | 1 + charts/argo-cd/values.yaml | 7 +++++++ 15 files changed, 35 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 876e36f1..c3a5faab 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.0.0 +version: 7.1.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Represent cluster credentials as a map + - kind: added + description: Add support for IPv4/IPv6 dual-stack networking. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7b94e90b..833fbe15 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -671,6 +671,8 @@ NAME: my-release | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.domain | string | `"argocd.example.com"` | Default domain used by all components | +| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | +| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index f0470be3..c609f19f 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -245,3 +245,15 @@ Allows overriding it for multi-namespace deployments in combined charts. {{- define "argo-cd.namespace" -}} {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} {{- end }} + +{{/* +Dual stack definition +*/}} +{{- define "argo-cd.dualStack" -}} +{{- with .Values.global.dualStack.ipFamilyPolicy }} +ipFamilyPolicy: {{ . }} +{{- end }} +{{- with .Values.global.dualStack.ipFamilies }} +ipFamilies: {{ toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index c3ceb047..086dfe9b 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.controller.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index 06253a81..de5638ad 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.applicationSet.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 91c082aa..bf58c6b4 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -16,6 +16,7 @@ metadata: {{- end }} spec: type: {{ .Values.applicationSet.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.applicationSet.service.portName }} port: {{ .Values.applicationSet.service.port }} diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index b7dcfe6a..9dd18c8b 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} ports: diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index 6b82796c..6ede9ddb 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index 4412a8c9..24ca10ef 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -15,6 +15,7 @@ metadata: name: {{ template "argo-cd.repoServer.fullname" . }} namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index a98ddfa2..0e9de75a 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -9,6 +9,7 @@ metadata: name: {{ template "argo-cd.server.fullname" . }}-grpc namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index f0797552..d08dbae0 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.server.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.server.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 2b9872be..71f46449 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -16,6 +16,7 @@ metadata: {{- end }} spec: type: {{ .Values.server.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} {{- with .Values.server.service.externalIPs }} externalIPs: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 8825a7ea..b52acfb1 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -16,6 +16,7 @@ metadata: {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.dex.servicePortHttpName }} protocol: TCP diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index a4a94140..a60cf77e 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -17,6 +17,7 @@ metadata: {{- end }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: redis port: {{ .Values.redis.servicePort }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index cf89fb1e..6c446a2e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -98,6 +98,13 @@ global: # hostnames: # - git.myhostname + # Configure dual-stack used by all component services + dualStack: + # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + # Default network policy rules used by all components networkPolicy: # -- Create NetworkPolicy objects for all components From 9607dee38e307d8c794e7c5da1a86a44d5705854 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 31 May 2024 23:25:40 -0500 Subject: [PATCH 393/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.384.0 (#2733) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c270cb2a..f82006c2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.332.0 + renovate-version: 37.384.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 760d1995e089efcf8c7a30b667de9527777b21d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jun 2024 13:10:40 -0500 Subject: [PATCH 394/617] chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#2734) --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 07dde599..84b51f79 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.actor }} From 4f5020681380578390b9b5e8d787807e5a436d4f Mon Sep 17 00:00:00 2001 From: BenHesketh21 Date: Sun, 2 Jun 2024 00:44:56 +0100 Subject: [PATCH 395/617] fix(argo-cd): Fixed redis exporter NOAUTH error (#2736) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis/deployment.yaml | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c3a5faab..586d7895 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.0 +version: 7.1.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for IPv4/IPv6 dual-stack networking. + - kind: fixed + description: Fixed redis exporter NOAUTH error diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 9a8d1b91..76e1b00a 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -130,6 +130,11 @@ spec: value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth {{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- toYaml . | nindent 8 }} {{- end }} From 0dae5da325b1f6635399fa2a23a7870d44a66907 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Jun 2024 10:24:16 +0900 Subject: [PATCH 396/617] chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#2735) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...f079b8493333aace61c81488f8bd40919487bd9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9c6c360b..35ddcf79 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: sarif_file: results.sarif From 98d8ea00e6cbe06acd65049456350b66c1256cc4 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 08:59:14 +0200 Subject: [PATCH 397/617] chore(deps): update actions/create-github-app-token action to v1.10.1 (#2739) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f82006c2..d00ce019 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0 + uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 19ef184d8fe923fdc0ec42411c6272a91138db31 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 16:08:02 +0900 Subject: [PATCH 398/617] chore(deps): update renovatebot/github-action action to v40.1.12 (#2740) Co-authored-by: renovate[bot] Co-authored-by: Aikawa --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d00ce019..65439348 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Self-hosted Renovate - uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 + uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 02499d9b31e6e763e3af8e143f7a89b1a84f2fc4 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 11:51:33 +0100 Subject: [PATCH 399/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.3 (#2748) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 586d7895..1e1fa2b5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.2 +appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.1 +version: 7.1.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed redis exporter NOAUTH error + - kind: changed + description: Bump argo-cd to v2.11.3 From 3dd3e1a754514f418a0aa32ccdc0daceb6d4339d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Jun 2024 07:42:46 -0500 Subject: [PATCH 400/617] chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#2752) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 35ddcf79..cd8d1548 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif From 377332f8c7655525b9f69fd8ae9857a402c4db63 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 9 Jun 2024 14:22:44 +0900 Subject: [PATCH 401/617] fix(argo-cd): Add missing permission for Dynamic Cluster Distribution (#2754) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/role.yaml | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e1fa2b5..15ab4a2e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.2 +version: 7.1.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.3 + - kind: fixed + description: Add missing permission for Dynamic Cluster Distribution diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index f2aa2cfd..27e3e956 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -43,3 +43,17 @@ rules: - get - list - watch +{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - argocd-app-controller-shard-cm + verbs: + - get + - list + - watch + - create + - update +{{- end }} From 8b02b6d9b828902ba0d9ae1e6ddb4f060a5975ca Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Sun, 9 Jun 2024 18:18:20 -0400 Subject: [PATCH 402/617] fix(argo-workflows): `BASE_HREF` -> `ARGO_BASE_HREF` for forward compat (#2756) --- charts/argo-workflows/Chart.yaml | 6 +++--- .../argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 896f6606..72634b14 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.7 +version: 0.41.8 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.7 + - kind: fixed + description: changed BASE_HREF to ARGO_BASE_HREF for forward compat diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index a4b8df7b..95789b56 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -95,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: BASE_HREF + - name: ARGO_BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} From 4c29c31b9a26196e007a2a9045163b114cf29ce6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 08:14:29 +0900 Subject: [PATCH 403/617] chore(deps): update actions/checkout action to v4.1.7 (#2762) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 65439348..d69671c9 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 From e088468e721d563263d7a8b43aae8bf07a2692ef Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 06:08:49 +0100 Subject: [PATCH 404/617] chore(argo-events): Update dependency argoproj/argo-events to v1.9.2 (#2764) --- charts/argo-events/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 6a548402..394b150c 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.1 +appVersion: v1.9.2 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.5 +version: 2.4.6 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Support additional labels + - kind: changed + description: Bump argo-events to v1.9.2 From ea967df1e36733381c5b7483a1afc1c230164a81 Mon Sep 17 00:00:00 2001 From: Kaita Nakamura <94943154+z63d@users.noreply.github.com> Date: Fri, 14 Jun 2024 16:53:59 +0900 Subject: [PATCH 405/617] chore(argocd-image-updater): fix referenced URL to command line reference page (#2761) --- charts/argocd-image-updater/Chart.yaml | 6 +++--- charts/argocd-image-updater/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 963db659..cbf21e4c 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.10.1 +version: 0.10.2 appVersion: v0.13.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argocd-image-updater to v0.13.1 + - kind: fixed + description: Fixed a URL in values.yaml comments diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 2791890a..292f2c90 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -107,7 +107,7 @@ config: # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) applicationsAPIKind: "" - # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags # Note: this is only relevant if config.applicationsAPIKind == 'argocd' argocd: # -- Use the gRPC-web protocol to connect to the Argo CD API From 43c626d31ed39037696392682e65fd82f79f1c9f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 18:00:28 +0900 Subject: [PATCH 406/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.0 (#2763) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.0 * feat(argo-rollouts): Update resources as following upstream Signed-off-by: yu-croco * fix(argo-rollouts): update doc Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 8 +- charts/argo-rollouts/README.md | 2 +- .../templates/controller/deployment.yaml | 2 +- .../templates/crds/analysis-run-crd.yaml | 239 +++++++++++++++++- .../templates/crds/analysis-template-crd.yaml | 235 ++++++++++++++++- .../crds/cluster-analysis-template-crd.yaml | 235 ++++++++++++++++- .../templates/crds/experiment-crd.yaml | 213 +++++++++++++++- .../templates/crds/rollout-crd.yaml | 227 ++++++++++++++++- charts/argo-rollouts/values.yaml | 15 +- 9 files changed, 1151 insertions(+), 25 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ecb6f19b..3cb72cef 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.6 +appVersion: v1.7.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.3 +version: 2.36.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support revisionHistoryLimit + - kind: changed + description: Bump argo-rollouts to v1.7.0 diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 4647c419..4284942c 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -79,7 +79,7 @@ For full list of changes please check ArtifactHub [changelog]. | Key | Type | Default | Description | |-----|------|---------|-------------| -| containerSecurityContext | object | `{}` | Security Context to set on container level | +| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | | controller.containerPorts.healthz | int | `8080` | Healthz container port | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 2bfdb912..851dec0b 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -21,7 +21,7 @@ spec: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} strategy: - type: Recreate + type: RollingUpdate replicas: {{ .Values.controller.replicas }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 1dddfa7d..52c75d97 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -188,6 +188,19 @@ spec: type: object datadog: properties: + aggregator: + default: last + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string apiVersion: default: v1 enum: @@ -241,6 +254,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -248,6 +264,9 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer @@ -289,13 +308,14 @@ spec: x-kubernetes-list-type: atomic required: - action - - onPodConditions type: object type: array x-kubernetes-list-type: atomic required: - rules type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -467,6 +487,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -535,6 +565,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -601,6 +641,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -669,6 +719,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -848,6 +908,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -898,6 +966,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1094,13 +1170,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1453,6 +1556,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1503,6 +1614,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1699,13 +1818,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2065,6 +2211,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2115,6 +2269,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2311,13 +2473,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2543,12 +2732,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2945,11 +3165,26 @@ spec: type: array terminate: type: boolean + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object required: - metrics type: object status: properties: + completedAt: + format: date-time + type: string dryRunSummary: properties: count: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index d97a6ce9..794c7617 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -184,6 +184,19 @@ spec: type: object datadog: properties: + aggregator: + default: last + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string apiVersion: default: v1 enum: @@ -237,6 +250,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -244,6 +260,9 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer @@ -285,13 +304,14 @@ spec: x-kubernetes-list-type: atomic required: - action - - onPodConditions type: object type: array x-kubernetes-list-type: atomic required: - rules type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -463,6 +483,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -531,6 +561,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -597,6 +637,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -665,6 +715,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -844,6 +904,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -894,6 +962,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1090,13 +1166,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1449,6 +1552,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1499,6 +1610,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1695,13 +1814,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2061,6 +2207,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2111,6 +2265,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2307,13 +2469,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2539,12 +2728,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2939,8 +3159,15 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 335f06a2..b6c9f6f0 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -184,6 +184,19 @@ spec: type: object datadog: properties: + aggregator: + default: last + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string apiVersion: default: v1 enum: @@ -237,6 +250,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -244,6 +260,9 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer @@ -285,13 +304,14 @@ spec: x-kubernetes-list-type: atomic required: - action - - onPodConditions type: object type: array x-kubernetes-list-type: atomic required: - rules type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -463,6 +483,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -531,6 +561,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -597,6 +637,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -665,6 +715,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -844,6 +904,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -894,6 +962,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1090,13 +1166,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1449,6 +1552,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1499,6 +1610,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1695,13 +1814,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2061,6 +2207,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2111,6 +2265,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2307,13 +2469,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2539,12 +2728,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2939,8 +3159,15 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 2f60d415..2f2ea2dc 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -94,6 +94,17 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object dryRun: items: properties: @@ -309,6 +320,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -377,6 +398,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -443,6 +474,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -511,6 +552,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -690,6 +741,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -740,6 +799,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -936,13 +1003,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1295,6 +1389,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1345,6 +1447,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1541,13 +1651,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1907,6 +2044,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1957,6 +2102,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2153,13 +2306,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2385,12 +2565,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 7faf3790..a22a9364 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -581,6 +581,26 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array duration: type: string templates: @@ -913,6 +933,9 @@ spec: - name type: object type: array + maxTrafficWeight: + format: int32 + type: integer nginx: properties: additionalIngressAnnotations: @@ -1093,6 +1116,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1161,6 +1194,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1227,6 +1270,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1295,6 +1348,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1474,6 +1537,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1524,6 +1595,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1720,13 +1799,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2079,6 +2185,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2129,6 +2243,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2325,13 +2447,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2691,6 +2840,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2741,6 +2898,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2937,13 +3102,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -3169,12 +3361,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -3340,6 +3563,8 @@ spec: type: string name: type: string + scaleDown: + type: string type: object type: object status: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 64181c99..98a78471 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -240,13 +240,14 @@ podSecurityContext: runAsNonRoot: true # -- Security Context to set on container level -containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault # -- Annotations to be added to the Rollout service serviceAnnotations: {} From a07f981d4e72cb5b2efae6451d52e27a1d5f57f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 15 Jun 2024 14:25:24 -0500 Subject: [PATCH 407/617] chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 (#2766) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cd8d1548..c16802b5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif From 5fa92f5189e3e2e3226604c33813bf538b8a6316 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 16 Jun 2024 00:17:15 +0200 Subject: [PATCH 408/617] chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#2767) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 8335fc7c..95a10226 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 84b51f79..7cdbac43 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c16802b5..71c8da60 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false From b26191b776dd3edeb9b546e20ba523b437c50079 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 16 Jun 2024 01:28:34 -0500 Subject: [PATCH 409/617] chore(github): group dependabot updates for minor and patch (#2768) --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0a4fd6ca..4d8e45c5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,3 +6,11 @@ updates: schedule: interval: weekly day: "saturday" + commit-message: + prefix: "chore(deps)" + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" From fab2809c67243112d708ca309367500d388c81b4 Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Mon, 17 Jun 2024 14:59:29 -0400 Subject: [PATCH 410/617] fix(argo-workflows): revert `BASE_HREF` change (#2770) * fix(argo-workflows): revert `BASE_HREF` change This reverts commit 134cecde5812612514995205cd8fcc6a7f933373. Sorry, I screwed up this and caused a regression. Didn't read my own release notes (from 4 months ago to be fair) where `ARGO_BASE_HREF` would not work previously as it was inconsistently `ARGO_BASEHREF`. So there is no forward compatible change to be made here, so just revert this. Will have to reinstate this change for the 3.6 upgrade Signed-off-by: Anton Gilgur * changelog update Signed-off-by: Anton Gilgur --------- Signed-off-by: Anton Gilgur --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 72634b14..70b3949a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.8 +version: 0.41.9 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: changed BASE_HREF to ARGO_BASE_HREF for forward compat + description: reverted the BASE_HREF change, will add back during 3.6 upgrade diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 95789b56..a4b8df7b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -95,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: ARGO_BASE_HREF + - name: BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} From 6946696aaef570adc140fb74ac473b8aa0f0d2fc Mon Sep 17 00:00:00 2001 From: Gazal Date: Tue, 18 Jun 2024 11:13:21 +1000 Subject: [PATCH 411/617] feat(argo-cd): add loadBalancerClass field for Service resource (#2769) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-server/service.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 15ab4a2e..6d1a4041 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.3 +version: 7.1.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add missing permission for Dynamic Cluster Distribution + - kind: changed + description: add loadBalancerClass field for Service resources diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 833fbe15..f89a222c 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1082,6 +1082,7 @@ NAME: my-release | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | | server.service.labels | object | `{}` | Server service labels | +| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 71f46449..86f8abb0 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -24,6 +24,9 @@ spec: externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} {{- end }} {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.server.service.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6c446a2e..6d9923e6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2067,6 +2067,8 @@ server: # -- Server service https port appProtocol ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol servicePortHttpsAppProtocol: "" + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from From 3c127abe7b3aba8a80e9d01be3f4975c650535bf Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 08:46:47 +0100 Subject: [PATCH 412/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.8 (#2773) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 70b3949a..d06694de 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.7 +appVersion: v3.5.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.9 +version: 0.41.10 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: reverted the BASE_HREF change, will add back during 3.6 upgrade + - kind: changed + description: Bump argo-workflows to v3.5.8 From 8130224b3b84de27c1bba7047688893bbc40ae17 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Wed, 19 Jun 2024 08:00:44 +0100 Subject: [PATCH 413/617] fix(argo-workflows): add `app:` label to components to match upstream (#2775) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/_helpers.tpl | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index d06694de..99d313f8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.10 +version: 0.41.11 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.8 + - kind: fixed + description: Add `app:` label to components to match upstream diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index f46af22f..ebbba978 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -94,6 +94,7 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} app.kubernetes.io/instance: {{ .context.Release.Name }} {{- if .component }} app.kubernetes.io/component: {{ .component }} +app: {{ .component }} {{- end }} {{- end }} From e34b45b3eabeb34fd116a676aafac5f2bff95bdf Mon Sep 17 00:00:00 2001 From: Julie Ims <44164757+julieims@users.noreply.github.com> Date: Wed, 19 Jun 2024 16:04:02 +0200 Subject: [PATCH 414/617] feat(argo-cd): Add secrettemplate to argo-cd server certificate (#2780) * Add secrettemplate to argo-cd server certificate Signed-off-by: Ims, Julie * refactor documentation Signed-off-by: Ims, Julie * added changelog Signed-off-by: Ims, Julie * remove empty line Signed-off-by: Ims, Julie * correct comment in values file Signed-off-by: Ims, Julie * move documentation comment according to test results Signed-off-by: Ims, Julie --------- Signed-off-by: Ims, Julie --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-server/certificate.yaml | 7 +++++++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6d1a4041..408a6989 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.4 +version: 7.1.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: add loadBalancerClass field for Service resources + - kind: added + description: Added secrettemplateAnnotation field for argocd server certificate diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f89a222c..6b7c2fdd 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -968,6 +968,7 @@ NAME: my-release | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | +| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | | server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | | server.certificateSecret.crt | string | `""` | Certificate data | diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 629d0e95..4376bd5c 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -13,6 +13,13 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: + secretTemplate: + {{- with .Values.server.certificate.secretTemplateAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} secretName: {{ .Values.server.certificate.secretName }} commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6d9923e6..33252305 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2029,6 +2029,8 @@ server: # -- Usages for the certificate ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage usages: [] + # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources + secretTemplateAnnotations: {} # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server From b0d4648471aef30a1a849a82c84dcb37ed7b504d Mon Sep 17 00:00:00 2001 From: Erwan Vallienne <135604788+erwanval@users.noreply.github.com> Date: Thu, 20 Jun 2024 12:25:27 +0200 Subject: [PATCH 415/617] fix(argo-cd): remove secretName for server and applicationSet Certificates (#2741) * Remove Certificate's secretName because expected names by server and applicationset are static Signed-off-by: Erwan Vallienne * Apply suggestions from code review Signed-off-by: Marco Maurer (-Kilchhofer) * Fix lint Signed-off-by: Erwan Vallienne --------- Signed-off-by: Erwan Vallienne Signed-off-by: Marco Maurer (-Kilchhofer) Signed-off-by: Erwan Vallienne <135604788+erwanval@users.noreply.github.com> Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/README.md | 2 -- .../templates/argocd-applicationset/certificate.yaml | 2 +- charts/argo-cd/templates/argocd-server/certificate.yaml | 2 +- charts/argo-cd/values.yaml | 4 ---- 5 files changed, 7 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 408a6989..1d1b03af 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.5 +version: 7.2.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added secrettemplateAnnotation field for argocd server certificate + - kind: removed + description: Remove `server.certificate.secretName`, as the expected secret name is static (argocd-server-tls) + - kind: removed + description: Remove `applicationSet.certificate.secretName`, as the expected secret name is static (argocd-applicationset-controller-tls) diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6b7c2fdd..8ef96974 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -967,7 +967,6 @@ NAME: my-release | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | -| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | | server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | @@ -1402,7 +1401,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | -| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index c2d2b279..fce26bf5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -13,7 +13,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: - secretName: {{ .Values.applicationSet.certificate.secretName }} + secretName: argocd-applicationset-controller-tls commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} dnsNames: - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 4376bd5c..803452f6 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -20,7 +20,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - secretName: {{ .Values.server.certificate.secretName }} + secretName: argocd-server-tls commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: - {{ .Values.server.certificate.domain | default .Values.global.domain }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 33252305..001a3d97 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1990,8 +1990,6 @@ server: certificate: # -- Deploy a Certificate resource (requires cert-manager) enabled: false - # -- The name of the Secret that will be automatically created and managed by this Certificate resource - secretName: argocd-server-tls # -- Certificate primary domain (commonName) # @default -- `""` (defaults to global.domain) domain: "" @@ -2998,8 +2996,6 @@ applicationSet: certificate: # -- Deploy a Certificate resource (requires cert-manager) enabled: false - # -- The name of the Secret that will be automatically created and managed by this Certificate resource - secretName: argocd-applicationset-controller-tls # -- Certificate primary domain (commonName) # @default -- `""` (defaults to global.domain) domain: "" From 02949b14b108e42407831ddaa131161eb6210ed6 Mon Sep 17 00:00:00 2001 From: smcavallo Date: Fri, 21 Jun 2024 17:01:27 -0400 Subject: [PATCH 416/617] fix(argo-cd): Default repo-server init container resources to empty (#2786) --- charts/argo-cd/Chart.yaml | 8 +++----- .../argo-cd/templates/argocd-repo-server/deployment.yaml | 4 +--- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1d1b03af..70bca9bb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.2.0 +version: 7.2.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: removed - description: Remove `server.certificate.secretName`, as the expected secret name is static (argocd-server-tls) - - kind: removed - description: Remove `applicationSet.certificate.secretName`, as the expected secret name is static (argocd-applicationset-controller-tls) + - kind: changed + description: Default argocd repo-server init container replicas to empty diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 3cacf124..7a29d147 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -359,10 +359,8 @@ spec: image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} name: copyutil - {{- with .Values.repoServer.resources }} resources: - {{- toYaml . | nindent 10 }} - {{- end }} + {{- toYaml .Values.repoServer.resources | nindent 10 }} {{- with .Values.repoServer.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} From 2ba2eb3daf34bf89b740518cd27cd8a165357f84 Mon Sep 17 00:00:00 2001 From: Mohamed Ragab <155462724+mohamedragab2024@users.noreply.github.com> Date: Sat, 22 Jun 2024 06:11:25 -0400 Subject: [PATCH 417/617] feat(argo-rollouts): add annotations for notifications secret (#2777) * feat(argo-rollouts): Most users of Argo-rollouts may store secrets on vault which allows to auto inject secrets directly to secrets object using annotations. Signed-off-by:Mohamed Ragab Signed-off-by: Mohamed Ragab * Fix indentation Signed-off-by: Mohamed Ragab --------- Signed-off-by: Mohamed Ragab Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + .../templates/controller/notifications-secret.yaml | 6 ++++++ charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 3cb72cef..1c8ccbc9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.36.0 +version: 2.36.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.7.0 + description: Add annotations for notifications secret diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 4284942c..b6d8160a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -58,6 +58,7 @@ For full list of changes please check ArtifactHub [changelog]. | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template | | notifications.notifiers | object | `{}` | Configures notification services | +| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.templates | object | `{}` | Notification templates | diff --git a/charts/argo-rollouts/templates/controller/notifications-secret.yaml b/charts/argo-rollouts/templates/controller/notifications-secret.yaml index 52b393df..f48d895f 100644 --- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml @@ -4,6 +4,12 @@ kind: Secret metadata: name: argo-rollouts-notification-secret namespace: {{ .Release.Namespace | quote }} + {{- with .Values.notifications.secret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 98a78471..089d5547 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -454,6 +454,8 @@ notifications: # -- Generic key:value pairs to be inserted into the notifications secret items: {} # slack-token: + # -- Annotations to be added to the notifications secret + annotations: {} # -- Configures notification services notifiers: {} From ad8d48c590f24a4b6e2fa1cbe72d65a4d5ab487b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Tue, 25 Jun 2024 05:48:03 +0200 Subject: [PATCH 418/617] =?UTF-8?q?feat(argo-cd):=20make=20PrometheusRule?= =?UTF-8?q?=20deployment=20conditional=20on=20CRD=20exis=E2=80=A6=20(#2791?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-application-controller/prometheusrule.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 70bca9bb..196b482c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.2.1 +version: 7.3.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Default argocd repo-server init container replicas to empty + description: make PrometheusRule deployment conditional on CRD existence diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index 86d66564..20d8eea8 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: From 7b30c3bcfa011d4cfeb83e2441bf5ff4d00728e9 Mon Sep 17 00:00:00 2001 From: Clement Chevalier <69809982+clemcvlcs@users.noreply.github.com> Date: Tue, 25 Jun 2024 14:25:46 +0200 Subject: [PATCH 419/617] chore(argo-cd): add shard option for clusterCredentials (#2779) feat(argocd): add shard option for clusterCredentials Signed-off-by: Clement Chevalier --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-configs/cluster-secrets.yaml | 3 +++ charts/argo-cd/values.yaml | 10 ++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 196b482c..906b8661 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.0 +version: 7.3.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: make PrometheusRule deployment conditional on CRD existence + description: add shard option for clusterCredentials diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 2682e70e..d952f7c9 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -19,6 +19,9 @@ metadata: {{- end }} type: Opaque stringData: + {{- if $cluster_value.shard }} + shard: {{ $cluster_value.shard }} + {{- end }} name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} {{- if $cluster_value.namespaces }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 001a3d97..a89a9f96 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -461,6 +461,16 @@ configs: # tlsClientConfig: # insecure: false # caData: "" + # mycluster4-sharded: + # shard: 1 + # server: https://mycluster4.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" # -- Repository credentials to be used as Templates for other repos ## Creates a secret for each key/value specified below to create repository credentials From ee508fe7fc9780529d4f425de424b42d6b7c4105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Halc=C3=B3n?= Date: Tue, 25 Jun 2024 15:04:32 +0200 Subject: [PATCH 420/617] fix(argo-rollouts): Add subscriptions into notifcations-configmap (#2793) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(argo-rollouts): Add subscriptions into notifcations-configmap Signed-off-by: Jaime Pérez Halcón * fix(argo-rollouts): Set version Signed-off-by: Jaime Pérez Halcón * fix(argo-rollouts): Updated readme Signed-off-by: Jaime Pérez Halcón * fix(values.yaml): fixed trailing spaces Signed-off-by: Jaime Pérez Halcón --------- Signed-off-by: Jaime Pérez Halcón Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + .../templates/controller/notifcations-configmap.yaml | 4 ++++ charts/argo-rollouts/values.yaml | 8 ++++++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 1c8ccbc9..c72282f6 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.36.1 +version: 2.36.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add annotations for notifications secret + description: Add subscriptions into notifications-configmap diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index b6d8160a..1d7c59cd 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -61,6 +61,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | +| notifications.subscriptions | object | `{}` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml index a370a600..8d4cd6b4 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml @@ -16,3 +16,7 @@ data: {{- with .Values.notifications.triggers }} {{- toYaml . | nindent 2 }} {{- end }} + {{- with .Values.notifications.subscriptions }} + subscriptions: + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 089d5547..7e142c24 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -479,3 +479,11 @@ notifications: # trigger.on-purple: | # - send: [my-purple-template] # when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple' + + # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts + subscriptions: {} + # subscriptions: + # recipients: + # - slack: + # triggers: + # - on-rollout-completed From db0f57b309ea6dec4b951e4340defff0c603ce21 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 26 Jun 2024 14:27:44 +0900 Subject: [PATCH 421/617] fix(argo-events): Update Jetstream versions as following upstream (#2790) --- charts/argo-events/Chart.yaml | 6 ++--- charts/argo-events/README.md | 46 +++++++++++++++++++++++++++++--- charts/argo-events/values.yaml | 48 +++++++++++++++++++++++++++++++--- 3 files changed, 90 insertions(+), 10 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 394b150c..aae23442 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.2 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.6 +version: 2.4.7 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-events to v1.9.2 + - kind: fixed + description: Update Jetstream versions as following upstream diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index c9cd5083..5d2c036b 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -65,11 +65,51 @@ done | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | -| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:latest"` | | -| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:latest"` | | -| configs.jetstream.versions[0].natsImage | string | `"nats:latest"` | | +| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | | | configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | | configs.jetstream.versions[0].version | string | `"latest"` | | +| configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` | | +| configs.jetstream.versions[1].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[1].version | string | `"2.8.1"` | | +| configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` | | +| configs.jetstream.versions[2].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` | | +| configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` | | +| configs.jetstream.versions[3].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[3].version | string | `"2.8.2"` | | +| configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` | | +| configs.jetstream.versions[4].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` | | +| configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` | | +| configs.jetstream.versions[5].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[5].version | string | `"2.9.1"` | | +| configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` | | +| configs.jetstream.versions[6].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[6].version | string | `"2.9.12"` | | +| configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` | | +| configs.jetstream.versions[7].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[7].version | string | `"2.9.16"` | | +| configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` | | +| configs.jetstream.versions[8].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[8].version | string | `"2.10.10"` | | | configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index b959e6cd..09a2d9ea 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -96,10 +96,50 @@ configs: duplicates: 300s # Supported versions of JetStream eventbus versions: - - version: "latest" - natsImage: nats:latest - metricsExporterImage: natsio/prometheus-nats-exporter:latest - configReloaderImage: natsio/nats-server-config-reloader:latest + - version: latest + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 + startCommand: /nats-server + - version: 2.8.1 + natsImage: nats:2.8.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.1-alpine + natsImage: nats:2.8.1-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.8.2 + natsImage: nats:2.8.2 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.2-alpine + natsImage: nats:2.8.2-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.9.1 + natsImage: nats:2.9.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.12 + natsImage: nats:2.9.12 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.16 + natsImage: nats:2.9.16 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.10.10 + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 startCommand: /nats-server # -- Array of extra K8s manifests to deploy From 889c3e95653a21f6b0aed6e6047e5a913452401f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 26 Jun 2024 09:02:42 +0200 Subject: [PATCH 422/617] chore(deps): update actions/create-github-app-token action to v1.10.2 (#2798) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d69671c9..f647beb0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1 + uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 3d98d04f431bad7362c2d8643dd840ddf4c6aced Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 26 Jun 2024 18:10:00 +0900 Subject: [PATCH 423/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.1 (#2794) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.1 * feat(argo-rollouts): update as following upstream Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 6 +++--- .../templates/controller/deployment.yaml | 12 ++++++++++-- .../templates/crds/analysis-run-crd.yaml | 1 - .../templates/crds/analysis-template-crd.yaml | 1 - .../crds/cluster-analysis-template-crd.yaml | 1 - charts/argo-rollouts/values.yaml | 1 + 6 files changed, 14 insertions(+), 8 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index c72282f6..0aef8f18 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.0 +appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.36.2 +version: 2.37.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add subscriptions into notifications-configmap + description: Bump argo-rollouts to v1.7.1 diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 851dec0b..df5dc4db 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -80,8 +80,12 @@ spec: {{- toYaml .Values.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} - {{- with .Values.controller.volumeMounts }} volumeMounts: + - name: plugin-bin + mountPath: /home/argo-rollouts/plugin-bin + - name: tmp + mountPath: /tmp + {{- with .Values.controller.volumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.controller.extraContainers }} @@ -120,7 +124,11 @@ spec: {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} - {{- with .Values.controller.volumes }} volumes: + - name: plugin-bin + emptyDir: {} + - name: tmp + emptyDir: {} + {{- with .Values.controller.volumes }} {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 52c75d97..d79c3608 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -189,7 +189,6 @@ spec: datadog: properties: aggregator: - default: last enum: - avg - min diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 794c7617..3c46bbad 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -185,7 +185,6 @@ spec: datadog: properties: aggregator: - default: last enum: - avg - min diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index b6c9f6f0..b7b07c2e 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -185,7 +185,6 @@ spec: datadog: properties: aggregator: - default: last enum: - avg - min diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 7e142c24..f8bc359f 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -120,6 +120,7 @@ controller: # limits: # cpu: 100m # memory: 128Mi + # ephemeral-storage: 1Gi # requests: # cpu: 50m # memory: 64Mi From 425e98ecff7bbfa5ccc6f94980c6a9699daf4e99 Mon Sep 17 00:00:00 2001 From: ajax-bychenok-y <138507453+ajax-bychenok-y@users.noreply.github.com> Date: Wed, 26 Jun 2024 13:39:03 +0300 Subject: [PATCH 424/617] fix(argo-rollouts): Fix of global subscriptions for Argo Rollouts (#2797) * Fix of Argo Rollouts notifications subscription Signed-off-by: Yurii Bychenok * Fixed Argo Rollouts helm changelog Signed-off-by: Yurii Bychenok * Fixed Argo Rollouts helm default values.yaml Signed-off-by: Yurii Bychenok * Fixed Argo Rollouts doc after helm update Signed-off-by: Yurii Bychenok --------- Signed-off-by: Yurii Bychenok Signed-off-by: Aikawa Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 2 +- .../templates/controller/notifcations-configmap.yaml | 2 +- charts/argo-rollouts/values.yaml | 10 +++++----- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 0aef8f18..df878d7f 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.0 +version: 2.37.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-rollouts to v1.7.1 + - kind: fixed + description: Fix subscriptions into notifications-configmap diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 1d7c59cd..13a4f24b 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -61,7 +61,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | -| notifications.subscriptions | object | `{}` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | +| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml index 8d4cd6b4..4748bfc1 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml @@ -17,6 +17,6 @@ data: {{- toYaml . | nindent 2 }} {{- end }} {{- with .Values.notifications.subscriptions }} - subscriptions: + subscriptions: | {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index f8bc359f..2a3b7c15 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -482,9 +482,9 @@ notifications: # when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple' # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts - subscriptions: {} - # subscriptions: - # recipients: - # - slack: + subscriptions: [] + # - recipients: + # - slack: # triggers: - # - on-rollout-completed + # - on-rollout-completed + # - on-rollout-aborted From 171177ab77f3e5b242566de5a3b8638c10a40928 Mon Sep 17 00:00:00 2001 From: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> Date: Wed, 26 Jun 2024 14:28:42 +0300 Subject: [PATCH 425/617] feat(argo-cd): add support for passing redis - sentinel credentials (#2492) * feat: add support for passing redis - sentinel credentials Signed-off-by: ShlomiTubul * feat: add changelog annotations Signed-off-by: ShlomiTubul * Update Chart.yaml Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> * Update Chart.yaml Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> * Update Chart.yaml Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> --------- Signed-off-by: ShlomiTubul Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- .../argocd-application-controller/statefulset.yaml | 12 ++++++++++++ .../templates/argocd-repo-server/deployment.yaml | 12 ++++++++++++ .../argo-cd/templates/argocd-server/deployment.yaml | 12 ++++++++++++ charts/argo-cd/values.yaml | 2 +- 6 files changed, 41 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 906b8661..06d3d2f6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.1 +version: 7.3.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: add shard option for clusterCredentials + - kind: added + description: Add support for passing redis - sentinel credentials diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8ef96974..3801650d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1347,7 +1347,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored | +| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | | externalRedis.host | string | `""` | External Redis server host | | externalRedis.password | string | `""` | External Redis password | | externalRedis.port | int | `6379` | External Redis server port | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 947307d7..4fb49bee 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -211,6 +211,18 @@ spec: {{- else }} key: auth {{- end }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 7a29d147..992d2369 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -188,6 +188,18 @@ spec: {{- else }} key: auth {{- end }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 125328a5..f20f2af0 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -256,6 +256,18 @@ spec: {{- else }} key: auth {{- end }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a89a9f96..0d42bf71 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1611,7 +1611,7 @@ externalRedis: password: "" # -- External Redis server port port: 6379 - # -- The name of an existing secret with Redis credentials (must contain key `redis-password`). + # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. # When it's set, the `externalRedis.password` parameter is ignored existingSecret: "" # -- External Redis Secret annotations From 9cefbb3dafab990bc7a5c1297bae01fefa3307f5 Mon Sep 17 00:00:00 2001 From: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> Date: Sat, 29 Jun 2024 00:52:17 +0300 Subject: [PATCH 426/617] fix(argo-cd): Make REDIS_PASSWORD environment variables optional always (#2800) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 06d3d2f6..b4a7c1af 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.2 +version: 7.3.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for passing redis - sentinel credentials + - kind: changed + description: make REDIS_PASSWORD environment variables optional always diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 4fb49bee..8231f311 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -205,9 +205,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + optional: true {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 992d2369..71e8c767 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -182,9 +182,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + optional: true {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f20f2af0..00a62fd2 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -250,9 +250,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + optional: true {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} From 80e6e6bebdf62fce7aacc5b973d46d6e7a10887d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 29 Jun 2024 07:43:46 -0500 Subject: [PATCH 427/617] chore(deps): bump the dependencies group with 2 updates (#2801) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 9828761b..170d908b 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2 + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 71c8da60..7ee9fec5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: results.sarif From 24275df2aa87653e6c3f62a41b9cfc4d5310f4ce Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 02:18:40 -0500 Subject: [PATCH 428/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.421.4 (#2802) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f647beb0..056f4109 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.384.0 + renovate-version: 37.421.4 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 475d7e724dfa7b6c0038b6504e1ddb8a4db6c873 Mon Sep 17 00:00:00 2001 From: Kaswob <44066982+Kaswob@users.noreply.github.com> Date: Mon, 1 Jul 2024 12:02:14 +0200 Subject: [PATCH 429/617] fix(argo-rollouts): Add traefik.io api group (#2703) Add traefik.io (which is the only supported apiGroup for traefik >3.0) to clusterrole and role of argo-rollouts chart Signed-off-by: Kamil Swoboda Signed-off-by: Kaswob <44066982+Kaswob@users.noreply.github.com> --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/templates/controller/clusterrole.yaml | 1 + charts/argo-rollouts/templates/controller/role.yaml | 1 + 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index df878d7f..53066aa5 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.1 +version: 2.37.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix subscriptions into notifications-configmap + - kind: added + description: Added traefik.io apiGroup to Role and ClusterRole diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index a80708b6..70c3bdf8 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -248,6 +248,7 @@ rules: # Traefik access needed when using the Traefik provider - apiGroups: - traefik.containo.us + - traefik.io resources: - traefikservices verbs: diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 584587b9..fdce087e 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -249,6 +249,7 @@ rules: # Traefik access needed when using the Traefik provider - apiGroups: - traefik.containo.us + - traefik.io resources: - traefikservices verbs: From 080e79078cae5d24a5bbc3712e5b9a23a6dc3716 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 23:21:48 +0200 Subject: [PATCH 430/617] chore(deps): update actions/create-github-app-token action to v1.10.3 (#2803) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 056f4109..d0ed6dbd 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2 + uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 5e862ea63bb487e1899588fb31e20f26ba833be6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:23:41 -0500 Subject: [PATCH 431/617] chore(deps): update renovatebot/github-action action to v40.2.0 (#2804) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d0ed6dbd..54249d70 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 + uses: renovatebot/github-action@259200be4d976a76196ec8985b0dddcaf1733b47 # v40.2.0 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From de281eca6e3e73bc8d96d29cd1c8cc637ab2752b Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 21:43:28 +0100 Subject: [PATCH 432/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.4 (#2805) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b4a7c1af..6dfce538 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.3 +appVersion: v2.11.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.3 +version: 7.3.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: make REDIS_PASSWORD environment variables optional always + description: Bump argo-cd to v2.11.4 From 50984954684e14bd6c43d19313d9487f78dd7237 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Jul 2024 07:43:25 -0500 Subject: [PATCH 433/617] chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 in the dependencies group (#2808) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7ee9fec5..8de765b9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif From f9b619dc6aac70ef9ce9f957db6478af5cf53435 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 19:55:39 +0200 Subject: [PATCH 434/617] chore(deps): update renovatebot/github-action action to v40.2.1 (#2811) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 54249d70..ba7bedb0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@259200be4d976a76196ec8985b0dddcaf1733b47 # v40.2.0 + uses: renovatebot/github-action@d4cde0ac34e53942ead1619a101748e3ab842937 # v40.2.1 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 6dab5492689e9f2d389515a7059564f9d0c9fb39 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 19:31:47 -0500 Subject: [PATCH 435/617] chore(deps): update renovatebot/github-action action to v40.2.2 (#2815) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ba7bedb0..5eced008 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@d4cde0ac34e53942ead1619a101748e3ab842937 # v40.2.1 + uses: renovatebot/github-action@042670e39b8d7335e992c3fa526ecbfbd52ef57b # v40.2.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From ea28da27d14035f9efa88750a45b1fdf21585ec0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 9 Jul 2024 22:31:36 +0100 Subject: [PATCH 436/617] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.14.0 (#2809) * chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.14.0 * feat(argocd-image-updater): upgrade as following upstream Signed-off-by: yu-croco * feat(argocd-image-updater): configure gitCommitSigningKey and gitCommitSignOff Signed-off-by: yu-croco * fix(argocd-image-updater): add missing attribute Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 +++--- charts/argocd-image-updater/README.md | 3 +++ .../templates/configmap.yaml | 9 +++++++ .../templates/deployment.yaml | 26 +++++++++++++++++++ charts/argocd-image-updater/values.yaml | 9 +++++++ 5 files changed, 51 insertions(+), 4 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index cbf21e4c..c358515f 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.10.2 -appVersion: v0.13.1 +version: 0.11.0 +appVersion: v0.14.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed a URL in values.yaml comments + - kind: changed + description: Bump argocd-image-updater to v0.14.0 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index ea57d402..5e51a8cd 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -79,6 +79,9 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | +| config.gitCommitSignOff | bool | `false` | Enables sign off on commits | +| config.gitCommitSigningKey | string | `""` | Path to public SSH key mounted in container, or GPG key ID used to sign commits | +| config.gitCommitSigningMethod | string | `""` | Method used to sign Git commits. `openpgp` or `ssh` | | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | | config.logLevel | string | `"info"` | Argo CD Image Update log level | diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 84eb6875..46ee3b80 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -31,6 +31,15 @@ data: git.commit-message-template: | {{- nindent 4 . }} {{- end }} + {{- with .Values.config.gitCommitSigningKey }} + git.commit-signing-key: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSignOff }} + git.commit-sign-off: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSigningMethod }} + git.commit-signing-method: {{ . | quote }} + {{- end }} kube.events: {{ .Values.config.disableKubeEvents | quote }} {{- with .Values.config.registries }} registries.conf: | diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index b6aa13fe..4aaa83b3 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -100,6 +100,24 @@ spec: key: kube.events name: argocd-image-updater-config optional: true + - name: GIT_COMMIT_SIGNING_KEY + valueFrom: + configMapKeyRef: + key: git.commit-signing-key + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGNING_METHOD + valueFrom: + configMapKeyRef: + key: git.commit-signing-method + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGN_OFF + valueFrom: + configMapKeyRef: + key: git.commit-sign-off + name: argocd-image-updater-config + optional: true {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} @@ -141,6 +159,10 @@ spec: name: ssh-config - mountPath: /tmp name: tmp + - name: ssh-signing-key + mountPath: /app/ssh-keys/id_rsa + readOnly: true + subPath: sshPrivateKey {{- if .Values.authScripts.enabled }} - mountPath: /scripts name: authscripts @@ -172,6 +194,10 @@ spec: name: argocd-image-updater-ssh-config optional: true name: ssh-config + - name: ssh-signing-key + secret: + secretName: ssh-git-creds + optional: true - emptyDir: {} name: tmp {{- with .Values.volumes }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 292f2c90..19291de9 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -133,6 +133,15 @@ config: # -- Changing the Git commit message gitCommitTemplate: "" + # -- Path to public SSH key mounted in container, or GPG key ID used to sign commits + gitCommitSigningKey: "" + + # -- Enables sign off on commits + gitCommitSignOff: false + + # -- Method used to sign Git commits. `openpgp` or `ssh` + gitCommitSigningMethod: "" + # -- Argo CD Image Update log level logLevel: "info" From 79e32424d68e39a46f40db7f5377db7a2b473960 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Wed, 10 Jul 2024 23:01:05 +0200 Subject: [PATCH 437/617] fix(argo-cd): Address oversights of feature `namespaceOverride` (#2821) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/NOTES.txt | 4 ++-- .../argocd-application-controller/prometheusrule.yaml | 2 +- .../argocd-application-controller/servicemonitor.yaml | 2 +- .../templates/argocd-applicationset/servicemonitor.yaml | 2 +- .../argo-cd/templates/argocd-configs/cluster-secrets.yaml | 2 +- .../argocd-configs/repository-credentials-secret.yaml | 2 +- .../argo-cd/templates/argocd-configs/repository-secret.yaml | 2 +- .../templates/argocd-notifications/servicemonitor.yaml | 2 +- .../templates/argocd-repo-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/role.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/rolebinding.yaml | 2 +- .../argo-cd/templates/redis-secret-init/serviceaccount.yaml | 2 +- charts/argo-cd/templates/redis/servicemonitor.yaml | 2 +- 17 files changed, 20 insertions(+), 20 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6dfce538..1f3f92a3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.4 +version: 7.3.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.4 + - kind: fixed + description: Address oversights of feature `namespaceOverride` diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index f2dbdfab..8821ab75 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,6 +1,6 @@ In order to access the server UI you have the following options: -1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 +1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443 and then open the browser on http://localhost:8080 and accept the certificate @@ -12,7 +12,7 @@ In order to access the server UI you have the following options: {{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d +kubectl -n {{ include "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli) {{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index 20d8eea8..6ddc7f4c 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- if .Values.controller.metrics.rules.selector }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 4a09daf3..a9edaf54 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 9c236c45..8fac6a8d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index d952f7c9..0b4b1e11 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with $cluster_value.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml index ed1d2fd7..e4d23f9a 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-creds-{{ $repo_cred_key }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: argocd.argoproj.io/secret-type: repo-creds {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml index 4c028958..4a77cf1b 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-{{ $repo_key }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: argocd.argoproj.io/secret-type: repository {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 03599a6d..0d2c704f 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 38041de3..70995398 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 2f96ca0a..74902ef0 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 3faa667a..2c03e597 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 27837465..68086235 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -3,7 +3,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "argo-cd.redisSecretInit.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml index ac5fd313..9e8259f9 100644 --- a/charts/argo-cd/templates/redis-secret-init/role.yaml +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -8,7 +8,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} name: {{ include "argo-cd.redisSecretInit.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} rules: - apiGroups: - "" diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml index 7ea1de96..a199628a 100644 --- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -8,7 +8,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} name: {{ include "argo-cd.redisSecretInit.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml index d6b95f13..a5352b72 100644 --- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 2126bafb..4132c1ce 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -4,7 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.serviceMonitor.selector }} From 2653aef414ab6a5d8617af75f04190a8f7da28dc Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 12 Jul 2024 01:04:45 +0200 Subject: [PATCH 438/617] fix(argo-cd): Address inconsistent redis-secret-init SA handling (#2823) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 2 +- .../argo-cd/templates/redis-secret-init/serviceaccount.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1f3f92a3..5ddb4c65 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.5 +version: 7.3.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Address oversights of feature `namespaceOverride` + description: Address inconsistent redis-secret-init ServiceAccount handling diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index c609f19f..eb3f7a2a 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -99,7 +99,7 @@ Create the name of the Redis secret-init service account to use */}} {{- define "argo-cd.redisSecretInit.serviceAccountName" -}} {{- if .Values.redisSecretInit.serviceAccount.create -}} - {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }} {{- else -}} {{ default "default" .Values.redisSecretInit.serviceAccount.name }} {{- end -}} diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml index a5352b72..85540d26 100644 --- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} From 94b270ad1849b51a68c25eba0337836ace345877 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jul 2024 15:01:55 +0200 Subject: [PATCH 439/617] chore(deps): bump the dependencies group with 2 updates (#2829) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 95a10226..656e47d0 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: 3.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8de765b9..832240c2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif From 2285578bba7f769a74ba2ca0494278393c1e80b7 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 10:16:44 +0900 Subject: [PATCH 440/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.5 (#2832) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5ddb4c65..f2b1c264 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.4 +appVersion: v2.11.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.6 +version: 7.3.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Address inconsistent redis-secret-init ServiceAccount handling + - kind: changed + description: Bump argo-cd to v2.11.5 From 809351a3fbee60102dec3ac3bf40de2d0559ea5e Mon Sep 17 00:00:00 2001 From: Filipe Date: Thu, 18 Jul 2024 11:52:38 +1200 Subject: [PATCH 441/617] fix(argo-cd): Missing Redis sentinel variables in app controller deployment (#2806) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/deployment.yaml | 14 +++++++++++++- .../argocd-application-controller/statefulset.yaml | 2 +- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f2b1c264..b943f562 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.7 +version: 7.3.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.5 + - kind: fixed + description: Add Redis Sentinel variables to application controller deployment diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 7c4a2a6d..3938c25d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -208,10 +208,22 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 8231f311..3938a759 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -205,12 +205,12 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - optional: true {{- if .Values.externalRedis.host }} key: redis-password {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: From be36117924528d94f33a2b256eeb70042cba6536 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 19 Jul 2024 19:22:48 +0900 Subject: [PATCH 442/617] docs(argo-cd): Add Changelog for v7.0.0 (#2835) chore(argo-cd): Add Changelog for v7.0.0 Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 25 +++++++++++++++++++++++++ charts/argo-cd/README.md.gotmpl | 25 +++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b943f562..8dc290ce 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.8 +version: 7.3.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add Redis Sentinel variables to application controller deployment + - kind: added + description: Add Changelog for v7.0.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3801650d..c55c5577 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + ### 6.10.0 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 6ab46ffc..8ee73e93 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + ### 6.10.0 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. From 211bd44603726c352f7cba26c333865a1ac3f182 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 21 Jul 2024 22:03:46 +0200 Subject: [PATCH 443/617] chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 in the dependencies group (#2838) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 832240c2..0aa94eb3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: sarif_file: results.sarif From b4151e94bab875f1ed5480acc0e91a963440e27a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:33:43 +0200 Subject: [PATCH 444/617] chore(deps): update renovatebot/github-action action to v40.2.3 (#2842) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 5eced008..a04d69bf 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@042670e39b8d7335e992c3fa526ecbfbd52ef57b # v40.2.2 + uses: renovatebot/github-action@8ce0fe8066eb6b16e1bf499b21bc96e5ccd962a4 # v40.2.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From d32e6b537c20e0e541bbebc728e9eba08c4ce60a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 18:14:22 +0100 Subject: [PATCH 445/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.6 (#2843) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8dc290ce..dbf4e113 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.5 +appVersion: v2.11.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.9 +version: 7.3.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add Changelog for v7.0.0 + - kind: changed + description: Bump argo-cd to v2.11.6 From 511d0d0adcedc61701f6abdbe5a6699b3d2d9e65 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 24 Jul 2024 12:44:35 +0100 Subject: [PATCH 446/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.7 (#2845) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index dbf4e113..d3de3e38 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.6 +appVersion: v2.11.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.10 +version: 7.3.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.6 + description: Bump argo-cd to v2.11.7 From 89bc396b55f19cd4cf20cb41802c9def2511642a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jul 2024 08:16:48 -0500 Subject: [PATCH 447/617] chore(deps): bump the dependencies group with 3 updates (#2850) --- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7cdbac43..7dc62234 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0aa94eb3..0a5792f5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From 87e6dd9b6330db2f47b97eaa5f8b110949f01ae3 Mon Sep 17 00:00:00 2001 From: Roland Kool Date: Mon, 29 Jul 2024 09:25:24 +0200 Subject: [PATCH 448/617] chore(argo-rollouts): add option to disable creation of notifications configmap (#2849) * chore(argo-rollouts): add option to disable creation of notifications configmap This allows for using the upstream notifications configmap from https://github.com/argoproj/argo-rollouts/blob/master/manifests/notifications-install.yaml Signed-off-by: Roland Kool * chore: update changelog Signed-off-by: Roland Kool * chore: fix chart version bump Signed-off-by: Roland Kool --------- Signed-off-by: Roland Kool Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + ...tifcations-configmap.yaml => notifications-configmap.yaml} | 2 ++ charts/argo-rollouts/values.yaml | 4 ++++ 4 files changed, 9 insertions(+), 2 deletions(-) rename charts/argo-rollouts/templates/controller/{notifcations-configmap.yaml => notifications-configmap.yaml} (91%) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 53066aa5..05d40de7 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.2 +version: 2.37.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added traefik.io apiGroup to Role and ClusterRole + description: Added setting to disable creation of the notifications ConfigMap diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 13a4f24b..b6a6f44d 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -57,6 +57,7 @@ For full list of changes please check ArtifactHub [changelog]. | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template | +| notifications.configmap.create | bool | `true` | Whether to create notifications configmap | | notifications.notifiers | object | `{}` | Configures notification services | | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml similarity index 91% rename from charts/argo-rollouts/templates/controller/notifcations-configmap.yaml rename to charts/argo-rollouts/templates/controller/notifications-configmap.yaml index 4748bfc1..680f468f 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml @@ -1,3 +1,4 @@ +{{ if .Values.notifications.configmap.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -20,3 +21,4 @@ data: subscriptions: | {{- toYaml . | nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 2a3b7c15..a4d313e0 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -449,6 +449,10 @@ dashboard: volumeMounts: [] notifications: + configmap: + # -- Whether to create notifications configmap + create: true + secret: # -- Whether to create notifications secret create: false From 3ecc30aa158ff3f710acf01863f1307a90c19a54 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 13:18:01 +0900 Subject: [PATCH 449/617] chore(deps): update renovatebot/github-action action to v40.2.4 (#2851) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index a04d69bf..177e527e 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@8ce0fe8066eb6b16e1bf499b21bc96e5ccd962a4 # v40.2.3 + uses: renovatebot/github-action@76d49712364696a06b60e8647df46b288fff0ddc # v40.2.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 3fb3397d961451a149c2fe7cf1ee4a51355ac9d0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 16:39:06 +0900 Subject: [PATCH 450/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.9 (#2852) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 99d313f8..d024db62 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.8 +appVersion: v3.5.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.11 +version: 0.41.12 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add `app:` label to components to match upstream + - kind: changed + description: Bump argo-workflows to v3.5.9 From 67c720d23f1247726a4a4f63b3b8ef51808e2803 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 16:18:41 +0900 Subject: [PATCH 451/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.10 (#2856) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index d024db62..c2d0d9e9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.9 +appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.12 +version: 0.41.13 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.9 + description: Bump argo-workflows to v3.5.10 From d89333a6b801fc67d83b30ce76ecd2d0e774185f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 13:42:22 +0200 Subject: [PATCH 452/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38 (#2855) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 177e527e..1f793b2d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.421.4 + renovate-version: 38.18.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From b5fcbe23c86e5a5fbfe51d976ac88876ee5704ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= Date: Fri, 2 Aug 2024 12:42:36 +0200 Subject: [PATCH 453/617] fix(argo-workflows): avoid empty namespace in role binding when singleNamespace is true (#2858) Signed-off-by: Aljoscha Poertner --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/controller/workflow-rb.yaml | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c2d0d9e9..1ed66b76 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.13 +version: 0.41.14 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.10 + - kind: fixed + description: Avoid empty namespace in role binding when singleNamespace is true diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index ec5ac172..d1d0e329 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -17,7 +17,9 @@ roleRef: subjects: - kind: ServiceAccount name: {{ $.Values.workflow.serviceAccount.name }} - namespace: {{ $namespace }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} {{- range $.Values.workflow.rbac.serviceAccounts }} - kind: ServiceAccount name: {{ .name }} From feff5aeea050ef21e1fc6d3e377108e1baff66cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Aug 2024 14:29:55 +0200 Subject: [PATCH 454/617] chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 in the dependencies group (#2860) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0a5792f5..1d8ccb97 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif From c2ba09055c1c95e851e6fad2fb07b3ca915bc688 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:43:54 -0500 Subject: [PATCH 455/617] chore(deps): update renovatebot/github-action action to v40.2.5 (#2862) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 1f793b2d..b1830e28 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@76d49712364696a06b60e8647df46b288fff0ddc # v40.2.4 + uses: renovatebot/github-action@0c94129d48b4e92addf23686b8a735b3057a0448 # v40.2.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 97a3db19cff7acb27d491a6818b9d6a4d9d0fc7a Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 5 Aug 2024 17:21:48 +0200 Subject: [PATCH 456/617] feat(argo-cd): Upgrade to Argo CD 2.12.0 (#2820) --- charts/argo-cd/Chart.yaml | 8 +- charts/argo-cd/README.md | 2 +- .../templates/argocd-applicationset/role.yaml | 2 + .../argocd-repo-server/deployment.yaml | 6 + .../templates/crds/crd-application.yaml | 271 +++++++++--------- .../templates/crds/crd-applicationset.yaml | 45 +++ .../argo-cd/templates/crds/crd-project.yaml | 60 ++-- 7 files changed, 223 insertions(+), 171 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d3de3e38..514979df 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.7 -kubeVersion: ">=1.23.0-0" +appVersion: v2.12.0 +kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.11 +version: 7.4.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.7 + description: Bump argo-cd to v2.11.4 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c55c5577..e9922c73 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -647,7 +647,7 @@ server: ## Prerequisites -- Kubernetes: `>=1.23.0-0` +- Kubernetes: `>=1.25.0-0` - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index 69ebf7ee..d8cfed62 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -34,6 +34,8 @@ rules: - appprojects verbs: - get + - list + - watch - apiGroups: - "" resources: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 71e8c767..46a0bb95 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -290,6 +290,12 @@ spec: key: reposerver.revision.cache.lock.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 686626ba..1b75cebd 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -39,20 +39,29 @@ spec: name: Revision priority: 10 type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -150,22 +159,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or chart - version (Helm) which to sync each source in sources field for - the application to If omitted, will use the revision specified - in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -486,18 +494,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -825,11 +833,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -848,10 +855,10 @@ spec: the sync. properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -859,10 +866,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -883,9 +890,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -914,10 +921,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -944,18 +950,17 @@ spec: type: object type: array project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: @@ -1274,10 +1279,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1606,10 +1611,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of - Helm, this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2102,11 +2107,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2448,11 +2452,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2464,9 +2467,9 @@ spec: type: object type: array observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string operationState: @@ -2579,22 +2582,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or - chart version (Helm) which to sync each source in sources - field for the application to If omitted, will use the - revision specified in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2937,19 +2939,18 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3300,11 +3301,10 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision - of the source to sync the application to. In case - of Git, this can be commit, tag, or branch. If - omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3325,11 +3325,10 @@ spec: to perform the sync. properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -3337,11 +3336,10 @@ spec: to perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -3385,9 +3383,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3772,11 +3770,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4127,11 +4124,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4158,8 +4154,9 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type properties: group: type: string @@ -4242,10 +4239,9 @@ spec: if Server is not set. type: string namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4274,10 +4270,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted - managers. Fields mutated by those managers will take - precedence over the desired state defined in the SCM - and won't be displayed in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -4623,11 +4618,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4978,11 +4972,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 6414d832..899c5d09 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -72,6 +72,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -668,6 +669,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -2430,6 +2432,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -3026,6 +3029,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -6891,6 +6895,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array template: @@ -7487,6 +7492,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8083,6 +8089,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -11948,6 +11955,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -14648,6 +14656,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -15306,11 +15315,16 @@ spec: type: string step: type: string + targetRevisions: + items: + type: string + type: array required: - application - message - status - step + - targetRevisions type: object type: array conditions: @@ -15334,6 +15348,37 @@ spec: - type type: object type: array + resources: + items: + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array type: object required: - metadata diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 38801469..f9910152 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -31,22 +31,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -57,9 +63,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -74,9 +80,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -103,9 +109,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -118,9 +124,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -135,9 +141,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string From 2251079c2627ed54ef7a529e967f55a4dd82199a Mon Sep 17 00:00:00 2001 From: Johannes Kleinlercher Date: Tue, 6 Aug 2024 12:14:17 +0200 Subject: [PATCH 457/617] fix(argo-cd): Set TTL on redis-secret-init Job (#2861) * feat: set ttlsecondsafterfinished to prevent stuck during sync when managed by argocd Signed-off-by: Johannes Kleinlercher * fix: increased version and added changelig Signed-off-by: Johannes Kleinlercher * chore: Apply suggestions from code review Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: Johannes Kleinlercher Signed-off-by: Johannes Kleinlercher Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 514979df..1084146a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.0 +version: 7.4.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.4 + - kind: fixed + description: added ttlsecondsafterfinished in redis-secret-init job to prevent a stuck in waiting for completion of hook batch/Job/argocd-redis-secret-init diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 68086235..643dadc7 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -13,6 +13,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} spec: + ttlSecondsAfterFinished: 60 template: metadata: labels: From 817182bdb0bd6e3e1082fe392f3ad89712c25ea8 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 9 Aug 2024 00:02:08 +0900 Subject: [PATCH 458/617] fix(argo-cd): Fix Redis race condition due to optional REDIS_PASSWORD (#2839) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1084146a..f11fcf4e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.1 +version: 7.4.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: added ttlsecondsafterfinished in redis-secret-init job to prevent a stuck in waiting for completion of hook batch/Job/argocd-redis-secret-init + description: Fix Redis race condition due to optional REDIS_PASSWORD diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3938a759..4fb49bee 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -207,10 +207,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password + optional: true {{- else }} key: auth {{- end }} - optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 46a0bb95..500b2e44 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -182,9 +182,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - optional: true {{- if .Values.externalRedis.host }} key: redis-password + optional: true {{- else }} key: auth {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 00a62fd2..f20f2af0 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -250,9 +250,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - optional: true {{- if .Values.externalRedis.host }} key: redis-password + optional: true {{- else }} key: auth {{- end }} From a7e5915b2163ba62e7763ed97dce8be496868fa4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Aug 2024 12:43:15 +0200 Subject: [PATCH 459/617] chore(deps): bump the dependencies group with 2 updates (#2871) --- .github/workflows/scorecard.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1d8ccb97..0d99d22b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif From 4f4fb956d372604e86abcfb03038eedc7c2578a0 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 12 Aug 2024 17:58:01 +0900 Subject: [PATCH 460/617] fix(argo-rollouts): Align permissions for controller's ClusterRole / Role (#2830) * fix(argo-rollouts): Align permissions for controller's ClusterRole / Role Signed-off-by: yu-croco * fix(argo-rollouts): correct typo Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 6 +- charts/argo-rollouts/templates/_helpers.tpl | 307 ++++++++++++++++++ .../templates/controller/clusterrole.yaml | 302 +---------------- .../templates/controller/role.yaml | 287 +--------------- 4 files changed, 312 insertions(+), 590 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 05d40de7..ddb90274 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.3 +version: 2.37.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added setting to disable creation of the notifications ConfigMap + - kind: fixed + description: Align permissions for controller's ClusterRole and Role diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 46ebaea5..4c23c54e 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -109,3 +109,310 @@ Return the appropriate apiVersion for pod disruption budget {{- print "policy/v1" -}} {{- end -}} {{- end -}} + +{{/* +Return the rules for controller's Role and ClusterRole +*/}} +{{- define "argo-rollouts.controller.roleRules" -}} +- apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch +# replicaset access needed for managing ReplicaSets +- apiGroups: + - apps + resources: + - replicasets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +# deployments and podtemplates read access needed for workload reference support +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch +# services patch needed to update selector of canary/stable/active/preview services +# services create needed to create and delete services for experiments +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - patch + - create + - delete +# leases create/get/update needed for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +# secret read access to run analysis templates which reference secrets +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} +# pod list/update needed for updating ephemeral data +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - update + - watch +# pods eviction needed for restart +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +# event write needed for emitting events +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +# ingress patch needed for managing ingress annotations, create needed for nginx canary +- apiGroups: + - networking.k8s.io + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - watch + - update + - patch +# job access needed for analysis template job metrics +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +{{- if .Values.providerRBAC.enabled }} +{{- if .Values.providerRBAC.providers.istio }} +# virtualservice/destinationrule access needed for using the Istio provider +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + verbs: + - watch + - get + - update + - patch + - list +{{- end }} +{{- if .Values.providerRBAC.providers.smi }} +# trafficsplit access needed for using the SMI provider +- apiGroups: + - split.smi-spec.io + resources: + - trafficsplits + verbs: + - create + - watch + - get + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.ambassador }} +# ambassador access needed for Ambassador provider +- apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - mappings + - ambassadormappings + verbs: + - create + - watch + - get + - update + - list + - delete +{{- end }} +{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} +# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - list + - get +{{- end }} +{{- if .Values.providerRBAC.providers.awsAppMesh }} +# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - watch + - get + - list +# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - watch + - get + - list + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.traefik }} +# Traefik access needed when using the Traefik provider +- apiGroups: + - traefik.containo.us + - traefik.io + resources: + - traefikservices + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.apisix }} +# Access needed when using the Apisix provider +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.contour }} + # Access needed when using the Contour provider +- apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - list + - watch + - update +{{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 70c3bdf8..026f23d7 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -7,305 +7,5 @@ metadata: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# deployments and podtemplates read access needed for workload reference support -- apiGroups: - - "" - - apps - resources: - - deployments - - podtemplates - verbs: - - get - - list - - watch -# services patch needed to update selector of canary/stable/active/preview services -# services create needed to create and delete services for experiments -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch - - create - - delete -# leases create/get/update needed for leader election -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -# secret read access to run analysis templates which reference secrets -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch -{{- if .Values.providerRBAC.providers.gatewayAPI }} - - create - - update -{{- end }} -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update - - watch -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - update - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- if .Values.providerRBAC.enabled }} -{{- if .Values.providerRBAC.providers.istio }} -# virtualservice/destinationrule access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - - destinationrules - verbs: - - watch - - get - - update - - patch - - list -{{- end }} -{{- if .Values.providerRBAC.providers.smi }} -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.ambassador }} -# ambassador access needed for Ambassador provider -- apiGroups: - - getambassador.io - - x.getambassador.io - resources: - - mappings - - ambassadormappings - verbs: - - create - - watch - - get - - update - - list - - delete -{{- end }} -{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} -# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - list - - get -{{- end }} -{{- if .Values.providerRBAC.providers.awsAppMesh }} -# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - watch - - get - - list -# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - watch - - get - - list - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.traefik }} -# Traefik access needed when using the Traefik provider -- apiGroups: - - traefik.containo.us - - traefik.io - resources: - - traefikservices - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.apisix }} -# Access needed when using the Apisix provider -- apiGroups: - - apisix.apache.org - resources: - - apisixroutes - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.contour }} - # Access needed when using the Contour provider -- apiGroups: - - projectcontour.io - resources: - - httpproxies - verbs: - - get - - list - - watch - - update -{{- end }} -{{- if .Values.providerRBAC.providers.glooPlatform }} - # Access needed when using the Gloo Platform provider -- apiGroups: - - networking.gloo.solo.io - resources: - - routetables - verbs: - - '*' -{{- end }} -{{- if .Values.providerRBAC.providers.gatewayAPI }} - # Access needed when using the Gateway API provider -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - - tcproutes - - tlsroutes - - udproutes - - grpcroutes - verbs: - - get - - list - - watch - - update -{{- end }} -{{- with .Values.providerRBAC.additionalRules }} -{{ toYaml . }} -{{- end }} -{{- end }} + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index fdce087e..6ba0805a 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -8,290 +8,5 @@ metadata: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# deployments and podtemplates read access needed for workload reference support -- apiGroups: - - "" - - apps - resources: - - deployments - - podtemplates - verbs: - - get - - list - - watch -# services patch needed to update selector of canary/stable/active/preview services -# services create needed to create and delete services for experiments -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch - - create - - delete -# leases create/get/update needed for leader election -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -# secret read access to run analysis templates which reference secrets -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch -{{- if .Values.providerRBAC.providers.gatewayAPI }} - - create - - update -{{- end }} -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update - - watch -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - update - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- if .Values.providerRBAC.enabled }} -{{- if .Values.providerRBAC.providers.istio }} -# virtualservice/destinationrule access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - - destinationrules - verbs: - - watch - - get - - update - - patch - - list -{{- end }} -{{- if .Values.providerRBAC.providers.smi }} -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.ambassador }} -# ambassador access needed for Ambassador provider -- apiGroups: - - getambassador.io - - x.getambassador.io - resources: - - mappings - - ambassadormappings - verbs: - - create - - watch - - get - - update - - list - - delete -{{- end }} -{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} -# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - list - - get -{{- end }} -{{- if .Values.providerRBAC.providers.awsAppMesh }} -# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - watch - - get - - list -# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - watch - - get - - list - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.traefik }} -# Traefik access needed when using the Traefik provider -- apiGroups: - - traefik.containo.us - - traefik.io - resources: - - traefikservices - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.apisix }} -# Access needed when using the Apisix provider -- apiGroups: - - apisix.apache.org - resources: - - apisixroutes - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.glooPlatform }} - # Access needed when using the Gloo Platform provider -- apiGroups: - - networking.gloo.solo.io - resources: - - routetables - verbs: - - '*' -{{- end }} -{{- if .Values.providerRBAC.providers.gatewayAPI }} - # Access needed when using the Gateway API provider -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - - tcproutes - - tlsroutes - - udproutes - - grpcroutes - verbs: - - get - - list - - watch - - update -{{- end }} -{{- end }} + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} {{- end }} From 96320b6486b6ee781ba62223c08b3b2b33d8d042 Mon Sep 17 00:00:00 2001 From: 1102 <90682513+nueavv@users.noreply.github.com> Date: Tue, 13 Aug 2024 00:28:21 +0900 Subject: [PATCH 461/617] feat(argo-cd): Update Notification Liveness/Readiness Probes (#2872) --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 12 ++++++++ .../argocd-notifications/deployment.yaml | 20 +++++++++++++ charts/argo-cd/values.yaml | 30 +++++++++++++++++++ 4 files changed, 65 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f11fcf4e..f2725dab 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.2 +version: 7.4.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix Redis race condition due to optional REDIS_PASSWORD + - kind: added + description: "Added liveness and readiness probes to the notification controller." diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index e9922c73..39baf405 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1542,6 +1542,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller | | notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod | +| notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` | | notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` | | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | @@ -1570,6 +1576,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | | notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods | +| notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 4bdb24f6..0f6ad38b 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -107,6 +107,26 @@ spec: - name: metrics containerPort: {{ .Values.notifications.containerPorts.metrics }} protocol: TCP + {{- if .Values.notifications.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.notifications.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.notifications.resources | nindent 12 }} {{- with .Values.notifications.containerSecurityContext }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 0d42bf71..08a26b8b 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3307,6 +3307,36 @@ notifications: drop: - ALL + ## Probes for notifications controller Pods (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 From f4101a794717207fe914946e8e23e2d779ffbd99 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 11:03:09 -0500 Subject: [PATCH 462/617] chore(deps): update renovatebot/github-action action to v40.2.6 (#2876) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b1830e28..a2bdbb74 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@0c94129d48b4e92addf23686b8a735b3057a0448 # v40.2.5 + uses: renovatebot/github-action@b266b24b144602ed4f512f0773009d026722f4cc # v40.2.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 51e1e5b7356676f93f2dcf688b83dc9b690775c0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 17:31:12 +0900 Subject: [PATCH 463/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.2 (#2880) --- charts/argo-rollouts/Chart.yaml | 8 ++++---- charts/argo-rollouts/templates/_helpers.tpl | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ddb90274..da2ffcb0 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.1 +appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.4 +version: 2.37.5 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Align permissions for controller's ClusterRole and Role + - kind: changed + description: Bump argo-rollouts to v1.7.2 diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 4c23c54e..820996a8 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -174,6 +174,7 @@ Return the rules for controller's Role and ClusterRole - get - list - watch + - update # services patch needed to update selector of canary/stable/active/preview services # services create needed to create and delete services for experiments - apiGroups: From 243dc286a70aee1cc93c7f8c23cf17029d3d0764 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 16 Aug 2024 23:36:35 +0200 Subject: [PATCH 464/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.1 (#2885) * chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.1 * Add missing permissions Signed-off-by: Petr Drastil --------- Signed-off-by: Petr Drastil Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- .../templates/argocd-applicationset/clusterrole.yaml | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f2725dab..88a73792 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.0 +appVersion: v2.12.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.3 +version: 7.4.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: "Added liveness and readiness probes to the notification controller." + - kind: changed + description: Bump argo-cd to v2.12.1 diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 9c9b9193..7b1f1998 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -35,6 +35,8 @@ rules: - appprojects verbs: - get + - list + - watch - apiGroups: - "" resources: From d1f5d50dcdd436329f5baa2cea94a969b4b087d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Aug 2024 13:14:54 +0200 Subject: [PATCH 465/617] chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 in the dependencies group (#2886) chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.0 to 3.26.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/eb055d739abdc2e8de2e5f4ba1a8b246daa779aa...429e1977040da7a23b6822b13c129cd1ba93dbb2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0d99d22b..76284816 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: results.sarif From 8c0b68689540eb276ac92d921b2326e706a7ba7f Mon Sep 17 00:00:00 2001 From: Brian Dunnigan Date: Tue, 20 Aug 2024 15:07:05 -0400 Subject: [PATCH 466/617] feat(argo-workflows): Added support for setting annotations on argo workflows controller configmap (#2889) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 4 ++++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 1ed66b76..bb7251b2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.14 +version: 0.42.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Avoid empty namespace in role binding when singleNamespace is true + - kind: added + description: Added support for setting annotations on argo workflows controller configmap diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 662b63fd..9ab1c016 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -149,6 +149,7 @@ Fields to note: | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.configMap.annotations | object | `{}` | ConfigMap annotations | | controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | | controller.configMap.name | string | `""` | ConfigMap name | | controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 1997d9d3..d93a910e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -6,6 +6,10 @@ metadata: namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} + {{- with .Values.controller.configMap.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} data: config: | {{- if .Values.controller.instanceID.enabled }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 15a42ec4..9f140f1b 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -106,6 +106,8 @@ controller: create: true # -- ConfigMap name name: "" + # -- ConfigMap annotations + annotations: {} # -- Limits the maximum number of incomplete workflows in a namespace namespaceParallelism: From e49123cdf455c7f793718be823583f4747e0918e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 23 Aug 2024 09:51:01 +0100 Subject: [PATCH 467/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.2 (#2893) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 88a73792..5ee92c2e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.1 +appVersion: v2.12.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.4 +version: 7.4.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.1 + description: Bump argo-cd to v2.12.2 From 0c27d8d946090f0bfc4d43c63ea85c9199e82ed1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Aug 2024 17:15:27 -0500 Subject: [PATCH 468/617] chore(deps): bump github/codeql-action from 3.26.2 to 3.26.5 in the dependencies group (#2894) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 76284816..9d583235 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif From 991579f32409483d2d96b79a97dbd72939d2b524 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sun, 25 Aug 2024 23:29:05 -0500 Subject: [PATCH 469/617] chore(deps): update renovatebot/github-action action to v40.2.7 (#2896) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index a2bdbb74..97943b77 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@b266b24b144602ed4f512f0773009d026722f4cc # v40.2.6 + uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 66615c347a9c86b31154e4787c95eaa8c2ad4024 Mon Sep 17 00:00:00 2001 From: Yuki Kitakata Date: Tue, 27 Aug 2024 17:48:42 +0900 Subject: [PATCH 470/617] chore(argo-cd): Support string type of "true" for `statusbadge.enabled` (#2895) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5ee92c2e..a231dea0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.5 +version: 7.4.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.2 + description: Support string type of "true" for `statusbadge.enabled` diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index eb3f7a2a..1ef054b1 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -183,7 +183,7 @@ Argo Configuration Preset Values (Influenced by Values configuration) {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} -{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}} +{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}} {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} {{- end -}} {{- if .Values.configs.styles -}} From 466dd693558dd7d90d6120dcf2139100bed10b57 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 14:30:18 +0100 Subject: [PATCH 471/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.3 (#2897) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a231dea0..c912b5c5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.2 +appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.6 +version: 7.4.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Support string type of "true" for `statusbadge.enabled` + description: Bump argo-cd to v2.12.3 From 777f5410c59b69f4f5fc718a71105e8d7c489742 Mon Sep 17 00:00:00 2001 From: Andreas Kappler Date: Wed, 28 Aug 2024 17:27:07 +0200 Subject: [PATCH 472/617] chore(argo-cd): bump redis-ha (#2900) Signed-off-by: a-hat --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index bc11a715..309790fc 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.26.1 -digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41 -generated: "2024-02-18T19:42:53.135599+02:00" + version: 4.27.6 +digest: sha256:69c6b20682f0a2a8044b71731b7c656a57118088a7b3611f59217b537167af2e +generated: "2024-08-28T13:02:33.763307+02:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c912b5c5..6490b0bc 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.7 +version: 7.5.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.26.1 + version: 4.27.6 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.3 + description: bumped redis chart From 2df52cba0ec3b0e19293f02b009072ba62d92187 Mon Sep 17 00:00:00 2001 From: Gazal Date: Sat, 31 Aug 2024 20:12:52 +1000 Subject: [PATCH 473/617] feat(argo-rollouts): add loadBalancerClass field for Service resource (#2772) Most users of ArgoCD may use `Ingress` (and soon `HTTPRoute`), but for those who may want to use `Service` of type `LoadBalancer`, this would be useful. The `loadBalancerClass` field would allow for a `CloudProvider` agnostic way of offloading the reconciliation for Kubernetes Service resources of type `LoadBalancer` to an external controller. Signed-off-by: Gazal Gafoor Signed-off-by: Gazal Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/dashboard/service.yaml | 3 +++ charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index da2ffcb0..39dd385a 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.5 +version: 2.37.6 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.7.2 + description: add loadBalancerClass field for Service resources diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index b6a6f44d..724a6b82 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -182,6 +182,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.service.annotations | object | `{}` | Service annotations | | dashboard.service.externalIPs | list | `[]` | Dashboard service external IPs | | dashboard.service.labels | object | `{}` | Service labels | +| dashboard.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | | dashboard.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | dashboard.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | dashboard.service.nodePort | int | `nil` | Service nodePort | diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml index 6a304b82..b7e553d7 100644 --- a/charts/argo-rollouts/templates/dashboard/service.yaml +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -22,6 +22,9 @@ spec: externalIPs: {{- toYaml . | nindent 4 }} {{- end }} {{- if eq .Values.dashboard.service.type "LoadBalancer" }} + {{- with .Values.dashboard.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.dashboard.service.loadBalancerIP }} loadBalancerIP: {{ . | quote }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index a4d313e0..e78aa2bb 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -356,6 +356,8 @@ dashboard: service: # -- Sets the type of the Service type: ClusterIP + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from From cd8245716a5818e3be530e6bc8caa02dc8cb4c6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 Aug 2024 20:06:33 +0900 Subject: [PATCH 474/617] chore(deps): bump the dependencies group with 4 updates (#2905) Bumps the dependencies group with 4 updates: [actions/setup-python](https://github.com/actions/setup-python), [pascalgn/size-label-action](https://github.com/pascalgn/size-label-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/setup-python` from 5.1.1 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3) Updates `pascalgn/size-label-action` from 0.5.2 to 0.5.4 - [Release notes](https://github.com/pascalgn/size-label-action/releases) - [Commits](https://github.com/pascalgn/size-label-action/compare/bbbaa0d5ccce8e2e76254560df5c64b82dac2e12...be08a2d5f857dc99c5b9426cdb5a8ea1aa7f0399) Updates `actions/upload-artifact` from 4.3.6 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874) Updates `github/codeql-action` from 3.26.5 to 3.26.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pascalgn/size-label-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/pr-sizing.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 656e47d0..a6ad9274 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: 3.9 diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 04d2b6b4..660b9385 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2 + - uses: pascalgn/size-label-action@be08a2d5f857dc99c5b9426cdb5a8ea1aa7f0399 # v0.5.4 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9d583235..8c948600 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif From 2b25efdb3299f1e47a0a6168974c6cae0e195d3c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 31 Aug 2024 21:39:56 -0500 Subject: [PATCH 475/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.59.2 (#2906) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 97943b77..c5873a18 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.18.0 + renovate-version: 38.59.2 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From e709ba3b5a643f18bb435b00b9b4aab5e985b52b Mon Sep 17 00:00:00 2001 From: Gazal Date: Mon, 2 Sep 2024 01:05:42 +1000 Subject: [PATCH 476/617] feat(argo-workflows): add loadBalancerClass field for Service resources (#2771) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ .../controller/workflow-controller-service.yaml | 7 ++++++- .../templates/server/server-service.yaml | 11 ++++++++--- charts/argo-workflows/values.yaml | 4 ++++ 5 files changed, 23 insertions(+), 7 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index bb7251b2..8b242c4f 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.0 +version: 0.42.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added support for setting annotations on argo workflows controller configmap + - kind: changed + description: add loadBalancerClass field for Service resources diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 9ab1c016..deec1649 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -168,6 +168,7 @@ Fields to note: | controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. | | controller.links | list | `[]` | Configure Argo Server to show custom [links] | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.loadBalancerClass | string | `""` | The class of the load balancer implementation | | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.globallevel | string | `"0"` | Set the glog logging level | @@ -302,6 +303,7 @@ Fields to note: | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | | server.ingress.paths | list | `["/"]` | List of ingress paths | | server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | | server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 0cd8a75b..4a1290ba 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -35,8 +35,13 @@ spec: {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} clusterIP: None {{- end }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + {{- if eq .Values.controller.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- if .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 7517d659..39c37792 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -28,11 +28,16 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- if eq .Values.server.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + {{- with .Values.server.loadBalancerIP }} + loadBalancerIP: {{ . | quote }} + {{- end }} + {{- if .Values.server.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 9f140f1b..5c2a674d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -297,6 +297,8 @@ controller: serviceAnnotations: {} # -- Optional labels to add to the controller Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` loadBalancerSourceRanges: [] @@ -508,6 +510,8 @@ server: serviceAnnotations: {} # -- Optional labels to add to the UI Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Static IP address to assign to loadBalancer service type `LoadBalancer` loadBalancerIP: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` From d144195ff44121c70167133f5021de747b1dc945 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 2 Sep 2024 17:58:56 +0900 Subject: [PATCH 477/617] chore(argo-cd): Fix typo on README (#2907) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/README.md.gotmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6490b0bc..69b6ccd3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.5.0 +version: 7.5.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: bumped redis chart + - kind: fixed + description: Correct typo on README diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 39baf405..8b0cb174 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach. Steps to roteate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 8ee73e93..ef75ddfe 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach. Steps to roteate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash From 3a1066cb5ab8fe3405a5667fafaa39e3e3ad8055 Mon Sep 17 00:00:00 2001 From: eddyfussel <28265760+eddyfussel@users.noreply.github.com> Date: Mon, 2 Sep 2024 17:33:07 +0200 Subject: [PATCH 478/617] fix(argo-cd): Fix certificate template secretTemplateAnnotations null (#2909) Signed-off-by: eddyfussel <28265760+eddyfussel@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/certificate.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 69b6ccd3..febb1e67 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.5.1 +version: 7.5.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Correct typo on README + description: Certificate template was wrong leading to null diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 803452f6..a9862139 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -13,13 +13,13 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: + {{- with .Values.server.certificate.secretTemplateAnnotations }} secretTemplate: - {{- with .Values.server.certificate.secretTemplateAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} secretName: argocd-server-tls commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: From a5dc0350b9c9834a3c691aa6ed5c6be408b72e5c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 4 Sep 2024 00:55:57 -0500 Subject: [PATCH 479/617] chore(deps): update actions/create-github-app-token action to v1.10.4 (#2910) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c5873a18..0bb3233e 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 + uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 687392688fdbc28eb0813b083e3e63771d138c5a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 07:35:42 -0500 Subject: [PATCH 480/617] chore(deps): update renovatebot/github-action action to v40.2.8 (#2912) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0bb3233e..f1250bcc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7 + uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From a344d64fbdb584b40fce03b8c1cf7e05034b866d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20Reegn?= Date: Tue, 10 Sep 2024 23:55:38 +0200 Subject: [PATCH 481/617] fix(argocd-apps): don't render empty app description (#2911) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(argocd-apps): don't render empty app description Signed-off-by: Zoltán Reegn * chore: Apply suggestions from code review Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: Zoltán Reegn Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/templates/projects.yaml | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 397e9db6..f6cc3443 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 2.0.0 +version: 2.0.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: make the chart use maps instead of lists + - kind: fixed + description: not rendering empty app description diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index 34a865ea..d6032636 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -25,7 +25,9 @@ spec: {{- with $projectData.permitOnlyProjectScopedClusters }} permitOnlyProjectScopedClusters: {{ . }} {{- end }} - description: {{ $projectData.description }} + {{- with $projectData.description }} + description: {{ . }} + {{- end }} {{- with $projectData.sourceRepos }} sourceRepos: {{- toYaml . | nindent 4 }} From 7c8bbd62e84c48c70368d9491493ed6b5018472c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 10:57:30 +0900 Subject: [PATCH 482/617] chore(deps): update actions/create-github-app-token action to v1.11.0 (#2918) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f1250bcc..5c90efbc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From e718e4665175c79ce5a50a6c8bd49b2bb9188ffe Mon Sep 17 00:00:00 2001 From: venegator Date: Fri, 13 Sep 2024 16:01:59 +0200 Subject: [PATCH 483/617] feat(argo-workflows): Add honorLabels parameter to Argo Workflows ServiceMonitor (#2920) * Update workflow-controller-servicemonitor.yaml Signed-off-by: venegator * Update values.yaml Signed-off-by: venegator * Update Chart.yaml Signed-off-by: venegator * Update README.md Signed-off-by: venegator * Update charts/argo-workflows/Chart.yaml Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com> Signed-off-by: venegator * Update workflow-controller-servicemonitor.yaml Signed-off-by: venegator --------- Signed-off-by: venegator Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-servicemonitor.yaml | 2 ++ charts/argo-workflows/values.yaml | 3 +++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 8b242c4f..30ff622d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.1 +version: 0.42.2 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add loadBalancerClass field for Service resources + description: add honorLabels config for ServiceMonitor resource diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index deec1649..43e86677 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -175,6 +175,7 @@ Fields to note: | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | +| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 1695f96d..01844a87 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -24,6 +24,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry @@ -37,6 +38,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- with .Values.controller.metricsConfig.targetLabels }} targetLabels: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 5c2a674d..aa6e86b1 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -143,6 +143,9 @@ controller: servicePortName: metrics # -- Flag to enable headless service headlessService: false + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels + honorLabels: false # -- ServiceMonitor relabel configs to apply to samples before scraping ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] From 97acfc9360155a7f5aea4a5c5e6ab6b7dabb20c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Sep 2024 07:50:42 -0500 Subject: [PATCH 484/617] chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 in the dependencies group (#2921) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8c948600..b94e76ce 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From b33b3dbd3066a03c5aa8def211b4303f74de6477 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 19:02:55 +0900 Subject: [PATCH 485/617] chore(deps): update renovatebot/github-action action to v40.2.9 (#2924) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 5c90efbc..526f897a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 + uses: renovatebot/github-action@17973eff4f1b66dc88786ea5490d902aaa274cbf # v40.2.9 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 2e05c8b57b9e51bf27928cee723cf8116de38403 Mon Sep 17 00:00:00 2001 From: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> Date: Mon, 16 Sep 2024 15:37:59 +0200 Subject: [PATCH 486/617] docs(argo-rollouts): add more description for notification secret creation (#2922) * docs(argo-rollouts): add more description for secret creation Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): bump chart version Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): fix lint Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): change reference to controller Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): fix readme Signed-off-by: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> --------- Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> Signed-off-by: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 2 +- charts/argo-rollouts/values.yaml | 3 ++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 39dd385a..44abcb53 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.6 +version: 2.37.7 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: add loadBalancerClass field for Service resources + - kind: added + description: add description for manual secret creation diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 724a6b82..126a1dcd 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -60,7 +60,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.configmap.create | bool | `true` | Whether to create notifications configmap | | notifications.notifiers | object | `{}` | Configures notification services | | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | -| notifications.secret.create | bool | `false` | Whether to create notifications secret | +| notifications.secret.create | bool | `false` | Whether to create notifications secret. | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e78aa2bb..b6b5821c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -456,7 +456,8 @@ notifications: create: true secret: - # -- Whether to create notifications secret + # -- Whether to create notifications secret. + ## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}". create: false # -- Generic key:value pairs to be inserted into the notifications secret items: {} From 8096751c175f6a5250bda64dc86d4de1e56b2e50 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 06:04:30 -0500 Subject: [PATCH 487/617] chore(deps): update renovatebot/github-action action to v40.2.10 (#2925) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 526f897a..077a96f4 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@17973eff4f1b66dc88786ea5490d902aaa274cbf # v40.2.9 + uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 8adc2939a26ce3c0e0cdcaaaddcca91e71859d5d Mon Sep 17 00:00:00 2001 From: Neile Havens Date: Thu, 19 Sep 2024 19:09:54 -0500 Subject: [PATCH 488/617] fix(argo-events): Fix events-webhook Service using non-default port (#2929) Resolves #2926 Signed-off-by: Neile Havens --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/templates/argo-events-webhook/service.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index aae23442..dc6af9ac 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.2 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.7 +version: 2.4.8 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update Jetstream versions as following upstream + description: events-webhook Service using non-default port diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index e1f2b2ee..797ceb43 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: ports: - - port: 443 + - port: {{ int .Values.webhook.port }} targetPort: webhook selector: {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }} From 133e70a9ea9c9db4e86df35621a6fcdc4847ad5a Mon Sep 17 00:00:00 2001 From: d3adb5 Date: Fri, 20 Sep 2024 00:59:01 -0700 Subject: [PATCH 489/617] feat(argo-cd): allow setting runtime class name (#2930) Allow chart users to set a runtime class name for all Argo CD components. Signed-off-by: d3adb5 --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 8 +++++ .../deployment.yaml | 3 ++ .../statefulset.yaml | 3 ++ .../argocd-applicationset/deployment.yaml | 3 ++ .../argocd-notifications/deployment.yaml | 3 ++ .../argocd-repo-server/deployment.yaml | 3 ++ .../templates/argocd-server/deployment.yaml | 3 ++ charts/argo-cd/templates/dex/deployment.yaml | 3 ++ .../argo-cd/templates/redis/deployment.yaml | 3 ++ charts/argo-cd/values.yaml | 31 +++++++++++++++++++ 11 files changed, 66 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index febb1e67..210bbc7b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.5.2 +version: 7.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Certificate template was wrong leading to null + - kind: added + description: Ability to set runtime class for all components diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8b0cb174..5ed80a40 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -713,6 +713,7 @@ NAME: my-release | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | | global.tolerations | list | `[]` | Default tolerations for all components | @@ -856,6 +857,7 @@ NAME: my-release | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -950,6 +952,7 @@ NAME: my-release | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.replicas | int | `1` | The number of repo server pods to run | | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | @@ -1103,6 +1106,7 @@ NAME: my-release | server.route.hostname | string | `""` | Hostname of OpenShift Route | | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | @@ -1210,6 +1214,7 @@ NAME: my-release | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | dex.serviceAccount.create | bool | `true` | Create dex service account | @@ -1308,6 +1313,7 @@ NAME: my-release | redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | | redis.service.labels | object | `{}` | Additional redis service labels | @@ -1500,6 +1506,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | @@ -1583,6 +1590,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 3938c25d..32205efd 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 4fb49bee..3c644c69 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -37,6 +37,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 060d20c5..9af597b2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 0f6ad38b..85d58e2b 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 500b2e44..9a15e596 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -47,6 +47,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f20f2af0..f015c847 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -41,6 +41,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index bc9b4530..fa11aef6 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -43,6 +43,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 76e1b00a..65581665 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- end }} {{- end }} spec: + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 08a26b8b..8e1b8c39 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -44,6 +44,9 @@ global: ## Used for ingresses, certificates, SSO, notifications, etc. domain: argocd.example.com + # -- Runtime class name for all components + runtimeClassName: "" + # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -619,6 +622,10 @@ controller: ## like round-robin, then the shards will be well-balanced. dynamicClusterDistribution: false + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + # -- Application controller heartbeat time # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution heartbeatTime: 10 @@ -919,6 +926,10 @@ dex: # -- Additional command line arguments to pass to the Dex server extraArgs: [] + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + metrics: # -- Deploy metrics service enabled: false @@ -1213,6 +1224,10 @@ redis: # -- Redis name name: redis + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Redis Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -1701,6 +1716,10 @@ server: # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Argo CD server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server @@ -2364,6 +2383,10 @@ repoServer: # -- The number of repo server pods to run replicas: 1 + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Repo server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server @@ -2752,6 +2775,10 @@ applicationSet: # -- The number of ApplicationSet controller pods to run replicas: 1 + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -3119,6 +3146,10 @@ notifications: # @default -- `""` (defaults to https://`global.domain`) argocdUrl: "" + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: From c5e6458cd6277c6f66816742e9e18256a6d8aaa9 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 20 Sep 2024 12:23:53 +0100 Subject: [PATCH 490/617] fix(argo-cd): Remove unwanted newline on redis-init-secret job's imagepullsecrets (#2931) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 210bbc7b..a3335e3b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.0 +version: 7.6.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Ability to set runtime class for all components + - kind: fixed + description: Remove unwanted newline on redis-init-secret job's imagepullsecrets diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 643dadc7..15bed02d 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -30,7 +30,7 @@ spec: spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: - {{ toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - command: From fd70c609bd6e98e8b067c7c4915957c51acd786c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:08:21 +0100 Subject: [PATCH 491/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.11 (#2932) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 30ff622d..6071b4e8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.10 +appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.2 +version: 0.42.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add honorLabels config for ServiceMonitor resource + description: Bump argo-workflows to v3.5.11 From b50a0731e745e068bddda412081609810eeb54c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Sep 2024 19:35:15 +0900 Subject: [PATCH 492/617] chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 in the dependencies group (#2933) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b94e76ce..8cfa51f0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif From edd04f6ec8b9a96617651a8c32d00099f9732089 Mon Sep 17 00:00:00 2001 From: Jonny Langefeld Date: Mon, 23 Sep 2024 10:27:10 -0700 Subject: [PATCH 493/617] fix(argo-cd): Remove namespace from cluster scope resource (#2833) * Remove namespace from cluster scope resource A few resources I noticed had the namespace set for cluster scoped resources. Signed-off-by: Jonny Langefeld * Update clusterrole.yaml Signed-off-by: Jonny Langefeld * chore: Apply changes from code review Signed-off-by: Marco Maurer --------- Signed-off-by: Jonny Langefeld Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 4 ++-- .../argo-cd/templates/argocd-applicationset/clusterrole.yaml | 1 - .../templates/argocd-applicationset/clusterrolebinding.yaml | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a3335e3b..c57b7c0f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.1 +version: 7.6.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Remove unwanted newline on redis-init-secret job's imagepullsecrets + description: Remove namespace field from cluster scoped resources diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 7b1f1998..2723e3d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index af6d5297..9dcae8d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: From 0afd9e66bf361724870ebe239c7ee049af15e604 Mon Sep 17 00:00:00 2001 From: l2h Date: Thu, 26 Sep 2024 00:17:55 +0900 Subject: [PATCH 494/617] feat(argo-cd): add multi-namespace support for ApplicationSet controller RBAC (#2935) * feat(argo-cd): support multiple namespaces in applicationsetcontroller Signed-off-by: leehosu * fetch upstream Signed-off-by: leehosu * update README Signed-off-by: leehosu * change a values about namespace Signed-off-by: leehosu --------- Signed-off-by: leehosu --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../argocd-applicationset/clusterrolebinding.yaml | 8 ++++++++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c57b7c0f..128c408a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.2 +version: 7.6.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Remove namespace field from cluster scoped resources + - kind: added + description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5ed80a40..6d07f360 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -742,6 +742,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index 9dcae8d2..c6c1beb7 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -13,4 +13,12 @@ subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ include "argo-cd.namespace" . }} +{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}} +{{- range $namespace := (split "," $namespaces) }} + {{- if $namespace }} + - kind: ServiceAccount + name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }} + namespace: {{ $namespace | trim | quote }} + {{- end }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8e1b8c39..832d4184 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -278,6 +278,8 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) + applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] ## List of additional namespaces where applications may be created in and reconciled from. From 1773b67d65142bbd46543912139d9a080eb93a00 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 25 Sep 2024 23:31:02 +0200 Subject: [PATCH 495/617] chore(deps): update actions/checkout action to v4.2.0 (#2937) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 077a96f4..e4937114 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 From 4b651b3474a0518cb01c0c3af35e4ea0c5b64a00 Mon Sep 17 00:00:00 2001 From: DoumLaberge <33817317+DoumLaberge@users.noreply.github.com> Date: Wed, 25 Sep 2024 18:04:50 -0400 Subject: [PATCH 496/617] fix(argo-cd): Align imagePullSecrets for redis-secret-init Job (#2928) * issue-2848 Correction of the imagepullsecret for redis * issue-2848 Bump chart version to 7.5.3 * chore: Add changelog entry Signed-off-by: Marco Maurer --------- Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: dlaberge Co-authored-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 128c408a..41132c7d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.3 +version: 7.6.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller. + - kind: fixed + description: Align imagePullSecrets for redis-secret-init Job with other manifests diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 15bed02d..8a280e35 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -28,7 +28,7 @@ spec: {{- end }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} From d0341cc441a6efc456067f0facc4a6fe34ae54a3 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 26 Sep 2024 01:17:08 +0200 Subject: [PATCH 497/617] chore(github): Use correct email of the Renovate bot (#2938) Signed-off-by: Marco Maurer Co-authored-by: Aikawa --- .github/configs/renovate-config.js | 3 ++- renovate.json | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js index 9118ffe9..f453f640 100644 --- a/.github/configs/renovate-config.js +++ b/.github/configs/renovate-config.js @@ -1,6 +1,7 @@ module.exports = { platform: 'github', - gitAuthor: 'renovate[bot] ', + // This ensures that the gitAuthor and gitSignOff fields match + gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>', autodiscover: false, allowPostUpgradeCommandTemplating: true, allowedPostUpgradeCommands: [".*"], diff --git a/renovate.json b/renovate.json index 4e068215..730f497e 100644 --- a/renovate.json +++ b/renovate.json @@ -5,7 +5,8 @@ }, "extends": [ "config:recommended", - "docker:enableMajor" + "docker:enableMajor", + ":gitSignOff" ], "labels": ["renovate"], "includePaths": [ From e94dc2ea10172909f55c477bbddab2c0e6bd504e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:37:59 +0900 Subject: [PATCH 498/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.4 (#2940) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41132c7d..b260b1c9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.3 +appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.4 +version: 7.6.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Align imagePullSecrets for redis-secret-init Job with other manifests + - kind: changed + description: Bump argo-cd to v2.12.4 From 388c5aea6604f4a7bfe8d6cfd089a4a047632017 Mon Sep 17 00:00:00 2001 From: KrisF-Midnight <166425225+KrisF-Midnight@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:56:55 +0200 Subject: [PATCH 499/617] feat(argo-workflows): add configurable scrape interval for metrics and telemetry (#2942) feat: add configurable scrape interval for metrics and telemetry Signed-off-by: KrisF-Midnight --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 ++ .../controller/workflow-controller-servicemonitor.yaml | 4 ++-- charts/argo-workflows/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6071b4e8..29130932 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.3 +version: 0.42.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.11 + description: Scrape interval for metrics and telemetry data can now be set diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 43e86677..7c6774ca 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -177,6 +177,7 @@ Fields to note: | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | | controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | @@ -224,6 +225,7 @@ Fields to note: | controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service | | controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server | | controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data | | controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path | | controller.telemetryConfig.port | int | `8081` | telemetry container port | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 01844a87..46fd18dd 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -15,7 +15,7 @@ spec: {{- if .Values.controller.metricsConfig.enabled }} - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} - interval: 30s + interval: {{ .Values.controller.metricsConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} @@ -29,7 +29,7 @@ spec: {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s + interval: {{ .Values.controller.telemetryConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index aa6e86b1..646ffc39 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -127,6 +127,8 @@ controller: enabled: false # -- Path is the path where metrics are emitted. Must start with a "/". path: /metrics + # -- Frequency at which prometheus scrapes metrics + interval: 30s # -- Port is the port where metrics are emitted port: 9090 # -- How often custom metrics are cleared from memory @@ -234,6 +236,8 @@ controller: enabled: false # -- telemetry path path: /telemetry + # -- Frequency at which prometheus scrapes telemetry data + interval: 30s # -- telemetry container port port: 8081 # -- How often custom metrics are cleared from memory From ebb2d15f1e370e6023770713596aa480c71b8914 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Sep 2024 07:05:21 -0500 Subject: [PATCH 500/617] chore(deps): bump the dependencies group with 2 updates (#2943) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index a6ad9274..32bd1677 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7dc62234..3da3a390 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8cfa51f0..84395b6a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif From c8948d20963f945f611c74462cc775fafdc37bd5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 12:59:02 +0200 Subject: [PATCH 501/617] chore(deps): update renovatebot/github-action action to v40.2.11 (#2946) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e4937114..8918c54a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 + uses: renovatebot/github-action@718692a6e1205fb03bed8a101596ef5755b5f35d # v40.2.11 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 6b3f648f39b552f70785aa119e7ae8523534c8cc Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:23:55 +0900 Subject: [PATCH 502/617] chore(deps): update renovatebot/github-action action to v40.3.0 (#2947) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 8918c54a..0bc7ca25 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@718692a6e1205fb03bed8a101596ef5755b5f35d # v40.2.11 + uses: renovatebot/github-action@180db1547505e30c02d41959fe65ada1523ee207 # v40.3.0 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 32a3541b7fdc4426323039492c39d75d5b781042 Mon Sep 17 00:00:00 2001 From: charlychiu Date: Mon, 30 Sep 2024 20:24:51 +0800 Subject: [PATCH 503/617] chore(argo-cd): Add Proxy Extensions config (#2944) * chore(argo-cd): Add Proxy Extensions config Signed-off-by: charlychiu * chore(argo-cd): Update docs Signed-off-by: charlychiu --------- Signed-off-by: charlychiu Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b260b1c9..eff7d03e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.5 +version: 7.6.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.12.4 + - kind: added + description: Value configs.params."server.enable.proxy.extension" was added diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6d07f360..108c9673 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -754,6 +754,7 @@ NAME: my-release | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | | configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 832d4184..e6479acb 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -228,6 +228,25 @@ configs: # - profile # - email + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -266,6 +285,8 @@ configs: server.disable.auth: false # -- Enable GZIP compression server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin From 687bedb94658acd2b990303e28536df5403d7b20 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 1 Oct 2024 03:24:31 +0900 Subject: [PATCH 504/617] fix(argo-cd): Arrange for ApplicationSet in any namespace (#2945) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- .../argocd-applicationset/clusterrolebinding.yaml | 8 -------- charts/argo-cd/values.yaml | 4 +++- 4 files changed, 7 insertions(+), 13 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eff7d03e..16b11ae6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.6 +version: 7.6.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Value configs.params."server.enable.proxy.extension" was added + - kind: fixed + description: Arrange for ApplicationSet in any namespace. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 108c9673..b44bb431 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -742,7 +742,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | -| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index c6c1beb7..9dcae8d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -13,12 +13,4 @@ subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ include "argo-cd.namespace" . }} -{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}} -{{- range $namespace := (split "," $namespaces) }} - {{- if $namespace }} - - kind: ServiceAccount - name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }} - namespace: {{ $namespace | trim | quote }} - {{- end }} -{{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index e6479acb..70dfb347 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -299,7 +299,9 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false - # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] From c38d299f01aef4a0fa76bf9daae675b89facb72e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 22:03:14 +0200 Subject: [PATCH 505/617] chore(deps): update renovatebot/github-action action to v40.3.1 (#2950) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0bc7ca25..c77544f0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@180db1547505e30c02d41959fe65ada1523ee207 # v40.3.0 + uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 994838a2ef355feb82a5517ec51ef21154b5dd76 Mon Sep 17 00:00:00 2001 From: Maneesh Singh Date: Mon, 30 Sep 2024 23:03:26 -0700 Subject: [PATCH 506/617] feat(argocd-apps): finalizers for applicationset (#2952) --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/ci/applicationsets-values.yaml | 2 ++ charts/argocd-apps/templates/applicationsets.yaml | 4 ++++ charts/argocd-apps/values.yaml | 2 ++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index f6cc3443..c4433fa4 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 2.0.1 +version: 2.0.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: not rendering empty app description + - kind: added + description: allow setting applicationset finalizers diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index ed84c5fb..394e2c88 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -4,6 +4,8 @@ applicationsets: applicationset: additionalLabels: {} additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io # See PR #10026 (ArgoCD v2.5 or later) # goTemplate: false generators: diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index e8ae2134..606d6078 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -17,6 +17,10 @@ metadata: {{- with $appSetData.namespace }} namespace: {{ . }} {{- end }} + {{- with $appSetData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if hasKey $appSetData "goTemplate" }} goTemplate: {{ $appSetData.goTemplate }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 1fad3941..127dc6a9 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -97,6 +97,8 @@ applicationsets: {} # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io # # See PR #10026 (ArgoCD v2.5 or later) # # goTemplate: false # generators: From d61432be3c1e460e7037462b6b5d5f8f1bdcc6d7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 2 Oct 2024 09:46:40 +0900 Subject: [PATCH 507/617] fix(argo-workflows): Avoid to create ClusterRole for cluster template when singleNamespace (#2955) --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-cluster-roles.yaml | 2 +- .../templates/server/server-cluster-roles.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 29130932..20246486 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.4 +version: 0.42.5 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Scrape interval for metrics and telemetry data can now be set + - kind: fixed + description: Avoid to create ClusterRole for cluster template when singleNamespace diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 1b01b117..1e8f764c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -198,7 +198,7 @@ rules: - watch {{- end }} -{{- if .Values.controller.clusterWorkflowTemplates.enabled }} +{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index dbb5ff9f..f0953099 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -118,7 +118,7 @@ rules: - patch - delete -{{- if .Values.server.clusterWorkflowTemplates.enabled }} +{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From bbb38b310dc80ddb51e1094765a68fc714c08204 Mon Sep 17 00:00:00 2001 From: killianmuldoon <47175296+killianmuldoon@users.noreply.github.com> Date: Thu, 3 Oct 2024 14:53:05 +0100 Subject: [PATCH 508/617] feat(argo-cd): Add affinity to redisSecretInit Job (#2962) feat: Add affinity to redisSecretInit Job Signed-off-by: killianmuldoon --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis-secret-init/job.yaml | 4 ++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 16b11ae6..4a70abc4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.7 +version: 7.6.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Arrange for ApplicationSet in any namespace. + - kind: added + description: Set affinity in redis secret-init job. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b44bb431..f0d146b1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1394,6 +1394,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 8a280e35..5fd41f64 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -54,6 +54,10 @@ spec: priorityClassName: {{ . }} {{- end }} restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 70dfb347..be3cec78 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1725,6 +1725,9 @@ redisSecretInit: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} + # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} From 7a831569e9165564d0eb67d4416146c11ed6c7d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 6 Oct 2024 10:19:07 +0200 Subject: [PATCH 509/617] chore(deps): bump github/codeql-action from 3.26.9 to 3.26.11 in the dependencies group (#2966) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 84395b6a..5ede643e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: results.sarif From 566e009934a82b33bf86bf3c59de1b775d1bc1d2 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 21:04:37 +0200 Subject: [PATCH 510/617] chore(deps): update actions/checkout action to v4.2.1 (#2969) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c77544f0..d6b7833c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 From f6556f6ef03040a16068ddb9cd619717c958bfb9 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 20:50:15 -0500 Subject: [PATCH 511/617] chore(deps): update renovatebot/github-action action to v40.3.2 (#2971) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d6b7833c..569cbe9c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 + uses: renovatebot/github-action@b9486682a19fe4ea2dd1263c11b4e0c1fe1838fe # v40.3.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From cad02d827ac9472d3cc42206d97d87a76d5dfb46 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 12 Oct 2024 13:20:12 +0900 Subject: [PATCH 512/617] chore(deps): update renovatebot/github-action action to v40.3.3 (#2976) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 569cbe9c..95a0c045 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@b9486682a19fe4ea2dd1263c11b4e0c1fe1838fe # v40.3.2 + uses: renovatebot/github-action@7743ec9e19ceeb61a3862c5d4131e6710195af11 # v40.3.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 3ec746187befd1ccfa6f0960800ac7c5080ee2fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 12 Oct 2024 19:02:37 +0900 Subject: [PATCH 513/617] chore(deps): bump the dependencies group with 3 updates (#2977) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 32bd1677..9ed46c41 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3da3a390..34fcd94a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5ede643e..fde89921 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: results.sarif From 3ba89c1adde5c6846c88f913dcd13a988a0b3aef Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Tue, 15 Oct 2024 16:15:51 -0400 Subject: [PATCH 514/617] fix(argo-cd): add missing event permissions for run actions (#2980) Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/clusterrole.yaml | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4a70abc4..cb2bed53 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.8 +version: 7.6.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Set affinity in redis secret-init job. + - kind: fixed + description: added missing events create for run actions diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index c1439b0c..db54cf35 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -23,9 +23,7 @@ rules: - events verbs: - list - {{- if (index .Values.configs.params "application.namespaces") }} - create - {{- end }} - apiGroups: - "" resources: From 3c24fa1bfd4ebea347b0df8224cb5159f075e6cc Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 07:40:33 +0200 Subject: [PATCH 515/617] chore(deps): update renovatebot/github-action action to v40.3.4 (#2981) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 95a0c045..96ead3ff 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@7743ec9e19ceeb61a3862c5d4131e6710195af11 # v40.3.3 + uses: renovatebot/github-action@80eaf969abf68ad62aa94d9ab392421b31621634 # v40.3.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From f0c5ccc32a4282c55d1dc33bf7cdb4f6d18fea2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Gaci=C4=85g?= <9296199+adisong@users.noreply.github.com> Date: Wed, 16 Oct 2024 14:00:22 +0200 Subject: [PATCH 516/617] fix(argo-cd): fixed shard value in clusterCredentials Secret (#2982) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adrian Gaciąg <9296199+adisong@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index cb2bed53..5b5f5119 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.9 +version: 7.6.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: added missing events create for run actions + description: fixed shard value in cluster credentials Secret to be string diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 0b4b1e11..d317eac2 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -20,7 +20,7 @@ metadata: type: Opaque stringData: {{- if $cluster_value.shard }} - shard: {{ $cluster_value.shard }} + shard: {{ $cluster_value.shard | quote }} {{- end }} name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} From 168350f803585847fe6f14c94e914114e4c71993 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 08:16:15 +0100 Subject: [PATCH 517/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.5 (#2983) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5b5f5119..740ccf1d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.4 +appVersion: v2.12.5 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.10 +version: 7.6.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: fixed shard value in cluster credentials Secret to be string + - kind: changed + description: Bump argo-cd to v2.12.5 From b311cd20f0ce082660b7b688f2a2edb20e3a3760 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 20:27:03 +0100 Subject: [PATCH 518/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.6 (#2984) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 740ccf1d..41d1b3b8 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.5 +appVersion: v2.12.6 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.11 +version: 7.6.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.5 + description: Bump argo-cd to v2.12.6 From 0d2e23fe5d7ac59dd1eb89ce6effa1cfef597656 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 19 Oct 2024 07:57:50 -0500 Subject: [PATCH 519/617] chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 in the dependencies group (#2985) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index fde89921..08f648f3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif From 85121e84515910947759fd91fa7c0ae6bec1df58 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 12:32:29 -0500 Subject: [PATCH 520/617] chore(deps): update actions/checkout action to v4.2.2 (#2990) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 96ead3ff..80ead27d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate uses: renovatebot/github-action@80eaf969abf68ad62aa94d9ab392421b31621634 # v40.3.4 From 909ece4d5937c25ee663dc0befad9811ef6e9ebe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Oct 2024 05:11:41 -0500 Subject: [PATCH 521/617] chore(deps): bump the dependencies group with 4 updates (#2995) --- .github/workflows/lint-and-test.yml | 6 +++--- .github/workflows/pr-sizing.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 9ed46c41..188f37be 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.9 diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 660b9385..9bde9db4 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@be08a2d5f857dc99c5b9426cdb5a8ea1aa7f0399 # v0.5.4 + - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 34fcd94a..2e74eab1 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 08f648f3..13a9b58c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif From ba2b0493994a4cd67f64686dfe405a65a55cd1a1 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 30 Oct 2024 19:40:18 +0900 Subject: [PATCH 522/617] feat(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.0 (#2992) * chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.0 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * feat(argocd-image-updater): update as following upstream Signed-off-by: yu-croco * fix(argocd-image-updater): add permission when createClusterRoles is false Signed-off-by: yu-croco --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: yu-croco Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argocd-image-updater/Chart.yaml | 6 +-- charts/argocd-image-updater/README.md | 1 + .../argocd-image-updater/templates/rbac.yaml | 53 +++++++++++++++---- charts/argocd-image-updater/values.yaml | 5 ++ 4 files changed, 53 insertions(+), 12 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index c358515f..df988cd0 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.0 -appVersion: v0.14.0 +version: 0.11.1 +appVersion: v0.15.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.14.0 + description: Bump argocd-image-updater to v0.15.0 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5e51a8cd..7a35b881 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -87,6 +87,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.logLevel | string | `"info"` | Argo CD Image Update log level | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | | extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 50d75876..0f631108 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -17,21 +17,14 @@ rules: - get - list - watch - - apiGroups: - - argoproj.io - resources: - - applications - verbs: - - get - - list - - update - - patch + {{- if not .Values.createClusterRoles }} - apiGroups: - "" resources: - events verbs: - create + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -49,3 +42,45 @@ subjects: name: {{ include "argocd-image-updater.serviceAccountName" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} {{- end }} +--- +{{- if and .Values.rbac.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 19291de9..4825833e 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -20,6 +20,11 @@ fullnameOverride: "" # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override namespaceOverride: "" +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD Image Updater runs. +## If you want to use this, please set `.Values.rbac.enabled` true as well. +createClusterRoles: true + # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry extraArgs: [] From d5438bf6b3a99044a515315dd52401c68ca86417 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 06:55:05 -0500 Subject: [PATCH 523/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.135.2 (#3001) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 80ead27d..8d1d7a7b 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.59.2 + renovate-version: 38.135.2 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From d17587e34710b8b724dce2f0248b49d86260be1e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 22:24:35 +0900 Subject: [PATCH 524/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.12 (#3002) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 20246486..152d3403 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.11 +appVersion: v3.5.12 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.5 +version: 0.42.6 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Avoid to create ClusterRole for cluster template when singleNamespace + - kind: changed + description: Bump argo-workflows to v3.5.12 From ec2f23a3045e35a3787a875391b38148b1a69f12 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 00:13:52 -0500 Subject: [PATCH 525/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.141.1 (#3005) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 8d1d7a7b..b4ad67dc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.135.2 + renovate-version: 38.141.1 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 5a57de40a8e0a3f22ab084ee18224cf4e9e0e667 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 2 Nov 2024 08:23:44 +0900 Subject: [PATCH 526/617] feat(argo-workflows): Support lifecycle and terminationGracePeriodSeconds for server (#2997) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ .../argo-workflows/templates/server/server-deployment.yaml | 7 +++++++ charts/argo-workflows/values.yaml | 6 ++++++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 152d3403..cf7daa93 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.12 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.6 +version: 0.42.7 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.12 + - kind: added + description: Support lifecycle and terminationGracePeriodSeconds for server diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 7c6774ca..965656af 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -306,6 +306,7 @@ Fields to note: | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | | server.ingress.paths | list | `["/"]` | List of ingress paths | | server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container | | server.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | @@ -351,6 +352,7 @@ Fields to note: | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index a4b8df7b..ce0efa78 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -108,9 +108,16 @@ spec: {{- with .Values.server.volumeMounts }} {{- toYaml . | nindent 10}} {{- end }} + {{- with .Values.server.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.server.extraContainers }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 646ffc39..75135854 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -760,6 +760,12 @@ server: # -- Enables init containers to be added to the server deployment extraInitContainers: [] + # -- Specify postStart and preStop lifecycle hooks for server container + lifecycle: {} + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Array of extra K8s manifests to deploy extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 From baef862c36c131d3cfb3764abbe2482317463518 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 16:30:47 +0900 Subject: [PATCH 527/617] chore(deps): update renovatebot/github-action action to v40.3.5 (#3008) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b4ad67dc..ee154574 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@80eaf969abf68ad62aa94d9ab392421b31621634 # v40.3.4 + uses: renovatebot/github-action@28bcd5c4900a4353b5c9af9e1bd61dd6377f0f0d # v40.3.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 69f3eddca8c049ff0a7bae351d44fb7ea8900c6a Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 5 Nov 2024 00:59:47 +0100 Subject: [PATCH 528/617] feat(argo-cd): Update to Argo CD 2.13 (#2999) --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 2 +- .../deployment.yaml | 27 + .../statefulset.yaml | 27 + .../argocd-applicationset/deployment.yaml | 6 + .../argocd-notifications/deployment.yaml | 6 + .../templates/argocd-server/clusterrole.yaml | 11 +- .../templates/argocd-server/deployment.yaml | 39 + .../templates/crds/crd-application.yaml | 347 +++++++ .../templates/crds/crd-applicationset.yaml | 912 ++++++++++++++++++ .../argo-cd/templates/crds/crd-project.yaml | 26 + charts/argo-cd/templates/dex/deployment.yaml | 12 + charts/argo-cd/values.yaml | 2 +- 13 files changed, 1413 insertions(+), 10 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41d1b3b8..f93ef2d9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.6 +appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.12 +version: 7.7.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.6 + description: Bump argo-cd to v2.13.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f0d146b1..c14be77a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1164,7 +1164,7 @@ NAME: my-release | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.38.0"` | Dex image tag | +| dex.image.tag | string | `"v2.41.1"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 32205efd..e61a8525 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -157,6 +157,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -325,6 +343,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -378,6 +398,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3c644c69..70620df6 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -156,6 +156,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -324,6 +342,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -376,6 +396,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 9af597b2..303106b5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -205,6 +205,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 85d58e2b..cee627d5 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -102,6 +102,12 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index db54cf35..b6c5f81f 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -14,15 +14,16 @@ rules: resources: - '*' verbs: - - delete - - get - - patch + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` + - list # supports `argocd appset generate` with cluster generator - apiGroups: - "" resources: - events verbs: - - list + - list # supports listing events in UI - create - apiGroups: - "" @@ -30,7 +31,7 @@ rules: - pods - pods/log verbs: - - get + - get # supports viewing pod logs from UI {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f015c847..b0cecd6c 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -343,6 +343,36 @@ spec: name: argocd-cmd-params-cm key: server.api.content.types optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -365,6 +395,8 @@ spec: name: styles - mountPath: /tmp name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- if .Values.server.extensions.enabled }} - mountPath: /tmp/extensions name: extensions @@ -513,6 +545,13 @@ spec: path: tls.crt - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled {{- if .Values.server.hostNetwork }} hostNetwork: {{ .Values.server.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 1b75cebd..2874d885 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -244,6 +244,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -265,6 +272,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -322,6 +339,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -361,6 +385,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -580,6 +609,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -601,6 +637,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -659,6 +705,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -700,6 +753,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1035,6 +1093,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1056,6 +1121,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1112,6 +1186,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1150,6 +1231,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1362,6 +1448,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1383,6 +1476,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1440,6 +1543,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1479,6 +1589,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1854,6 +1969,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1875,6 +1997,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1933,6 +2065,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1974,6 +2113,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2192,6 +2336,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2214,6 +2365,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2274,6 +2435,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2315,6 +2483,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2673,6 +2846,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2697,6 +2877,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2759,6 +2949,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2801,6 +2998,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3030,6 +3232,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3054,6 +3263,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3118,6 +3337,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3161,6 +3387,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3510,6 +3741,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3532,6 +3770,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3592,6 +3840,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3633,6 +3888,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3858,6 +4118,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3882,6 +4149,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3944,6 +4221,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3986,6 +4270,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4358,6 +4647,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4380,6 +4676,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4440,6 +4746,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4481,6 +4794,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4706,6 +5024,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4730,6 +5055,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4792,6 +5127,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4834,6 +5176,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 899c5d09..6cf09222 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -62,11 +62,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -204,6 +206,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -215,6 +221,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -246,6 +256,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -268,6 +282,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -420,6 +436,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -431,6 +451,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -462,6 +486,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -484,6 +512,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -659,11 +689,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -796,6 +828,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -807,6 +843,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -838,6 +878,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -860,6 +904,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1012,6 +1058,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1023,6 +1073,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1054,6 +1108,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1076,6 +1134,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1391,6 +1451,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1402,6 +1466,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1433,6 +1501,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1455,6 +1527,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1607,6 +1681,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1618,6 +1696,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1649,6 +1731,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1671,6 +1757,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1966,6 +2054,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1977,6 +2069,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2008,6 +2104,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2030,6 +2130,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2182,6 +2284,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2193,6 +2299,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2224,6 +2334,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2246,6 +2360,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2422,11 +2538,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2564,6 +2682,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2575,6 +2697,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2606,6 +2732,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2628,6 +2758,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2780,6 +2912,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2791,6 +2927,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2822,6 +2962,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2844,6 +2988,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3019,11 +3165,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3156,6 +3304,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3167,6 +3319,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3198,6 +3354,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3220,6 +3380,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3372,6 +3534,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3383,6 +3549,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3414,6 +3584,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3436,6 +3610,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3751,6 +3927,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3762,6 +3942,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3793,6 +3977,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3815,6 +4003,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3967,6 +4157,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3978,6 +4172,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4009,6 +4207,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4031,6 +4233,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4326,6 +4530,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4337,6 +4545,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4368,6 +4580,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4390,6 +4606,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4542,6 +4760,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4553,6 +4775,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4584,6 +4810,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4606,6 +4836,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4909,6 +5141,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4920,6 +5156,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4951,6 +5191,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4973,6 +5217,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5125,6 +5371,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5136,6 +5386,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5167,6 +5421,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5189,6 +5447,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5447,6 +5707,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -5522,6 +5809,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -5674,6 +5971,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5685,6 +5986,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5716,6 +6021,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5738,6 +6047,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5890,6 +6201,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5901,6 +6216,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5932,6 +6251,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5954,6 +6277,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6202,6 +6527,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -6282,6 +6634,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -6434,6 +6796,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6445,6 +6811,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6476,6 +6846,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6498,6 +6872,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6650,6 +7026,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6661,6 +7041,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6692,6 +7076,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6714,6 +7102,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6885,11 +7275,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7024,6 +7416,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7035,6 +7431,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7066,6 +7466,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7088,6 +7492,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7240,6 +7646,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7251,6 +7661,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7282,6 +7696,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7304,6 +7722,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7482,11 +7902,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7624,6 +8046,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7635,6 +8061,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7666,6 +8096,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7688,6 +8122,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7840,6 +8276,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7851,6 +8291,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7882,6 +8326,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7904,6 +8352,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8079,11 +8529,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8216,6 +8668,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8227,6 +8683,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8258,6 +8718,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8280,6 +8744,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8432,6 +8898,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8443,6 +8913,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8474,6 +8948,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8496,6 +8974,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8811,6 +9291,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8822,6 +9306,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8853,6 +9341,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8875,6 +9367,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9027,6 +9521,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9038,6 +9536,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9069,6 +9571,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9091,6 +9597,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9386,6 +9894,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9397,6 +9909,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9428,6 +9944,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9450,6 +9970,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9602,6 +10124,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9613,6 +10139,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9644,6 +10174,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9666,6 +10200,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9969,6 +10505,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9980,6 +10520,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10011,6 +10555,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10033,6 +10581,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10185,6 +10735,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10196,6 +10750,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10227,6 +10785,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10249,6 +10811,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10507,6 +11071,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10582,6 +11173,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10734,6 +11335,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10745,6 +11350,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10776,6 +11385,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10798,6 +11411,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10950,6 +11565,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10961,6 +11580,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10992,6 +11615,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11014,6 +11641,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11262,6 +11891,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11342,6 +11998,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11494,6 +12160,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11505,6 +12175,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11536,6 +12210,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11558,6 +12236,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11710,6 +12390,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11721,6 +12405,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11752,6 +12440,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11774,6 +12466,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11945,11 +12639,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12088,6 +12784,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12099,6 +12799,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12130,6 +12834,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12152,6 +12860,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12304,6 +13014,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12315,6 +13029,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12346,6 +13064,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12368,6 +13090,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12670,6 +13394,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12681,6 +13409,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12712,6 +13444,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12734,6 +13470,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12886,6 +13624,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12897,6 +13639,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12928,6 +13674,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12950,6 +13700,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13208,6 +13960,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -13283,6 +14062,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -13435,6 +14224,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13446,6 +14239,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13477,6 +14274,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13499,6 +14300,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13651,6 +14454,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13662,6 +14469,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13693,6 +14504,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13715,6 +14530,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13963,6 +14780,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -14043,6 +14887,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -14195,6 +15049,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14206,6 +15064,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14237,6 +15099,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14259,6 +15125,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14411,6 +15279,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14422,6 +15294,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14453,6 +15329,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14475,6 +15355,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14646,11 +15528,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14860,6 +15744,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14871,6 +15759,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14902,6 +15794,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14924,6 +15820,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15076,6 +15974,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15087,6 +15989,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15118,6 +16024,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15140,6 +16050,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index f9910152..1865aa2d 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -96,6 +96,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index fa11aef6..4c6209ad 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -83,6 +83,18 @@ spec: {{- with (concat .Values.global.env .Values.dex.env) }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index be3cec78..97cc2a1e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1010,7 +1010,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.38.0 + tag: v2.41.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 1c95f37c68340326bd7fe1264d23fc1f35774a18 Mon Sep 17 00:00:00 2001 From: Robert Macaulay Date: Thu, 7 Nov 2024 17:17:27 -0600 Subject: [PATCH 529/617] fix(argo-rollouts): plugin block rendering was incorrect (#3014) * Fix the plugin block rendering Signed-off-by: Robert Macaulay * fixed chart.yaml Signed-off-by: Robert Macaulay * Update charts/argo-rollouts/Chart.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: Robert Macaulay --------- Signed-off-by: Robert Macaulay Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/templates/controller/configmap.yaml | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 44abcb53..bd4cf96c 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.7 +version: 2.37.8 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add description for manual secret creation + - kind: fixed + description: Fixed rendering of plugins in the ConfigMap diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml index 1978b2b6..a1971ab9 100644 --- a/charts/argo-rollouts/templates/controller/configmap.yaml +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -8,8 +8,10 @@ metadata: {{- include "argo-rollouts.labels" . | nindent 4 }} data: {{- with .Values.controller.metricProviderPlugins }} - {{- toYaml . | nindent 2 }} + metricProviderPlugins: |- + {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.controller.trafficRouterPlugins }} - {{- toYaml . | nindent 2 }} + trafficRouterPlugins: |- + {{- toYaml . | nindent 4 }} {{- end }} From 09b5c1a75451d5cb3b5edf8d28b35c82e67764ed Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:28:58 +0100 Subject: [PATCH 530/617] chore(deps): update renovatebot/github-action action to v40.3.6 (#3016) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ee154574..c8410dc7 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@28bcd5c4900a4353b5c9af9e1bd61dd6377f0f0d # v40.3.5 + uses: renovatebot/github-action@0984fb80fc633b17e57f3e8b6c007fe0dc3e0d62 # v40.3.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From c19cba01f8b014aece37f326b732afc66c634525 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 21:43:53 -0600 Subject: [PATCH 531/617] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.1 (#3019) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argocd-image-updater/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index df988cd0..f74772f9 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.1 -appVersion: v0.15.0 +version: 0.11.2 +appVersion: v0.15.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.15.0 + description: Bump argocd-image-updater to v0.15.1 From 2aea9e4cab11af366bd2ba3b11ba082a01636ca2 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 18:39:46 +0900 Subject: [PATCH 532/617] chore(deps): update renovatebot/github-action action to v41 (#3017) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c8410dc7..1cc60f28 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@0984fb80fc633b17e57f3e8b6c007fe0dc3e0d62 # v40.3.6 + uses: renovatebot/github-action@67a664fc9b4481b33a3eff6ee9edfb7a7b9dfa1e # v41.0.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 0f79d5af86d63dca501d2ae1f9ad327e2384b6e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 23:38:59 +0100 Subject: [PATCH 533/617] chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 in the dependencies group (#3020) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 13a9b58c..e2766c9c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: sarif_file: results.sarif From 0061e14563571f1cd0447fcac0e90407a600bbc4 Mon Sep 17 00:00:00 2001 From: Etienne Divet <87660346+enneitex@users.noreply.github.com> Date: Sun, 10 Nov 2024 02:42:00 +0100 Subject: [PATCH 534/617] feat(argo-cd): Add honorLabels config for ServiceMonitor resources (#3018) add honorLabels config for ServiceMonitor resources Signed-off-by: DIVET Etienne Co-authored-by: DIVET Etienne Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 7 +++++++ .../servicemonitor.yaml | 1 + .../argocd-applicationset/servicemonitor.yaml | 1 + .../argocd-notifications/servicemonitor.yaml | 1 + .../argocd-repo-server/servicemonitor.yaml | 1 + .../templates/argocd-server/servicemonitor.yaml | 1 + charts/argo-cd/templates/dex/servicemonitor.yaml | 1 + charts/argo-cd/templates/redis/servicemonitor.yaml | 1 + charts/argo-cd/values.yaml | 14 ++++++++++++++ 10 files changed, 30 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f93ef2d9..f98e502c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.0 +version: 7.7.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.13.0 + description: add honorLabels config for ServiceMonitor resources diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c14be77a..db52b9da 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -834,6 +834,7 @@ NAME: my-release | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -928,6 +929,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1078,6 +1080,7 @@ NAME: my-release | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1189,6 +1192,7 @@ NAME: my-release | dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1291,6 +1295,7 @@ NAME: my-release | redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | | redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1483,6 +1488,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1570,6 +1576,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index a9edaf54..d1912470 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }} {{- with .Values.controller.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 8fac6a8d..52d70700 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }} {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 0d2c704f..22b882a6 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -41,6 +41,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }} namespaceSelector: matchNames: - {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 70995398..b02ba7a4 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -35,6 +35,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} + honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} scheme: {{ . }} {{- end }} {{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 74902ef0..49c24138 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} {{- with .Values.server.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 2c03e597..93c9fa32 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -31,6 +31,7 @@ spec: metricRelabelings: {{- toYaml . |nindent 8 }} {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} {{- with .Values.dex.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 4132c1ce..4710d286 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -32,6 +32,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }} {{- with .Values.redis.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 97cc2a1e..1694cc5a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -874,6 +874,8 @@ controller: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -970,6 +972,8 @@ dex: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -1529,6 +1533,8 @@ redis: enabled: false # -- Interval at which metrics should be scraped interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2164,6 +2170,8 @@ server: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2739,6 +2747,8 @@ repoServer: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2900,6 +2910,8 @@ applicationSet: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -3314,6 +3326,8 @@ notifications: scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion From 7a8cdf08430cab7d57e02d0a9024e7d79bc7bedf Mon Sep 17 00:00:00 2001 From: Frans Guelinckx Date: Tue, 12 Nov 2024 17:28:33 +0100 Subject: [PATCH 535/617] chore(argo-cd): Update Redis image to 7.4.1 (#3023) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f98e502c..1e50e313 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.1 +version: 7.7.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add honorLabels config for ServiceMonitor resources + description: Updated Redis image tag to 7.4.1 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index db52b9da..8d8eb50d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1276,7 +1276,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1362,7 +1362,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1694cc5a..fd390237 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1278,7 +1278,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.1-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1564,7 +1564,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.1-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From 936101865d3090183fc4979546685ece7f78ac23 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 13 Nov 2024 19:57:10 +0900 Subject: [PATCH 536/617] chore(argo-cd): Upgrade redis-ha (#3026) Signed-off-by: yu-croco --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 309790fc..36656a14 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.27.6 -digest: sha256:69c6b20682f0a2a8044b71731b7c656a57118088a7b3611f59217b537167af2e -generated: "2024-08-28T13:02:33.763307+02:00" + version: 4.29.4 +digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7 +generated: "2024-11-13T09:07:36.494128+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e50e313..a77f020a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.2 +version: 7.7.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.27.6 + version: 4.29.4 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Updated Redis image tag to 7.4.1 + description: Upgrade redis-ha From 5869c1d2bb85205e761ee93ee6e1f6157aa139ea Mon Sep 17 00:00:00 2001 From: Emmanuel Ferdman Date: Fri, 15 Nov 2024 11:04:53 +0200 Subject: [PATCH 537/617] docs(argo-rollouts): update security policy for Argo Rollouts in SECURITY.md (#3034) docs(SECURITY.md): update security policy for Argo Rollouts Signed-off-by: Emmanuel Ferdman --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index f4fb6002..a066f67f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ Each helm chart currently supports the designated application version in the Cha * [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) * [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) -* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md) +* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md) * [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md) * [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md) From 84329170e0707106274db4814c4a67ec5c043786 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 09:28:29 -0700 Subject: [PATCH 538/617] chore(deps): bump github/codeql-action from 3.27.1 to 3.27.4 in the dependencies group (#3039) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e2766c9c..19c09e4c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif From 37b52a569393abe9d6fa30ef277a117cda8c34d8 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 21:36:19 -0800 Subject: [PATCH 539/617] chore(deps): update renovatebot/github-action action to v41.0.3 (#3040) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 1cc60f28..00e1b401 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@67a664fc9b4481b33a3eff6ee9edfb7a7b9dfa1e # v41.0.2 + uses: renovatebot/github-action@e02bf7b1c996027e55e910400653576a8293246c # v41.0.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 5ab558e91768ef2fd9c5917f7196b261d86a4f85 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:47:50 -0600 Subject: [PATCH 540/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.1 (#3043) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a77f020a..6f17b1c2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.0 +appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.3 +version: 7.7.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade redis-ha + description: Bump argo-cd to v2.13.1 From 7e397f75f3beca8aaa51695ecd63d8d99b66a10d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 21 Nov 2024 17:27:05 +0900 Subject: [PATCH 541/617] chore(argo-workflows): Upgrade Argo Workflows to v3.6.0 (#3037) * chore(argo-workflows): Upgrade Argo Workflows to v3.6.0 Signed-off-by: yu-croco * fix: clean up cache to pass CI Signed-off-by: yu-croco * test: rm cache clear. Try latest version of ct test Signed-off-by: Tim Collins * just trying all the things. sorry Signed-off-by: Tim Collins * add debug output Signed-off-by: Tim Collins * additional debug Signed-off-by: Tim Collins * MOAR debug Signed-off-by: Tim Collins * typo Signed-off-by: Tim Collins * specifically find files Signed-off-by: Tim Collins * use minimal crds Signed-off-by: Tim Collins * rm debug step Signed-off-by: Tim Collins --------- Signed-off-by: yu-croco Signed-off-by: Tim Collins Co-authored-by: Tim Collins Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 3 +- charts/argo-workflows/Chart.yaml | 8 +- .../argoproj.io_workflowartifactgctasks.yaml | 1150 ++++++++++++++++- .../argoproj.io_workfloweventbindings.yaml | 650 +++++++++- .../crds/argoproj.io_workflowtaskresults.yaml | 65 + 5 files changed, 1841 insertions(+), 35 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 188f37be..c8188a35 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -41,7 +41,7 @@ jobs: uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: # Note: Also update in scripts/lint.sh - version: v3.10.0 + version: v3.11.0 - name: List changed charts id: list-changed @@ -74,7 +74,6 @@ jobs: if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml - - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions if: | contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') || diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index cf7daa93..fb008aa6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.12 +appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.7 +version: 0.43.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support lifecycle and terminationGracePeriodSeconds for server + - kind: changed + description: Upgrade Argo Workflows to v3.6.0 diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml index dcebddb2..6a474715 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml @@ -17,34 +17,1130 @@ spec: listKind: WorkflowArtifactGCTaskList plural: workflowartifactgctasks shortNames: - - wfat + - wfat singular: workflowartifactgctask scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + artifactsByNode: + additionalProperties: + properties: + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + type: object + artifacts: + additionalProperties: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: object + type: object + type: object + type: object + status: + properties: + artifactResultsByNode: + additionalProperties: + properties: + artifactResults: + additionalProperties: + properties: + error: + type: string + name: + type: string + success: + type: boolean + required: + - name + type: object + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml index 097fa5cd..f11df956 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml @@ -32,9 +32,655 @@ spec: metadata: type: object spec: + properties: + event: + properties: + selector: + type: string + required: + - selector + type: object + submit: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + metadata: + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + required: + - workflowTemplateRef + type: object + required: + - event type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true required: - metadata - spec diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml index 861f1df8..02f3f08b 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml @@ -81,12 +81,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic url: type: string usernameSecret: @@ -94,12 +96,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - url type: object @@ -110,12 +114,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic blob: type: string container: @@ -146,12 +152,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - key type: object @@ -170,17 +178,21 @@ spec: type: array insecureIgnoreHostKey: type: boolean + insecureSkipTLS: + type: boolean passwordSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic repo: type: string revision: @@ -192,23 +204,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic usernameSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - repo type: object @@ -220,6 +236,8 @@ spec: items: type: string type: array + dataTransferProtection: + type: string force: type: boolean hdfsUser: @@ -229,34 +247,40 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbConfigConfigMap: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbKeytabSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbRealm: type: string krbServicePrincipalName: @@ -279,23 +303,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic usernameSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object clientCert: properties: @@ -304,23 +332,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic clientKeySecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object oauth2: properties: @@ -329,23 +361,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic clientSecretSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic endpointParams: items: properties: @@ -366,12 +402,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object type: object headers: @@ -405,12 +443,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string createBucketIfNotPresent: @@ -433,12 +473,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic securityToken: type: string useSDKCreds: @@ -464,12 +506,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string caSecret: @@ -477,12 +521,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic createBucketIfNotPresent: properties: objectLocking: @@ -501,12 +547,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object endpoint: type: string @@ -523,12 +571,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic useSDKCreds: type: boolean type: object @@ -564,12 +627,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic default: type: string event: From 81dc44c4a5ccd42c799469a78eb96a68048a4987 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Thu, 21 Nov 2024 01:58:52 -0700 Subject: [PATCH 542/617] fix(argo-workflows): Remove excessive wf controller RBAC permissions (#3044) Signed-off-by: Tim Collins --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/controller/workflow-role.yaml | 21 ------------------- 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index fb008aa6..f8ced494 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.43.0 +version: 0.44.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.6.0 + - kind: fixed + description: Remove excessive RBAC privileges from workflow-role. diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 14265372..e99369a2 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -11,27 +11,6 @@ metadata: namespace: {{ . }} {{- end }} rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - apiGroups: - argoproj.io resources: From 8a1d39610c9aebf1f32e79a736dbbfa577b035a5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 21 Nov 2024 21:36:55 +0900 Subject: [PATCH 543/617] fix(argo-cd): Update application CRD (#3047) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/crds/crd-application.yaml | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6f17b1c2..9f7925d2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.4 +version: 7.7.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.1 + - kind: fixed + description: Update application CRD diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 2874d885..7e3afda6 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -125,6 +125,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync @@ -2720,6 +2725,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync @@ -5356,3 +5366,4 @@ spec: storage: true subresources: {} {{- end }} + From ccfa0651cba45454d7462dcb153d4222ef1feb72 Mon Sep 17 00:00:00 2001 From: Robert Macaulay Date: Thu, 21 Nov 2024 07:02:51 -0600 Subject: [PATCH 544/617] fix(argo-rollouts): Change type of trafficRouterPlugins and trafficRouterPlugins as list (#3036) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 4 ++-- charts/argo-rollouts/values.yaml | 14 ++++++-------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index bd4cf96c..1eb766af 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.8 +version: 2.38.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of plugins in the ConfigMap + description: Updated plugin values.yaml example and it's implementation to not need to include the stringification or the plugins block that it used to diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 126a1dcd..927a2098 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -102,7 +102,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.kloglevel | string | `"0"` | Set the klog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | -| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | +| controller.metricProviderPlugins | list | `[]` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.service.annotations | object | `{}` | Service annotations | | controller.metrics.service.port | int | `8090` | Metrics service port | @@ -127,7 +127,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | -| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller | +| controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | | controller.volumes | list | `[]` | Additional volumes to add to the controller pod | | podAnnotations | object | `{}` | Annotations for the all deployed pods | diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index b6b5821c..fdc58a44 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -209,17 +209,15 @@ controller: # -- Configures 3rd party metric providers for controller ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ - metricProviderPlugins: {} - # metricProviderPlugins: |- - # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration - # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + metricProviderPlugins: [] + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// # -- Configures 3rd party traffic router plugins for controller ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ - trafficRouterPlugins: {} - # trafficRouterPlugins: |- - # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration - # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + trafficRouterPlugins: [] + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// serviceAccount: # -- Specifies whether a service account should be created From e888b374c99149f4991afca8614e6e7b59e3d993 Mon Sep 17 00:00:00 2001 From: Scott Melhop <31436287+scottmelhop@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:40:29 +0100 Subject: [PATCH 545/617] fix(argo-workflows): Updated chart to reflect change to ARGO_BASE_HREF env (#3049) * Updated chart to reflect change to ARGO_BASE_HREF env Signed-off-by: Scott Melhop * Update changelog Signed-off-by: Scott Melhop * remove ide formatting Signed-off-by: Scott Melhop --------- Signed-off-by: Scott Melhop --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f8ced494..25a548e1 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.44.0 +version: 0.44.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Remove excessive RBAC privileges from workflow-role. + description: Change BASE_HREF to ARGO_BASE_HREF. diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index ce0efa78..b9a2541b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -95,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: BASE_HREF + - name: ARGO_BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} From 90eef9ef1f8c5e58e6fdb0459047363d62a2e328 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 22 Nov 2024 15:19:46 +0000 Subject: [PATCH 546/617] fix(argo-workflows): Make Argo Agent and Artifact GC permissions optional for workflows SA (#3048) --- charts/argo-workflows/Chart.yaml | 4 +-- charts/argo-workflows/README.md | 2 ++ .../templates/controller/agent-rb.yaml | 29 +++++++++++++++++++ .../templates/controller/agent-role.yaml | 29 +++++++++++++++++++ .../templates/controller/artifact-gc-rb.yaml | 29 +++++++++++++++++++ .../controller/artifact-gc-role.yaml | 29 +++++++++++++++++++ .../templates/controller/workflow-role.yaml | 15 ---------- charts/argo-workflows/values.yaml | 4 +++ 8 files changed, 124 insertions(+), 17 deletions(-) create mode 100644 charts/argo-workflows/templates/controller/agent-rb.yaml create mode 100644 charts/argo-workflows/templates/controller/agent-role.yaml create mode 100644 charts/argo-workflows/templates/controller/artifact-gc-rb.yaml create mode 100644 charts/argo-workflows/templates/controller/artifact-gc-role.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 25a548e1..4b7e834e 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.44.1 +version: 0.45.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Change BASE_HREF to ARGO_BASE_HREF. + description: Make Argo Agent and Artifact GC permissions optional for workflows SA diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 965656af..6a82eb5f 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -133,6 +133,8 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | +| workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates | +| workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc | | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | | workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | diff --git a/charts/argo-workflows/templates/controller/agent-rb.yaml b/charts/argo-workflows/templates/controller/agent-rb.yaml new file mode 100644 index 00000000..67e49955 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/agent-role.yaml b/charts/argo-workflows/templates/controller/agent-role.yaml new file mode 100644 index 00000000..577567b2 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtasksets + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowtasksets/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml new file mode 100644 index 00000000..279b2c50 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-role.yaml b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml new file mode 100644 index 00000000..48218b83 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index e99369a2..81c20048 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -18,21 +18,6 @@ rules: verbs: - create - patch - - apiGroups: - - argoproj.io - resources: - - workflowtasksets - - workflowartifactgctasks - verbs: - - list - - watch - - apiGroups: - - argoproj.io - resources: - - workflowtasksets/status - - workflowartifactgctasks/status - verbs: - - patch {{- end }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 75135854..8101898b 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -69,6 +69,10 @@ workflow: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) create: true + # -- Allows permissions for the Argo Agent. Only required if using http/plugin templates + agentPermissions: false + # -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc + artifactGC: false # -- Extra service accounts to be added to the RoleBinding serviceAccounts: [] # - name: my-service-account From 4909b4287091fa75e22d6b25117e445366261df5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 05:57:50 -0600 Subject: [PATCH 547/617] chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 in the dependencies group (#3050) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 19c09e4c..7442ff0b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif From 3e1b02da23a7398f5be6401bd763c7a0c5e41859 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 19:53:13 +0900 Subject: [PATCH 548/617] chore(deps): update renovatebot/github-action action to v41.0.4 (#3051) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 00e1b401..94d21965 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@e02bf7b1c996027e55e910400653576a8293246c # v41.0.3 + uses: renovatebot/github-action@757597d1bb6993c6406e207997a85f2b20ff39be # v41.0.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From d0b5926c0bf61e09a7ecbb0f705c33f5e1034c26 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 28 Nov 2024 05:43:45 +0900 Subject: [PATCH 549/617] feat(argo-events): Upgrade Argo Events to v1.9.3 (#3055) --- charts/argo-events/Chart.yaml | 8 ++++---- charts/argo-events/README.md | 2 ++ .../templates/argo-events-controller/config.yaml | 2 ++ charts/argo-events/values.yaml | 4 ++++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index dc6af9ac..519ebe66 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.2 +appVersion: v1.9.3 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.8 +version: 2.4.9 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: events-webhook Service using non-default port + - kind: changed + description: Bump argo-events to v1.9.3 diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 5d2c036b..10b26972 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -60,11 +60,13 @@ done |-----|------|---------|-------------| | configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) | | configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) | +| configs.jetstream.streamConfig.discard | int | `0` | 0: DiscardOld, 1: DiscardNew | | configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment | | configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” | | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | +| configs.jetstream.streamConfig.retention | int | `0` | 0: Limits, 1: Interest, 2: WorkQueue | | configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | | configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | | configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | | diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index 119c10f5..e3047de7 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -32,6 +32,8 @@ data: maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }} replicas: {{ .Values.configs.jetstream.streamConfig.replicas }} duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }} + retention: {{ .Values.configs.jetstream.streamConfig.retention }} + discard: {{ .Values.configs.jetstream.streamConfig.discard }} versions: {{- range .Values.configs.jetstream.versions }} - version: {{ .version }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 09a2d9ea..5c2206d6 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -94,6 +94,10 @@ configs: replicas: 3 # -- Not documented at the moment duplicates: 300s + # -- 0: Limits, 1: Interest, 2: WorkQueue + retention: 0 + # -- 0: DiscardOld, 1: DiscardNew + discard: 0 # Supported versions of JetStream eventbus versions: - version: latest From 07c5b5df98b3f0ba47024de38d42ac8222aef813 Mon Sep 17 00:00:00 2001 From: Bhavin Kotak Date: Wed, 27 Nov 2024 18:41:56 -0600 Subject: [PATCH 550/617] fix(argo-cd): Fix REDIS_PASSWORD optional flag (#3058) * fix(argo-cd): Fix REDIS_PASSWORD optional flag Signed-off-by: Bhavin Kotak * update charge version Signed-off-by: Bhavin Kotak --------- Signed-off-by: Bhavin Kotak --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9f7925d2..31552637 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.5 +version: 7.7.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update application CRD + description: REDIS_PASSWORD optional flag change diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 70620df6..a907ac76 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -228,10 +228,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9a15e596..2617251d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -187,10 +187,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index b0cecd6c..cc5f7bfe 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -255,10 +255,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: From b1333d849113a0c6c9356a068f328ea3c613a6b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 19:54:13 +0900 Subject: [PATCH 551/617] chore(deps): bump renovatebot/github-action from 41.0.4 to 41.0.5 in the dependencies group (#3061) chore(deps): bump renovatebot/github-action in the dependencies group Bumps the dependencies group with 1 update: [renovatebot/github-action](https://github.com/renovatebot/github-action). Updates `renovatebot/github-action` from 41.0.4 to 41.0.5 - [Release notes](https://github.com/renovatebot/github-action/releases) - [Changelog](https://github.com/renovatebot/github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/renovatebot/github-action/compare/757597d1bb6993c6406e207997a85f2b20ff39be...936628dfbff213ab2eb95033c5e123cfcaf09ebb) --- updated-dependencies: - dependency-name: renovatebot/github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 94d21965..35f688c3 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@757597d1bb6993c6406e207997a85f2b20ff39be # v41.0.4 + uses: renovatebot/github-action@936628dfbff213ab2eb95033c5e123cfcaf09ebb # v41.0.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 344fcae2a1aaacd189b03690b6b3f8c9348cfb7f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 10:12:10 +0100 Subject: [PATCH 552/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.142.7 (#3062) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 35f688c3..896c46f0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.141.1 + renovate-version: 38.142.7 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 3767e5b8aea8272bb70987c25185df25e8373b31 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 10:17:06 +0000 Subject: [PATCH 553/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v39 (#3063) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 896c46f0..361ea06c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.142.7 + renovate-version: 39.43.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 0195a3581e94e33bac23b7a2b2edd3abb0c0671e Mon Sep 17 00:00:00 2001 From: Garry O'Donnell Date: Mon, 2 Dec 2024 14:19:44 +0000 Subject: [PATCH 554/617] feat(argo-cd): Template server ingress extraTls arguments (#3056) Signed-off-by: Garry O'Donnell --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 31552637..446c4b57 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.6 +version: 7.7.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: REDIS_PASSWORD optional flag change + - kind: added + description: Allowed the use of templates in the server.ingress.extraTls field diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 84668373..31f72ed6 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -63,7 +63,7 @@ spec: secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- end }} {{- end }} From 168bc63bd6b65586720ebbcea197dbce123c03f5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 09:39:27 -0800 Subject: [PATCH 555/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.6.1 (#3064) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 4b7e834e..77ca7d7d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.6.0 +appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.0 +version: 0.45.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Make Argo Agent and Artifact GC permissions optional for workflows SA + - kind: changed + description: Bump argo-workflows to v3.6.2 From 9bf8f97811c3d52696faa3be0c0a362b68039eab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 04:13:07 -0600 Subject: [PATCH 556/617] chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 in the dependencies group (#3069) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7442ff0b..a52762aa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: sarif_file: results.sarif From cf8b6950f194c88296f8f1d5a029fc2421c7719f Mon Sep 17 00:00:00 2001 From: Takumi Sue <23391543+mikutas@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:17:14 +0900 Subject: [PATCH 557/617] feat(argo-cd): Bump argocd-extension-installer to 0.0.8 (#3070) Bump argocd-extension-installer to 0.0.8 Signed-off-by: mikutas <23391543+mikutas@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 446c4b57..8f971efe 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.7 +version: 7.7.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allowed the use of templates in the server.ingress.extraTls field + - kind: changed + description: Bump argocd-extension-installer to v0.0.8 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8d8eb50d..8cea8341 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1023,7 +1023,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fd390237..f2ca736a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1847,7 +1847,7 @@ server: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.5" + tag: "v0.0.8" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From eb53a916b8664de33532842e0a110919ebed1c1d Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 08:36:00 -0600 Subject: [PATCH 558/617] chore(deps): update renovatebot/github-action action to v41.0.6 (#3071) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 361ea06c..e267fcc8 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@936628dfbff213ab2eb95033c5e123cfcaf09ebb # v41.0.5 + uses: renovatebot/github-action@e3a862510f27d57a380efb11f0b52ad7e8dbf213 # v41.0.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From e72297ca734f3505cd86e195745eb32398627941 Mon Sep 17 00:00:00 2001 From: Symeon Meichanetzoglou Date: Wed, 11 Dec 2024 16:36:09 +0100 Subject: [PATCH 559/617] fix(argo-cd): Fix repo-server honorLabels config template (#3075) * FIX: move honorLabels config out of condition Signed-off-by: symaras * update changelog Signed-off-by: symaras * bump chart version Signed-off-by: symaras * adjust changelog Signed-off-by: symaras --------- Signed-off-by: symaras --- charts/argo-cd/Chart.yaml | 6 +++--- .../templates/argocd-repo-server/servicemonitor.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8f971efe..110f1bc2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.8 +version: 7.7.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argocd-extension-installer to v0.0.8 + - kind: fixed + description: Fix honorLabels config template diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index b02ba7a4..3d7cc497 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -34,8 +34,8 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} + {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} {{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }} From 5e8ac12acdedb969e20c9fc0d2714a3aa90baf91 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 05:33:06 +0000 Subject: [PATCH 560/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.2 (#3076) --- charts/argo-cd/Chart.yaml | 8 ++++---- charts/argo-cd/templates/argocd-server/clusterrole.yaml | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 110f1bc2..6f399bbb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.1 +appVersion: v2.13.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.9 +version: 7.7.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix honorLabels config template + - kind: changed + description: Bump argo-cd to v2.13.2 diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index b6c5f81f..1bc9aed5 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -17,7 +17,6 @@ rules: - delete # supports deletion a live object in UI - get # supports viewing live object manifest in UI - patch # supports `argocd app patch` - - list # supports `argocd appset generate` with cluster generator - apiGroups: - "" resources: From 21d9d3e18a50a08882a445be8f089a44258994ce Mon Sep 17 00:00:00 2001 From: Frederic M <43849398+fad3t@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:27:26 +0100 Subject: [PATCH 561/617] fix(argocd-image-updater): update RBAC namespaced role (#3073) Signed-off-by: Frederic Mereu Co-authored-by: Aikawa --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/templates/rbac.yaml | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index f74772f9..4cbb96e5 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.2 +version: 0.11.3 appVersion: v0.15.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.15.1 + description: Update permissions for namespaced Role diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 0f631108..867d5b59 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -24,6 +24,15 @@ rules: - events verbs: - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 From c6e5aba59081dd3cf08e5d8f2e8932e67302f20e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Dec 2024 12:35:51 -0600 Subject: [PATCH 562/617] chore(deps): bump github/codeql-action from 3.27.6 to 3.27.9 in the dependencies group (#3078) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a52762aa..efed22af 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif From f9856eb58376062f8f3697d79c0579c19aad14ac Mon Sep 17 00:00:00 2001 From: Kazuma Inamura <8310973+inamuu@users.noreply.github.com> Date: Tue, 17 Dec 2024 06:31:09 +0900 Subject: [PATCH 563/617] fix(argo-workflows): a link in values.yaml for Kubernetes Ingress docs (#3079) Signed-off-by: inamuu <8310973+inamuu@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 77ca7d7d..86f35660 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.1 +version: 0.45.2 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.6.2 + - kind: fixed + description: Reference to ingress link was fixed diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8101898b..3de0ad8d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -625,7 +625,7 @@ server: volumes: [] ## Ingress configuration. - # ref: https://kubernetes.io/docs/user-guide/ingress/ + # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: # -- Enable an ingress resource enabled: false From 46b76061b58f7ae71777708479ab622927dca923 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 08:52:31 +0900 Subject: [PATCH 564/617] chore(deps): update actions/create-github-app-token action to v1.11.1 (#3085) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e267fcc8..86872311 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 06af22458fe106226be98830664e7a421afadbce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 05:13:42 -0600 Subject: [PATCH 565/617] chore(deps): bump the dependencies group with 3 updates (#3086) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c8188a35..cf03b150 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index efed22af..0205ce8c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif From ca63415d8ac840e2fb855404e5bf22642f5f38f8 Mon Sep 17 00:00:00 2001 From: Davor Gajic <47570664+gajicdev@users.noreply.github.com> Date: Sat, 21 Dec 2024 13:05:37 +0100 Subject: [PATCH 566/617] fix(argo-cd): add functionality to en/disable argocd-ssh-known-hosts-cm (#3083) Signed-off-by: Davor Gajic Co-authored-by: Davor Gajic Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml | 2 ++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6f399bbb..ac2842e4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.10 +version: 7.7.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.2 + - kind: added + description: Added functionality to en/disable argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8cea8341..226c37a9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -783,6 +783,7 @@ NAME: my-release | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | | configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | | configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | | configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | | configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index b0695ed3..0218d40b 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.ssh.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -17,3 +18,4 @@ data: {{- with .Values.configs.ssh.extraHosts }} {{- . | nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f2ca736a..66522279 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -371,6 +371,9 @@ configs: # SSH known hosts for Git repositories ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true + # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap annotations: {} From ef90ecc84466b2d78adf479dd1f162e8760a037c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 14:47:18 +0900 Subject: [PATCH 567/617] chore(deps): update renovatebot/github-action action to v41.0.7 (#3087) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 86872311..b7e3508d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@e3a862510f27d57a380efb11f0b52ad7e8dbf213 # v41.0.6 + uses: renovatebot/github-action@2be773c4be8361d8182cc1b750e75bbc75af71b0 # v41.0.7 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 74376f6cab408d9c78c645dd61dffc5c4b138e15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Dec 2024 11:52:27 -0600 Subject: [PATCH 568/617] chore(deps): bump helm/kind-action from 1.11.0 to 1.12.0 in the dependencies group (#3091) --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index cf03b150..4c4db950 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 0877c58e19cd2ffd96e613520938a4a744b424b7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 31 Dec 2024 02:19:17 +0900 Subject: [PATCH 569/617] fix(argo-rollouts): Correct outdated URL for ingress (#3093) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 1eb766af..33d77781 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.38.0 +version: 2.38.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Updated plugin values.yaml example and it's implementation to not need to include the stringification or the plugins block that it used to + description: Correct outdated URL for ingress diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index fdc58a44..c95f88bf 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -397,7 +397,7 @@ dashboard: maxUnavailable: # 0 ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: # -- Enable dashboard ingress support From 9bd03f64b225a77d7ebbf86ba2b3a887aeefeff4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 31 Dec 2024 21:17:39 +0900 Subject: [PATCH 570/617] docs(argo-events): Correct outdated URL for doc (#3096) --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/README.md | 8 ++++---- charts/argo-events/README.md.gotmpl | 8 ++++---- charts/argo-events/values.yaml | 8 ++++---- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 519ebe66..fdd4233f 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.3 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.9 +version: 2.4.10 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-events to v1.9.3 + - kind: fixed + description: Correct outdated URL for doc diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 10b26972..7e9f6e37 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -234,9 +234,9 @@ done ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/README.md.gotmpl b/charts/argo-events/README.md.gotmpl index c25a3e97..505217ba 100644 --- a/charts/argo-events/README.md.gotmpl +++ b/charts/argo-events/README.md.gotmpl @@ -89,9 +89,9 @@ done ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 5c2206d6..fb9878c9 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -243,7 +243,7 @@ controller: # runAsNonRoot: true ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -281,7 +281,7 @@ controller: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the events controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -409,7 +409,7 @@ webhook: # runAsNonRoot: true ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -447,7 +447,7 @@ webhook: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the event controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 From 279930e1333880ba0fc176fdae7dafbc0435ca8e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 15:17:29 +0900 Subject: [PATCH 571/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v39.86.4 (#3099) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b7e3508d..932f2a8f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 39.43.0 + renovate-version: 39.86.4 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 2436051d5c67a7ef6497742b667eabcdd60b1920 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 2 Jan 2025 15:18:00 +0900 Subject: [PATCH 572/617] docs(argo-cd): Correct outdated URL for doc (#3097) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 12 ++++++------ charts/argo-cd/README.md.gotmpl | 12 ++++++------ charts/argo-cd/values.yaml | 33 +++++++++++++++++---------------- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac2842e4..d0c28f55 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.11 +version: 7.7.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added functionality to en/disable argocd-ssh-known-hosts-cm + - kind: fixed + description: Correct outdated URL for doc diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 226c37a9..3b2b999a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1623,26 +1623,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index ef75ddfe..bd63c755 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -817,26 +817,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 66522279..d5056840 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -141,7 +141,7 @@ global: # - antarctica-west1 # -- Default [TopologySpreadConstraints] rules for all components - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector of the component topologySpreadConstraints: [] # - maxSkew: 1 @@ -792,7 +792,7 @@ controller: - ALL # Readiness probe for application controller - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -826,7 +826,7 @@ controller: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1228,7 +1228,7 @@ dex: # -- Assign custom [TopologySpreadConstraints] rules to dex # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1315,7 +1315,7 @@ redis: - ALL ## Probes for Redis exporter (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis exporter (optional) enabled: false @@ -1373,7 +1373,7 @@ redis: # name: secret-name ## Probes for Redis server (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis server enabled: false @@ -1483,7 +1483,7 @@ redis: # -- Assign custom [TopologySpreadConstraints] rules to redis # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1632,7 +1632,7 @@ redis-ha: tolerations: [] # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false @@ -1991,7 +1991,7 @@ server: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2037,7 +2037,7 @@ server: # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -2138,7 +2138,8 @@ server: # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] @@ -2638,7 +2639,7 @@ repoServer: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2680,7 +2681,7 @@ repoServer: # -- Assign custom [TopologySpreadConstraints] rules to the repo server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -3007,7 +3008,7 @@ applicationSet: - ALL ## Probes for ApplicationSet controller (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for ApplicationSet controller enabled: false @@ -3384,7 +3385,7 @@ notifications: - ALL ## Probes for notifications controller Pods (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for notifications controller Pods enabled: false @@ -3430,7 +3431,7 @@ notifications: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 From 91ad82947c65cbfa2216e42a9681383bc36a48a8 Mon Sep 17 00:00:00 2001 From: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> Date: Fri, 3 Jan 2025 16:07:27 +0200 Subject: [PATCH 573/617] feat(argo-rollouts): Add lifecyle and terminationGracePeriodSeconds settings for controller (#3100) * feat(argo-rollouts): Add lifecyle and terminationGracePeriodSeconds settings for controller Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> * Update charts/argo-rollouts/templates/controller/deployment.yaml Co-authored-by: Aikawa Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> * Update charts/argo-rollouts/templates/controller/deployment.yaml Co-authored-by: JM (Jason Meridth) Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> --------- Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> Co-authored-by: Aikawa Co-authored-by: JM (Jason Meridth) --- charts/argo-rollouts/Chart.yaml | 8 +++++--- charts/argo-rollouts/README.md | 2 ++ charts/argo-rollouts/templates/controller/deployment.yaml | 6 ++++++ charts/argo-rollouts/values.yaml | 4 ++++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 33d77781..757a6329 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.38.1 +version: 2.38.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Correct outdated URL for ingress + - kind: added + description: Add lifecycle settings for controller + - kind: added + description: Add terminationGracePeriodSeconds for controller diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 927a2098..aa09ca14 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -98,6 +98,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | +| controller.lifecycle | object | `{}` | Specify lifecycle hooks for the controller | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.kloglevel | string | `"0"` | Set the klog logging level | @@ -125,6 +126,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | | controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index df5dc4db..7aea72a4 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -78,6 +78,9 @@ spec: {{- toYaml .Values.controller.readinessProbe | nindent 10 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 10 }} + {{- with .Values.controller.lifecycle }} + lifecycle: {{ toYaml . | nindent 10 }} + {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} volumeMounts: @@ -101,6 +104,9 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{- toYaml .Values.controller.tolerations | nindent 8 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index c95f88bf..26633455 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -79,6 +79,10 @@ controller: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Specify lifecycle hooks for the controller + lifecycle: {} # -- [priorityClassName] for the controller priorityClassName: "" # -- The number of controller pods to run From 844afb6611224b0a1b1d11abb61eef1970ed76b6 Mon Sep 17 00:00:00 2001 From: Bart Versteeg <8367621+bmjhversteeg@users.noreply.github.com> Date: Fri, 3 Jan 2025 16:15:59 +0100 Subject: [PATCH 574/617] feat(argo-workflows): Support ephemeral credentials for s3 (#3101) feat(argo-workflows) Support ephemeral credentials for s3 Signed-off-by: Bart Versteeg <8367621+bmjhversteeg@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-config-map.yaml | 5 +++++ charts/argo-workflows/values.yaml | 3 +++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 86f35660..658d613f 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.2 +version: 0.45.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Reference to ingress link was fixed + - kind: added + description: Support ephemeral credentials for s3 artifact repository diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d93a910e..a269f6e5 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -83,6 +83,11 @@ data: secretKeySecret: key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} + {{- if .Values.artifactRepository.s3.sessionTokenSecret }} + sessionTokenSecret: + key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }} + {{- end }} {{- end }} bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 3de0ad8d..035945d2 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -812,6 +812,9 @@ artifactRepository: # secretKeySecret: # name: "{{ .Release.Name }}-minio" # key: secretkey + # sessionTokenSecret: + # name: "{{ .Release.Name }}-minio" + # key: sessionToken # # insecure will disable TLS. Primarily used for minio installs not configured with TLS # insecure: false # caSecret: From a0831126ccaab5d8bcb12b1a4834232b28e6c11d Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 4 Jan 2025 09:07:39 +0900 Subject: [PATCH 575/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.3 (#3103) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0c28f55..51f0efb6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.2 +appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.12 +version: 7.7.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Correct outdated URL for doc + - kind: changed + description: Bump argo-cd to v2.13.3 From 02db043ff11d6ac18d67beef2d84e2a32828a675 Mon Sep 17 00:00:00 2001 From: Takumi Sue <23391543+mikutas@users.noreply.github.com> Date: Sat, 4 Jan 2025 18:07:48 +0900 Subject: [PATCH 576/617] chore(github): add includePath to renovate.json (#3072) --- renovate.json | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json b/renovate.json index 730f497e..f4b35531 100644 --- a/renovate.json +++ b/renovate.json @@ -12,6 +12,7 @@ "includePaths": [ "**/charts/argo-workflows/Chart.yaml", "**/charts/argo-cd/Chart.yaml", + "**/charts/argo-cd/values.yaml", "**/charts/argo-events/Chart.yaml", "**/charts/argo-rollouts/Chart.yaml", "**/charts/argocd-image-updater/Chart.yaml", From b594e6bd2047dd45c22425df9d32cd307943769d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 4 Jan 2025 23:02:01 +0900 Subject: [PATCH 577/617] fix(argo-events): Support initContainers to controller (#3098) Signed-off-by: yu-croco --- charts/argo-events/Chart.yaml | 4 ++-- .../templates/argo-events-controller/deployment.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index fdd4233f..76d675a3 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.3 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.10 +version: 2.4.11 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Correct outdated URL for doc + description: Support initContainers to controller diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 75d0cdb2..17bf0a6a 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -108,6 +108,10 @@ spec: {{- with .Values.controller.extraContainers }} {{- toYaml . | nindent 6 }} {{- end -}} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 89f40fd00117c90f16e14caa64133d9ba8403e43 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 5 Jan 2025 13:56:16 +0900 Subject: [PATCH 578/617] chore(github): Support redis-exporter to Renovate (#3105) --- renovate.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/renovate.json b/renovate.json index f4b35531..dcf91249 100644 --- a/renovate.json +++ b/renovate.json @@ -101,6 +101,13 @@ "matchPackagePatterns": ["redis-ha"], "enabled": false }, + { + "matchPackagePatterns": ["public.ecr.aws/bitnami/redis-exporter"], + "commitMessagePrefix": "chore({{{replace 'public.ecr.aws/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } + }, { "matchPackageNames": ["ghcr.io/renovatebot/renovate"], "extends": ["schedule:monthly"] From 3b2d2767d95a4b6df74fcfc04a62525067b07942 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 16:29:18 +0900 Subject: [PATCH 579/617] chore(deps): update renovatebot/github-action action to v41.0.8 (#3107) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 932f2a8f..eeea7755 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@2be773c4be8361d8182cc1b750e75bbc75af71b0 # v41.0.7 + uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 796f6c8dc3595afa6a3b7153a7ce283eb2f74677 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 08:04:10 +0100 Subject: [PATCH 580/617] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.2 (#3109) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argocd-image-updater/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 4cbb96e5..f3880ec5 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.3 -appVersion: v0.15.1 +version: 0.11.4 +appVersion: v0.15.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Update permissions for namespaced Role + description: Bump argocd-image-updater to v0.15.2 From 9946d3dfeeb75d4106fa89edb0c610ccc01de12f Mon Sep 17 00:00:00 2001 From: gyajangi1 Date: Tue, 7 Jan 2025 17:32:31 +0530 Subject: [PATCH 581/617] feat(argo-cd): Add DRY support for Ingress (#3081) * Updated tpl function Signed-off-by: gyajangi1 * Update ingress.yaml Signed-off-by: gyajangi1 * reverted changes Signed-off-by: gyajangi1 * Updated ingress.yaml Signed-off-by: gyajangi1 * Update charts/argo-cd/templates/argocd-server/ingress.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: gyajangi1 * Update charts/argo-cd/templates/argocd-server/ingress.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: gyajangi1 * update changelog for tpl function in ingress Signed-off-by: gyajangi1 * update changelog for tpl function in ingress Signed-off-by: gyajangi1 * Update chart version 7.7.14 Signed-off-by: gyajangi1 * Update charts/argo-cd/Chart.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: gyajangi1 * fix: Drop trailing spaces Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: gyajangi1 Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-server/ingress.yaml | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 51f0efb6..1e799493 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.13 +version: 7.7.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.3 + - kind: added + description: Added `tpl` function support for `server.ingress`. diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 31f72ed6..88c2f99a 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -9,20 +9,20 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- with .Values.server.ingress.annotations }} annotations: {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ tpl $value $ | quote }} {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} - ingressClassName: {{ . }} + ingressClassName: {{ tpl . $ }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -36,7 +36,7 @@ spec: port: number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name | quote }} + - host: {{ tpl .name $ | quote }} http: paths: - path: {{ default $.Values.server.ingress.path .path }} @@ -54,10 +54,10 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ tpl .name $ }} {{- end }} {{- end }} secretName: argocd-server-tls From d963962c569150d9138a6751f3b75a95154c873b Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 17:36:39 +0900 Subject: [PATCH 582/617] chore(argo-events): Update dependency argoproj/argo-events to v1.9.4 (#3112) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-events/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 76d675a3..55a7bd51 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.3 +appVersion: v1.9.4 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.11 +version: 2.4.12 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Support initContainers to controller + - kind: changed + description: Bump argo-events to v1.9.4 From 6c5e25c74332ece7b1d30115b3f4e800cbb2ea00 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 10 Jan 2025 16:17:52 +0900 Subject: [PATCH 583/617] fix(argo-cd): Correct ingress listen-ports example on README (#3120) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/README.md.gotmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e799493..ce7bac6b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.14 +version: 7.7.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added `tpl` function support for `server.ingress`. + - kind: fixed + description: Correct ingress listen-ports example diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3b2b999a..afc0e9bb 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -191,7 +191,7 @@ server: alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index bd63c755..0520c40f 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -190,7 +190,7 @@ server: alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip From 23b484de9c0a21de761b542c50a5b44fa1e63b69 Mon Sep 17 00:00:00 2001 From: Cristhian Roa Date: Fri, 10 Jan 2025 11:23:36 +0100 Subject: [PATCH 584/617] feat(argo-workflows): Support workflowEvent configuration to Argo Workflow Controller (#3115) Support workflowEvent configuration to Argo Workflow Controller Signed-off-by: Cristhian Roa Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 2 ++ charts/argo-workflows/values.yaml | 6 ++++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 658d613f..be8df0c6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.3 +version: 0.45.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support ephemeral credentials for s3 artifact repository + description: Support configuring workflow events in the controller diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 6a82eb5f..323524c2 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -239,6 +239,7 @@ Fields to note: | controller.volumeMounts | list | `[]` | Additional volume mounts to the controller main container | | controller.volumes | list | `[]` | Additional volumes to the controller pod | | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ | +| controller.workflowEvents.enabled | bool | `true` | Enable to emit events on workflow status changes. | | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. | | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ | | controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index a269f6e5..49616768 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -200,6 +200,8 @@ data: {{- end }} nodeEvents: enabled: {{ .Values.controller.nodeEvents.enabled }} + workflowEvents: + enabled: {{ .Values.controller.workflowEvents.enabled }} {{- with .Values.controller.kubeConfig }} kubeConfig: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 035945d2..cf9b08d8 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -402,6 +402,12 @@ controller: ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" enabled: true + workflowEvents: + # -- Enable to emit events on workflow status changes. + ## This can take up a lot of space in k8s (typically etcd), resulting in errors when trying to create new events: + ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" + enabled: true + # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads, # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. # @default -- `{}` (See [values.yaml]) From b10de0302629918c2ad22223e19f7b3974c1c74c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 04:22:29 -0600 Subject: [PATCH 585/617] chore(argo-events): Update dependency argoproj/argo-events to v1.9.5 (#3121) --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 55a7bd51..a184cb91 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.4 +appVersion: v1.9.5 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.12 +version: 2.4.13 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-events to v1.9.4 + description: Bump argo-events to v1.9.5 From 191e7688ab34afa504451813e1dd9169d1f3b967 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 10:24:22 +0000 Subject: [PATCH 586/617] chore(deps): bump the dependencies group with 2 updates (#3122) --- .github/workflows/scorecard.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0205ce8c..231f25c1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif From b0578c400163e9c65f90b3918a7b97ac50e3ac46 Mon Sep 17 00:00:00 2001 From: nhershman Date: Tue, 14 Jan 2025 02:17:29 -0800 Subject: [PATCH 587/617] fix(argo-cd): Adding conditionals around argocd-tls-cert-cm.yaml helm creation (#3124) * chore(argo-events): Update dependency argoproj/argo-events to v1.9.5 (#3121) Signed-off-by: nhershman * chore(deps): bump the dependencies group with 2 updates (#3122) Signed-off-by: nhershman * adding conditional for argocd-tls-certs-cm.yaml to be created by Helm Signed-off-by: nhershman * adding changelog Signed-off-by: nhershman --------- Signed-off-by: nhershman Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nicole Hershman --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../templates/argocd-configs/argocd-tls-certs-cm.yaml | 2 ++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ce7bac6b..2eb5a0cf 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.15 +version: 7.7.16 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Correct ingress listen-ports example + - kind: added + description: Added conditional around argocd-tls-certs-cm.yaml helm creation diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index afc0e9bb..2b223a6f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -789,6 +789,7 @@ NAME: my-release | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | ## Argo CD Controller diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index db582e6d..3aad4011 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.tls.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -15,3 +16,4 @@ metadata: data: {{- toYaml . | nindent 2 }} {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d5056840..c5dcf150 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -412,6 +412,9 @@ configs: # ... # -----END CERTIFICATE----- + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true + # ConfigMap for Config Management Plugins # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ cmp: From 8ba5f22bdf71467113d30055a0e143e1ce0eadd1 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 18 Jan 2025 19:22:42 -0600 Subject: [PATCH 588/617] chore(deps): update renovatebot/github-action action to v41.0.9 (#3125) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index eeea7755..ebc1adf8 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8 + uses: renovatebot/github-action@531c6786d6cf05ef148c4cfe251745c2c6de442c # v41.0.9 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 27ef4ecd7dd30dbccea61180ff529d3102b9c30e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 17:18:21 +0900 Subject: [PATCH 589/617] chore(deps): update renovatebot/github-action action to v41.0.10 (#3128) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ebc1adf8..de804f3f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@531c6786d6cf05ef148c4cfe251745c2c6de442c # v41.0.9 + uses: renovatebot/github-action@3f10d7a25cf0aa7b37519aa771ed9143fcbb5da5 # v41.0.10 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From bf9830c670970904b8dad642e997d2107b14fb18 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 24 Jan 2025 14:04:22 +0100 Subject: [PATCH 590/617] fix(argo-cd): Address ingress regression of PR #3081 (#3137) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2eb5a0cf..05c614ff 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.16 +version: 7.7.17 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added conditional around argocd-tls-certs-cm.yaml helm creation + - kind: fixed + description: Address ingress regression of PR #3081, use toString before tpl function diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 88c2f99a..8724baa7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -14,7 +14,7 @@ metadata: {{- with .Values.server.ingress.annotations }} annotations: {{- range $key, $value := . }} - {{ $key }}: {{ tpl $value $ | quote }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} {{- end }} {{- end }} spec: From 79ec8fdb942aaffaeba5cd1cdf7e0184cd7a16f0 Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Sat, 25 Jan 2025 15:31:37 +0200 Subject: [PATCH 591/617] feat(argocd-image-updater): Make cm and secret names configurable (#2998) * feat: made argocd image updater cm and secret name templated Signed-off-by: AvivGuiser * fix indention Signed-off-by: AvivGuiser * update Chart.yaml Signed-off-by: AvivGuiser * chore: Apply changes from code review Signed-off-by: Marco Maurer * chore: Reflect changes from review inside changelog Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: AvivGuiser Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer --- charts/argocd-image-updater/Chart.yaml | 4 +-- charts/argocd-image-updater/README.md | 6 +++- .../templates/configmap-authscripts.yaml | 2 +- .../templates/configmap-sshconfig.yaml | 10 ++++-- .../templates/configmap.yaml | 2 +- .../templates/deployment.yaml | 32 +++++++++---------- .../templates/secret.yaml | 2 +- charts/argocd-image-updater/values.yaml | 12 +++++-- 8 files changed, 44 insertions(+), 26 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index f3880ec5..02438363 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.4 +version: 0.12.0 appVersion: v0.15.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.15.2 + description: ConfigMap and Secret names are now configurable diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 7a35b881..d77ee710 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -70,6 +70,7 @@ The `config.registries` value can be used exactly as it looks in the documentati |-----|------|---------|-------------| | affinity | object | `{}` | Kubernetes affinity settings for the deployment | | authScripts.enabled | bool | `false` | Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` | +| authScripts.name | string | `"argocd-image-updater-authscripts"` | Name of the authentication scripts ConfigMap | | authScripts.scripts | object | `{}` | Map of key-value pairs where the key consists of the name of the script and the value the contents | | config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) | | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | @@ -77,6 +78,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. | | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | | config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | +| config.argocd.tokenSecretName | string | `"argocd-image-updater-secret"` | Name of the Secret containing the token | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | | config.gitCommitSignOff | bool | `false` | Enables sign off on commits | @@ -85,8 +87,10 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | | config.logLevel | string | `"info"` | Argo CD Image Update log level | +| config.name | string | `"argocd-image-updater-config"` | Name of the ConfigMap | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | -| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.config | string | `""` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.name | string | `"argocd-image-updater-ssh-config"` | Name of the sshConfig ConfigMap | | createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index fbb345e3..259054f6 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 9fd83d92..9ff9ba61 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -1,11 +1,17 @@ +{{- $sshConfig := omit .Values.config.sshConfig "name" }} +{{- range $key, $val := $sshConfig }} + {{- if not $val }} + {{ $_ := unset $sshConfig $key }} + {{- end }} +{{- end }} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} -{{- with .Values.config.sshConfig }} +{{- with $sshConfig }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 46ee3b80..8eb0e704 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-config + name: {{ .Values.config.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 4aaa83b3..87f1fbf4 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -44,79 +44,79 @@ spec: valueFrom: configMapKeyRef: key: applications_api - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_GRPC_WEB valueFrom: configMapKeyRef: key: argocd.grpc_web - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_SERVER valueFrom: configMapKeyRef: key: argocd.server_addr - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_INSECURE valueFrom: configMapKeyRef: key: argocd.insecure - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_PLAINTEXT valueFrom: configMapKeyRef: key: argocd.plaintext - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_TOKEN valueFrom: secretKeyRef: key: argocd.token - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} optional: true - name: IMAGE_UPDATER_LOGLEVEL valueFrom: configMapKeyRef: key: log.level - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_USER valueFrom: configMapKeyRef: key: git.user - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_EMAIL valueFrom: configMapKeyRef: key: git.email - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: IMAGE_UPDATER_KUBE_EVENTS valueFrom: configMapKeyRef: key: kube.events - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGNING_KEY valueFrom: configMapKeyRef: key: git.commit-signing-key - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGNING_METHOD valueFrom: configMapKeyRef: key: git.commit-signing-method - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGN_OFF valueFrom: configMapKeyRef: key: git.commit-sign-off - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} @@ -177,13 +177,13 @@ spec: path: registries.conf - key: git.commit-message-template path: commit.template - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true name: image-updater-conf {{- if .Values.authScripts.enabled }} - configMap: defaultMode: 0777 - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} name: authscripts {{- end }} - configMap: @@ -191,7 +191,7 @@ spec: optional: true name: ssh-known-hosts - configMap: - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} optional: true name: ssh-config - name: ssh-signing-key diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index 08955095..171add82 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 4825833e..15832520 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -109,6 +109,8 @@ volumes: [] # emptyDir: {} config: + # -- Name of the ConfigMap + name: argocd-image-updater-config # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) applicationsAPIKind: "" @@ -125,6 +127,8 @@ config: plaintext: false # -- If specified, the secret with Argo CD API key will be created. token: "" + # -- Name of the Secret containing the token + tokenSecretName: "argocd-image-updater-secret" # -- Disable kubernetes events disableKubeEvents: false @@ -175,9 +179,11 @@ config: # credentials: ext:/scripts/auth1.sh # credsexpire: 10h - # -- Argo CD Image Updater ssh client parameter configuration. sshConfig: - {} + # -- Name of the sshConfig ConfigMap + name: argocd-image-updater-ssh-config + # -- Argo CD Image Updater ssh client parameter configuration. + config: "" # config: | # Host * # PubkeyAcceptedAlgorithms +ssh-rsa @@ -188,6 +194,8 @@ config: authScripts: # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` enabled: false + # -- Name of the authentication scripts ConfigMap + name: argocd-image-updater-authscripts # -- Map of key-value pairs where the key consists of the name of the script and the value the contents scripts: {} # auth1.sh: | From 296362871281cc4b4b7b2389a83ec8d190430aaf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Jan 2025 18:30:41 +0000 Subject: [PATCH 592/617] chore(deps): bump the dependencies group with 4 updates (#3141) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/stale.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 4c4db950..f8f9fe02 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,7 +38,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 with: # Note: Also update in scripts/lint.sh version: v3.11.0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2e74eab1..f6dcec99 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -59,7 +59,7 @@ jobs: PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" - name: Run chart-releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 with: config: "./.github/configs/cr.yaml" env: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 231f25c1..e9a10387 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index d0813423..159a0e8e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From eed462224dfc1ee7541de28d5f4868eaecbd0911 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 08:57:29 +0100 Subject: [PATCH 593/617] chore(deps): update renovatebot/github-action action to v41.0.11 (#3142) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index de804f3f..aa66cad0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@3f10d7a25cf0aa7b37519aa771ed9143fcbb5da5 # v41.0.10 + uses: renovatebot/github-action@d385c88822a237acaead89c462fa0aef7502748f # v41.0.11 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From c2f3d9967d2f8b626ec48fe60784477a3477eaf4 Mon Sep 17 00:00:00 2001 From: Nick Heijmink <75807895+Nheijmink19@users.noreply.github.com> Date: Mon, 27 Jan 2025 16:31:51 +0100 Subject: [PATCH 594/617] feat(argo-cd): Add an extra feature toggle to the argocd configmap that allows sync impersonation (#3138) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 4 ++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 05c614ff..d7c85587 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.17 +version: 7.7.18 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Address ingress regression of PR #3081, use toString before tpl function + - kind: added + description: Add feature toggle to ArgoCD configmap allowing sync impersonation diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2b223a6f..04d8f1ad 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -726,6 +726,7 @@ NAME: my-release | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c5dcf150..b802d1ea 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -175,6 +175,10 @@ configs: # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false + # -- Enable logs RBAC enforcement ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement server.rbac.log.enforce.enable: false From 692bd040cedfb1db6126d1dee99e00c452315f87 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 28 Jan 2025 06:51:33 +0100 Subject: [PATCH 595/617] feat(github): Support redis and extension-installer in Renovate - alternative (#3143) --- .github/workflows/renovate.yaml | 1 + renovate.json | 27 ++++++++------------ scripts/renovate-bump-version.sh | 42 ++++++++++++++++++++------------ 3 files changed, 37 insertions(+), 33 deletions(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index aa66cad0..087e124d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -32,6 +32,7 @@ jobs: # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate renovate-version: 39.86.4 token: '${{ steps.get_token.outputs.token }}' + mount-docker-socket: true env: LOG_LEVEL: 'debug' RENOVATE_REPOSITORIES: '${{ github.repository }}' diff --git a/renovate.json b/renovate.json index dcf91249..1ee051f5 100644 --- a/renovate.json +++ b/renovate.json @@ -83,31 +83,24 @@ "argoproj/argo-workflows", "argoproj/argo-cd", "argoproj/argo-events", - "argoproj/argo-rollouts" + "argoproj/argo-rollouts", + "argoproj-labs/argocd-image-updater", + "argoprojlabs/argocd-extension-installer", + "public.ecr.aws/bitnami/redis-exporter", + "public.ecr.aws/docker/library/redis" ], - "commitMessagePrefix": "chore({{{replace 'argoproj/' '' depName}}}):", + "commitMessagePrefix": "chore({{parentDir}}):", "postUpgradeTasks": { - "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] - } - }, - { - "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"], - "commitMessagePrefix": "chore({{{replace 'argoproj-labs/' '' depName}}}):", - "postUpgradeTasks": { - "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + "commands": [ + "./scripts/renovate-bump-version.sh -c {{parentDir}} -d {{depName}} -v {{newVersion}}", + "./scripts/helm-docs.sh" + ] } }, { "matchPackagePatterns": ["redis-ha"], "enabled": false }, - { - "matchPackagePatterns": ["public.ecr.aws/bitnami/redis-exporter"], - "commitMessagePrefix": "chore({{{replace 'public.ecr.aws/' '' depName}}}):", - "postUpgradeTasks": { - "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] - } - }, { "matchPackageNames": ["ghcr.io/renovatebot/renovate"], "extends": ["schedule:monthly"] diff --git a/scripts/renovate-bump-version.sh b/scripts/renovate-bump-version.sh index 1ec6e125..80f1ae11 100755 --- a/scripts/renovate-bump-version.sh +++ b/scripts/renovate-bump-version.sh @@ -1,31 +1,41 @@ #!/bin/bash -depName="${1}" -if [ -z "${depName}" ]; then - echo "Missing argument 'depName'" >&2 - echo "Example usage: $0 argoproj/argo-cd" >&2 +while getopts c:d:v: opt; do + case ${opt} in + c) chart=${OPTARG} ;; + d) dependency_name=${OPTARG} ;; + v) dependency_version=${OPTARG} ;; + *) + echo 'Usage:' >&2 + echo '-c: chart Related Helm chart name' >&2 + echo '-d dependency Name of the updated dependency' >&2 + echo '-v version New version of the updated dependency' >&2 + exit 1 + esac +done + +if [ -z "${dependency_name}" ] || [ -z "${dependency_version}" ] || [ -z "${chart}" ] ; then + echo 'Missing relevant CLI flag(s).' >&2 exit 1 fi -chartName=$(echo "$depName" | sed -e "s+^argoproj/++" -e "s+^argoproj-labs/++") -echo "Changed chart name is: $chartName" -echo "----------------------------------------" - -parentDir="charts/${chartName}" +chart_yaml_path="charts/${chart}/Chart.yaml" +# Split dependency by '/' and only use last element +# This way we can drop prefixes like "argoproj/..." , "argoproj-labs/..." , "quay.io/foo/..." +dependency_name="${dependency_name##*/}" # Bump the chart version by one patch version -version=$(grep '^version:' "${parentDir}/Chart.yaml" | awk '{print $2}') +version=$(grep '^version:' "${chart_yaml_path}" | awk '{print $2}') major=$(echo "${version}" | cut -d. -f1) minor=$(echo "${version}" | cut -d. -f2) patch=$(echo "${version}" | cut -d. -f3) patch=$((patch + 1)) -sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${parentDir}/Chart.yaml" +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${chart_yaml_path}" # Add a changelog entry -appVersion=$(grep '^appVersion:' "${parentDir}/Chart.yaml" | awk '{print $2}') -sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${parentDir}/Chart.yaml" +sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${chart_yaml_path}" { echo " artifacthub.io/changes: |" echo " - kind: changed" - echo " description: Bump ${chartName} to ${appVersion}" -} >> "${parentDir}/Chart.yaml" -cat "${parentDir}/Chart.yaml" + echo " description: Bump ${dependency_name} to ${dependency_version}" +} >> "${chart_yaml_path}" +cat "${chart_yaml_path}" From d81ca4b23baabb985714a632d33c406050a38c7b Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 09:00:07 +0100 Subject: [PATCH 596/617] chore(argo-cd): Update public.ecr.aws/docker/library/redis Docker tag to v7.4.2 (#3108) * chore(argo-cd): Update public.ecr.aws/docker/library/redis Docker tag to v7.4.2 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * fix version Signed-off-by: yu-croco Signed-off-by: Aikawa --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Aikawa Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d7c85587..385e942d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.18 +version: 7.7.19 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add feature toggle to ArgoCD configmap allowing sync impersonation + - kind: changed + description: Bump redis to 7.4.2 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 04d8f1ad..5023edc7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1279,7 +1279,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag | +| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1365,7 +1365,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b802d1ea..ede8459a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1288,7 +1288,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.4.1-alpine + tag: 7.4.2-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1574,7 +1574,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.4.1-alpine + tag: 7.4.2-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From d75b9d35a3ec11ea9c290a0dac450c2f32f232b1 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 17:14:07 +0900 Subject: [PATCH 597/617] chore(argo-cd): Update public.ecr.aws/bitnami/redis-exporter Docker tag to v1.67.0 (#3104) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 385e942d..3aac908c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.19 +version: 7.7.20 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump redis to 7.4.2 + description: Bump redis-exporter to 1.67.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5023edc7..3a4a2560 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1261,7 +1261,7 @@ NAME: my-release | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.67.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ede8459a..4c069086 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1304,7 +1304,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.58.0 + tag: 1.67.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 2685b861d2b2af4f5797522ec3cef8140c3d6049 Mon Sep 17 00:00:00 2001 From: atgane <52873067+atgane@users.noreply.github.com> Date: Tue, 28 Jan 2025 18:57:48 +0900 Subject: [PATCH 598/617] fix(argo-cd): Fix required cluster credentials name (#3136) * fix required cluster credential name Signed-off-by: atgane * fix Signed-off-by: atgane * update changelog & docs Signed-off-by: atgane * chore: Drop unnecessary docs inside README.md and README.md.gotmpl Signed-off-by: Marco Maurer --------- Signed-off-by: atgane Signed-off-by: Marco Maurer Co-authored-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-configs/cluster-secrets.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3aac908c..e29eb6fb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.20 +version: 7.7.21 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump redis-exporter to 1.67.0 + - kind: fixed + description: remove required function in $cluster_key from clusterCredentials diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index d317eac2..956bbf54 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -22,7 +22,7 @@ stringData: {{- if $cluster_value.shard }} shard: {{ $cluster_value.shard | quote }} {{- end }} - name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} + name: {{ $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} {{- if $cluster_value.namespaces }} namespaces: {{ $cluster_value.namespaces }} From 56c5a31c9e4367f643f8458fe8d8c18674c50f0f Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:43:03 +0000 Subject: [PATCH 599/617] feat(github): Analyse past release times (#3135) * feat(github): Analyse past release times Signed-off-by: Tim Collins * typo Signed-off-by: Tim Collins * add megalinter config. Fix my rubbish code to appease the linter Signed-off-by: Tim Collins --------- Signed-off-by: Tim Collins Co-authored-by: Aikawa --- scripts/release-analysis/.mega-linter.yaml | 21 + scripts/release-analysis/Dockerfile | 8 + scripts/release-analysis/README.md | 27 + .../release-analysis/argo_helm_releases.csv | 1019 +++++++++++++++++ scripts/release-analysis/argo_releases.csv | 877 ++++++++++++++ .../release-analysis/fetch_helmet_releases.py | 90 ++ scripts/release-analysis/fetch_releases.py | 57 + scripts/release-analysis/main.py | 31 + scripts/release-analysis/merge_csvs.py | 108 ++ scripts/release-analysis/merged_releases.csv | 195 ++++ scripts/release-analysis/plot_graph.py | 58 + scripts/release-analysis/requirements.txt | 2 + .../time_difference_plot_argo-cd.png | Bin 0 -> 84009 bytes .../time_difference_plot_argo-events.png | Bin 0 -> 68592 bytes .../time_difference_plot_argo-rollouts.png | Bin 0 -> 75003 bytes .../time_difference_plot_argo-workflows.png | Bin 0 -> 70676 bytes 16 files changed, 2493 insertions(+) create mode 100644 scripts/release-analysis/.mega-linter.yaml create mode 100644 scripts/release-analysis/Dockerfile create mode 100644 scripts/release-analysis/README.md create mode 100644 scripts/release-analysis/argo_helm_releases.csv create mode 100644 scripts/release-analysis/argo_releases.csv create mode 100644 scripts/release-analysis/fetch_helmet_releases.py create mode 100644 scripts/release-analysis/fetch_releases.py create mode 100644 scripts/release-analysis/main.py create mode 100644 scripts/release-analysis/merge_csvs.py create mode 100644 scripts/release-analysis/merged_releases.csv create mode 100644 scripts/release-analysis/plot_graph.py create mode 100644 scripts/release-analysis/requirements.txt create mode 100644 scripts/release-analysis/time_difference_plot_argo-cd.png create mode 100644 scripts/release-analysis/time_difference_plot_argo-events.png create mode 100644 scripts/release-analysis/time_difference_plot_argo-rollouts.png create mode 100644 scripts/release-analysis/time_difference_plot_argo-workflows.png diff --git a/scripts/release-analysis/.mega-linter.yaml b/scripts/release-analysis/.mega-linter.yaml new file mode 100644 index 00000000..024abb2b --- /dev/null +++ b/scripts/release-analysis/.mega-linter.yaml @@ -0,0 +1,21 @@ +# Configuration file for MegaLinter +# Run megalinter locally with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` +ENABLE: + - DOCKERFILE + - PYTHON + +DISABLE_LINTERS: + - PYTHON_FLAKE8 + - PYTHON_PYRIGHT + - PYTHON_RUFF + - PYTHON_BANDIT + +CLEAR_REPORT_FOLDER: true +PYTHON_PYLINT_PRE_COMMANDS: + - command: pip install -r /tmp/lint/requirements.txt + venv: pylint +REPORT_OUTPUT_FOLDER: none + + +# You might want to enable this locally to fix some stuff without guessing what you need to change. Check before committing to git. +#APPLY_FIXES: all diff --git a/scripts/release-analysis/Dockerfile b/scripts/release-analysis/Dockerfile new file mode 100644 index 00000000..17674252 --- /dev/null +++ b/scripts/release-analysis/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3.13-slim +WORKDIR /app +COPY requirements.txt ./ +RUN pip install --no-cache-dir -r requirements.txt + +COPY main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py ./ +RUN chmod +x main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py +CMD [ "python", "-u", "./main.py" ] diff --git a/scripts/release-analysis/README.md b/scripts/release-analysis/README.md new file mode 100644 index 00000000..ab746cee --- /dev/null +++ b/scripts/release-analysis/README.md @@ -0,0 +1,27 @@ +# argo-helm release analysis + +Compare the time of the upstream release to the time of the equivalent Helm Chart release to determine the time it takes for a new release to be available in argo-helm. + + +## How to run +This is quite github-api-intensive, so you'll need a github PAT + +```bash +# Build the container +docker build . -t team-helm-analysis + +# Delete any existing data +rm -f argo_helm_releases.csv argo_releases.csv merged_releases.csv time_difference_plot_argo*.png + +# Run the container +GITHUB_TOKEN=your_token_here +docker run --rm -e GITHUB_TOKEN=$GITHUB_TOKEN -v ${PWD}:/app team-helm-analysis +``` + +You should get 3 csvs and 4 graphs once this completes. It takes around 5 mins to run. + + +## Linting +I ran megalinter against this just to give some confidence that it's not completely broken. It's not perfect, but it's something. + +Run megalinter locally against this directory with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` diff --git a/scripts/release-analysis/argo_helm_releases.csv b/scripts/release-analysis/argo_helm_releases.csv new file mode 100644 index 00000000..58046fc1 --- /dev/null +++ b/scripts/release-analysis/argo_helm_releases.csv @@ -0,0 +1,1019 @@ +Release Name,Release Date,Release Time,App Version +argo-cd-7.7.16,2025-01-14,10:17:50,v2.13.3 +argo-events-2.4.13,2025-01-11,10:22:47,v1.9.5 +argo-workflows-0.45.4,2025-01-10,10:23:52,v3.6.2 +argo-cd-7.7.15,2025-01-10,07:18:13,v2.13.3 +argo-events-2.4.12,2025-01-08,08:37:01,v1.9.4 +argocd-image-updater-0.11.4,2025-01-07,07:04:30,v0.15.2 +argo-cd-7.7.14,2025-01-07,12:02:49,v2.13.3 +argo-events-2.4.11,2025-01-04,14:02:19,v1.9.3 +argo-cd-7.7.13,2025-01-04,00:07:55,v2.13.3 +argo-workflows-0.45.3,2025-01-03,15:16:16,v3.6.2 +argo-rollouts-2.38.2,2025-01-03,14:07:45,v1.7.2 +argo-cd-7.7.12,2025-01-02,06:18:17,v2.13.2 +argo-events-2.4.10,2024-12-31,12:18:02,v1.9.3 +argo-rollouts-2.38.1,2024-12-30,17:19:34,v1.7.2 +argo-cd-7.7.11,2024-12-21,12:06:50,v2.13.2 +argo-workflows-0.45.2,2024-12-16,21:31:29,v3.6.2 +argocd-image-updater-0.11.3,2024-12-13,11:27:43,v0.15.1 +argo-cd-7.7.10,2024-12-12,05:33:28,v2.13.2 +argo-cd-7.7.9,2024-12-11,15:36:30,v2.13.1 +argo-cd-7.7.8,2024-12-09,09:17:31,v2.13.1 +argo-workflows-0.45.1,2024-12-02,17:39:46,v3.6.2 +argo-cd-7.7.7,2024-12-02,14:20:02,v2.13.1 +argo-cd-7.7.6,2024-11-28,00:42:14,v2.13.1 +argo-events-2.4.9,2024-11-27,20:44:06,v1.9.3 +argo-workflows-0.45.0,2024-11-22,15:20:08,v3.6.0 +argo-workflows-0.44.1,2024-11-22,11:40:45,v3.6.0 +argo-workflows-0.44.0,2024-11-21,08:59:15,v3.6.0 +argo-workflows-0.43.0,2024-11-21,08:27:21,v3.6.0 +argo-rollouts-2.38.0,2024-11-21,13:03:08,v1.7.2 +argo-cd-7.7.5,2024-11-21,12:43:12,v2.13.1 +argo-cd-7.7.4,2024-11-20,20:48:11,v2.13.1 +argo-cd-7.7.3,2024-11-13,10:57:32,v2.13.0 +argo-cd-7.7.2,2024-11-12,16:28:52,v2.13.0 +argo-cd-7.7.1,2024-11-10,01:42:21,v2.13.0 +argocd-image-updater-0.11.2,2024-11-09,03:44:12,v0.15.1 +argo-rollouts-2.37.8,2024-11-07,23:17:48,v1.7.2 +argo-cd-7.7.0,2024-11-05,00:00:06,v2.13.0 +argo-workflows-0.42.7,2024-11-01,23:24:01,v3.5.12 +argocd-image-updater-0.11.1,2024-10-30,10:40:35,v0.15.0 +argo-workflows-0.42.6,2024-10-30,13:24:53,v3.5.12 +argo-cd-7.6.12,2024-10-18,19:27:20,v2.12.6 +argo-cd-7.6.11,2024-10-18,07:16:30,v2.12.5 +argo-cd-7.6.10,2024-10-16,12:00:46,v2.12.4 +argo-cd-7.6.9,2024-10-15,20:16:09,v2.12.4 +argo-cd-7.6.8,2024-10-03,13:53:23,v2.12.4 +argo-workflows-0.42.5,2024-10-02,00:47:02,v3.5.11 +argocd-apps-2.0.2,2024-10-01,06:03:45, +argo-cd-7.6.7,2024-09-30,18:24:52,v2.12.4 +argo-cd-7.6.6,2024-09-30,12:25:12,v2.12.4 +argo-workflows-0.42.4,2024-09-27,09:57:14,v3.5.11 +argo-cd-7.6.5,2024-09-26,07:42:42,v2.12.4 +argo-cd-7.6.4,2024-09-25,22:05:12,v2.12.3 +argo-cd-7.6.3,2024-09-25,15:18:12,v2.12.3 +argo-cd-7.6.2,2024-09-23,17:27:28,v2.12.3 +argo-workflows-0.42.3,2024-09-20,15:08:40,v3.5.11 +argo-events-2.4.8,2024-09-20,00:10:14,v1.9.2 +argo-cd-7.6.1,2024-09-20,11:24:11,v2.12.3 +argo-cd-7.6.0,2024-09-20,07:59:20,v2.12.3 +argo-rollouts-2.37.7,2024-09-16,13:38:21,v1.7.2 +argo-workflows-0.42.2,2024-09-13,14:02:16,v3.5.10 +argocd-apps-2.0.1,2024-09-10,21:55:59, +argo-cd-7.5.2,2024-09-02,15:33:28,v2.12.3 +argo-cd-7.5.1,2024-09-02,08:59:12,v2.12.3 +argo-workflows-0.42.1,2024-09-01,15:06:01,v3.5.10 +argo-rollouts-2.37.6,2024-08-31,10:13:12,v1.7.2 +argo-cd-7.5.0,2024-08-28,15:27:35,v2.12.3 +argo-cd-7.4.7,2024-08-27,13:30:34,v2.12.3 +argo-cd-7.4.6,2024-08-27,08:49:06,v2.12.2 +argo-cd-7.4.5,2024-08-23,08:51:19,v2.12.2 +argo-workflows-0.42.0,2024-08-20,19:07:24,v3.5.10 +argo-cd-7.4.4,2024-08-16,21:36:53,v2.12.1 +argo-rollouts-2.37.5,2024-08-14,08:31:31,v1.7.2 +argo-rollouts-2.37.4,2024-08-12,09:08:55,v1.7.1 +argo-cd-7.4.3,2024-08-12,15:29:49,v2.12.0 +argo-cd-7.4.2,2024-08-08,15:02:24,v2.12.0 +argo-cd-7.4.1,2024-08-06,10:14:35,v2.12.0 +argo-cd-7.4.0,2024-08-05,15:22:06,v2.12.0 +argo-workflows-0.41.14,2024-08-02,10:42:56,v3.5.10 +argo-workflows-0.41.13,2024-08-01,07:19:01,v3.5.10 +argo-workflows-0.41.12,2024-07-30,07:39:23,v3.5.9 +argo-rollouts-2.37.3,2024-07-29,07:25:40,v1.7.1 +argo-cd-7.3.11,2024-07-24,11:44:52,v2.11.7 +argo-cd-7.3.10,2024-07-22,17:14:41,v2.11.6 +argo-cd-7.3.9,2024-07-19,10:23:10,v2.11.5 +argo-cd-7.3.8,2024-07-17,23:52:54,v2.11.5 +argo-cd-7.3.7,2024-07-16,01:17:05,v2.11.5 +argo-cd-7.3.6,2024-07-11,23:05:06,v2.11.4 +argo-cd-7.3.5,2024-07-10,21:01:22,v2.11.4 +argocd-image-updater-0.11.0,2024-07-09,21:31:56,v0.14.0 +argo-cd-7.3.4,2024-07-02,20:43:46,v2.11.4 +argo-rollouts-2.37.2,2024-07-01,10:02:31,v1.7.1 +argo-cd-7.3.3,2024-06-28,21:52:33,v2.11.3 +argo-rollouts-2.37.1,2024-06-26,10:39:20,v1.7.1 +argo-rollouts-2.37.0,2024-06-26,09:10:19,v1.7.1 +argo-events-2.4.7,2024-06-26,05:28:07,v1.9.2 +argo-cd-7.3.2,2024-06-26,11:29:01,v2.11.3 +argo-rollouts-2.36.2,2024-06-25,13:04:55,v1.7.0 +argo-cd-7.3.1,2024-06-25,12:26:06,v2.11.3 +argo-cd-7.3.0,2024-06-25,03:48:21,v2.11.3 +argo-rollouts-2.36.1,2024-06-22,10:11:43,v1.7.0 +argo-cd-7.2.1,2024-06-21,21:01:50,v2.11.3 +argo-cd-7.2.0,2024-06-20,10:25:45,v2.11.3 +argo-workflows-0.41.11,2024-06-19,07:01:05,v3.5.8 +argo-cd-7.1.5,2024-06-19,14:04:21,v2.11.3 +argo-workflows-0.41.10,2024-06-18,07:47:04,v3.5.8 +argo-cd-7.1.4,2024-06-18,01:13:46,v2.11.3 +argo-workflows-0.41.9,2024-06-17,18:59:46,v3.5.7 +argocd-image-updater-0.10.2,2024-06-14,07:54:15,v0.13.1 +argo-rollouts-2.36.0,2024-06-14,09:00:46,v1.7.0 +argo-events-2.4.6,2024-06-14,05:09:08,v1.9.2 +argo-workflows-0.41.8,2024-06-09,22:18:37,v3.5.7 +argo-cd-7.1.3,2024-06-09,05:23:01,v2.11.3 +argo-cd-7.1.2,2024-06-06,10:51:51,v2.11.3 +argo-cd-7.1.1,2024-06-01,23:45:19,v2.11.2 +argo-cd-7.1.0,2024-05-31,12:05:08,v2.11.2 +argocd-image-updater-0.10.1,2024-05-28,05:32:50,v0.13.1 +argo-cd-7.0.0,2024-05-28,13:38:40,v2.11.2 +argo-workflows-0.41.7,2024-05-27,08:09:42,v3.5.7 +argo-events-2.4.5,2024-05-24,03:05:11,v1.9.1 +argo-rollouts-2.35.3,2024-05-23,07:30:12,v1.6.6 +argo-cd-6.11.1,2024-05-23,15:37:21,v2.11.2 +argo-cd-6.11.0,2024-05-23,12:37:05,v2.11.1 +argo-cd-6.10.2,2024-05-22,11:21:15,v2.11.1 +argo-cd-6.10.1,2024-05-22,07:17:23,v2.11.1 +argo-cd-6.10.0,2024-05-21,16:36:49,v2.11.1 +argo-workflows-0.41.6,2024-05-19,10:22:36,v3.5.6 +argo-workflows-0.41.5,2024-05-19,07:34:43,v3.5.6 +argo-cd-6.9.3,2024-05-17,15:18:31,v2.11.0 +argocd-image-updater-0.10.0,2024-05-16,11:07:10,v0.13.0 +argo-cd-6.9.2,2024-05-14,15:17:50,v2.11.0 +argo-cd-6.9.1,2024-05-13,22:59:29,v2.11.0 +argo-cd-6.9.0,2024-05-13,04:32:05,v2.11.0 +argo-cd-6.8.1,2024-05-10,08:32:52,v2.11.0 +argo-cd-6.8.0,2024-05-08,06:21:31,v2.11.0 +argo-rollouts-2.35.2,2024-05-06,00:24:30,v1.6.6 +argo-workflows-0.41.4,2024-05-01,13:37:43,v3.5.6 +argo-cd-6.7.18,2024-04-30,17:14:22,v2.10.9 +argo-workflows-0.41.3,2024-04-29,20:30:08,v3.5.6 +argo-cd-6.7.17,2024-04-26,19:36:10,v2.10.8 +argo-cd-6.7.16,2024-04-26,14:21:35,v2.10.8 +argo-cd-6.7.15,2024-04-24,07:08:13,v2.10.7 +argo-cd-6.7.14,2024-04-21,20:54:29,v2.10.7 +argo-workflows-0.41.2,2024-04-20,04:55:21,v3.5.6 +argo-cd-6.7.13,2024-04-19,14:07:44,v2.10.7 +argocd-image-updater-0.9.7,2024-04-18,21:41:42,v0.12.2 +argo-cd-6.7.12,2024-04-15,10:43:13,v2.10.7 +argo-cd-6.7.11,2024-04-10,20:06:04,v2.10.6 +argo-cd-6.7.10,2024-04-05,05:00:08,v2.10.6 +argo-cd-6.7.9,2024-04-04,18:47:39,v2.10.5 +argo-workflows-0.41.1,2024-04-02,17:26:26,v3.5.5 +argo-cd-6.7.8,2024-04-02,13:36:54,v2.10.5 +argo-cd-6.7.7,2024-04-02,05:03:54,v2.10.5 +argo-cd-6.7.6,2024-03-29,16:13:47,v2.10.5 +argo-cd-6.7.5,2024-03-29,08:13:55,v2.10.5 +argo-cd-6.7.4,2024-03-28,17:30:11,v2.10.5 +argo-rollouts-2.35.1,2024-03-26,08:36:07,v1.6.6 +argo-workflows-0.41.0,2024-03-24,20:27:11,v3.5.5 +argocd-apps-2.0.0,2024-03-23,15:39:16, +argo-rollouts-2.35.0,2024-03-23,20:47:25,v1.6.6 +argo-events-2.4.4,2024-03-23,11:07:16,v1.9.1 +argo-rollouts-2.34.4,2024-03-22,16:10:10,v1.6.6 +argocd-image-updater-0.9.6,2024-03-20,23:53:18,v0.12.2 +argo-cd-6.7.3,2024-03-18,09:36:58,v2.10.4 +argo-cd-6.7.2,2024-03-13,20:46:14,v2.10.3 +argo-cd-6.7.1,2024-03-11,23:08:40,v2.10.2 +argo-cd-6.7.0,2024-03-11,18:26:24,v2.10.2 +argo-workflows-0.40.14,2024-03-03,19:13:02,v3.5.5 +argo-cd-6.6.0,2024-03-02,11:20:32,v2.10.2 +argocd-image-updater-0.9.5,2024-03-01,08:41:39,v0.12.2 +argo-workflows-0.40.13,2024-03-01,17:17:28,v3.5.5 +argo-workflows-0.40.12,2024-03-01,00:03:01,v3.5.5 +argo-cd-6.5.1,2024-03-01,22:33:17,v2.10.2 +argo-cd-6.5.0,2024-02-29,19:46:25,v2.10.1 +argo-cd-6.4.1,2024-02-28,06:28:55,v2.10.1 +argocd-apps-1.6.2,2024-02-25,13:11:58, +argo-cd-6.4.0,2024-02-25,12:47:16,v2.10.1 +argo-cd-6.3.1,2024-02-23,18:05:37,v2.10.1 +argo-cd-6.3.0,2024-02-23,14:18:18,v2.10.1 +argo-cd-6.2.5,2024-02-23,13:58:38,v2.10.1 +argo-cd-6.2.4,2024-02-23,12:16:07,v2.10.1 +argo-cd-6.2.3,2024-02-20,12:05:21,v2.10.1 +argo-cd-6.2.2,2024-02-20,11:41:51,v2.10.1 +argo-cd-6.2.1,2024-02-19,08:37:59,v2.10.1 +argocd-image-updater-0.9.4,2024-02-18,18:44:43,v0.12.2 +argo-cd-6.2.0,2024-02-18,22:06:45,v2.10.1 +argo-workflows-0.40.11,2024-02-17,09:14:52,v3.5.4 +argo-cd-6.1.0,2024-02-16,14:45:12,v2.10.1 +argo-rollouts-2.34.3,2024-02-14,08:50:21,v1.6.6 +argo-events-2.4.3,2024-02-14,08:53:00,v1.9.1 +argo-cd-6.0.14,2024-02-14,21:04:43,v2.10.1 +argo-cd-6.0.13,2024-02-14,10:52:49,v2.10.0 +argo-cd-6.0.9,2024-02-13,11:14:02,v2.10.0 +argo-cd-6.0.8,2024-02-13,08:23:55,v2.10.0 +argo-cd-6.0.12,2024-02-13,15:26:57,v2.10.0 +argo-cd-6.0.11,2024-02-13,11:42:46,v2.10.0 +argo-cd-6.0.10,2024-02-13,11:27:29,v2.10.0 +argo-cd-6.0.7,2024-02-12,18:36:55,v2.10.0 +argo-cd-6.0.6,2024-02-11,14:52:39,v2.10.0 +argo-cd-6.0.5,2024-02-09,12:14:21,v2.10.0 +argo-cd-6.0.4,2024-02-09,11:46:10,v2.10.0 +argo-cd-6.0.3,2024-02-08,17:47:08,v2.10.0 +argo-cd-6.0.2,2024-02-08,14:26:38,v2.10.0 +argo-cd-6.0.1,2024-02-08,10:59:10,v2.10.0 +argo-cd-6.0.0,2024-02-07,21:40:22,v2.10.0 +argo-cd-5.55.0,2024-02-07,07:10:30,v2.10.0 +argo-cd-5.54.0,2024-02-06,13:11:44,v2.9.6 +argo-cd-5.53.14,2024-02-05,06:25:59,v2.9.6 +argo-workflows-0.40.10,2024-02-03,00:45:13,v3.5.4 +argocd-apps-1.6.1,2024-02-02,09:37:44, +argo-cd-5.53.13,2024-02-02,22:50:34,v2.9.6 +argocd-apps-1.6.0,2024-01-30,00:34:21, +argo-cd-5.53.12,2024-01-30,16:58:22,v2.9.5 +argo-cd-5.53.11,2024-01-30,10:46:50,v2.9.5 +argo-cd-5.53.10,2024-01-29,13:58:51,v2.9.5 +argo-workflows-0.40.9,2024-01-26,21:35:38,v3.5.4 +argo-rollouts-2.34.2,2024-01-26,06:31:27,v1.6.5 +argo-cd-5.53.9,2024-01-26,07:36:02,v2.9.5 +argocd-apps-1.5.0,2024-01-25,07:07:46, +argo-workflows-0.40.8,2024-01-24,23:58:13,v3.5.4 +argo-cd-5.53.8,2024-01-23,01:07:46,v2.9.5 +argo-cd-5.53.7,2024-01-22,23:55:07,v2.9.5 +argo-cd-5.53.6,2024-01-22,13:09:31,v2.9.5 +argo-cd-5.53.5,2024-01-22,10:14:54,v2.9.5 +argo-cd-5.53.4,2024-01-21,13:36:02,v2.9.5 +argo-cd-5.53.3,2024-01-20,12:21:38,v2.9.5 +argo-cd-5.53.2,2024-01-19,20:20:14,v2.9.5 +argo-cd-5.53.1,2024-01-19,05:48:47,v2.9.4 +argocd-image-updater-0.9.3,2024-01-18,06:21:59,v0.12.2 +argo-cd-5.53.0,2024-01-18,13:56:51,v2.9.3 +argo-workflows-0.40.7,2024-01-17,07:56:36,v3.5.4 +argo-cd-5.52.2,2024-01-15,09:13:02,v2.9.3 +argo-workflows-0.40.6,2024-01-14,08:11:19,v3.5.4 +argo-workflows-0.40.5,2024-01-11,07:20:47,v3.5.3 +argo-events-2.4.2,2024-01-09,10:14:30,v1.9.0 +argo-rollouts-2.34.1,2024-01-07,04:31:05,v1.6.4 +argo-workflows-0.40.4,2024-01-06,04:17:52,v3.5.2 +argocd-image-updater-0.9.2,2024-01-05,15:29:00,v0.12.2 +argo-cd-5.52.1,2024-01-05,12:57:15,v2.9.3 +argo-cd-5.52.0,2023-12-30,17:02:29,v2.9.3 +argo-workflows-0.40.3,2023-12-24,06:14:14,v3.5.2 +argo-workflows-0.40.2,2023-12-24,00:29:03,v3.5.2 +argo-rollouts-2.34.0,2023-12-22,12:07:26,v1.6.4 +argo-workflows-0.40.1,2023-12-15,07:45:38,v3.5.2 +argo-workflows-0.40.0,2023-12-14,07:56:49,v3.5.2 +argo-rollouts-2.33.0,2023-12-14,08:39:41,v1.6.4 +argo-rollouts-2.32.8,2023-12-13,06:59:39,v1.6.4 +argo-workflows-0.39.9,2023-12-12,06:27:57,v3.5.2 +argo-workflows-0.39.8,2023-12-08,22:45:23,v3.5.2 +argo-rollouts-2.32.7,2023-12-08,15:06:58,v1.6.3 +argo-workflows-0.39.7,2023-12-07,07:23:32,v3.5.2 +argo-rollouts-2.32.6,2023-12-07,17:50:17,v1.6.2 +argo-workflows-0.39.6,2023-12-05,05:55:41,v3.5.2 +argo-cd-5.51.6,2023-12-02,11:03:49,v2.9.3 +argo-rollouts-2.32.5,2023-11-29,13:34:59,v1.6.2 +argo-cd-5.51.5,2023-11-29,18:40:17,v2.9.2 +argo-workflows-0.39.5,2023-11-27,21:13:09,v3.5.2 +argo-workflows-0.39.4,2023-11-27,17:45:21,v3.5.1 +argo-cd-5.51.4,2023-11-20,18:50:04,v2.9.2 +argo-cd-5.51.3,2023-11-19,22:19:14,v2.9.1 +argo-workflows-0.39.3,2023-11-16,12:32:11,v3.5.1 +argo-workflows-0.39.2,2023-11-15,13:33:12,v3.5.1 +argo-workflows-0.39.1,2023-11-15,13:17:27,v3.5.1 +argo-rollouts-2.32.4,2023-11-15,13:09:53,v1.6.2 +argo-rollouts-2.32.3,2023-11-15,10:00:45,v1.6.1 +argo-cd-5.51.2,2023-11-15,05:59:33,v2.9.1 +argo-cd-5.51.1,2023-11-10,12:41:27,v2.9.0 +argo-workflows-0.39.0,2023-11-08,16:05:21,v3.5.1 +argo-cd-5.51.0,2023-11-06,12:54:52,v2.9.0 +argo-workflows-0.38.0,2023-11-04,05:58:06,v3.5.1 +argo-workflows-0.37.1,2023-11-03,20:39:25,v3.5.0 +argo-cd-5.50.1,2023-11-02,09:44:09,v2.8.6 +argo-cd-5.50.0,2023-10-31,18:12:30,v2.8.6 +argo-rollouts-2.32.2,2023-10-30,17:43:02,v1.6.0 +argo-cd-5.49.0,2023-10-30,14:42:51,v2.8.5 +argo-cd-5.48.1,2023-10-30,08:52:14,v2.8.5 +argo-cd-5.48.0,2023-10-28,07:29:05,v2.8.5 +argo-cd-5.47.0,2023-10-27,09:44:15,v2.8.4 +argo-workflows-0.37.0,2023-10-24,12:35:14,v3.5.0 +argo-workflows-0.36.2,2023-10-24,10:06:53,v3.5.0 +argo-rollouts-2.32.1,2023-10-24,12:40:04,v1.6.0 +argo-workflows-0.36.1,2023-10-17,23:53:35,v3.5.0 +argo-workflows-0.36.0,2023-10-17,15:41:00,v3.5.0 +argo-workflows-0.35.0,2023-10-13,22:07:38,v3.5.0 +argo-workflows-0.34.0,2023-10-12,14:15:08,v3.4.11 +argo-cd-5.46.8,2023-10-12,09:51:17,v2.8.4 +argo-cd-5.46.7,2023-09-22,15:50:57,v2.8.4 +argo-cd-5.46.6,2023-09-19,09:02:08,v2.8.4 +argo-cd-5.46.5,2023-09-18,13:26:16,v2.8.4 +argo-cd-5.46.4,2023-09-15,10:48:20,v2.8.4 +argo-cd-5.46.3,2023-09-14,04:56:22,v2.8.4 +argo-cd-5.46.2,2023-09-11,23:33:17,v2.8.3 +argo-cd-5.46.1,2023-09-11,13:24:46,v2.8.3 +argo-workflows-0.33.3,2023-09-10,01:57:47,v3.4.11 +argo-cd-5.46.0,2023-09-09,08:59:25,v2.8.3 +argo-workflows-0.33.2,2023-09-08,04:20:30,v3.4.11 +argo-cd-5.45.5,2023-09-08,14:58:30,v2.8.3 +argo-cd-5.45.4,2023-09-08,14:02:48,v2.8.3 +argo-cd-5.45.3,2023-09-08,00:13:52,v2.8.3 +argo-rollouts-2.32.0,2023-09-07,12:23:50,v1.6.0 +argo-cd-5.45.2,2023-09-07,14:01:34,v2.8.2 +argo-events-2.4.1,2023-09-04,01:15:35,v1.8.1 +argo-cd-5.45.1,2023-09-04,11:01:56,v2.8.2 +argo-cd-5.45.0,2023-08-28,08:12:52,v2.8.2 +argo-cd-5.44.0,2023-08-27,19:07:41,v2.8.2 +argo-cd-5.43.8,2023-08-27,02:21:03,v2.8.2 +argo-cd-5.43.7,2023-08-25,10:52:23,v2.8.2 +argo-cd-5.43.6,2023-08-25,08:46:11,v2.8.2 +argo-cd-5.43.5,2023-08-23,03:57:35,v2.8.1 +argo-workflows-0.33.1,2023-08-19,06:00:08,v3.4.10 +argo-workflows-0.33.0,2023-08-17,12:08:23,v3.4.10 +argo-workflows-0.32.3,2023-08-16,11:00:55,v3.4.10 +argo-rollouts-2.31.6,2023-08-16,07:02:05,v1.5.1 +argo-cd-5.43.4,2023-08-15,08:58:54,v2.8.0 +argo-workflows-0.32.2,2023-08-11,01:15:12,v3.4.9 +argo-rollouts-2.31.5,2023-08-09,00:04:20,v1.5.1 +argo-cd-5.43.3,2023-08-09,22:18:57,v2.8.0 +argo-cd-5.43.2,2023-08-09,08:36:10,v2.8.0 +argo-cd-5.43.1,2023-08-09,08:20:17,v2.8.0 +argo-cd-5.43.0,2023-08-08,14:36:04,v2.8.0 +argo-cd-5.42.3,2023-08-08,06:11:54,v2.7.11 +argo-rollouts-2.31.4,2023-08-05,10:27:42,v1.5.1 +argo-cd-5.42.2,2023-08-05,10:18:36,v2.7.10 +argo-rollouts-2.31.3,2023-08-01,09:07:36,v1.5.1 +argo-cd-5.42.1,2023-08-01,05:57:37,v2.7.10 +argo-workflows-0.32.1,2023-07-27,13:58:12,v3.4.9 +argo-cd-5.42.0,2023-07-27,22:05:30,v2.7.9 +argo-rollouts-2.31.2,2023-07-25,00:23:11,v1.5.1 +argo-cd-5.41.2,2023-07-25,02:10:03,v2.7.9 +argocd-apps-1.4.1,2023-07-23,04:26:08, +argocd-apps-1.4.0,2023-07-22,13:46:54, +argo-workflows-0.32.0,2023-07-20,23:20:17,v3.4.9 +argo-rollouts-2.31.1,2023-07-20,17:26:45,v1.5.1 +argo-cd-5.41.1,2023-07-19,22:26:30,v2.7.8 +argo-cd-5.41.0,2023-07-18,06:51:38,v2.7.7 +argo-cd-5.40.0,2023-07-17,12:21:05,v2.7.7 +argo-cd-5.39.1,2023-07-17,09:56:36,v2.7.7 +argo-cd-5.39.0,2023-07-13,14:07:28,v2.7.7 +argocd-apps-1.3.0,2023-07-11,16:16:56, +argo-workflows-0.31.0,2023-07-11,12:07:29,v3.4.8 +argo-cd-5.38.1,2023-07-11,13:01:22,v2.7.7 +argo-cd-5.38.0,2023-07-10,08:14:40,v2.7.7 +argo-cd-5.37.1,2023-07-06,08:26:09,v2.7.7 +argo-cd-5.37.0,2023-07-04,14:07:24,v2.7.6 +argo-cd-5.36.15,2023-07-04,09:22:40,v2.7.6 +argo-cd-5.36.14,2023-07-03,17:55:22,v2.7.6 +argo-cd-5.36.13,2023-07-02,08:07:38,v2.7.6 +argo-cd-5.36.12,2023-07-02,03:16:49,v2.7.6 +argo-cd-5.36.11,2023-06-29,16:02:41,v2.7.6 +argo-cd-5.36.9,2023-06-26,14:41:11,v2.7.6 +argo-cd-5.36.10,2023-06-26,14:55:27,v2.7.6 +argo-workflows-0.30.0,2023-06-24,22:29:03,v3.4.8 +argo-workflows-0.29.3,2023-06-23,16:35:23,v3.4.8 +argo-cd-5.36.7,2023-06-23,13:59:34,v2.7.6 +argo-events-2.4.0,2023-06-21,12:41:55,v1.8.0 +argo-cd-5.36.6,2023-06-21,14:54:37,v2.7.6 +argo-cd-5.36.5,2023-06-21,04:27:57,v2.7.6 +argo-cd-5.36.4,2023-06-20,13:07:45,v2.7.5 +argo-cd-5.36.3,2023-06-20,00:05:45,v2.7.5 +argo-cd-5.36.2,2023-06-17,04:55:38,v2.7.5 +argo-workflows-0.29.2,2023-06-08,03:48:28,v3.4.8 +argo-cd-5.36.1,2023-06-08,22:52:40,v2.7.4 +argo-cd-5.36.0,2023-06-07,08:52:24,v2.7.4 +argo-cd-5.35.1,2023-06-06,04:53:38,v2.7.4 +argo-workflows-0.29.1,2023-06-05,14:15:25,v3.4.8 +argo-cd-5.35.0,2023-06-05,14:31:31,v2.7.3 +argo-rollouts-2.31.0,2023-06-04,11:08:02,v1.5.0 +argo-workflows-0.29.0,2023-06-03,14:41:13,v3.4.8 +argo-cd-5.34.6,2023-05-29,04:32:37,v2.7.3 +argo-rollouts-2.30.1,2023-05-27,14:52:04,v1.5.0 +argo-workflows-0.28.2,2023-05-26,04:19:27,v3.4.8 +argo-workflows-0.28.1,2023-05-25,12:31:09,v3.4.7 +argo-cd-5.34.5,2023-05-24,23:23:36,v2.7.3 +argo-rollouts-2.30.0,2023-05-23,07:07:55,v1.5.0 +argo-cd-5.34.4,2023-05-23,20:29:47,v2.7.2 +argo-cd-5.34.3,2023-05-23,02:47:12,v2.7.2 +argo-cd-5.34.2,2023-05-22,17:07:33,v2.7.2 +argocd-apps-1.2.0,2023-05-21,07:19:50, +argo-rollouts-2.29.0,2023-05-20,15:39:35,v1.5.0 +argocd-apps-1.1.0,2023-05-19,09:35:18, +argo-workflows-0.28.0,2023-05-19,10:35:50,v3.4.7 +argo-cd-5.34.1,2023-05-17,14:25:05,v2.7.2 +argo-cd-5.34.0,2023-05-17,13:40:41,v2.7.2 +argo-cd-5.33.4,2023-05-16,09:24:22,v2.7.2 +argo-cd-5.33.3,2023-05-13,11:01:42,v2.7.2 +argo-cd-5.33.2,2023-05-12,15:19:23,v2.7.2 +argo-workflows-0.27.0,2023-05-11,06:39:40,v3.4.7 +argo-workflows-0.26.6,2023-05-11,00:09:56,v3.4.7 +argo-cd-5.33.1,2023-05-11,14:07:07,v2.7.1 +argo-cd-5.33.0,2023-05-11,00:40:17,v2.7.1 +argocd-image-updater-0.9.1,2023-05-10,16:46:54,v0.12.2 +argocd-apps-1.0.1,2023-05-10,16:59:38, +argo-workflows-0.26.5,2023-05-10,14:21:35,v3.4.7 +argo-workflows-0.26.4,2023-05-10,10:16:35,v3.4.7 +argo-rollouts-2.28.0,2023-05-10,15:37:42,v1.5.0 +argo-events-2.3.3,2023-05-10,15:49:04,v1.7.6 +argo-cd-5.32.2,2023-05-10,13:50:04,v2.7.1 +argo-workflows-0.26.3,2023-05-09,03:42:14,v3.4.7 +argo-events-2.3.2,2023-05-09,00:38:41,v1.7.6 +argo-workflows-0.26.2,2023-05-08,20:03:24,v3.4.7 +argo-cd-5.32.1,2023-05-08,11:23:13,v2.7.1 +argo-events-2.3.1,2023-05-07,14:18:59,v1.7.6 +argo-workflows-0.26.1,2023-05-06,16:20:35,v3.4.7 +argo-rollouts-2.27.0,2023-05-06,11:32:12,v1.4.1 +argo-events-2.3.0,2023-05-06,11:18:40,v1.7.6 +argo-workflows-0.26.0,2023-05-05,14:31:11,v3.4.7 +argo-workflows-0.25.2,2023-05-05,14:14:01,v3.4.7 +argo-cd-5.32.0,2023-05-05,20:19:39,v2.7.1 +argo-cd-5.31.1,2023-05-03,09:48:25,v2.7.1 +argo-cd-5.31.0,2023-05-02,12:29:53,v2.7.0 +argo-cd-5.30.1,2023-05-02,10:28:37,v2.7.0 +argo-cd-5.30.0,2023-05-02,07:29:11,v2.7.0 +argo-rollouts-2.26.1,2023-04-28,07:54:50,v1.4.1 +argocd-apps-1.0.0,2023-04-27,12:49:28, +argo-workflows-0.25.1,2023-04-24,16:57:53,v3.4.7 +argo-workflows-0.25.0,2023-04-24,05:47:37,v3.4.7 +argo-rollouts-2.26.0,2023-04-24,14:41:03,v1.4.1 +argocd-image-updater-0.9.0,2023-04-16,08:13:22,v0.12.2 +argo-workflows-0.24.1,2023-04-14,13:55:07,v3.4.7 +argo-workflows-0.24.0,2023-04-13,09:25:33,v3.4.7 +argo-rollouts-2.25.0,2023-04-13,23:59:09,v1.4.1 +argo-rollouts-2.24.0,2023-04-13,18:16:41,v1.4.1 +argo-events-2.2.0,2023-04-13,18:38:28,v1.7.6 +argo-cd-5.29.1,2023-04-13,23:44:42,v2.6.7 +argo-cd-5.29.0,2023-04-13,14:09:40,v2.6.7 +argo-workflows-0.23.2,2023-04-12,04:52:48,v3.4.7 +argo-workflows-0.23.1,2023-04-11,13:50:51,v3.4.6 +argo-cd-5.28.2,2023-04-11,13:34:12,v2.6.7 +argo-events-2.1.6,2023-04-07,12:46:03,v1.7.6 +argocd-image-updater-0.8.5,2023-04-06,13:52:44,v0.12.2 +argo-workflows-0.23.0,2023-04-06,23:43:19,v3.4.6 +argo-cd-5.28.1,2023-04-06,16:17:02,v2.6.7 +argo-workflows-0.22.16,2023-04-04,11:10:35,v3.4.6 +argo-cd-5.28.0,2023-04-03,09:59:17,v2.6.7 +argo-events-2.1.5,2023-04-01,20:40:27,v1.7.6 +argo-cd-5.27.5,2023-03-30,16:33:34,v2.6.7 +argo-rollouts-2.23.0,2023-03-29,09:16:56,v1.4.1 +argo-cd-5.27.4,2023-03-28,13:49:13,v2.6.7 +argo-cd-5.27.3,2023-03-24,09:57:20,v2.6.7 +argo-cd-5.27.2,2023-03-24,00:09:05,v2.6.7 +argo-workflows-0.22.15,2023-03-23,07:09:27,v3.4.5 +argo-cd-5.27.1,2023-03-17,08:25:05,v2.6.6 +argo-workflows-0.22.14,2023-03-16,11:05:16,v3.4.5 +argo-cd-5.27.0,2023-03-16,00:09:12,v2.6.5 +argo-events-2.1.4,2023-03-15,17:34:46,v1.7.6 +argo-cd-5.26.3,2023-03-15,19:28:01,v2.6.5 +argo-cd-5.26.2,2023-03-15,14:00:41,v2.6.5 +argo-cd-5.26.1,2023-03-14,18:42:39,v2.6.5 +argo-cd-5.26.0,2023-03-12,14:00:47,v2.6.4 +argo-cd-5.25.0,2023-03-09,12:05:22,v2.6.4 +argo-cd-5.24.4,2023-03-09,10:48:48,v2.6.4 +argo-cd-5.24.3,2023-03-08,07:46:54,v2.6.4 +argo-cd-5.24.2,2023-03-08,07:13:22,v2.6.4 +argo-cd-5.24.1,2023-03-03,17:53:36,v2.6.3 +argocd-apps-0.0.9,2023-03-02,14:59:22, +argo-rollouts-2.22.3,2023-03-02,15:08:16,v1.4.1 +argo-cd-5.24.0,2023-03-02,14:29:29,v2.6.3 +argo-cd-5.23.5,2023-02-28,23:30:25,v2.6.3 +argo-cd-5.23.4,2023-02-28,21:53:42,v2.6.3 +argo-cd-5.23.3,2023-02-28,08:32:15,v2.6.3 +argo-cd-5.23.2,2023-02-26,16:34:21,v2.6.2 +argo-workflows-0.22.13,2023-02-24,21:57:04,v3.4.5 +argo-workflows-0.22.12,2023-02-23,17:44:23,v3.4.5 +argo-cd-5.23.1,2023-02-23,18:12:14,v2.6.2 +argo-cd-5.23.0,2023-02-23,16:57:40,v2.6.2 +argo-events-2.1.3,2023-02-21,01:14:54,v1.7.6 +argo-cd-5.22.1,2023-02-19,12:38:23,v2.6.2 +argo-cd-5.22.0,2023-02-17,16:38:41,v2.6.2 +argo-cd-5.21.1,2023-02-17,08:23:54,v2.6.2 +argo-cd-5.21.0,2023-02-15,00:11:41,v2.6.1 +argo-cd-5.20.5,2023-02-14,12:21:52,v2.6.1 +argo-cd-5.20.4,2023-02-13,11:22:38,v2.6.1 +argo-workflows-0.22.11,2023-02-10,05:32:10,v3.4.5 +argocd-apps-0.0.8,2023-02-09,22:44:40, +argo-cd-5.20.3,2023-02-08,20:15:43,v2.6.1 +argo-cd-5.20.2,2023-02-08,16:42:35,v2.6.0 +argo-cd-5.20.1,2023-02-08,01:10:02,v2.6.0 +argo-workflows-0.22.10,2023-02-07,15:11:29,v3.4.5 +argo-cd-5.20.0,2023-02-07,15:02:47,v2.6.0 +argo-cd-5.19.15,2023-02-06,04:40:38,v2.5.10 +argo-cd-5.19.14,2023-02-02,21:56:38,v2.5.10 +argo-cd-5.19.13,2023-02-02,04:11:31,v2.5.9 +argocd-image-updater-0.8.4,2023-02-01,21:07:41,v0.12.2 +argocd-image-updater-0.8.3,2023-01-29,18:59:51,v0.12.0 +argocd-apps-0.0.7,2023-01-29,19:17:57, +argo-workflows-0.22.9,2023-01-29,18:48:45,v3.4.4 +argo-rollouts-2.22.2,2023-01-29,19:14:29,v1.4.0 +argo-events-2.1.2,2023-01-29,19:07:55,v1.7.5 +argo-events-2.1.1,2023-01-29,12:16:37,v1.7.5 +argo-cd-5.19.12,2023-01-29,15:23:26,v2.5.9 +argo-cd-5.19.11,2023-01-28,13:41:15,v2.5.9 +argo-cd-5.19.9,2023-01-27,14:47:36,v2.5.8 +argo-cd-5.19.10,2023-01-27,23:20:39,v2.5.8 +argo-cd-5.19.8,2023-01-26,12:06:45,v2.5.8 +argo-cd-5.19.7,2023-01-26,08:23:02,v2.5.8 +argo-events-2.1.0,2023-01-25,21:46:36,v1.7.4 +argo-cd-5.19.6,2023-01-24,00:18:44,v2.5.7 +argo-cd-5.19.5,2023-01-22,19:22:59,v2.5.7 +argo-cd-5.19.4,2023-01-22,17:20:54,v2.5.7 +argocd-image-updater-0.8.2,2023-01-21,11:38:12,v0.12.0 +argo-cd-5.19.3,2023-01-21,19:11:20,v2.5.7 +argo-cd-5.19.2,2023-01-21,12:19:10,v2.5.7 +argo-cd-5.19.1,2023-01-21,12:08:16,v2.5.7 +argo-cd-5.19.0,2023-01-21,09:25:14,v2.5.7 +argo-rollouts-2.22.1,2023-01-20,16:42:17,v1.4.0 +argo-cd-5.18.1,2023-01-20,14:34:15,v2.5.7 +argo-rollouts-2.22.0,2023-01-19,21:14:27,v1.4.0 +argo-rollouts-2.21.3,2023-01-19,10:37:43,v1.3.1 +argo-cd-5.18.0,2023-01-19,22:15:14,v2.5.7 +argo-rollouts-2.21.2,2023-01-18,02:39:11,v1.3.1 +argo-cd-5.17.4,2023-01-18,13:01:18,v2.5.7 +argo-cd-5.17.2,2023-01-18,06:44:45,v2.5.7 +argo-cd-5.17.1,2023-01-11,06:33:59,v2.5.6 +argo-workflows-0.22.8,2023-01-10,00:03:48,v3.4.4 +argo-cd-5.17.0,2023-01-10,12:32:17,v2.5.5 +argo-cd-5.16.15,2023-01-10,08:59:08,v2.5.5 +argo-cd-5.16.14,2023-01-04,09:49:57,v2.5.5 +argo-workflows-0.22.7,2023-01-03,01:46:24,v3.4.4 +argo-workflows-0.22.6,2022-12-30,05:21:07,v3.4.4 +argo-workflows-0.22.5,2022-12-29,16:31:57,v3.4.4 +argo-events-2.0.11,2022-12-29,17:55:54,v1.7.4 +argo-cd-5.16.13,2022-12-29,16:26:56,v2.5.5 +argo-cd-5.16.12,2022-12-29,15:47:53,v2.5.5 +argo-cd-5.16.11,2022-12-29,11:49:31,v2.5.5 +argo-cd-5.16.10,2022-12-27,12:12:26,v2.5.5 +argocd-apps-0.0.6,2022-12-25,13:56:50, +argo-events-2.0.10,2022-12-24,19:41:24,v1.7.4 +argo-workflows-0.22.4,2022-12-22,13:00:59,v3.4.4 +argo-cd-5.16.9,2022-12-20,13:18:36,v2.5.5 +argo-cd-5.16.8,2022-12-20,11:54:14,v2.5.5 +argo-workflows-0.22.3,2022-12-19,09:08:04,v3.4.4 +argo-workflows-0.22.2,2022-12-18,23:42:17,v3.4.4 +argo-events-2.0.9,2022-12-17,00:45:45,v1.7.3 +argo-cd-5.16.7,2022-12-17,11:36:17,v2.5.5 +argo-events-2.0.8,2022-12-15,08:33:57,v1.7.3 +argo-cd-5.16.6,2022-12-15,06:03:36,v2.5.4 +argo-cd-5.16.5,2022-12-14,21:13:18,v2.5.4 +argo-cd-5.16.4,2022-12-13,21:31:30,v2.5.4 +argo-cd-5.16.3,2022-12-13,06:19:38,v2.5.4 +argocd-apps-0.0.5,2022-12-10,14:50:54, +argo-workflows-0.22.1,2022-12-09,06:50:29,v3.4.4 +argo-events-2.0.7,2022-12-09,13:08:09,v1.7.3 +argo-cd-5.16.2,2022-12-07,07:41:56,v2.5.4 +argocd-apps-0.0.4,2022-12-02,13:26:38, +argo-workflows-0.22.0,2022-12-02,13:51:34,v3.4.4 +argo-workflows-0.21.0,2022-12-02,10:29:52,v3.4.4 +argo-cd-5.16.1,2022-12-02,14:48:40,v2.5.3 +argo-workflows-0.20.12,2022-11-30,15:26:09,v3.4.4 +argo-cd-5.16.0,2022-11-30,23:28:36,v2.5.3 +argo-cd-5.15.2,2022-11-30,21:58:12,v2.5.3 +argo-cd-5.15.1,2022-11-30,21:38:35,v2.5.3 +argo-cd-5.15.0,2022-11-29,21:15:00,v2.5.3 +argo-cd-5.14.3,2022-11-28,22:10:18,v2.5.3 +argo-workflows-0.20.11,2022-11-26,01:08:34,v3.4.3 +argo-workflows-0.20.10,2022-11-25,00:36:01,v3.4.3 +argo-cd-5.14.2,2022-11-25,17:40:10,v2.5.2 +argo-workflows-0.20.9,2022-11-23,07:18:21,v3.4.3 +argo-cd-5.14.1,2022-11-21,10:39:57,v2.5.2 +argo-cd-5.14.0,2022-11-20,13:30:05,v2.5.2 +argo-cd-5.13.9,2022-11-17,15:26:43,v2.5.2 +argo-workflows-0.20.8,2022-11-14,11:20:39,v3.4.3 +argo-cd-5.13.8,2022-11-11,02:11:52,v2.5.2 +argo-workflows-0.20.7,2022-11-10,00:36:36,v3.4.3 +argo-cd-5.13.7,2022-11-10,01:56:07,v2.5.2 +argo-cd-5.13.6,2022-11-08,16:04:52,v2.5.2 +argo-cd-5.13.5,2022-11-07,21:55:16,v2.5.1 +argo-cd-5.13.4,2022-11-06,21:13:41,v2.5.1 +argo-cd-5.13.3,2022-11-06,04:19:47,v2.5.1 +argo-cd-5.13.2,2022-11-03,08:37:01,v2.5.1 +argo-cd-5.13.1,2022-11-02,07:31:33,v2.5.1 +argo-workflows-0.20.6,2022-11-01,09:26:43,v3.4.3 +argo-cd-5.13.0,2022-11-01,19:27:19,v2.5.0 +argo-cd-5.12.3,2022-11-01,14:57:44,v2.5.0 +argo-cd-5.12.2,2022-10-31,17:38:56,v2.5.0 +argo-cd-5.9.1,2022-10-30,17:48:16,v2.5.0 +argo-cd-5.9.0,2022-10-30,15:38:31,v2.5.0 +argo-cd-5.12.1,2022-10-30,23:48:29,v2.5.0 +argo-cd-5.12.0,2022-10-30,22:03:51,v2.5.0 +argo-cd-5.11.0,2022-10-30,20:44:31,v2.5.0 +argo-cd-5.10.0,2022-10-30,19:13:05,v2.5.0 +argo-cd-5.8.7,2022-10-29,19:08:37,v2.5.0 +argo-cd-5.8.6,2022-10-29,09:24:01,v2.5.0 +argo-cd-5.8.5,2022-10-28,10:18:33,v2.5.0 +argo-cd-5.8.4,2022-10-28,08:50:11,v2.5.0 +argo-workflows-0.20.5,2022-10-27,01:05:01,v3.4.2 +argo-cd-5.8.3,2022-10-27,12:18:27,v2.5.0 +argo-cd-5.8.2,2022-10-26,13:19:29,v2.5.0 +argo-cd-5.8.1,2022-10-26,11:11:40,v2.5.0 +argo-workflows-0.20.4,2022-10-25,06:19:19,v3.4.2 +argo-cd-5.8.0,2022-10-25,21:22:42,v2.5.0 +argo-cd-5.7.0,2022-10-25,17:05:58,v2.4.15 +argo-cd-5.6.8,2022-10-25,14:09:11,v2.4.15 +argo-cd-5.6.7,2022-10-25,13:30:20,v2.4.15 +argo-cd-5.6.6,2022-10-25,06:42:17,v2.4.15 +argo-workflows-0.20.3,2022-10-24,05:53:54,v3.4.2 +argo-cd-5.6.5,2022-10-24,21:48:21,v2.4.15 +argo-cd-5.6.4,2022-10-24,17:06:09,v2.4.15 +argo-workflows-0.20.2,2022-10-22,07:37:48,v3.4.1 +argo-cd-5.6.3,2022-10-22,12:59:43,v2.4.15 +argo-cd-5.6.2,2022-10-21,08:11:20,v2.4.15 +argo-cd-5.6.1,2022-10-20,11:23:48,v2.4.15 +argocd-apps-0.0.3,2022-10-13,22:07:34, +argo-cd-5.6.0,2022-10-13,22:30:23,v2.4.14 +argo-cd-5.5.25,2022-10-13,16:17:41,v2.4.14 +argocd-apps-0.0.2,2022-10-12,08:34:02, +argo-cd-5.5.24,2022-10-12,12:55:54,v2.4.14 +argo-cd-5.5.23,2022-10-12,11:46:40,v2.4.14 +argo-cd-5.5.22,2022-10-12,08:04:42,v2.4.14 +argocd-image-updater-0.8.1,2022-10-11,22:21:29,v0.12.0 +argo-cd-5.5.21,2022-10-11,14:12:05,v2.4.14 +argo-cd-5.5.20,2022-10-11,14:00:11,v2.4.14 +argo-cd-5.5.19,2022-10-11,12:29:07,v2.4.14 +argo-cd-5.5.18,2022-10-10,20:46:29,v2.4.14 +argo-cd-5.5.17,2022-10-10,19:09:27,v2.4.14 +argo-cd-5.5.16,2022-10-09,13:23:27,v2.4.14 +argo-cd-5.5.15,2022-10-09,08:34:22,v2.4.14 +argo-cd-5.5.14,2022-10-08,22:23:13,v2.4.14 +argo-cd-5.5.13,2022-10-08,11:28:42,v2.4.14 +argo-cd-5.5.12,2022-10-07,10:52:38,v2.4.14 +argo-cd-5.5.9,2022-10-06,14:32:23,v2.4.13 +argo-cd-5.5.11,2022-10-06,22:23:50,v2.4.14 +argo-cd-5.5.10,2022-10-06,21:05:05,v2.4.14 +argo-cd-5.5.8,2022-10-04,00:58:31,v2.4.13 +argo-workflows-0.20.1,2022-10-02,09:28:15,v3.4.1 +argo-rollouts-2.21.1,2022-09-30,22:29:28,v1.3.1 +argo-cd-5.5.7,2022-09-30,13:26:36,v2.4.12 +argo-rollouts-2.21.0,2022-09-29,06:43:50,v1.3.0 +argo-events-2.0.6,2022-09-29,15:55:01,v1.7.3 +argo-workflows-0.20.0,2022-09-28,13:51:07,v3.4.0 +argo-cd-5.5.6,2022-09-28,11:06:18,v2.4.12 +argo-workflows-0.19.6,2022-09-27,12:44:09,v3.4.0 +argo-workflows-0.19.5,2022-09-27,09:53:23,v3.4.0 +argo-workflows-0.19.4,2022-09-26,04:11:17,v3.4.0 +argo-workflows-0.19.3,2022-09-26,01:49:55,v3.4.0 +argo-cd-5.5.5,2022-09-25,17:03:01,v2.4.12 +argo-workflows-0.19.2,2022-09-24,00:03:59,v3.4.0 +argo-cd-5.5.4,2022-09-22,17:20:47,v2.4.12 +argo-cd-5.5.3,2022-09-22,08:53:07,v2.4.12 +argo-workflows-0.19.1,2022-09-21,12:51:22,v3.4.0 +argo-workflows-0.19.0,2022-09-21,10:35:00,v3.4.0 +argo-cd-5.5.2,2022-09-21,19:06:26,v2.4.12 +argo-cd-5.5.1,2022-09-21,18:21:31,v2.4.12 +argo-cd-5.5.0,2022-09-21,11:48:56,v2.4.12 +argo-cd-5.4.8,2022-09-21,07:32:29,v2.4.12 +argo-events-2.0.5,2022-09-20,11:55:01,v1.7.2 +argo-workflows-0.18.0,2022-09-19,16:10:42,v3.4.0 +argo-cd-5.4.7,2022-09-19,21:37:54,v2.4.12 +argo-cd-5.4.6,2022-09-19,12:57:09,v2.4.12 +argo-cd-5.4.5,2022-09-19,11:44:57,v2.4.12 +argo-cd-5.4.4,2022-09-16,08:58:43,v2.4.12 +argo-cd-5.4.3,2022-09-08,17:00:01,v2.4.11 +argo-cd-5.4.2,2022-09-06,10:13:54,v2.4.11 +argo-cd-5.4.1,2022-09-04,08:48:29,v2.4.11 +argo-cd-5.4.0,2022-08-30,15:30:53,v2.4.11 +argo-workflows-0.17.1,2022-08-26,09:03:18,v3.3.9 +argo-rollouts-2.20.0,2022-08-26,16:40:20,v1.2.2 +argo-rollouts-2.19.2,2022-08-26,09:03:17,v1.2.2 +argo-events-2.0.4,2022-08-26,09:03:16,v1.7.1 +argo-cd-5.3.6,2022-08-26,16:15:52,v2.4.11 +argo-cd-5.3.5,2022-08-26,13:38:01,v2.4.11 +argo-cd-5.3.4,2022-08-26,09:03:15,v2.4.11 +argo-cd-5.3.3,2022-08-25,22:09:36,v2.4.11 +argo-cd-5.3.2,2022-08-25,21:39:21,v2.4.11 +argo-cd-5.3.1,2022-08-25,11:35:35,v2.4.11 +argo-cd-5.3.0,2022-08-25,10:42:01,v2.4.11 +argo-cd-5.2.2,2022-08-25,10:13:10,v2.4.11 +argo-cd-5.2.1,2022-08-25,09:08:04,v2.4.11 +argo-cd-5.2.0,2022-08-25,08:43:06,v2.4.11 +argo-cd-5.1.0,2022-08-25,06:41:11,v2.4.11 +argo-cd-5.0.0,2022-08-24,15:12:21,v2.4.11 +argo-rollouts-2.19.0,2022-08-23,02:43:29,v1.2.0 +argocd-apps-0.0.1,2022-08-22,12:32:28, +argo-cd-4.10.9,2022-08-22,14:04:30,v2.4.11 +argo-cd-4.10.8,2022-08-19,19:37:44,v2.4.10 +argo-cd-4.10.7,2022-08-18,00:28:21,v2.4.10 +argo-workflows-0.17.0,2022-08-17,00:07:26,v3.3.9 +argo-cd-4.10.6,2022-08-11,20:43:51,v2.4.9 +argo-workflows-0.16.9,2022-08-10,11:43:41,v3.3.9 +argo-cd-4.10.5,2022-08-02,10:02:11,v2.4.8 +argo-cd-4.10.4,2022-08-01,13:49:17,v2.4.8 +argo-cd-4.10.3,2022-07-31,12:20:12,v2.4.7 +argo-cd-4.10.2,2022-07-29,18:15:36,v2.4.7 +argo-cd-4.10.1,2022-07-29,14:40:58,v2.4.7 +argo-workflows-0.16.8,2022-07-27,00:51:07,v3.3.8 +argo-cd-4.10.0,2022-07-21,09:53:44,v2.4.7 +argo-cd-4.9.16,2022-07-19,12:48:08,v2.4.7 +argo-cd-4.9.15,2022-07-19,06:25:53,v2.4.7 +argo-rollouts-2.18.0,2022-07-15,11:43:33,v1.2.0 +argo-cd-4.9.14,2022-07-14,13:03:20,v2.4.6 +argo-workflows-0.16.7,2022-07-13,00:10:56,v3.3.8 +argo-cd-4.9.13,2022-07-13,20:43:07,v2.4.6 +argo-cd-4.9.12,2022-07-07,16:46:25,v2.4.4 +argo-events-2.0.3,2022-07-06,12:39:16,v1.7.1 +argo-events-2.0.2,2022-07-04,09:50:24,v1.7.1 +argo-cd-4.9.11,2022-06-29,13:10:22,v2.4.3 +argo-cd-4.9.9,2022-06-28,13:20:49,v2.4.3 +argo-cd-4.9.10,2022-06-28,15:14:22,v2.4.3 +argo-events-2.0.1,2022-06-27,21:35:46,v1.7.0 +argo-cd-4.9.8,2022-06-27,17:45:36,v2.4.2 +argo-workflows-0.16.6,2022-06-24,05:47:50,v3.3.8 +argo-workflows-0.16.5,2022-06-23,16:01:09,v3.3.7 +argo-workflows-0.16.4,2022-06-23,09:30:17,v3.3.6 +argo-cd-4.9.7,2022-06-23,14:43:59,v2.4.2 +argo-cd-4.9.6,2022-06-23,06:34:16,v2.4.2 +argo-cd-4.9.5,2022-06-23,05:50:20,v2.4.2 +argo-rollouts-2.17.0,2022-06-17,08:13:21,v1.2.0 +argo-cd-4.9.4,2022-06-17,07:01:22,v2.4.0 +argo-cd-4.9.3,2022-06-16,11:24:09,v2.4.0 +argo-cd-4.9.2,2022-06-15,13:16:32,v2.4.0 +argo-events-2.0.0,2022-06-14,15:38:27,v1.7.0 +argo-cd-4.9.1,2022-06-14,12:32:16,v2.4.0 +argo-cd-4.9.0,2022-06-14,10:10:37,v2.4.0 +argo-workflows-0.16.3,2022-06-10,16:50:21,v3.3.6 +argo-cd-4.8.3,2022-06-08,06:04:29,v2.3.4 +argo-cd-4.8.2,2022-06-02,12:26:38,v2.3.4 +argo-cd-4.8.1,2022-06-02,12:06:47,v2.3.4 +argo-workflows-0.16.2,2022-06-01,17:56:41,v3.3.6 +argo-rollouts-2.16.0,2022-06-01,17:10:16,v1.2.0 +argo-cd-4.8.0,2022-05-30,16:20:13,v2.3.4 +argo-workflows-0.16.1,2022-05-26,11:20:50,v3.3.6 +argo-rollouts-2.15.0,2022-05-26,12:00:18,v1.2.0 +argo-workflows-0.16.0,2022-05-25,09:30:37,v3.3.5 +argo-workflows-0.15.4,2022-05-25,08:52:21,v3.3.5 +argo-cd-4.7.0,2022-05-25,11:07:09,v2.3.4 +argo-rollouts-2.14.1,2022-05-23,05:05:29,v1.2.0 +argo-cd-4.6.5,2022-05-23,04:47:27,v2.3.4 +argo-workflows-0.15.3,2022-05-22,07:43:33,v3.3.5 +argo-cd-4.6.4,2022-05-22,11:52:08,v2.3.4 +argo-workflows-0.15.2,2022-05-20,21:14:27,v3.3.5 +argo-workflows-0.15.1,2022-05-20,19:19:26,v3.3.2 +argo-cd-4.6.3,2022-05-20,18:11:16,v2.3.4 +argo-cd-4.6.2,2022-05-19,17:54:21,v2.3.4 +argo-cd-4.6.1,2022-05-19,11:51:31,v2.3.3 +argo-cd-4.6.0,2022-05-10,07:41:16,v2.3.3 +argo-workflows-0.15.0,2022-05-09,20:45:52,v3.3.2 +argo-workflows-0.14.5,2022-05-09,20:36:39,v3.3.2 +argo-workflows-0.14.4,2022-05-09,20:24:35,v3.3.2 +argo-workflows-0.14.3,2022-05-09,19:51:22,v3.3.2 +argo-workflows-0.14.2,2022-05-09,19:37:38,v3.3.2 +argo-cd-4.5.12,2022-05-09,19:18:36,v2.3.3 +argo-cd-4.5.11,2022-05-07,20:58:56,v2.3.3 +argo-cd-4.5.10,2022-05-05,21:59:44,v2.3.3 +argo-cd-4.5.9,2022-05-04,16:40:52,v2.3.3 +argo-workflows-0.14.1,2022-05-01,11:44:50,v3.3.2 +argo-cd-4.5.8,2022-04-30,12:31:18,v2.3.3 +argo-events-1.13.0,2022-04-23,07:25:52,v1.6.0 +argocd-notifications-1.8.1,2022-04-22,09:42:54,v1.2.1 +argocd-applicationset-1.12.1,2022-04-22,09:42:52,v0.4.1 +argocd-applicationset-1.12.0,2022-04-22,07:23:43,v0.4.1 +argo-workflows-0.14.0,2022-04-22,07:09:42,v3.3.2 +argo-cd-4.5.7,2022-04-22,09:55:26,v2.3.3 +argo-cd-4.5.6,2022-04-22,08:34:16,v2.3.3 +argo-cd-4.5.5,2022-04-21,22:02:41,v2.3.3 +argo-cd-4.5.4,2022-04-19,11:02:10,v2.3.3 +argo-cd-4.5.3,2022-04-12,14:28:36,v2.3.3 +argo-cd-4.5.2,2022-04-12,12:32:08,v2.3.3 +argo-cd-4.5.1,2022-04-11,14:33:48,v2.3.3 +argo-rollouts-2.14.0,2022-04-05,11:38:27,v1.2.0 +argo-cd-4.5.0,2022-04-03,09:14:25,v2.3.3 +argo-cd-4.4.1,2022-04-02,18:45:18,v2.3.3 +argo-rollouts-2.13.0,2022-03-31,17:32:03,v1.2.0 +argo-cd-4.4.0,2022-03-31,12:20:18,v2.3.3 +argo-cd-4.3.2,2022-03-31,11:59:31,v2.3.3 +argo-cd-4.3.1,2022-03-30,13:40:17,v2.3.3 +argo-cd-4.3.0,2022-03-29,11:24:34,v2.3.2 +argo-cd-4.2.4,2022-03-28,21:02:42,v2.3.2 +argo-cd-4.2.3,2022-03-28,13:18:14,v2.3.2 +argo-workflows-0.13.1,2022-03-23,13:18:49,v3.2.9 +argo-rollouts-2.12.0,2022-03-23,21:12:12,v1.2.0 +argo-cd-4.2.2,2022-03-23,09:53:45,v2.3.2 +argo-cd-4.2.1,2022-03-18,21:25:50,v2.3.1 +argo-cd-4.2.0,2022-03-18,16:42:44,v2.3.1 +argocd-image-updater-0.8.0,2022-03-17,19:34:59,v0.12.0 +argo-cd-4.1.0,2022-03-17,17:16:25,v2.3.1 +argo-cd-4.0.1,2022-03-17,12:54:21,v2.3.1 +argo-cd-4.0.0,2022-03-16,21:02:33,v2.3.1 +argo-rollouts-2.11.0,2022-03-14,21:13:07,v1.1.1 +argo-workflows-0.13.0,2022-03-12,17:55:49,v3.2.9 +argo-workflows-0.12.0,2022-03-12,17:14:00,v3.2.9 +argo-cd-3.35.4,2022-03-12,18:59:29,v2.2.5 +argo-cd-3.35.3,2022-03-10,10:45:45,v2.2.5 +argo-cd-3.35.2,2022-03-06,15:54:11,v2.2.5 +argo-cd-3.35.1,2022-03-06,12:08:36,v2.2.5 +argo-workflows-0.11.2,2022-03-05,08:51:50,v3.2.9 +argo-workflows-0.11.1,2022-03-03,14:02:23,v3.2.7 +argocd-image-updater-0.7.0,2022-03-01,10:26:52,v0.11.3 +argo-workflows-0.11.0,2022-03-01,09:53:15,v3.2.7 +argo-cd-3.35.0,2022-03-01,21:58:21,v2.2.5 +argo-cd-3.34.0,2022-03-01,17:37:13,v2.2.5 +argo-cd-3.33.8,2022-02-26,20:07:35,v2.2.5 +argo-cd-3.33.7,2022-02-23,11:02:53,v2.2.5 +argocd-image-updater-0.6.3,2022-02-20,17:56:33,v0.11.3 +argo-rollouts-2.10.0,2022-02-20,23:01:55,v1.1.1 +argo-events-1.12.0,2022-02-20,20:57:50,v1.6.0 +argo-events-1.11.0,2022-02-20,18:31:57,v1.6.0 +argocd-applicationset-1.11.0,2022-02-17,08:19:49,v0.3.0 +argo-cd-3.33.6,2022-02-17,11:37:47,v2.2.5 +argocd-applicationset-1.10.0,2022-02-16,18:44:07,v0.3.0 +argo-workflows-0.10.1,2022-02-09,23:06:55,v3.2.7 +argo-cd-3.33.5,2022-02-05,16:32:53,v2.2.5 +argo-cd-3.33.4,2022-02-05,12:55:15,v2.2.5 +argo-cd-3.33.3,2022-02-04,09:19:44,v2.2.4 +argo-cd-3.33.2,2022-02-03,09:36:59,v2.2.3 +argocd-notifications-1.8.0,2022-02-01,21:49:11,v1.2.1 +argo-cd-3.33.1,2022-01-31,19:26:33,v2.2.3 +argo-cd-3.33.0,2022-01-31,15:37:35,v2.2.3 +argo-workflows-0.10.0,2022-01-28,13:45:09,v3.2.6 +argo-cd-3.32.1,2022-01-27,10:15:36,v2.2.3 +argo-cd-3.32.0,2022-01-26,15:14:35,v2.2.3 +argo-rollouts-2.9.3,2022-01-25,12:43:34,v1.1.1 +argocd-notifications-1.7.1,2022-01-24,19:19:34,v1.2.1 +argocd-image-updater-0.6.2,2022-01-24,19:19:33,v0.11.2 +argocd-applicationset-1.9.1,2022-01-24,19:19:32,v0.3.0 +argo-workflows-0.9.5,2022-01-24,19:19:30,v3.2.6 +argo-rollouts-2.9.2,2022-01-24,19:19:29,v1.1.1 +argo-events-1.10.2,2022-01-24,19:19:28,v1.5.6 +argo-cd-3.31.1,2022-01-24,19:19:26,v2.2.2 +argo-cd-3.31.0,2022-01-20,10:52:27,v2.2.2 +argo-cd-3.30.1,2022-01-19,19:26:25,v2.2.2 +argo-events-1.10.1,2022-01-18,22:20:08,v1.5.6 +argo-events-1.10.0,2022-01-17,14:02:09,v1.5.0 +argo-cd-3.30.0,2022-01-16,05:24:18,v2.2.2 +argocd-image-updater-0.6.1,2022-01-11,22:07:52,v0.11.2 +argo-rollouts-2.9.1,2022-01-11,22:35:51,v1.1.1 +argo-rollouts-2.9.0,2022-01-10,20:46:21,v1.1.1 +argo-rollouts-2.8.1,2022-01-10,18:21:14,v1.1.1 +argo-events-1.9.0,2022-01-10,19:56:43,v1.5.0 +argocd-applicationset-1.9.0,2022-01-09,18:08:02,v0.3.0 +argocd-applicationset-1.8.0,2022-01-06,18:36:05,v0.3.0 +argo-rollouts-2.8.0,2022-01-05,12:32:16,v1.1.0 +argo-cd-3.29.5,2022-01-04,10:16:28,v2.2.2 +argocd-notifications-1.7.0,2021-12-20,18:18:19,v1.2.1 +argo-workflows-0.9.4,2021-12-20,11:00:00,v3.2.6 +argo-rollouts-2.7.0,2021-12-20,19:13:47,v1.1.0 +argo-cd-3.29.4,2021-12-20,17:27:35,v2.2.1 +argo-cd-3.29.3,2021-12-18,22:09:23,v2.2.1 +argo-cd-3.29.2,2021-12-17,18:39:32,v2.2.1 +argo-cd-3.29.1,2021-12-17,10:06:18,v2.2.1 +argocd-notifications-1.6.1,2021-12-16,09:58:40,v1.2.1 +argo-cd-3.29.0,2021-12-15,10:15:30,v2.2.0 +argo-cd-3.28.1,2021-12-11,19:32:10,v2.1.7 +argo-cd-3.28.0,2021-12-10,15:23:06,v2.1.7 +argocd-applicationset-1.7.0,2021-12-09,14:56:54,v0.2.0 +argo-rollouts-2.6.0,2021-12-09,15:13:24,v1.1.0 +argocd-image-updater-0.6.0,2021-12-07,06:40:34,v0.11.0 +argo-workflows-0.9.3,2021-12-06,10:02:15,v3.2.4 +argo-cd-3.27.1,2021-12-03,22:41:42,v2.1.7 +argo-cd-3.27.0,2021-12-03,22:19:58,v2.1.7 +argo-cd-3.26.12,2021-11-29,10:51:49,v2.1.7 +argocd-notifications-1.6.0,2021-11-25,17:39:42,v1.2.0 +argocd-image-updater-0.5.0,2021-11-24,20:47:21,v0.11.0 +argo-cd-3.26.11,2021-11-24,16:30:38,v2.1.7 +argo-workflows-0.9.2,2021-11-23,10:12:37,v3.2.4 +argocd-image-updater-0.4.2,2021-11-22,07:18:47,v0.10.3 +argo-workflows-0.9.1,2021-11-22,09:41:06,v3.2.4 +argo-workflows-0.9.0,2021-11-22,09:33:03,v3.2.4 +argo-workflows-0.8.3,2021-11-21,18:59:21,v3.2.4 +argo-cd-3.26.10,2021-11-21,12:48:45,v2.1.7 +argo-workflows-0.8.2,2021-11-19,21:36:02,v3.2.0 +argocd-image-updater-0.4.1,2021-11-17,09:50:53,v0.10.3 +argo-cd-3.26.9,2021-11-17,07:43:03,v2.1.6 +argocd-image-updater-0.4.0,2021-11-15,23:19:27,v0.10.1 +argo-rollouts-2.5.0,2021-11-15,07:02:31,v1.1.0 +argocd-notifications-1.5.2,2021-11-12,09:25:30,v1.1.1 +argo-cd-3.26.8,2021-11-11,15:00:04,v2.1.6 +argo-cd-3.26.7,2021-11-10,17:18:47,v2.1.6 +argocd-image-updater-0.3.0,2021-11-09,21:14:43,v0.10.1 +argo-rollouts-2.4.0,2021-11-09,20:50:12,v1.1.0 +argo-cd-3.26.6,2021-11-06,08:23:57,v2.1.6 +argo-workflows-0.8.1,2021-11-01,18:13:26,v3.2.0 +argo-cd-3.26.5,2021-10-31,19:32:18,v2.1.6 +argo-cd-3.26.4,2021-10-31,11:57:25,v2.1.6 +argo-events-1.8.0,2021-10-27,15:13:58,v1.5.0 +argo-cd-3.26.3,2021-10-21,20:56:35,v2.1.5 +argo-cd-3.26.2,2021-10-21,11:34:14,2.1.4 +argo-cd-3.26.1,2021-10-20,06:32:59,2.1.4 +argo-workflows-0.8.0,2021-10-19,15:37:06,v3.2.0 +argo-cd-3.26.0,2021-10-19,17:02:52,2.1.3 +argo-cd-3.25.3,2021-10-19,15:51:33,2.1.3 +argo-rollouts-2.3.0,2021-10-18,12:29:40,v1.1.0 +argocd-applicationset-1.6.0,2021-10-17,18:30:56,v0.2.0 +argo-rollouts-2.2.1,2021-10-17,12:08:48,v1.1.0 +argo-cd-3.25.2,2021-10-17,10:33:22,2.1.3 +argo-workflows-0.7.3,2021-10-15,10:22:13,v3.2.0 +argo-workflows-0.7.2,2021-10-15,09:42:17,v3.1.8 +argo-rollouts-2.2.0,2021-10-14,14:58:28,v1.1.0 +argo-cd-3.25.1,2021-10-14,12:40:36,2.1.3 +argo-cd-3.25.0,2021-10-12,18:49:49,2.1.3 +argo-cd-3.24.0,2021-10-06,22:13:09,2.1.3 +argo-cd-3.23.1,2021-10-06,15:28:20,2.1.3 +argo-cd-3.23.0,2021-10-04,22:20:00,2.1.2 +argocd-notifications-1.5.1,2021-09-29,15:15:42,1.1.1 +argo-cd-3.22.1,2021-09-29,09:07:29,2.1.2 +argocd-applicationset-1.5.1,2021-09-27,13:58:05,v0.2.0 +argocd-applicationset-1.5.0,2021-09-27,12:06:48,v0.2.0 +argo-workflows-0.7.1,2021-09-27,15:18:14,v3.1.8 +argo-workflows-0.7.0,2021-09-27,07:14:58,v3.1.8 +argo-rollouts-2.1.1,2021-09-27,15:10:06,v1.0.2 +argo-cd-3.22.0,2021-09-27,19:32:54,2.1.2 +argo-cd-3.21.1,2021-09-27,10:04:46,2.1.2 +argocd-image-updater-0.2.1,2021-09-20,14:43:20,v0.10.1 +argo-workflows-0.6.0,2021-09-17,19:51:33,v3.1.8 +argo-rollouts-2.1.0,2021-09-17,16:39:27,v1.0.2 +argo-cd-3.21.0,2021-09-17,20:14:56,2.1.2 +argo-cd-3.20.0,2021-09-17,17:47:39,2.1.2 +argo-cd-3.19.0,2021-09-17,13:57:58,2.1.2 +argocd-image-updater-0.2.0,2021-09-16,18:59:58,v0.10.1 +argocd-image-updater-0.1.1,2021-09-16,17:30:59,v0.10.1 +argo-rollouts-2.0.2,2021-09-16,19:06:11,v1.0.2 +argo-cd-3.18.0,2021-09-16,17:59:45,2.1.2 +argo-workflows-0.5.2,2021-09-15,22:27:25,v3.1.8 +argo-cd-3.17.7,2021-09-15,10:31:26,2.1.2 +argo-workflows-0.5.1,2021-09-13,16:21:35,v3.1.8 +argo-cd-3.17.6,2021-09-02,21:59:12,2.1.2 +argo-rollouts-2.0.1,2021-08-30,06:46:48,v1.0.2 +argocd-notifications-1.5.0,2021-08-27,13:12:54,1.1.1 +argocd-applicationset-1.4.0,2021-08-27,12:33:43,v0.2.0 +argo-workflows-0.5.0,2021-08-27,12:59:50,v3.1.8 +argo-cd-3.17.5,2021-08-27,13:47:25,2.1.1 +argo-cd-3.17.4,2021-08-27,10:06:21,2.1.1 +argo-cd-3.17.3,2021-08-26,15:11:19,2.1.1 +argo-cd-3.17.2,2021-08-26,14:22:27,2.1.1 +argo-cd-3.17.1,2021-08-26,13:55:36,2.1.0 +argo-cd-3.17.0,2021-08-26,13:43:13,2.1.0 +argocd-notifications-1.4.4,2021-08-25,12:14:37,1.1.1 +argocd-applicationset-1.3.1,2021-08-25,07:05:41,v0.2.0 +argo-cd-3.16.0,2021-08-25,15:05:03,2.1.0 +argo-cd-3.15.0,2021-08-24,12:48:33,2.1.0 +argo-cd-3.14.0,2021-08-24,12:38:02,2.1.0 +argocd-applicationset-1.3.0,2021-08-23,13:05:32,v0.2.0 +argocd-applicationset-1.2.0,2021-08-23,12:23:43,v0.2.0 +argo-workflows-0.4.2,2021-08-23,11:13:42,v3.1.8 +argo-cd-3.13.2,2021-08-23,17:23:36,2.1.0 +argo-cd-3.13.1,2021-08-23,13:01:57,2.1.0 +argo-cd-3.13.0,2021-08-23,12:14:11,2.1.0 +argo-workflows-0.4.1,2021-08-20,16:24:43,v3.1.5 +argocd-notifications-1.4.3,2021-08-18,10:02:11,1.1.1 +argocd-notifications-1.4.2,2021-08-17,09:13:14,1.1.1 +argo-workflows-0.4.0,2021-08-17,07:31:04,v3.1.5 +argocd-image-updater-0.1.0,2021-08-16,15:23:23,v0.10.1 +argo-rollouts-2.0.0,2021-08-16,15:27:43,v1.0.2 +argo-cd-3.12.1,2021-08-14,11:03:56,2.0.5 +argocd-applicationset-1.1.0,2021-08-13,16:37:25,v0.1.0 +argo-cd-3.12.0,2021-08-13,20:15:28,2.0.5 +argo-workflows-0.3.0,2021-08-11,07:32:31,v3.0.7 +argo-cd-3.11.5,2021-08-11,15:44:45,2.0.5 +argo-cd-3.11.4,2021-08-11,07:14:57,2.0.5 +argo-workflows-0.2.13,2021-08-10,13:45:31,v3.0.7 +argo-rollouts-1.0.4,2021-08-10,06:39:57,v1.0.2 +argo-cd-3.11.3,2021-08-09,08:58:30,2.0.5 +argo-events-1.7.0,2021-08-07,22:43:47,1.3.1 +argo-cd-3.11.2,2021-08-07,13:08:09,2.0.5 +argo-cd-3.11.1,2021-07-28,15:42:38,2.0.5 +argo-cd-3.11.0,2021-07-28,14:37:27,2.0.5 +argo-cd-3.10.2,2021-07-27,11:07:30,2.0.5 +argo-cd-3.10.1,2021-07-27,01:33:24,2.0.5 +argo-workflows-0.2.12,2021-07-21,16:02:29,v3.0.7 +argo-workflows-0.2.9,2021-07-20,18:18:54,v3.0.7 +argo-workflows-0.2.8,2021-07-20,18:10:55,v3.0.7 +argo-workflows-0.2.11,2021-07-20,21:51:21,v3.0.7 +argo-workflows-0.2.10,2021-07-20,18:25:05,v3.0.7 +argo-cd-3.10.0,2021-07-20,11:41:23,2.0.4 +argo-cd-3.9.0,2021-07-13,06:35:52,2.0.4 +argo-cd-3.8.2,2021-07-13,06:26:07,2.0.4 +argocd-applicationset-1.0.0,2021-07-12,10:54:40,v0.1.0 +argo-cd-3.8.1,2021-07-12,11:07:21,2.0.4 +argocd-notifications-1.4.1,2021-07-09,11:09:14,1.1.1 +argocd-applicationset-0.1.7,2021-07-09,11:09:13,v0.1.0 +argo-workflows-0.2.7,2021-07-09,11:09:12,v3.0.7 +argo-rollouts-1.0.3,2021-07-09,11:09:12,v1.0.2 +argo-events-1.6.4,2021-07-09,11:09:11,1.3.1 +argo-cd-3.8.0,2021-07-09,12:34:38,2.0.4 +argo-cd-3.7.2,2021-07-09,11:09:10,2.0.4 +argo-rollouts-1.0.2,2021-07-07,15:18:22,v1.0.2 +argo-cd-3.7.1,2021-07-05,09:53:30,2.0.4 +argo-cd-3.7.0,2021-07-05,09:42:21,2.0.4 +argo-cd-3.6.11,2021-06-29,08:49:22,2.0.4 +argo-cd-3.6.10,2021-06-26,15:05:26,2.0.3 +argo-workflows-0.2.6,2021-06-25,06:16:05,v3.0.7 +argo-cd-3.6.9,2021-06-25,06:07:25,2.0.3 +argo-workflows-0.2.5,2021-06-08,13:15:23,v3.0.2 +argo-events-1.6.2,2021-06-07,08:36:00,1.3.1 +argo-cd-3.6.8,2021-06-07,09:40:13,2.0.3 +argo-cd-3.6.7,2021-06-07,08:52:24,2.0.3 +argocd-notifications-1.4.0,2021-06-03,10:08:10,1.1.1 +argocd-applicationset-0.1.6,2021-06-03,17:50:44,v0.1.0 +argo-workflows-0.2.4,2021-06-03,17:11:17,v3.0.2 +argo-workflows-0.2.3,2021-06-03,11:08:38,v3.0.2 +argo-cd-3.6.6,2021-06-02,17:55:17,2.0.3 +argo-workflows-0.2.2,2021-05-31,20:15:38,v3.0.2 +argo-workflows-0.2.1,2021-05-31,16:32:09,v3.0.2 +argo-workflows-0.2.0,2021-05-31,16:18:32,v3.0.2 +argo-rollouts-1.0.1,2021-05-31,21:23:24,v1.0.1 +argo-rollouts-1.0.0,2021-05-31,16:06:49,v1.0.1 +argo-events-1.6.1,2021-05-31,16:09:51,1.3.1 +argo-cd-3.6.5,2021-05-31,20:15:37,2.0.3 +argo-events-1.6.0,2021-05-29,10:30:24,1.3.1 +argo-cd-3.6.4,2021-05-29,14:37:41,2.0.3 +argo-cd-3.6.3,2021-05-29,08:42:00,2.0.3 +argo-workflows-0.1.5,2021-05-27,16:33:49,v3.0.2 +argocd-notifications-1.3.2,2021-05-26,21:41:54,1.1.1 +argo-workflows-0.1.4,2021-05-26,10:00:42,v3.0.2 +argo-rollouts-0.5.5,2021-05-26,09:44:42,0.10.2 +argo-events-1.5.0,2021-05-26,21:27:33,1.3.1 +argo-events-1.4.3,2021-05-26,21:13:44,1.3.1 +argo-cd-3.6.2,2021-05-26,10:35:46,2.0.1 +argo-workflows-0.1.3,2021-05-25,06:06:50,v3.0.2 +argo-rollouts-0.5.4,2021-05-24,21:34:19,0.10.2 +argo-cd-3.6.1,2021-05-24,19:21:16,2.0.1 +argo-cd-3.6.0,2021-05-23,12:25:54,2.0.1 +argocd-notifications-1.3.1,2021-05-21,16:00:09,1.1.1 +argocd-applicationset-0.1.5,2021-05-21,16:00:08,v0.1.0 +argo-workflows-0.1.2,2021-05-21,16:50:29,v3.0.2 +argo-workflows-0.1.1,2021-05-21,16:00:07,v3.0.2 +argo-rollouts-0.5.3,2021-05-21,16:00:06,0.10.2 +argo-events-1.4.2,2021-05-21,16:00:05,1.3.1 +argo-cd-3.5.0,2021-05-21,16:43:57,2.0.1 +argo-cd-3.4.1,2021-05-21,16:00:04,2.0.1 +argo-1.0.0,2021-05-21,16:00:03,v2.12.5 diff --git a/scripts/release-analysis/argo_releases.csv b/scripts/release-analysis/argo_releases.csv new file mode 100644 index 00000000..f630abe7 --- /dev/null +++ b/scripts/release-analysis/argo_releases.csv @@ -0,0 +1,877 @@ +Repository,Release Tag,Release Date,Release Time +argo-cd,v2.14.0-rc6,2025-01-21,21:40:31 +argo-cd,v2.14.0-rc5,2025-01-08,20:16:38 +argo-cd,v2.13.3,2025-01-03,19:23:42 +argo-cd,v2.12.9,2025-01-03,19:21:15 +argo-cd,v2.14.0-rc4,2025-01-02,22:36:35 +argo-cd,v2.14.0-rc3,2024-12-18,19:22:51 +argo-cd,v2.14.0-rc2,2024-12-17,18:43:53 +argo-cd,v2.13.2,2024-12-11,19:18:46 +argo-cd,v2.12.8,2024-12-11,19:17:57 +argo-cd,v2.13.1,2024-11-20,17:11:22 +argo-cd,v2.12.7,2024-11-05,16:08:15 +argo-cd,v2.11.12,2024-11-05,16:09:52 +argo-cd,v2.13.0,2024-11-04,12:46:49 +argo-cd,v2.13.0-rc5,2024-10-18,21:56:52 +argo-cd,v2.12.6,2024-10-18,19:07:18 +argo-cd,v2.11.11,2024-10-18,19:10:03 +argo-cd,v2.13.0-rc4,2024-10-17,22:20:25 +argo-cd,v2.12.5,2024-10-17,22:03:45 +argo-cd,v2.11.10,2024-10-17,22:04:22 +argo-cd,v2.10.18,2024-10-17,22:02:48 +argo-cd,v2.13.0-rc3,2024-10-07,14:11:10 +argo-cd,v2.12.4,2024-09-26,07:14:39 +argo-cd,v2.11.9,2024-09-26,07:39:46 +argo-cd,v2.10.17,2024-09-26,07:39:53 +argo-cd,v2.13.0-rc2,2024-09-20,12:16:17 +argo-cd,v2.13.0-rc1,2024-09-16,09:07:32 +argo-cd,v2.11.8,2024-09-11,07:18:22 +argo-cd,v2.12.3,2024-08-27,12:33:34 +argo-cd,v2.12.2,2024-08-23,04:05:09 +argo-cd,v2.9.22,2024-08-22,18:09:07 +argo-cd,v2.8.21,2024-08-22,00:15:46 +argo-cd,v2.12.1,2024-08-16,17:16:36 +argo-cd,v2.12.0,2024-08-05,14:02:15 +argo-cd,v2.12.0-rc5,2024-08-02,00:02:42 +argo-cd,v2.11.7,2024-07-24,10:27:18 +argo-cd,v2.10.16,2024-07-24,10:27:30 +argo-cd,v2.9.21,2024-07-24,10:27:35 +argo-cd,v2.11.6,2024-07-22,15:19:04 +argo-cd,v2.10.15,2024-07-22,15:28:11 +argo-cd,v2.9.20,2024-07-22,15:26:01 +argo-cd,v2.12.0-rc4,2024-07-15,18:31:03 +argo-cd,v2.11.5,2024-07-15,18:32:15 +argo-cd,v2.10.14,2024-07-15,18:43:13 +argo-cd,v2.9.19,2024-07-15,19:10:33 +argo-cd,v2.12.0-rc3,2024-07-02,19:11:39 +argo-cd,v2.11.4,2024-07-02,19:52:42 +argo-cd,v2.10.13,2024-07-02,19:16:33 +argo-cd,v2.9.18,2024-07-02,20:06:18 +argo-cd,v2.12.0-rc2,2024-06-24,21:07:03 +argo-cd,v2.12.0-rc1,2024-06-18,13:46:04 +argo-cd,v2.11.3,2024-06-06,09:43:29 +argo-cd,v2.10.12,2024-06-06,09:44:03 +argo-cd,v2.9.17,2024-06-06,09:47:39 +argo-cd,v2.11.2,2024-05-23,14:14:51 +argo-cd,v2.10.11,2024-05-23,14:20:08 +argo-cd,v2.9.16,2024-05-23,14:28:35 +argo-cd,v2.8.20,2024-05-23,14:22:46 +argo-cd,v2.11.1,2024-05-21,15:03:58 +argo-cd,v2.10.10,2024-05-21,15:04:04 +argo-cd,v2.9.15,2024-05-21,15:03:15 +argo-cd,v2.8.19,2024-05-21,15:02:42 +argo-cd,v2.11.0,2024-05-07,16:37:25 +argo-cd,v2.10.9,2024-04-30,16:55:10 +argo-cd,v2.9.14,2024-04-30,17:52:42 +argo-cd,v2.8.18,2024-04-30,18:11:05 +argo-cd,v2.11.0-rc3,2024-04-29,20:34:30 +argo-cd,v2.10.8,2024-04-26,14:04:02 +argo-cd,v2.9.13,2024-04-26,13:54:31 +argo-cd,v2.8.17,2024-04-26,13:32:45 +argo-cd,v2.11.0-rc2,2024-04-15,20:21:25 +argo-cd,v2.10.7,2024-04-15,09:21:23 +argo-cd,v2.9.12,2024-04-15,09:23:39 +argo-cd,v2.8.16,2024-04-15,09:24:55 +argo-cd,v2.11.0-rc1,2024-04-05,12:48:47 +argo-cd,v2.10.6,2024-04-05,01:04:01 +argo-cd,v2.9.11,2024-04-05,00:33:21 +argo-cd,v2.8.15,2024-04-05,00:08:33 +argo-cd,v2.7.18,2024-04-04,23:10:16 +argo-cd,v2.10.5,2024-03-28,16:29:02 +argo-cd,v2.9.10,2024-03-28,17:14:04 +argo-cd,v2.8.14,2024-03-28,17:14:13 +argo-cd,v2.10.4,2024-03-18,08:44:51 +argo-cd,v2.9.9,2024-03-18,08:44:29 +argo-cd,v2.8.13,2024-03-18,08:43:03 +argo-cd,v2.10.3,2024-03-13,19:53:05 +argo-cd,v2.9.8,2024-03-13,19:50:14 +argo-cd,v2.8.12,2024-03-13,19:49:30 +argo-cd,v2.8.11,2024-03-08,15:35:57 +argo-cd,v2.10.2,2024-03-01,22:03:43 +argo-cd,v2.9.7,2024-03-01,23:28:36 +argo-cd,v2.10.1,2024-02-14,18:12:43 +argo-cd,v2.10.0,2024-02-06,15:03:51 +argo-cd,v2.9.6,2024-02-02,19:51:46 +argo-cd,v2.8.10,2024-02-02,19:01:36 +argo-cd,v2.7.17,2024-02-02,19:00:32 +argo-cd,v2.10.0-rc4,2024-01-25,21:50:37 +argo-cd,v2.10.0-rc3,2024-01-19,18:33:17 +argo-cd,v2.9.5,2024-01-19,18:32:02 +argo-cd,v2.8.9,2024-01-19,18:47:44 +argo-cd,v2.8.8,2024-01-19,15:17:36 +argo-cd,v2.7.16,2024-01-19,19:38:49 +argo-cd,v2.10.0-rc2,2024-01-18,21:14:40 +argo-cd,v2.9.4,2024-01-18,21:24:02 +argo-cd,v2.10.0-rc1,2023-12-18,21:20:13 +argo-cd,v2.7.15,2023-12-06,15:59:27 +argo-cd,v2.9.3,2023-12-01,23:39:19 +argo-cd,v2.9.2,2023-11-20,17:52:41 +argo-cd,v2.8.7,2023-11-20,17:52:04 +argo-cd,v2.9.1,2023-11-14,15:55:51 +argo-cd,v2.9.0,2023-11-06,05:27:12 +argo-cd,v2.8.6,2023-11-01,17:29:59 +argo-cd,v2.9.0-rc4,2023-10-31,22:28:01 +argo-cd,v2.8.5,2023-10-31,19:30:03 +argo-cd,v2.9.0-rc3,2023-10-25,19:54:22 +argo-cd,v2.9.0-rc2,2023-10-03,16:24:24 +argo-cd,v2.9.0-rc1,2023-09-27,01:06:19 +argo-cd,v2.8.4,2023-09-13,20:08:07 +argo-cd,v2.8.3,2023-09-07,18:06:07 +argo-cd,v2.7.14,2023-09-07,18:05:20 +argo-cd,v2.6.15,2023-09-07,18:32:42 +argo-cd,v2.5.22,2023-08-25,15:21:48 +argo-cd,v2.8.2,2023-08-24,21:05:33 +argo-cd,v2.7.13,2023-08-24,20:58:11 +argo-cd,v2.6.14,2023-08-24,22:01:58 +argo-cd,v2.8.1,2023-08-22,21:19:28 +argo-cd,v2.7.12,2023-08-23,15:02:27 +argo-cd,v2.8.0,2023-08-07,20:03:46 +argo-cd,v2.7.11,2023-08-07,20:07:16 +argo-cd,v2.8.0-rc7,2023-08-03,16:20:46 +argo-cd,v2.7.10,2023-07-31,22:51:19 +argo-cd,v2.8.0-rc6,2023-07-28,14:47:33 +argo-cd,v2.7.9,2023-07-24,18:50:30 +argo-cd,v2.8.0-rc5,2023-07-19,18:28:18 +argo-cd,v2.7.8,2023-07-19,15:58:13 +argo-cd,v2.6.13,2023-07-19,18:32:25 +argo-cd,v2.5.21,2023-07-19,16:18:16 +argo-cd,v2.8.0-rc4,2023-07-19,01:04:24 +argo-cd,v2.8.0-rc3,2023-07-12,21:02:10 +argo-cd,v2.8.0-rc2,2023-07-05,20:16:20 +argo-cd,v2.7.7,2023-07-05,20:25:54 +argo-cd,v2.6.12,2023-07-05,20:26:58 +argo-cd,v2.5.20,2023-07-05,20:21:44 +argo-cd,v2.8.0-rc1,2023-06-27,14:35:51 +argo-cd,v2.7.6,2023-06-20,21:46:46 +argo-cd,v2.6.11,2023-06-20,21:40:36 +argo-cd,v2.7.5,2023-06-16,15:24:00 +argo-cd,v2.6.10,2023-06-16,15:30:18 +argo-cd,v2.5.19,2023-06-16,15:14:25 +argo-cd,v2.7.4,2023-06-05,19:40:08 +argo-cd,v2.6.9,2023-06-05,20:00:21 +argo-cd,v2.5.18,2023-06-05,19:37:35 +argo-cd,v2.6.8,2023-05-25,16:35:40 +argo-cd,v2.5.17,2023-05-25,16:37:48 +argo-cd,v2.7.3,2023-05-24,16:14:02 +argo-cd,v2.7.2,2023-05-12,14:41:07 +argo-cd,v2.7.1,2023-05-02,17:24:44 +argo-cd,v2.7.0,2023-05-02,00:51:25 +argo-cd,v2.7.0-rc2,2023-04-11,16:29:33 +argo-cd,v2.7.0-rc1,2023-03-27,14:42:25 +argo-cd,v2.6.7,2023-03-23,15:45:09 +argo-cd,v2.5.16,2023-03-23,15:34:49 +argo-cd,v2.4.28,2023-03-23,15:35:38 +argo-cd,v2.6.6,2023-03-16,23:07:31 +argo-cd,v2.5.15,2023-03-16,23:35:35 +argo-cd,v2.4.27,2023-03-16,23:05:14 +argo-cd,v2.6.5,2023-03-14,14:59:49 +argo-cd,v2.5.14,2023-03-14,15:03:12 +argo-cd,v2.4.26,2023-03-14,15:01:43 +argo-cd,v2.6.4,2023-03-07,23:29:08 +argo-cd,v2.5.13,2023-03-07,23:28:04 +argo-cd,v2.4.25,2023-03-07,22:29:10 +argo-cd,v2.6.3,2023-02-27,15:20:04 +argo-cd,v2.5.12,2023-02-27,15:21:29 +argo-cd,v2.4.24,2023-02-27,15:22:21 +argo-cd,v2.6.2,2023-02-16,15:43:42 +argo-cd,v2.5.11,2023-02-16,15:46:31 +argo-cd,v2.4.23,2023-02-16,15:41:44 +argo-cd,v2.3.17,2023-02-16,16:01:23 +argo-cd,v2.6.1,2023-02-08,19:39:04 +argo-cd,v2.6.0,2023-02-06,22:04:33 +argo-cd,v2.6.0-rc7,2023-02-02,16:04:58 +argo-cd,v2.5.10,2023-02-02,15:48:00 +argo-cd,v2.4.22,2023-02-02,16:06:04 +argo-cd,v2.3.16,2023-02-02,16:20:13 +argo-cd,v2.6.0-rc6,2023-01-28,00:07:50 +argo-cd,v2.5.9,2023-01-28,00:04:28 +argo-cd,v2.4.21,2023-01-28,00:07:25 +argo-cd,v2.3.15,2023-01-28,01:20:18 +argo-cd,v2.6.0-rc5,2023-01-25,18:35:37 +argo-cd,v2.5.8,2023-01-25,17:05:03 +argo-cd,v2.4.20,2023-01-25,16:19:24 +argo-cd,v2.3.14,2023-01-25,17:07:36 +argo-cd,v2.6.0-rc4,2023-01-18,03:00:03 +argo-cd,v2.5.7,2023-01-18,03:00:02 +argo-cd,v2.4.19,2023-01-18,02:59:01 +argo-cd,v2.3.13,2023-01-18,04:02:17 +argo-cd,v2.6.0-rc3,2023-01-13,20:36:52 +argo-cd,v2.5.6,2023-01-10,20:14:18 +argo-cd,v2.6.0-rc2,2023-01-05,16:02:06 +argo-cd,v2.6.0-rc1,2022-12-19,17:27:17 +argo-cd,v2.5.5,2022-12-16,16:53:08 +argo-cd,v2.4.18,2022-12-16,16:47:09 +argo-cd,v2.3.12,2022-12-16,17:40:00 +argo-cd,v2.5.4,2022-12-06,20:26:51 +argo-cd,v2.5.3,2022-11-28,17:28:00 +argo-cd,v2.5.2,2022-11-07,17:23:44 +argo-cd,v2.4.17,2022-11-07,17:05:27 +argo-cd,v2.5.1,2022-11-01,21:53:59 +argo-cd,v2.4.16,2022-11-01,22:03:02 +argo-cd,v2.3.11,2022-11-01,22:39:18 +argo-cd,v2.2.16,2022-11-01,20:44:20 +argo-cd,v2.5.0,2022-10-25,15:32:28 +argo-cd,v2.2.15,2022-10-18,22:08:59 +argo-cd,v2.5.0-rc3,2022-10-17,18:39:09 +argo-cd,v2.4.15,2022-10-17,21:17:43 +argo-cd,v2.3.10,2022-10-18,01:09:30 +argo-cd,v2.5.0-rc2,2022-10-11,19:55:49 +argo-cd,v2.5.0-rc1,2022-10-05,18:00:34 +argo-cd,v2.4.14,2022-10-05,17:53:31 +argo-cd,v2.3.9,2022-10-05,18:24:18 +argo-cd,v2.2.14,2022-10-05,17:17:02 +argo-cd,v2.4.13,2022-10-03,21:38:39 +argo-cd,v2.3.8,2022-10-03,22:36:32 +argo-cd,v2.2.13,2022-10-03,21:05:16 +argo-cd,v2.4.12,2022-09-16,01:33:23 +argo-cd,v2.4.11,2022-08-22,09:52:10 +argo-cd,v2.4.10,2022-08-17,21:44:09 +argo-cd,v2.4.9,2022-08-11,15:59:47 +argo-cd,v2.4.8,2022-07-29,17:38:38 +argo-cd,v2.3.7,2022-07-29,16:11:01 +argo-cd,v2.2.12,2022-07-29,14:58:00 +argo-cd,v2.4.7,2022-07-18,21:54:21 +argo-cd,v2.4.6,2022-07-12,23:14:34 +argo-cd,v2.4.5,2022-07-12,17:05:35 +argo-cd,v2.3.6,2022-07-12,17:56:53 +argo-cd,v2.2.11,2022-07-12,16:23:51 +argo-cd,v2.4.4,2022-07-07,07:59:34 +argo-cd,v2.4.3,2022-06-27,21:39:15 +argo-cd,v2.4.2,2022-06-21,21:19:40 +argo-cd,v2.4.1,2022-06-21,17:18:01 +argo-cd,v2.3.5,2022-06-21,18:28:28 +argo-cd,v2.2.10,2022-06-21,16:42:53 +argo-cd,v2.1.16,2022-06-21,16:34:29 +argo-cd,v2.4.0,2022-06-10,17:59:33 +argo-cd,v2.4.0-rc5,2022-06-06,19:57:45 +argo-cd,v2.4.0-rc4,2022-06-01,23:51:49 +argo-cd,v2.4.0-rc3,2022-05-31,20:14:43 +argo-cd,v2.4.0-rc2,2022-05-18,13:20:52 +argo-cd,v2.3.4,2022-05-18,13:14:17 +argo-cd,v2.2.9,2022-05-18,12:11:30 +argo-cd,v2.1.15,2022-05-18,12:48:12 +argo-cd,v2.4.0-rc1,2022-05-06,23:59:23 +argo-cd,v2.3.3,2022-03-30,01:55:37 +argo-cd,v2.3.2,2022-03-23,02:12:12 +argo-cd,v2.2.8,2022-03-23,00:38:55 +argo-cd,v2.1.14,2022-03-23,00:25:37 +argo-cd,v2.3.1,2022-03-11,00:07:41 +argo-cd,v2.2.7,2022-03-09,01:16:04 +argo-cd,v2.1.12,2022-03-09,01:06:39 +argo-cd,v2.3.0,2022-03-06,07:59:28 +argo-cd,v2.2.6,2022-03-06,06:08:26 +argo-cd,v2.1.11,2022-03-06,05:44:19 +argo-cd,v2.2.5,2022-02-05,01:42:13 +argo-cd,v2.1.10,2022-02-05,01:27:00 +argo-cd,v2.3.0-rc5,2022-02-05,00:52:33 +argo-cd,v2.3.0-rc4,2022-02-03,23:22:13 +argo-cd,v2.2.4,2022-02-03,20:50:43 +argo-cd,v2.1.9,2022-02-03,20:38:47 +argo-cd,v2.3.0-rc2,2022-02-02,23:59:42 +argo-cd,v2.3.0-rc1,2022-01-30,23:19:12 +argo-cd,v2.2.3,2022-01-18,18:03:37 +argo-cd,v2.2.2,2022-01-01,06:38:42 +argo-cd,v2.2.1,2021-12-17,01:41:25 +argo-cd,v2.2.0,2021-12-14,18:19:23 +argo-cd,v2.1.8,2021-12-13,23:26:15 +argo-cd,v2.1.7,2021-11-17,22:18:58 +argo-cd,v2.2.0-rc1,2021-11-12,16:44:39 +argo-cd,v2.1.6,2021-10-28,20:08:23 +argo-cd,v2.1.5,2021-10-20,15:25:12 +argo-cd,v2.1.4,2021-10-20,00:47:38 +argo-cd,v2.1.3,2021-09-29,21:59:28 +argo-cd,v2.1.2,2021-09-02,18:13:57 +argo-cd,v2.1.1,2021-08-25,15:20:05 +argo-cd,v2.1.0,2021-08-20,05:40:42 +argo-cd,v2.1.0-rc3,2021-08-11,19:54:48 +argo-cd,v2.1.0-rc2,2021-08-03,17:17:22 +argo-cd,v2.1.0-rc1,2021-07-28,22:39:33 +argo-cd,v2.0.5,2021-07-22,21:00:58 +argo-cd,v2.0.4,2021-06-23,01:36:22 +argo-cd,v2.0.3,2021-05-27,17:47:33 +argo-cd,v2.0.2,2021-05-20,19:38:10 +argo-cd,v2.0.1,2021-04-15,22:40:37 +argo-cd,v2.0.0,2021-04-07,06:07:51 +argo-cd,v2.0.0-rc4,2021-04-05,23:22:38 +argo-cd,v2.0.0-rc3,2021-04-02,17:59:51 +argo-cd,v2.0.0-rc2,2021-03-29,21:39:06 +argo-cd,v2.0.0-rc1,2021-03-19,21:37:41 +argo-cd,v1.8.7,2021-03-03,07:20:14 +argo-cd,v1.7.14,2021-03-03,18:45:51 +argo-cd,v1.8.6,2021-02-26,21:29:08 +argo-cd,v1.7.13,2021-02-26,17:29:32 +argo-cd,v1.8.5,2021-02-20,05:47:09 +argo-cd,v1.8.4,2021-02-05,18:02:18 +argo-cd,v1.7.12,2021-02-05,20:29:49 +argo-cd,v1.8.3,2021-01-21,22:26:34 +argo-cd,v1.8.2,2021-01-10,05:47:08 +argo-cd,v1.8.1,2020-12-10,03:05:37 +argo-cd,v1.7.11,2020-12-10,02:47:15 +argo-cd,v1.8.0,2020-12-09,18:35:24 +argo-cd,v1.8.0-rc2,2020-12-03,05:15:48 +argo-cd,v1.8.0-rc1,2020-11-25,18:21:18 +argo-cd,v1.7.10,2020-11-20,19:57:30 +argo-cd,v1.7.9,2020-11-17,23:26:31 +argo-cd,v1.7.8,2020-10-15,22:39:54 +argo-cd,v1.7.7,2020-09-29,05:02:51 +argo-cd,v1.7.6,2020-09-19,00:58:10 +argo-cd,v1.7.5,2020-09-15,23:10:12 +argo-cd,v1.7.4,2020-09-05,02:51:36 +argo-cd,v1.7.3,2020-09-01,23:25:39 +argo-cd,v1.7.2,2020-08-27,23:40:37 +argo-cd,v1.7.1,2020-08-26,21:17:44 +argo-cd,v1.7.0,2020-08-25,19:05:00 +argo-cd,v1.7.0-rc1,2020-08-15,19:37:04 +argo-cd,v1.6.2,2020-07-31,23:51:10 +argo-cd,v1.6.1,2020-06-19,00:47:03 +argo-cd,v1.6.0,2020-06-16,22:46:48 +argo-cd,v1.5.8,2020-06-16,20:05:59 +argo-cd,v1.6.0-rc2,2020-06-09,22:29:03 +argo-cd,v1.5.7,2020-06-09,18:46:23 +argo-cd,v1.6.0-rc1,2020-06-03,04:11:50 +argo-cd,v1.5.6,2020-06-02,19:13:17 +argo-cd,v1.5.5,2020-05-16,15:22:14 +argo-cd,v1.5.4,2020-05-05,19:25:30 +argo-cd,v1.5.3,2020-05-02,04:58:47 +argo-cd,v1.5.2,2020-04-15,19:05:41 +argo-cd,v1.4.3,2020-04-15,19:09:30 +argo-cd,v1.5.1,2020-04-06,16:35:44 +argo-cd,v1.5.0,2020-04-02,18:49:53 +argo-cd,v1.5.0-rc3,2020-03-30,22:42:52 +argo-cd,v1.5.0-rc2,2020-03-26,06:12:25 +argo-cd,v1.5.0-rc1,2020-03-20,23:02:28 +argo-cd,v1.4.2,2020-01-24,01:18:02 +argo-cd,v1.4.1,2020-01-22,23:10:57 +argo-cd,v1.4.0,2020-01-18,06:12:51 +argo-cd,v1.4.0-rc1,2020-01-13,20:48:09 +argo-cd,v1.3.6,2019-12-10,22:54:07 +argo-cd,v1.3.5,2019-12-09,21:25:22 +argo-cd,v1.3.4,2019-12-05,23:31:46 +argo-cd,v1.3.3,2019-12-05,22:55:32 +argo-cd,v1.3.2,2019-12-03,21:40:15 +argo-cd,v1.3.1,2019-12-02,22:35:57 +argo-cd,v1.3.0,2019-11-13,02:17:35 +argo-cd,v1.3.0-rc5,2019-11-11,21:34:47 +argo-cd,v1.3.0-rc4,2019-11-04,06:53:16 +argo-cd,v1.3.0-rc3,2019-10-29,20:19:18 +argo-cd,v1.2.5,2019-10-29,00:14:59 +argo-cd,v1.3.0-rc2,2019-10-23,01:36:08 +argo-cd,v1.2.4,2019-10-23,20:11:59 +argo-cd,v1.3.0-rc1,2019-10-16,21:46:33 +argo-cd,v1.2.3,2019-10-01,21:10:16 +argo-cd,v1.2.2,2019-09-24,19:34:55 +argo-cd,v1.2.1,2019-09-12,17:31:17 +argo-cd,v1.2.0,2019-09-04,21:39:00 +argo-cd,v1.2.0-rc2,2019-08-21,16:04:14 +argo-cd,v1.2.0-rc1,2019-08-06,20:26:20 +argo-cd,v1.1.2,2019-07-30,18:02:46 +argo-cd,v1.1.1,2019-07-24,17:44:23 +argo-cd,v1.1.0,2019-07-24,17:22:37 +argo-cd,v1.1.0-rc8,2019-07-19,22:33:59 +argo-cd,v1.1.0-rc7,2019-07-17,23:30:42 +argo-cd,v1.1.0-rc6,2019-07-16,16:43:32 +argo-cd,v1.1.0-rc5,2019-07-09,21:43:03 +argo-cd,v1.1.0-rc4,2019-07-03,21:23:36 +argo-cd,v1.1.0-rc3,2019-06-28,21:09:41 +argo-cd,v1.1.0-rc2,2019-06-21,23:41:40 +argo-cd,v1.1.0-rc1,2019-06-14,18:42:47 +argo-cd,v1.0.2,2019-06-14,17:23:08 +argo-cd,v1.0.1,2019-05-28,17:32:09 +argo-cd,v1.0.0,2019-05-16,22:13:10 +argo-cd,v1.0.0-rc3,2019-05-09,17:28:45 +argo-cd,v1.0.0-rc2,2019-04-30,21:30:50 +argo-cd,v0.12.3,2019-04-30,06:17:03 +argo-cd,v1.0.0-rc1,2019-04-24,18:21:02 +argo-cd,v0.12.2,2019-04-22,21:50:44 +argo-cd,v0.12.1,2019-04-09,21:28:28 +argo-cd,v0.12.0,2019-03-23,01:35:42 +argo-cd,v0.12.0-rc6,2019-03-20,22:50:14 +argo-cd,v0.12.0-rc5,2019-03-19,08:07:36 +argo-cd,v0.12.0-rc4,2019-03-12,21:55:07 +argo-cd,v0.12.0-rc3,2019-03-07,02:51:44 +argo-cd,v0.12.0-rc2,2019-03-06,11:20:06 +argo-cd,v0.12.0-rc1,2019-03-06,03:04:20 +argo-cd,v0.11.2,2019-02-19,18:00:25 +argo-cd,v0.11.1,2019-01-18,21:14:24 +argo-cd,v0.11.0,2019-01-11,02:13:53 +argo-cd,v0.11.0-rc6,2019-01-10,00:42:34 +argo-cd,v0.11.0-rc5,2019-01-09,00:13:56 +argo-cd,v0.11.0-rc4,2019-01-04,21:48:23 +argo-cd,v0.11.0-rc3,2019-01-03,23:58:08 +argo-cd,v0.11.0-rc2,2018-12-28,01:33:08 +argo-cd,v0.11.0-rc1,2018-12-10,17:50:56 +argo-cd,v0.10.6,2018-11-15,03:01:53 +argo-cd,v0.10.5,2018-11-14,02:40:13 +argo-cd,v0.10.4,2018-11-08,02:06:57 +argo-cd,v0.10.3,2018-10-29,07:03:10 +argo-cd,v0.10.2,2018-10-25,20:12:36 +argo-cd,v0.10.1,2018-10-24,20:28:59 +argo-cd,v0.10.0,2018-10-19,22:01:34 +argo-cd,v0.9.2,2018-09-28,16:59:16 +argo-cd,v0.9.1,2018-09-24,21:46:35 +argo-cd,v0.9.0,2018-09-24,20:41:50 +argo-cd,v0.8.2,2018-09-12,08:55:44 +argo-cd,v0.8.1,2018-09-11,01:34:30 +argo-cd,v0.8.0,2018-09-05,01:10:25 +argo-cd,v0.7.2,2018-08-21,08:22:07 +argo-cd,v0.7.1,2018-08-03,20:45:14 +argo-cd,v0.7.0,2018-07-28,01:30:19 +argo-cd,v0.6.2,2018-07-24,10:04:03 +argo-cd,v0.6.1,2018-07-18,07:44:11 +argo-cd,v0.6.0,2018-07-17,09:42:25 +argo-cd,v0.5.4,2018-06-27,23:25:33 +argo-cd,v0.5.3,2018-06-21,00:09:10 +argo-cd,v0.5.2,2018-06-14,20:19:39 +argo-cd,v0.5.1,2018-06-13,21:46:40 +argo-cd,v0.5.0,2018-06-12,20:39:05 +argo-cd,v0.4.7,2018-06-07,18:37:20 +argo-cd,v0.4.6,2018-06-06,18:12:48 +argo-cd,v0.4.5,2018-05-31,10:29:26 +argo-cd,v0.4.4,2018-05-30,23:40:52 +argo-cd,v0.4.3,2018-05-21,22:38:11 +argo-cd,v0.4.2,2018-05-21,08:25:50 +argo-cd,v0.4.1,2018-05-18,20:40:11 +argo-cd,v0.4.0,2018-05-17,09:55:08 +argo-cd,v0.4.0-alpha1,2018-05-11,23:59:31 +argo-cd,v0.3.2,2018-05-03,18:25:30 +argo-cd,v0.3.1,2018-04-24,23:32:12 +argo-cd,v0.3.0,2018-04-23,08:29:14 +argo-cd,v0.2.0,2018-04-03,18:19:24 +argo-cd,v0.1.0,2018-03-13,00:38:20 +argo-workflows,v3.6.2,2024-12-02,14:12:44 +argo-workflows,v3.5.13,2024-12-02,13:09:39 +argo-workflows,v3.6.0,2024-11-14,19:02:01 +argo-workflows,v3.6.0-rc4,2024-10-31,11:56:16 +argo-workflows,v3.5.12,2024-10-30,11:49:27 +argo-workflows,v3.6.0-rc3,2024-10-24,10:51:47 +argo-workflows,v3.4.18,2024-12-16,09:03:37 +argo-workflows,v3.6.0-rc2,2024-10-03,07:48:59 +argo-workflows,v3.5.11,2024-09-20,14:08:00 +argo-workflows,v3.6.0-rc1,2024-09-18,10:03:03 +argo-workflows,v3.5.10,2024-08-01,06:03:16 +argo-workflows,v3.5.9,2024-07-30,06:58:49 +argo-workflows,v3.5.8,2024-06-18,04:52:31 +argo-workflows,v3.5.7,2024-05-27,07:13:30 +argo-workflows,v3.4.17,2024-05-13,02:47:39 +argo-workflows,v3.5.6,2024-04-19,21:43:07 +argo-workflows,v3.5.5,2024-02-29,21:47:50 +argo-workflows,v3.5.4,2024-01-14,06:19:09 +argo-workflows,v3.4.16,2024-01-14,06:17:57 +argo-workflows,v3.4.15,2024-01-13,23:29:40 +argo-workflows,v3.5.3,2024-01-11,03:12:46 +argo-workflows,v3.5.2,2023-11-27,19:16:42 +argo-workflows,v3.4.14,2023-11-27,18:56:22 +argo-workflows,v3.5.1,2023-11-03,19:57:45 +argo-workflows,v3.4.13,2023-11-03,21:07:31 +argo-workflows,v3.4.12,2023-10-20,13:00:24 +argo-workflows,v3.5.0,2023-10-13,15:00:44 +argo-workflows,v3.5.0-rc2,2023-09-20,19:20:10 +argo-workflows,v3.4.11,2023-09-08,01:14:16 +argo-workflows,v3.5.0-rc1,2023-08-15,20:01:35 +argo-workflows,v3.4.10,2023-08-15,18:59:38 +argo-workflows,v3.4.9,2023-07-20,15:28:41 +argo-workflows,v3.4.8,2023-05-25,23:37:40 +argo-workflows,v3.4.7,2023-04-11,17:26:32 +argo-workflows,v3.4.6,2023-03-31,20:16:18 +argo-workflows,v3.4.5,2023-02-07,13:26:29 +argo-workflows,v3.4.4,2022-11-29,21:15:21 +argo-workflows,v3.3.10,2022-11-29,21:24:54 +argo-workflows,v3.4.3,2022-10-31,09:17:41 +argo-workflows,v3.4.2,2022-10-23,07:36:55 +argo-workflows,v3.4.1,2022-10-01,16:09:34 +argo-workflows,v3.4.0,2022-09-19,05:23:46 +argo-workflows,v3.4.0-rc4,2022-09-10,19:34:15 +argo-workflows,v3.4.0-rc3,2022-09-01,01:28:29 +argo-workflows,v3.4.0-rc2,2022-08-19,14:51:26 +argo-workflows,v3.4.0-rc1,2022-08-10,07:13:17 +argo-workflows,v3.3.9,2022-08-10,01:08:09 +argo-workflows,v3.3.8,2022-06-24,01:18:03 +argo-workflows,v3.3.7,2022-06-21,00:41:49 +argo-workflows,v3.3.6,2022-05-26,01:22:39 +argo-workflows,v3.3.5,2022-05-04,01:13:34 +argo-workflows,v3.2.11,2022-05-03,22:59:55 +argo-workflows,v3.3.4,2022-04-29,19:54:39 +argo-workflows,v3.3.3,2022-04-25,23:19:39 +argo-workflows,v3.3.2,2022-04-20,23:16:10 +argo-workflows,v3.3.1,2022-03-18,19:45:27 +argo-workflows,v3.3.0,2022-03-14,23:06:47 +argo-workflows,v3.3.0-rc10,2022-03-07,23:50:34 +argo-workflows,v3.3.0-rc9,2022-03-05,19:01:28 +argo-workflows,v3.2.9,2022-03-02,23:04:35 +argo-workflows,v3.3.0-rc8,2022-03-01,02:52:15 +argo-workflows,v3.3.0-rc7,2022-02-25,21:14:31 +argo-workflows,v3.3.0-rc6,2022-02-21,20:27:19 +argo-workflows,v3.3.0-rc5,2022-02-21,20:07:56 +argo-workflows,v3.3.0-rc4,2022-02-08,20:05:39 +argo-workflows,v3.2.8,2022-02-04,20:19:52 +argo-workflows,v3.3.0-rc3,2022-02-03,20:31:05 +argo-workflows,v0.0.0-dev-bom-1,2022-02-02,21:21:47 +argo-workflows,v3.3.0-rc2,2022-01-30,01:45:04 +argo-workflows,v3.3.0-rc1,2022-01-29,01:08:13 +argo-workflows,v3.2.7,2022-01-28,02:28:31 +argo-workflows,v3.2.6,2021-12-17,21:12:28 +argo-workflows,v3.2.5,2021-12-16,00:34:48 +argo-workflows,v0.0.0-dev-kc-7,2021-11-19,01:36:27 +argo-workflows,v3.2.4,2021-11-18,00:41:27 +argo-workflows,v3.1.15,2021-11-17,18:46:01 +argo-workflows,v0.0.0-dev-kc-6,2021-11-18,00:10:06 +argo-workflows,v0.0.0-dev-kc-5,2021-11-16,20:03:24 +argo-workflows,v0.0.0-dev-kc-4,2021-11-16,18:38:30 +argo-workflows,v0.0.0-dev-kc-3,2021-11-15,21:54:04 +argo-workflows,v0.0.0-dev-kc-2,2021-11-15,21:36:23 +argo-workflows,v0.0.0-dev-kc-1,2021-11-09,21:24:30 +argo-workflows,v0.0.0-dev-kc-0,2021-11-09,17:10:14 +argo-workflows,v3.2.3,2021-10-27,02:22:57 +argo-workflows,v3.2.2,2021-10-21,18:24:56 +argo-workflows,v3.1.14,2021-10-20,02:52:43 +argo-workflows,v3.2.1,2021-10-19,22:11:39 +argo-workflows,v3.2.0,2021-10-12,16:28:36 +argo-workflows,v3.2.0-rc6,2021-10-06,02:26:30 +argo-workflows,v3.2.0-rc5,2021-09-29,18:09:20 +argo-workflows,v3.1.13,2021-09-28,20:07:21 +argo-workflows,v3.2.0-rc4,2021-09-21,21:03:56 +argo-workflows,v3.1.12,2021-09-16,14:12:07 +argo-workflows,v3.2.0-rc3,2021-09-14,19:40:01 +argo-workflows,v3.1.11,2021-09-14,07:41:28 +argo-workflows,v3.1.10,2021-09-10,18:58:55 +argo-workflows,v3.1.9,2021-09-03,22:39:13 +argo-workflows,v3.2.0-rc2,2021-09-01,23:45:48 +argo-workflows,v0.0.0-dev-mc-4,2021-08-31,18:10:35 +argo-workflows,v0.0.0-dev-mc-3,2021-08-30,17:45:10 +argo-workflows,v0.0.0-dev-mc-2,2021-08-30,17:40:57 +argo-workflows,v0.0.0-dev-mc-1,2021-08-30,00:26:16 +argo-workflows,v0.0.0-dev-mc-0,2021-08-28,02:06:29 +argo-workflows,v3.2.0-rc1,2021-08-20,02:49:34 +argo-workflows,v3.1.8,2021-08-19,00:19:56 +argo-workflows,v3.1.7,2021-08-18,18:21:43 +argo-workflows,v3.0.10,2021-08-18,23:53:38 +argo-workflows,v3.0.9,2021-08-18,17:03:34 +argo-workflows,v2.12.13,2021-08-18,23:42:45 +argo-workflows,v2.12.12,2021-08-18,17:57:06 +argo-workflows,v3.1.6,2021-08-13,00:39:51 +argo-workflows,v0.0.0-dev-dataflow-41,2021-08-11,04:28:21 +argo-workflows,v3.1.5,2021-08-04,07:14:30 +argo-workflows,v0.0.0-dev-dataflow-40,2021-08-04,02:06:40 +argo-workflows,v3.1.4,2021-08-04,01:06:06 +argo-workflows,v0.0.0-dev-dataflow-39,2021-07-30,20:53:39 +argo-workflows,v3.1.3,2021-07-28,05:38:36 +argo-workflows,v0.0.0-dev-dataflow-37,2021-07-23,23:23:18 +argo-workflows,v0.0.0-dev-dataflow-36,2021-07-22,01:29:29 +argo-workflows,v0.0.0-dev-dataflow-34,2021-07-20,18:17:04 +argo-workflows,v0.0.0-dev-dataflow-33,2021-07-16,23:18:16 +argo-workflows,v3.1.2,2021-07-15,22:04:54 +argo-workflows,v0.0.0-dev-dataflow-31,2021-07-14,16:55:52 +argo-workflows,v0.0.0-dev-dataflow-30,2021-07-12,18:40:24 +argo-workflows,v3.1.1,2021-06-28,21:31:33 +argo-workflows,v0.0.0-dev-dataflow-29,2021-06-28,18:51:44 +argo-workflows,v0.0.0-dev-dataflow-28,2021-06-25,03:44:24 +argo-workflows,v3.1.0,2021-06-21,23:35:00 +argo-workflows,v3.0.8,2021-06-21,23:52:48 +argo-workflows,v0.0.0-dev-dataflow-27,2021-06-21,23:00:03 +argo-workflows,v0.0.0-dev-dataflow-26,2021-06-16,00:01:26 +argo-workflows,v0.0.0-dev-dataflow-25,2021-06-16,00:01:43 +argo-workflows,v3.1.0-rc14,2021-06-10,19:18:50 +argo-workflows,v0.0.0-dev-dataflow-24,2021-06-10,17:34:10 +argo-workflows,v0.0.0-dev-dataflow-23,2021-06-10,02:31:42 +argo-workflows,v3.1.0-rc13,2021-06-08,16:45:35 +argo-workflows,v0.0.0-dev-dataflow-22,2021-06-09,20:38:24 +argo-workflows,v0.0.0-dev-dataflow-20,2021-06-08,02:42:49 +argo-workflows,v0.0.0-dev-dataflow-19,2021-06-06,20:41:36 +argo-workflows,v0.0.0-dev-docker-0,2021-06-06,19:00:54 +argo-workflows,v0.0.0-dev-dataflow-18,2021-06-05,00:59:50 +argo-workflows,v0.0.0-dev-dataflow-17,2021-06-04,01:23:11 +argo-workflows,v0.0.0-dev-dataflow-16,2021-06-04,01:03:00 +argo-workflows,v3.1.0-rc12,2021-06-03,01:40:44 +argo-workflows,v3.1.0-rc11,2021-06-01,19:02:58 +argo-workflows,v0.0.0-dev-dataflow-15,2021-06-01,22:31:59 +argo-workflows,v0.0.0-dev-dataflow-14,2021-06-01,20:34:22 +argo-workflows,v0.0.0-dev-dataflow-13,2021-06-01,19:06:07 +argo-workflows,v3.1.0-rc10,2021-05-28,00:00:15 +argo-workflows,v0.0.0-dev-dataflow-11,2021-05-27,02:01:59 +argo-workflows,v3.1.0-rc8,2021-05-25,18:06:14 +argo-workflows,v3.0.7,2021-05-25,19:08:55 +argo-workflows,v0.0.0-dev-dataflow-10,2021-05-25,18:22:42 +argo-workflows,v3.1.0-rc7,2021-05-24,20:15:18 +argo-workflows,v3.0.6,2021-05-24,22:03:27 +argo-workflows,v3.0.5,2021-05-24,20:16:47 +argo-workflows,v3.1.0-rc6,2021-05-21,16:46:01 +argo-workflows,v0.0.0-dev-dataflow-9,2021-05-21,20:56:00 +argo-workflows,v0.0.0-dev-dataflow-8,2021-05-21,06:32:47 +argo-workflows,v0.0.0-dev-dataflow-7,2021-05-21,03:02:41 +argo-workflows,v0.0.0-dev-dataflow-6,2021-05-20,23:34:42 +argo-workflows,v0.0.0-dev-dataflow-5,2021-05-19,23:23:04 +argo-workflows,v0.0.0-dev-dataflow-4,2021-05-19,00:02:40 +argo-workflows,v3.1.0-rc5,2021-05-17,22:42:30 +argo-workflows,v3.1.0-rc4,2021-05-14,21:20:57 +argo-workflows,v3.0.4,2021-05-14,06:52:02 +argo-workflows,v3.1.0-rc3,2021-05-13,21:46:01 +argo-workflows,v3.1.0-rc2,2021-05-13,00:17:44 +argo-workflows,v3.1.0-rc1,2021-05-12,21:19:04 +argo-workflows,v3.0.3,2021-05-11,22:31:06 +argo-workflows,v3.0.2,2021-04-20,15:37:15 +argo-workflows,v2.12.11,2021-04-06,18:10:38 +argo-workflows,v3.0.1,2021-04-01,19:52:20 +argo-workflows,v3.0.0,2021-03-30,20:25:33 +argo-workflows,v3.0.0-rc9,2021-03-23,19:04:46 +argo-workflows,v3.0.0-rc8,2021-03-17,19:30:33 +argo-workflows,v3.0.0-rc7,2021-03-16,23:25:22 +argo-workflows,v3.0.0-rc6,2021-03-10,01:08:31 +argo-workflows,v3.0.0-rc5,2021-03-09,19:50:05 +argo-workflows,v2.12.10,2021-03-08,22:57:52 +argo-workflows,v3.0.0-rc4,2021-03-02,22:26:56 +argo-workflows,v3.0.0-rc3,2021-02-23,21:38:38 +argo-workflows,v3.0.0-rc2,2021-02-16,18:09:12 +argo-workflows,v2.12.9,2021-02-17,01:28:49 +argo-workflows,v3.0.0-rc1,2021-02-09,00:36:27 +argo-workflows,v2.12.8,2021-02-09,00:36:17 +argo-workflows,v2.12.7,2021-02-01,22:21:36 +argo-workflows,v2.12.6,2021-01-25,20:24:13 +argo-workflows,v2.12.5,2021-01-19,22:49:21 +argo-workflows,v2.12.4,2021-01-12,20:53:35 +argo-workflows,v2.12.3,2021-01-05,02:00:00 +argo-workflows,v2.12.2,2020-12-18,18:17:19 +argo-workflows,v2.12.1,2020-12-18,01:11:16 +argo-workflows,v2.12.0,2020-12-17,19:35:41 +argo-workflows,v2.12.0-rc6,2020-12-15,19:00:45 +argo-workflows,v2.12.0-rc5,2020-12-10,13:50:01 +argo-workflows,v2.12.0-rc4,2020-12-03,00:55:16 +argo-workflows,v2.12.0-rc3,2020-11-23,13:35:50 +argo-workflows,v2.11.8,2020-11-21,16:36:24 +argo-workflows,v2.12.0-rc2,2020-11-12,16:23:14 +argo-workflows,v2.12.0-rc1,2020-11-06,19:14:19 +argo-workflows,v2.11.7,2020-11-02,21:50:13 +argo-workflows,v2.11.6,2020-10-19,20:51:22 +argo-workflows,v2.11.5,2020-10-15,23:14:34 +argo-workflows,v2.11.4,2020-10-14,22:30:23 +argo-workflows,v2.11.3,2020-10-07,23:20:10 +argo-workflows,v2.11.2,2020-10-06,00:19:46 +argo-workflows,v2.11.1,2020-09-29,17:55:55 +argo-workflows,v2.11.0,2020-09-17,23:09:05 +argo-workflows,v2.11.0-rc3,2020-09-15,16:50:33 +argo-workflows,v2.10.2,2020-09-14,17:45:20 +argo-workflows,v2.11.0-rc2,2020-09-09,17:43:25 +argo-workflows,v2.10.1,2020-09-03,00:02:01 +argo-workflows,v2.11.0-rc1,2020-09-01,20:17:41 +argo-workflows,v2.10.0,2020-08-18,23:15:58 +argo-workflows,v2.10.0-rc7,2020-08-14,15:48:45 +argo-workflows,v2.10.0-rc6,2020-08-06,23:31:38 +argo-workflows,v2.9.5,2020-08-06,22:45:49 +argo-workflows,v2.10.0-rc5,2020-08-03,23:21:27 +argo-workflows,v2.10.0-rc4,2020-07-29,00:15:54 +argo-workflows,v2.9.4,2020-07-24,21:59:33 +argo-workflows,v2.10.0-rc3,2020-07-23,23:04:45 +argo-workflows,v2.10.0-rc1,2020-07-17,20:10:06 +argo-workflows,v2.9.3,2020-07-15,01:33:15 +argo-workflows,v2.9.2,2020-07-09,00:21:41 +argo-workflows,v2.9.1,2020-07-03,15:28:51 +argo-workflows,v2.9.0,2020-07-02,01:43:01 +argo-workflows,v2.9.0-rc4,2020-06-26,23:05:54 +argo-workflows,v2.9.0-rc3,2020-06-23,19:15:20 +argo-workflows,v2.8.2,2020-06-22,22:28:02 +argo-workflows,v2.9.0-rc2,2020-06-17,04:36:44 +argo-workflows,v2.9.0-rc1,2020-06-11,00:19:33 +argo-workflows,v2.8.1,2020-05-29,00:31:04 +argo-workflows,v2.8.0,2020-05-11,23:50:27 +argo-workflows,v2.8.0-rc4,2020-05-06,23:58:00 +argo-workflows,v2.7.7,2020-05-06,23:32:46 +argo-workflows,v2.8.0-rc3,2020-04-28,16:46:57 +argo-workflows,v2.7.6,2020-04-28,17:31:48 +argo-workflows,v2.8.0-rc2,2020-04-23,23:29:50 +argo-workflows,v2.8.0-rc1,2020-04-21,15:36:43 +argo-workflows,v2.7.5,2020-04-21,01:35:36 +argo-workflows,v2.7.4,2020-04-16,18:20:58 +argo-workflows,v2.6.4,2020-04-16,03:02:24 +argo-workflows,v2.7.3,2020-04-16,02:03:38 +argo-workflows,v2.7.2,2020-04-10,20:29:17 +argo-workflows,v2.7.1,2020-04-07,17:16:19 +argo-workflows,v2.7.0,2020-04-01,03:13:14 +argo-workflows,v2.7.0-rc4,2020-03-30,22:13:50 +argo-workflows,v2.7.0-rc3,2020-03-25,20:18:44 +argo-workflows,v2.7.0-rc2,2020-03-23,18:38:05 +argo-workflows,v2.7.0-rc1,2020-03-19,02:11:45 +argo-workflows,v2.6.3,2020-03-16,18:24:24 +argo-workflows,v2.6.2,2020-03-12,16:23:45 +argo-workflows,v2.6.1,2020-03-04,21:33:38 +argo-workflows,v2.6.0,2020-02-28,23:39:10 +argo-workflows,v2.6.0-rc3,2020-02-25,17:32:04 +argo-workflows,v2.5.2,2020-02-24,23:10:36 +argo-workflows,v2.6.0-rc2,2020-02-22,00:36:29 +argo-workflows,v2.5.1,2020-02-20,18:30:07 +argo-workflows,v2.6.0-rc1,2020-02-19,18:48:23 +argo-workflows,v2.5.0,2020-02-19,02:54:07 +argo-workflows,v2.5.0-rc12,2020-02-14,00:08:36 +argo-workflows,v2.5.0-rc11,2020-02-11,22:25:57 +argo-workflows,v2.5.0-rc10,2020-02-08,00:23:39 +argo-workflows,v2.5.0-rc9,2020-02-07,00:40:24 +argo-workflows,v2.5.0-rc8,2020-02-04,01:25:11 +argo-workflows,v2.5.0-rc7,2020-01-31,22:43:09 +argo-workflows,v2.5.0-rc6,2020-01-30,22:14:51 +argo-workflows,v2.5.0-rc5,2020-01-30,03:13:49 +argo-workflows,v2.5.0-rc4,2020-01-27,21:08:05 +argo-workflows,v2.5.0-rc3,2020-01-27,19:37:31 +argo-workflows,v2.5.0-rc2,2020-01-24,21:43:45 +argo-workflows,v2.5.0-rc1,2020-01-24,20:59:49 +argo-workflows,v2.4.3,2019-12-06,05:53:42 +argo-workflows,v2.4.2,2019-10-21,19:06:52 +argo-workflows,v2.4.1,2019-10-09,00:01:23 +argo-workflows,v2.4.0,2019-10-07,20:35:32 +argo-workflows,v2.4.0-rc1,2019-08-08,22:12:22 +argo-workflows,v2.3.0,2019-05-20,22:34:35 +argo-workflows,v2.3.0-rc3,2019-05-08,00:11:00 +argo-workflows,v2.3.0-rc2,2019-04-21,08:32:04 +argo-workflows,v2.3.0-rc1,2019-04-10,16:08:39 +argo-workflows,v2.2.1,2018-10-11,16:44:01 +argo-workflows,v2.2.0,2018-08-30,09:00:24 +argo-workflows,v2.1.1,2018-05-29,20:52:07 +argo-workflows,v2.1.0,2018-05-01,20:33:03 +argo-workflows,v2.1.0-beta2,2018-03-29,20:55:26 +argo-workflows,v2.1.0-beta1,2018-03-29,15:35:56 +argo-workflows,v2.1.0-alpha1,2018-02-21,22:54:53 +argo-workflows,v2.0.0,2018-02-06,21:55:25 +argo-workflows,v2.0.0-beta1,2018-01-18,22:58:14 +argo-workflows,v2.0.0-alpha3,2018-01-02,21:32:11 +argo-workflows,v2.0.0-alpha2,2017-12-05,05:13:12 +argo-workflows,v2.0.0-alpha1,2017-11-16,22:10:07 +argo-events,v1.9.5,2025-01-10,18:11:20 +argo-events,v1.9.4,2025-01-08,07:48:18 +argo-events,v1.9.3,2024-11-27,06:51:10 +argo-events,v1.9.2,2024-06-14,00:38:39 +argo-events,v1.9.1,2024-02-13,21:21:44 +argo-events,v1.9.0,2024-01-09,08:31:10 +argo-events,v1.8.1,2023-08-31,23:49:47 +argo-events,v1.8.0,2023-05-08,05:54:59 +argo-events,v1.7.6,2023-02-10,07:30:54 +argo-events,v1.7.5,2023-01-23,08:23:36 +argo-events,v1.7.4,2022-12-12,07:45:11 +argo-events,v1.7.3,2022-09-28,22:10:34 +argo-events,v1.7.2,2022-09-12,23:46:11 +argo-events,v1.7.1,2022-06-09,06:27:31 +argo-events,v1.7.0,2022-05-04,22:47:01 +argo-events,v1.7.0-rc1,2022-04-23,07:22:52 +argo-events,v1.6.3,2022-03-03,20:56:12 +argo-events,v1.6.2,2022-03-02,05:39:57 +argo-events,v1.6.1,2022-02-27,08:51:59 +argo-events,v1.6.0,2022-02-13,06:42:27 +argo-events,v1.5.6,2022-01-12,05:18:08 +argo-events,v1.5.5,2021-12-19,03:32:55 +argo-events,v1.5.4,2021-12-10,08:49:46 +argo-events,v1.5.3,2021-11-22,18:36:36 +argo-events,v1.5.2,2021-11-09,20:01:58 +argo-events,v1.5.1,2021-11-08,07:35:38 +argo-events,v1.5.0,2021-10-12,18:48:33 +argo-events,v1.4.3,2021-09-30,15:49:41 +argo-events,v1.4.2,2021-09-21,18:29:51 +argo-events,v1.4.1,2021-09-01,00:37:05 +argo-events,v1.4.0,2021-07-12,16:33:29 +argo-events,v1.3.1,2021-05-04,17:40:52 +argo-events,v1.3.0,2021-04-12,18:14:51 +argo-events,v1.3.0-rc4,2021-04-08,06:37:06 +argo-events,v1.3.0-rc3,2021-04-05,20:42:52 +argo-events,v1.3.0-rc2,2021-03-31,21:34:56 +argo-events,v1.3.0-rc1,2021-03-23,18:05:01 +argo-events,v1.2.3,2021-02-18,17:52:54 +argo-events,v1.2.2,2021-01-27,17:40:28 +argo-events,v1.2.1,2021-01-26,08:22:50 +argo-events,v1.2.0,2021-01-08,08:30:04 +argo-events,v1.1.0,2020-11-16,20:07:55 +argo-events,v1.1.0-rc1,2020-11-05,06:36:21 +argo-events,v1.0.0,2020-09-04,20:57:04 +argo-events,v1.0.0-rc3,2020-08-26,04:36:48 +argo-events,v1.0.0-rc2,2020-08-16,21:20:09 +argo-events,v1.0.0-rc1,2020-08-10,18:25:28 +argo-events,v0.17.0,2020-07-24,12:40:33 +argo-events,v0.16.0,2020-06-14,23:52:44 +argo-events,v0.15.0,2020-05-08,13:42:18 +argo-events,v0.14.0,2020-04-12,23:34:58 +argo-events,v0.13.0,2020-03-21,01:21:15 +argo-events,v0.13.0-rc,2020-02-26,01:33:31 +argo-events,v0.12,2020-01-17,04:51:55 +argo-events,v0.12-rc,2019-12-12,04:52:49 +argo-events,v0.11,2019-11-11,17:11:35 +argo-events,v0.10,2019-10-07,12:51:38 +argo-events,v0.9.3,2019-07-15,12:16:22 +argo-events,v0.9.2,2019-04-26,01:11:53 +argo-events,v0.9.1,2019-04-26,00:33:03 +argo-events,v.0.9,2019-03-30,13:07:25 +argo-events,v0.8.3,2019-03-18,21:09:05 +argo-events,v0.8.2,2019-03-14,10:32:46 +argo-events,v0.8.1,2019-03-11,13:42:08 +argo-events,v0.8,2019-02-27,18:08:21 +argo-events,v0.7,2019-01-30,04:12:58 +argo-events,v0.6,2018-11-27,11:46:02 +argo-events,v0.5,2018-10-18,19:51:19 +argo-events,v0.5-beta1,2018-07-27,15:00:03 +argo-events,v0.5-alpha1,2018-06-20,19:23:36 +argo-rollouts,v1.8.0-rc2,2025-01-16,19:43:44 +argo-rollouts,v1.8.0-rc1,2024-12-09,14:28:35 +argo-rollouts,v1.7.2,2024-08-13,18:42:47 +argo-rollouts,v1.7.1,2024-06-25,01:38:31 +argo-rollouts,v1.7.0,2024-06-13,20:23:14 +argo-rollouts,v1.7.0-rc1,2024-04-05,18:24:00 +argo-rollouts,v1.6.6,2024-02-13,15:56:59 +argo-rollouts,v1.6.5,2024-01-25,20:19:53 +argo-rollouts,v1.6.4,2023-12-11,21:54:30 +argo-rollouts,v1.6.3,2023-12-05,14:36:31 +argo-rollouts,v1.6.2,2023-11-02,19:58:08 +argo-rollouts,v1.6.1,2023-11-01,21:19:43 +argo-rollouts,v1.6.0,2023-09-06,19:00:06 +argo-rollouts,v1.6.0-rc1,2023-08-11,14:22:24 +argo-rollouts,v1.5.1,2023-05-24,19:26:51 +argo-rollouts,v1.5.0,2023-05-08,15:34:06 +argo-rollouts,v1.5.0-rc1,2023-03-27,20:09:25 +argo-rollouts,v1.4.1,2023-02-25,15:23:34 +argo-rollouts,v1.3.3,2023-02-25,04:38:57 +argo-rollouts,v1.4.0,2023-01-09,21:43:34 +argo-rollouts,v1.4.0-rc1,2022-12-20,02:07:55 +argo-rollouts,v1.3.2,2022-12-15,17:05:26 +argo-rollouts,v1.3.1,2022-09-29,17:43:19 +argo-rollouts,v1.3.0,2022-09-19,03:29:00 +argo-rollouts,v1.3.0-rc3,2022-09-15,16:00:07 +argo-rollouts,v1.3.0-rc2,2022-08-25,20:49:49 +argo-rollouts,v1.3.0-rc1,2022-07-29,19:54:34 +argo-rollouts,v1.2.2,2022-07-26,17:49:31 +argo-rollouts,v1.2.1,2022-05-13,20:57:34 +argo-rollouts,v1.2.0,2022-03-22,17:16:13 +argo-rollouts,v1.2.0-rc2,2022-02-25,16:54:46 +argo-rollouts,v1.2.0-rc1,2022-02-07,20:00:22 +argo-rollouts,v1.1.1,2021-11-29,21:44:13 +argo-rollouts,v1.1.0,2021-10-12,17:02:30 +argo-rollouts,v1.1.0-rc2,2021-10-05,23:41:25 +argo-rollouts,v1.0.7,2021-09-29,18:02:01 +argo-rollouts,v1.1.0-rc1,2021-09-21,23:23:21 +argo-rollouts,v1.0.6,2021-08-26,18:13:19 +argo-rollouts,v1.0.4,2021-08-03,04:38:07 +argo-rollouts,v1.0.3,2021-08-03,04:36:59 +argo-rollouts,v1.0.2,2021-06-15,22:33:04 +argo-rollouts,v1.0.1,2021-05-26,08:43:12 +argo-rollouts,v1.0.0,2021-05-20,04:11:28 +argo-rollouts,v1.0.0-rc1,2021-04-29,20:29:41 +argo-rollouts,v0.10.2,2020-12-17,21:20:44 +argo-rollouts,v0.10.1,2020-12-05,01:23:44 +argo-rollouts,v0.10.0,2020-11-14,00:21:31 +argo-rollouts,v0.9.3,2020-11-05,23:24:15 +argo-rollouts,v0.9.2,2020-10-17,04:41:56 +argo-rollouts,v0.9.1,2020-09-28,22:52:01 +argo-rollouts,v0.9.0,2020-08-17,22:17:04 +argo-rollouts,v0.8.3,2020-06-04,00:49:11 +argo-rollouts,v0.8.2,2020-05-06,20:40:16 +argo-rollouts,v0.8.1,2020-04-20,23:55:07 +argo-rollouts,v0.8.0,2020-04-13,16:40:32 +argo-rollouts,v0.7.2,2020-02-25,19:46:06 +argo-rollouts,v0.7.1,2020-02-10,18:01:08 +argo-rollouts,v0.7.0,2020-01-22,05:09:28 +argo-rollouts,v0.6.3,2020-01-22,04:40:30 +argo-rollouts,v0.6.2,2019-12-16,17:14:42 +argo-rollouts,v0.6.1,2019-12-06,00:25:57 +argo-rollouts,v0.6.0,2019-11-17,21:16:29 +argo-rollouts,v0.5.0,2019-09-23,17:59:31 +argo-rollouts,v0.4.2,2019-08-19,20:21:15 +argo-rollouts,v0.4.1,2019-06-26,16:07:32 +argo-rollouts,v0.4.0,2019-06-21,17:48:41 +argo-rollouts,v0.3.2,2019-06-13,17:58:53 +argo-rollouts,v0.3.1,2019-05-18,21:27:51 +argo-rollouts,v0.3.0,2019-05-01,06:36:28 +argo-rollouts,v0.2.2,2019-04-16,23:10:01 +argo-rollouts,v0.2.1,2019-04-04,21:43:44 +argo-rollouts,v0.2.0,2019-03-04,22:30:55 +argo-rollouts,v0.1.0,2019-02-01,19:03:49 diff --git a/scripts/release-analysis/fetch_helmet_releases.py b/scripts/release-analysis/fetch_helmet_releases.py new file mode 100644 index 00000000..77e2fcb3 --- /dev/null +++ b/scripts/release-analysis/fetch_helmet_releases.py @@ -0,0 +1,90 @@ +import csv +import os +from datetime import datetime + +import requests + +# GitHub repository URL +repo_url = "https://api.github.com/repos/argoproj/argo-helm/releases" + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Function to fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Function to get the content of Chart.yaml in a release +def get_chart_yaml(repo, tag, chart_path): + url = f"https://raw.githubusercontent.com/{repo}/refs/tags/{tag}/charts/{chart_path}/Chart.yaml" + headers = {"Authorization": f"token {github_token}"} + response = requests.get(url, headers=headers) + if response.status_code == 200: + return response.text + return None + + +# Function to extract appVersion from Chart.yaml content +def extract_app_version(chart_yaml): + for line in chart_yaml.splitlines(): + if line.startswith("appVersion:"): + return line.split(":")[1].strip() + return None + + +# Function to fetch releases and write to a CSV file +def fetch_and_write_helmet_releases(csv_file): + # Fetch all releases + releases = fetch_all_releases(repo_url) + + # Write the release data to the CSV file + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file, quoting=csv.QUOTE_NONE, escapechar="\\") + writer.writerow(["Release Name", "Release Date", "Release Time", "App Version"]) + + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").date() + release_time = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").time() + + # Extract chart path from the release name + chart_path = "-".join(tag_name.split("-")[:-1]) + current_chart_yaml = get_chart_yaml( + "argoproj/argo-helm", tag_name, chart_path + ) + + if current_chart_yaml: + current_app_version = extract_app_version(current_chart_yaml) + writer.writerow( + [tag_name, release_date, release_time, current_app_version] + ) + + # Read the CSV file, remove any instances of `\"`, and write back the cleaned content + with open(csv_file, mode="r") as file: + content = file.read() + + cleaned_content = content.replace('\\"', "") + + with open(csv_file, mode="w", newline="") as file: + file.write(cleaned_content) + + print( + f'Release data has been written to {csv_file} and cleaned of any instances of \\"' + ) + + +# Example usage +if __name__ == "__main__": + fetch_and_write_helmet_releases("argo_helm_releases.csv") diff --git a/scripts/release-analysis/fetch_releases.py b/scripts/release-analysis/fetch_releases.py new file mode 100644 index 00000000..6d27faee --- /dev/null +++ b/scripts/release-analysis/fetch_releases.py @@ -0,0 +1,57 @@ +import csv +import os +from datetime import datetime + +import requests + +# List of GitHub repository URLs we care about +repos = [ + ("argo-cd", "https://api.github.com/repos/argoproj/argo-cd/releases"), + ("argo-workflows", "https://api.github.com/repos/argoproj/argo-workflows/releases"), + ("argo-events", "https://api.github.com/repos/argoproj/argo-events/releases"), + ("argo-rollouts", "https://api.github.com/repos/argoproj/argo-rollouts/releases"), +] + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Fetch releases and write to a CSV file +def fetch_and_write_releases(csv_file): + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file) + writer.writerow(["Repository", "Release Tag", "Release Date", "Release Time"]) + + for repo_name, repo_url in repos: + releases = fetch_all_releases(repo_url) + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).date() + release_time = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).time() + writer.writerow([repo_name, tag_name, release_date, release_time]) + + print(f"Release data has been written to {csv_file}") + + +# Example usage +if __name__ == "__main__": + fetch_and_write_releases("argo_releases.csv") diff --git a/scripts/release-analysis/main.py b/scripts/release-analysis/main.py new file mode 100644 index 00000000..3fcf21ed --- /dev/null +++ b/scripts/release-analysis/main.py @@ -0,0 +1,31 @@ +import os + +from fetch_helmet_releases import fetch_and_write_helmet_releases +from fetch_releases import fetch_and_write_releases +from merge_csvs import merge_csv_files +from plot_graph import plot_time_difference + +# Check there is a github token +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + +# Do the thing +print("Fetching releases...") +fetch_and_write_releases("argo_releases.csv") +print("Done") + +print("Fetching Team Helmet releases...") +fetch_and_write_helmet_releases("argo_helm_releases.csv") +print("Done") + +print("Merging release info...") +merge_csv_files("argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv") +print("Done") + +print("Plotting time difference graphs...") +plot_time_difference("merged_releases.csv") +print("Done") + +# Delete __pycache__ directories +os.system("rm -rf __pycache__") diff --git a/scripts/release-analysis/merge_csvs.py b/scripts/release-analysis/merge_csvs.py new file mode 100644 index 00000000..72b6917b --- /dev/null +++ b/scripts/release-analysis/merge_csvs.py @@ -0,0 +1,108 @@ +import csv +from datetime import datetime + + +def merge_csv_files(csv_file_1, csv_file_2, output_csv_file): + # Read the first CSV file into a dictionary + releases_1 = {} + with open(csv_file_1, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + key = (row["Repository"], row["Release Tag"]) + releases_1[key] = row + + # Read the second CSV file and find the oldest release for each appVersion + oldest_releases = {} + valid_repos = {"argo-cd", "argo-events", "argo-workflows", "argo-rollouts"} + with open(csv_file_2, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + release_name = row["Release Name"] + repo_name = "-".join(release_name.split("-")[:-1]) + if repo_name in valid_repos: + app_version = row["App Version"] + release_datetime = datetime.strptime( + f"{row['Release Date']} {row['Release Time']}", "%Y-%m-%d %H:%M:%S" + ) + if ( + repo_name, + app_version, + ) not in oldest_releases or release_datetime < oldest_releases[ + (repo_name, app_version) + ][ + "datetime" + ]: + oldest_releases[(repo_name, app_version)] = { + "row": row, + "datetime": release_datetime, + } + + # Merge the oldest releases with the first CSV file + merged_releases = [] + for (repo_name, app_version), data in oldest_releases.items(): + row = data["row"] + for key, release in releases_1.items(): + if ( + repo_name == release["Repository"] + and app_version == release["Release Tag"] + ): + time_difference = data["datetime"] - datetime.strptime( + f"{release['Release Date']} {release['Release Time']}", + "%Y-%m-%d %H:%M:%S", + ) + time_difference_hours = ( + time_difference.total_seconds() / 3600 + ) # Convert to hours + merged_row = { + "Repository": release["Repository"], + "Release Tag": release["Release Tag"], + "Release Date": release["Release Date"], + "Release Time": release["Release Time"], + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": time_difference_hours, + } + merged_releases.append(merged_row) + break + else: + merged_row = { + "Repository": repo_name, + "Release Tag": "", + "Release Date": "", + "Release Time": "", + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": "", + } + merged_releases.append(merged_row) + + # Write the merged data to a new CSV file + with open(output_csv_file, mode="w", newline="") as file: + fieldnames = [ + "Repository", + "Release Tag", + "Release Date", + "Release Time", + "App Version", + "Release Name", + "Release Date 2", + "Release Time 2", + "Time Difference", + ] + writer = csv.DictWriter(file, fieldnames=fieldnames) + writer.writeheader() + for row in merged_releases: + writer.writerow(row) + + print(f"Merged data has been written to {output_csv_file}") + + +# Example usage +if __name__ == "__main__": + merge_csv_files( + "argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv" + ) diff --git a/scripts/release-analysis/merged_releases.csv b/scripts/release-analysis/merged_releases.csv new file mode 100644 index 00000000..a4c13445 --- /dev/null +++ b/scripts/release-analysis/merged_releases.csv @@ -0,0 +1,195 @@ +Repository,Release Tag,Release Date,Release Time,App Version,Release Name,Release Date 2,Release Time 2,Time Difference +argo-cd,v2.13.3,2025-01-03,19:23:42,v2.13.3,argo-cd-7.7.13,2025-01-04,00:07:55,4.736944444444444 +argo-events,v1.9.5,2025-01-10,18:11:20,v1.9.5,argo-events-2.4.13,2025-01-11,10:22:47,16.190833333333334 +argo-workflows,v3.6.2,2024-12-02,14:12:44,v3.6.2,argo-workflows-0.45.1,2024-12-02,17:39:46,3.4505555555555554 +argo-events,v1.9.4,2025-01-08,07:48:18,v1.9.4,argo-events-2.4.12,2025-01-08,08:37:01,0.8119444444444445 +argo-events,v1.9.3,2024-11-27,06:51:10,v1.9.3,argo-events-2.4.9,2024-11-27,20:44:06,13.882222222222222 +argo-rollouts,v1.7.2,2024-08-13,18:42:47,v1.7.2,argo-rollouts-2.37.5,2024-08-14,08:31:31,13.812222222222223 +argo-cd,v2.13.2,2024-12-11,19:18:46,v2.13.2,argo-cd-7.7.10,2024-12-12,05:33:28,10.245 +argo-cd,v2.13.1,2024-11-20,17:11:22,v2.13.1,argo-cd-7.7.4,2024-11-20,20:48:11,3.613611111111111 +argo-workflows,v3.6.0,2024-11-14,19:02:01,v3.6.0,argo-workflows-0.43.0,2024-11-21,08:27:21,157.42222222222222 +argo-cd,v2.13.0,2024-11-04,12:46:49,v2.13.0,argo-cd-7.7.0,2024-11-05,00:00:06,11.221388888888889 +argo-workflows,v3.5.12,2024-10-30,11:49:27,v3.5.12,argo-workflows-0.42.6,2024-10-30,13:24:53,1.5905555555555555 +argo-cd,v2.12.6,2024-10-18,19:07:18,v2.12.6,argo-cd-7.6.12,2024-10-18,19:27:20,0.3338888888888889 +argo-cd,v2.12.5,2024-10-17,22:03:45,v2.12.5,argo-cd-7.6.11,2024-10-18,07:16:30,9.2125 +argo-cd,v2.12.4,2024-09-26,07:14:39,v2.12.4,argo-cd-7.6.5,2024-09-26,07:42:42,0.4675 +argo-workflows,v3.5.11,2024-09-20,14:08:00,v3.5.11,argo-workflows-0.42.3,2024-09-20,15:08:40,1.011111111111111 +argo-cd,v2.12.3,2024-08-27,12:33:34,v2.12.3,argo-cd-7.4.7,2024-08-27,13:30:34,0.95 +argo-events,v1.9.2,2024-06-14,00:38:39,v1.9.2,argo-events-2.4.6,2024-06-14,05:09:08,4.508055555555556 +argo-workflows,v3.5.10,2024-08-01,06:03:16,v3.5.10,argo-workflows-0.41.13,2024-08-01,07:19:01,1.2625 +argo-cd,v2.12.2,2024-08-23,04:05:09,v2.12.2,argo-cd-7.4.5,2024-08-23,08:51:19,4.769444444444445 +argo-cd,v2.12.1,2024-08-16,17:16:36,v2.12.1,argo-cd-7.4.4,2024-08-16,21:36:53,4.338055555555556 +argo-rollouts,v1.7.1,2024-06-25,01:38:31,v1.7.1,argo-rollouts-2.37.0,2024-06-26,09:10:19,31.53 +argo-cd,v2.12.0,2024-08-05,14:02:15,v2.12.0,argo-cd-7.4.0,2024-08-05,15:22:06,1.3308333333333333 +argo-workflows,v3.5.9,2024-07-30,06:58:49,v3.5.9,argo-workflows-0.41.12,2024-07-30,07:39:23,0.6761111111111111 +argo-cd,v2.11.7,2024-07-24,10:27:18,v2.11.7,argo-cd-7.3.11,2024-07-24,11:44:52,1.2927777777777778 +argo-cd,v2.11.6,2024-07-22,15:19:04,v2.11.6,argo-cd-7.3.10,2024-07-22,17:14:41,1.9269444444444443 +argo-cd,v2.11.5,2024-07-15,18:32:15,v2.11.5,argo-cd-7.3.7,2024-07-16,01:17:05,6.747222222222222 +argo-cd,v2.11.4,2024-07-02,19:52:42,v2.11.4,argo-cd-7.3.4,2024-07-02,20:43:46,0.8511111111111112 +argo-cd,v2.11.3,2024-06-06,09:43:29,v2.11.3,argo-cd-7.1.2,2024-06-06,10:51:51,1.1394444444444445 +argo-rollouts,v1.7.0,2024-06-13,20:23:14,v1.7.0,argo-rollouts-2.36.0,2024-06-14,09:00:46,12.625555555555556 +argo-workflows,v3.5.8,2024-06-18,04:52:31,v3.5.8,argo-workflows-0.41.10,2024-06-18,07:47:04,2.9091666666666667 +argo-workflows,v3.5.7,2024-05-27,07:13:30,v3.5.7,argo-workflows-0.41.7,2024-05-27,08:09:42,0.9366666666666666 +argo-cd,v2.11.2,2024-05-23,14:14:51,v2.11.2,argo-cd-6.11.1,2024-05-23,15:37:21,1.375 +argo-events,v1.9.1,2024-02-13,21:21:44,v1.9.1,argo-events-2.4.3,2024-02-14,08:53:00,11.52111111111111 +argo-rollouts,v1.6.6,2024-02-13,15:56:59,v1.6.6,argo-rollouts-2.34.3,2024-02-14,08:50:21,16.889444444444443 +argo-cd,v2.11.1,2024-05-21,15:03:58,v2.11.1,argo-cd-6.10.0,2024-05-21,16:36:49,1.5475 +argo-workflows,v3.5.6,2024-04-19,21:43:07,v3.5.6,argo-workflows-0.41.2,2024-04-20,04:55:21,7.203888888888889 +argo-cd,v2.11.0,2024-05-07,16:37:25,v2.11.0,argo-cd-6.8.0,2024-05-08,06:21:31,13.735 +argo-cd,v2.10.9,2024-04-30,16:55:10,v2.10.9,argo-cd-6.7.18,2024-04-30,17:14:22,0.32 +argo-cd,v2.10.8,2024-04-26,14:04:02,v2.10.8,argo-cd-6.7.16,2024-04-26,14:21:35,0.2925 +argo-cd,v2.10.7,2024-04-15,09:21:23,v2.10.7,argo-cd-6.7.12,2024-04-15,10:43:13,1.363888888888889 +argo-cd,v2.10.6,2024-04-05,01:04:01,v2.10.6,argo-cd-6.7.10,2024-04-05,05:00:08,3.935277777777778 +argo-cd,v2.10.5,2024-03-28,16:29:02,v2.10.5,argo-cd-6.7.4,2024-03-28,17:30:11,1.0191666666666668 +argo-workflows,v3.5.5,2024-02-29,21:47:50,v3.5.5,argo-workflows-0.40.12,2024-03-01,00:03:01,2.2530555555555556 +argo-cd,v2.10.4,2024-03-18,08:44:51,v2.10.4,argo-cd-6.7.3,2024-03-18,09:36:58,0.8686111111111111 +argo-cd,v2.10.3,2024-03-13,19:53:05,v2.10.3,argo-cd-6.7.2,2024-03-13,20:46:14,0.8858333333333334 +argo-cd,v2.10.2,2024-03-01,22:03:43,v2.10.2,argo-cd-6.5.1,2024-03-01,22:33:17,0.49277777777777776 +argo-cd,v2.10.1,2024-02-14,18:12:43,v2.10.1,argo-cd-6.0.14,2024-02-14,21:04:43,2.8666666666666667 +argo-workflows,v3.5.4,2024-01-14,06:19:09,v3.5.4,argo-workflows-0.40.6,2024-01-14,08:11:19,1.8694444444444445 +argo-cd,v2.10.0,2024-02-06,15:03:51,v2.10.0,argo-cd-5.55.0,2024-02-07,07:10:30,16.110833333333332 +argo-cd,v2.9.6,2024-02-02,19:51:46,v2.9.6,argo-cd-5.53.13,2024-02-02,22:50:34,2.98 +argo-cd,v2.9.5,2024-01-19,18:32:02,v2.9.5,argo-cd-5.53.2,2024-01-19,20:20:14,1.8033333333333332 +argo-rollouts,v1.6.5,2024-01-25,20:19:53,v1.6.5,argo-rollouts-2.34.2,2024-01-26,06:31:27,10.192777777777778 +argo-cd,v2.9.4,2024-01-18,21:24:02,v2.9.4,argo-cd-5.53.1,2024-01-19,05:48:47,8.4125 +argo-cd,v2.9.3,2023-12-01,23:39:19,v2.9.3,argo-cd-5.51.6,2023-12-02,11:03:49,11.408333333333333 +argo-workflows,v3.5.3,2024-01-11,03:12:46,v3.5.3,argo-workflows-0.40.5,2024-01-11,07:20:47,4.133611111111111 +argo-events,v1.9.0,2024-01-09,08:31:10,v1.9.0,argo-events-2.4.2,2024-01-09,10:14:30,1.7222222222222223 +argo-rollouts,v1.6.4,2023-12-11,21:54:30,v1.6.4,argo-rollouts-2.32.8,2023-12-13,06:59:39,33.08583333333333 +argo-workflows,v3.5.2,2023-11-27,19:16:42,v3.5.2,argo-workflows-0.39.5,2023-11-27,21:13:09,1.9408333333333334 +argo-rollouts,v1.6.3,2023-12-05,14:36:31,v1.6.3,argo-rollouts-2.32.7,2023-12-08,15:06:58,72.5075 +argo-rollouts,v1.6.2,2023-11-02,19:58:08,v1.6.2,argo-rollouts-2.32.4,2023-11-15,13:09:53,305.1958333333333 +argo-cd,v2.9.2,2023-11-20,17:52:41,v2.9.2,argo-cd-5.51.4,2023-11-20,18:50:04,0.9563888888888888 +argo-workflows,v3.5.1,2023-11-03,19:57:45,v3.5.1,argo-workflows-0.38.0,2023-11-04,05:58:06,10.005833333333333 +argo-cd,v2.9.1,2023-11-14,15:55:51,v2.9.1,argo-cd-5.51.2,2023-11-15,05:59:33,14.061666666666667 +argo-rollouts,v1.6.1,2023-11-01,21:19:43,v1.6.1,argo-rollouts-2.32.3,2023-11-15,10:00:45,324.6838888888889 +argo-cd,v2.9.0,2023-11-06,05:27:12,v2.9.0,argo-cd-5.51.0,2023-11-06,12:54:52,7.461111111111111 +argo-workflows,v3.5.0,2023-10-13,15:00:44,v3.5.0,argo-workflows-0.35.0,2023-10-13,22:07:38,7.115 +argo-cd,v2.8.6,2023-11-01,17:29:59,v2.8.6,argo-cd-5.50.0,2023-10-31,18:12:30,-23.29138888888889 +argo-rollouts,v1.6.0,2023-09-06,19:00:06,v1.6.0,argo-rollouts-2.32.0,2023-09-07,12:23:50,17.395555555555557 +argo-cd,v2.8.5,2023-10-31,19:30:03,v2.8.5,argo-cd-5.48.0,2023-10-28,07:29:05,-84.01611111111112 +argo-cd,v2.8.4,2023-09-13,20:08:07,v2.8.4,argo-cd-5.46.3,2023-09-14,04:56:22,8.804166666666667 +argo-workflows,v3.4.11,2023-09-08,01:14:16,v3.4.11,argo-workflows-0.33.2,2023-09-08,04:20:30,3.1038888888888887 +argo-cd,v2.8.3,2023-09-07,18:06:07,v2.8.3,argo-cd-5.45.3,2023-09-08,00:13:52,6.129166666666666 +argo-cd,v2.8.2,2023-08-24,21:05:33,v2.8.2,argo-cd-5.43.6,2023-08-25,08:46:11,11.677222222222222 +argo-events,v1.8.1,2023-08-31,23:49:47,v1.8.1,argo-events-2.4.1,2023-09-04,01:15:35,73.43 +argo-cd,v2.8.1,2023-08-22,21:19:28,v2.8.1,argo-cd-5.43.5,2023-08-23,03:57:35,6.635277777777778 +argo-workflows,v3.4.10,2023-08-15,18:59:38,v3.4.10,argo-workflows-0.32.3,2023-08-16,11:00:55,16.02138888888889 +argo-rollouts,v1.5.1,2023-05-24,19:26:51,v1.5.1,argo-rollouts-2.31.1,2023-07-20,17:26:45,1365.9983333333332 +argo-cd,v2.8.0,2023-08-07,20:03:46,v2.8.0,argo-cd-5.43.0,2023-08-08,14:36:04,18.538333333333334 +argo-workflows,v3.4.9,2023-07-20,15:28:41,v3.4.9,argo-workflows-0.32.0,2023-07-20,23:20:17,7.86 +argo-cd,v2.7.11,2023-08-07,20:07:16,v2.7.11,argo-cd-5.42.3,2023-08-08,06:11:54,10.077222222222222 +argo-cd,v2.7.10,2023-07-31,22:51:19,v2.7.10,argo-cd-5.42.1,2023-08-01,05:57:37,7.105 +argo-cd,v2.7.9,2023-07-24,18:50:30,v2.7.9,argo-cd-5.41.2,2023-07-25,02:10:03,7.325833333333334 +argo-cd,v2.7.8,2023-07-19,15:58:13,v2.7.8,argo-cd-5.41.1,2023-07-19,22:26:30,6.471388888888889 +argo-cd,v2.7.7,2023-07-05,20:25:54,v2.7.7,argo-cd-5.37.1,2023-07-06,08:26:09,12.004166666666666 +argo-workflows,v3.4.8,2023-05-25,23:37:40,v3.4.8,argo-workflows-0.28.2,2023-05-26,04:19:27,4.6963888888888885 +argo-cd,v2.7.6,2023-06-20,21:46:46,v2.7.6,argo-cd-5.36.5,2023-06-21,04:27:57,6.686388888888889 +argo-events,v1.8.0,2023-05-08,05:54:59,v1.8.0,argo-events-2.4.0,2023-06-21,12:41:55,1062.7822222222221 +argo-cd,v2.7.5,2023-06-16,15:24:00,v2.7.5,argo-cd-5.36.2,2023-06-17,04:55:38,13.527222222222223 +argo-cd,v2.7.4,2023-06-05,19:40:08,v2.7.4,argo-cd-5.35.1,2023-06-06,04:53:38,9.225 +argo-cd,v2.7.3,2023-05-24,16:14:02,v2.7.3,argo-cd-5.34.5,2023-05-24,23:23:36,7.1594444444444445 +argo-rollouts,v1.5.0,2023-05-08,15:34:06,v1.5.0,argo-rollouts-2.28.0,2023-05-10,15:37:42,48.06 +argo-workflows,v3.4.7,2023-04-11,17:26:32,v3.4.7,argo-workflows-0.23.2,2023-04-12,04:52:48,11.437777777777777 +argo-cd,v2.7.2,2023-05-12,14:41:07,v2.7.2,argo-cd-5.33.2,2023-05-12,15:19:23,0.6377777777777778 +argo-cd,v2.7.1,2023-05-02,17:24:44,v2.7.1,argo-cd-5.31.1,2023-05-03,09:48:25,16.39472222222222 +argo-events,v1.7.6,2023-02-10,07:30:54,v1.7.6,argo-events-2.1.3,2023-02-21,01:14:54,257.73333333333335 +argo-rollouts,v1.4.1,2023-02-25,15:23:34,v1.4.1,argo-rollouts-2.22.3,2023-03-02,15:08:16,119.745 +argo-cd,v2.7.0,2023-05-02,00:51:25,v2.7.0,argo-cd-5.30.0,2023-05-02,07:29:11,6.629444444444444 +argo-cd,v2.6.7,2023-03-23,15:45:09,v2.6.7,argo-cd-5.27.2,2023-03-24,00:09:05,8.398888888888889 +argo-workflows,v3.4.6,2023-03-31,20:16:18,v3.4.6,argo-workflows-0.22.16,2023-04-04,11:10:35,86.90472222222222 +argo-workflows,v3.4.5,2023-02-07,13:26:29,v3.4.5,argo-workflows-0.22.10,2023-02-07,15:11:29,1.75 +argo-cd,v2.6.6,2023-03-16,23:07:31,v2.6.6,argo-cd-5.27.1,2023-03-17,08:25:05,9.292777777777777 +argo-cd,v2.6.5,2023-03-14,14:59:49,v2.6.5,argo-cd-5.26.1,2023-03-14,18:42:39,3.713888888888889 +argo-cd,v2.6.4,2023-03-07,23:29:08,v2.6.4,argo-cd-5.24.2,2023-03-08,07:13:22,7.737222222222222 +argo-cd,v2.6.3,2023-02-27,15:20:04,v2.6.3,argo-cd-5.23.3,2023-02-28,08:32:15,17.203055555555554 +argo-cd,v2.6.2,2023-02-16,15:43:42,v2.6.2,argo-cd-5.21.1,2023-02-17,08:23:54,16.67 +argo-cd,v2.6.1,2023-02-08,19:39:04,v2.6.1,argo-cd-5.20.3,2023-02-08,20:15:43,0.6108333333333333 +argo-cd,v2.6.0,2023-02-06,22:04:33,v2.6.0,argo-cd-5.20.0,2023-02-07,15:02:47,16.970555555555556 +argo-cd,v2.5.10,2023-02-02,15:48:00,v2.5.10,argo-cd-5.19.14,2023-02-02,21:56:38,6.143888888888889 +argo-cd,v2.5.9,2023-01-28,00:04:28,v2.5.9,argo-cd-5.19.11,2023-01-28,13:41:15,13.613055555555556 +argo-workflows,v3.4.4,2022-11-29,21:15:21,v3.4.4,argo-workflows-0.20.12,2022-11-30,15:26:09,18.18 +argo-rollouts,v1.4.0,2023-01-09,21:43:34,v1.4.0,argo-rollouts-2.22.0,2023-01-19,21:14:27,239.51472222222222 +argo-events,v1.7.5,2023-01-23,08:23:36,v1.7.5,argo-events-2.1.1,2023-01-29,12:16:37,147.88361111111112 +argo-cd,v2.5.8,2023-01-25,17:05:03,v2.5.8,argo-cd-5.19.7,2023-01-26,08:23:02,15.299722222222222 +argo-events,v1.7.4,2022-12-12,07:45:11,v1.7.4,argo-events-2.0.10,2022-12-24,19:41:24,299.93694444444446 +argo-cd,v2.5.7,2023-01-18,03:00:02,v2.5.7,argo-cd-5.17.2,2023-01-18,06:44:45,3.745277777777778 +argo-rollouts,v1.3.1,2022-09-29,17:43:19,v1.3.1,argo-rollouts-2.21.1,2022-09-30,22:29:28,28.769166666666667 +argo-cd,v2.5.6,2023-01-10,20:14:18,v2.5.6,argo-cd-5.17.1,2023-01-11,06:33:59,10.328055555555556 +argo-cd,v2.5.5,2022-12-16,16:53:08,v2.5.5,argo-cd-5.16.7,2022-12-17,11:36:17,18.719166666666666 +argo-events,v1.7.3,2022-09-28,22:10:34,v1.7.3,argo-events-2.0.6,2022-09-29,15:55:01,17.740833333333335 +argo-cd,v2.5.4,2022-12-06,20:26:51,v2.5.4,argo-cd-5.16.2,2022-12-07,07:41:56,11.251388888888888 +argo-cd,v2.5.3,2022-11-28,17:28:00,v2.5.3,argo-cd-5.14.3,2022-11-28,22:10:18,4.705 +argo-workflows,v3.4.3,2022-10-31,09:17:41,v3.4.3,argo-workflows-0.20.6,2022-11-01,09:26:43,24.150555555555556 +argo-cd,v2.5.2,2022-11-07,17:23:44,v2.5.2,argo-cd-5.13.6,2022-11-08,16:04:52,22.685555555555556 +argo-cd,v2.5.1,2022-11-01,21:53:59,v2.5.1,argo-cd-5.13.1,2022-11-02,07:31:33,9.626111111111111 +argo-cd,v2.5.0,2022-10-25,15:32:28,v2.5.0,argo-cd-5.8.0,2022-10-25,21:22:42,5.8372222222222225 +argo-workflows,v3.4.2,2022-10-23,07:36:55,v3.4.2,argo-workflows-0.20.3,2022-10-24,05:53:54,22.283055555555556 +argo-cd,v2.4.15,2022-10-17,21:17:43,v2.4.15,argo-cd-5.6.1,2022-10-20,11:23:48,62.10138888888889 +argo-workflows,v3.4.1,2022-10-01,16:09:34,v3.4.1,argo-workflows-0.20.1,2022-10-02,09:28:15,17.31138888888889 +argo-cd,v2.4.14,2022-10-05,17:53:31,v2.4.14,argo-cd-5.5.10,2022-10-06,21:05:05,27.192777777777778 +argo-cd,v2.4.13,2022-10-03,21:38:39,v2.4.13,argo-cd-5.5.8,2022-10-04,00:58:31,3.331111111111111 +argo-cd,v2.4.12,2022-09-16,01:33:23,v2.4.12,argo-cd-5.4.4,2022-09-16,08:58:43,7.4222222222222225 +argo-rollouts,v1.3.0,2022-09-19,03:29:00,v1.3.0,argo-rollouts-2.21.0,2022-09-29,06:43:50,243.24722222222223 +argo-workflows,v3.4.0,2022-09-19,05:23:46,v3.4.0,argo-workflows-0.18.0,2022-09-19,16:10:42,10.782222222222222 +argo-events,v1.7.2,2022-09-12,23:46:11,v1.7.2,argo-events-2.0.5,2022-09-20,11:55:01,180.1472222222222 +argo-cd,v2.4.11,2022-08-22,09:52:10,v2.4.11,argo-cd-4.10.9,2022-08-22,14:04:30,4.205555555555556 +argo-workflows,v3.3.9,2022-08-10,01:08:09,v3.3.9,argo-workflows-0.16.9,2022-08-10,11:43:41,10.592222222222222 +argo-rollouts,v1.2.2,2022-07-26,17:49:31,v1.2.2,argo-rollouts-2.19.2,2022-08-26,09:03:17,735.2294444444444 +argo-events,v1.7.1,2022-06-09,06:27:31,v1.7.1,argo-events-2.0.2,2022-07-04,09:50:24,603.3813888888889 +argo-rollouts,v1.2.0,2022-03-22,17:16:13,v1.2.0,argo-rollouts-2.12.0,2022-03-23,21:12:12,27.933055555555555 +argo-cd,v2.4.10,2022-08-17,21:44:09,v2.4.10,argo-cd-4.10.7,2022-08-18,00:28:21,2.736666666666667 +argo-cd,v2.4.9,2022-08-11,15:59:47,v2.4.9,argo-cd-4.10.6,2022-08-11,20:43:51,4.734444444444445 +argo-cd,v2.4.8,2022-07-29,17:38:38,v2.4.8,argo-cd-4.10.4,2022-08-01,13:49:17,68.1775 +argo-cd,v2.4.7,2022-07-18,21:54:21,v2.4.7,argo-cd-4.9.15,2022-07-19,06:25:53,8.525555555555556 +argo-workflows,v3.3.8,2022-06-24,01:18:03,v3.3.8,argo-workflows-0.16.6,2022-06-24,05:47:50,4.496388888888889 +argo-cd,v2.4.6,2022-07-12,23:14:34,v2.4.6,argo-cd-4.9.13,2022-07-13,20:43:07,21.475833333333334 +argo-cd,v2.4.4,2022-07-07,07:59:34,v2.4.4,argo-cd-4.9.12,2022-07-07,16:46:25,8.780833333333334 +argo-cd,v2.4.3,2022-06-27,21:39:15,v2.4.3,argo-cd-4.9.9,2022-06-28,13:20:49,15.692777777777778 +argo-events,v1.7.0,2022-05-04,22:47:01,v1.7.0,argo-events-2.0.0,2022-06-14,15:38:27,976.8572222222223 +argo-cd,v2.4.2,2022-06-21,21:19:40,v2.4.2,argo-cd-4.9.5,2022-06-23,05:50:20,32.51111111111111 +argo-workflows,v3.3.7,2022-06-21,00:41:49,v3.3.7,argo-workflows-0.16.5,2022-06-23,16:01:09,63.32222222222222 +argo-workflows,v3.3.6,2022-05-26,01:22:39,v3.3.6,argo-workflows-0.16.1,2022-05-26,11:20:50,9.969722222222222 +argo-cd,v2.4.0,2022-06-10,17:59:33,v2.4.0,argo-cd-4.9.0,2022-06-14,10:10:37,88.18444444444444 +argo-cd,v2.3.4,2022-05-18,13:14:17,v2.3.4,argo-cd-4.6.2,2022-05-19,17:54:21,28.66777777777778 +argo-workflows,v3.3.5,2022-05-04,01:13:34,v3.3.5,argo-workflows-0.15.2,2022-05-20,21:14:27,404.01472222222225 +argo-workflows,v3.3.2,2022-04-20,23:16:10,v3.3.2,argo-workflows-0.14.0,2022-04-22,07:09:42,31.892222222222223 +argo-cd,v2.3.3,2022-03-30,01:55:37,v2.3.3,argo-cd-4.3.1,2022-03-30,13:40:17,11.744444444444444 +argo-events,v1.6.0,2022-02-13,06:42:27,v1.6.0,argo-events-1.11.0,2022-02-20,18:31:57,179.825 +argo-cd,v2.3.2,2022-03-23,02:12:12,v2.3.2,argo-cd-4.2.2,2022-03-23,09:53:45,7.6925 +argo-workflows,v3.2.9,2022-03-02,23:04:35,v3.2.9,argo-workflows-0.11.2,2022-03-05,08:51:50,57.7875 +argo-cd,v2.3.1,2022-03-11,00:07:41,v2.3.1,argo-cd-4.0.0,2022-03-16,21:02:33,140.91444444444446 +argo-rollouts,v1.1.1,2021-11-29,21:44:13,v1.1.1,argo-rollouts-2.8.1,2022-01-10,18:21:14,1004.6169444444445 +argo-cd,v2.2.5,2022-02-05,01:42:13,v2.2.5,argo-cd-3.33.4,2022-02-05,12:55:15,11.217222222222222 +argo-workflows,v3.2.7,2022-01-28,02:28:31,v3.2.7,argo-workflows-0.10.1,2022-02-09,23:06:55,308.64 +argo-cd,v2.2.4,2022-02-03,20:50:43,v2.2.4,argo-cd-3.33.3,2022-02-04,09:19:44,12.483611111111111 +argo-cd,v2.2.3,2022-01-18,18:03:37,v2.2.3,argo-cd-3.32.0,2022-01-26,15:14:35,189.18277777777777 +argo-workflows,v3.2.6,2021-12-17,21:12:28,v3.2.6,argo-workflows-0.9.4,2021-12-20,11:00:00,61.79222222222222 +argo-events,v1.5.6,2022-01-12,05:18:08,v1.5.6,argo-events-1.10.1,2022-01-18,22:20:08,161.03333333333333 +argo-cd,v2.2.2,2022-01-01,06:38:42,v2.2.2,argo-cd-3.29.5,2022-01-04,10:16:28,75.62944444444445 +argo-events,v1.5.0,2021-10-12,18:48:33,v1.5.0,argo-events-1.8.0,2021-10-27,15:13:58,356.4236111111111 +argo-rollouts,v1.1.0,2021-10-12,17:02:30,v1.1.0,argo-rollouts-2.2.0,2021-10-14,14:58:28,45.93277777777778 +argo-cd,v2.2.1,2021-12-17,01:41:25,v2.2.1,argo-cd-3.29.1,2021-12-17,10:06:18,8.414722222222222 +argo-cd,v2.2.0,2021-12-14,18:19:23,v2.2.0,argo-cd-3.29.0,2021-12-15,10:15:30,15.935277777777777 +argo-cd,v2.1.7,2021-11-17,22:18:58,v2.1.7,argo-cd-3.26.10,2021-11-21,12:48:45,86.49638888888889 +argo-workflows,v3.2.4,2021-11-18,00:41:27,v3.2.4,argo-workflows-0.8.3,2021-11-21,18:59:21,90.29833333333333 +argo-workflows,v3.2.0,2021-10-12,16:28:36,v3.2.0,argo-workflows-0.7.3,2021-10-15,10:22:13,65.89361111111111 +argo-cd,v2.1.6,2021-10-28,20:08:23,v2.1.6,argo-cd-3.26.4,2021-10-31,11:57:25,63.81722222222222 +argo-cd,v2.1.5,2021-10-20,15:25:12,v2.1.5,argo-cd-3.26.3,2021-10-21,20:56:35,29.523055555555555 +argo-cd,,,,2.1.4,argo-cd-3.26.1,2021-10-20,06:32:59, +argo-cd,,,,2.1.3,argo-cd-3.23.1,2021-10-06,15:28:20, +argo-workflows,v3.1.8,2021-08-19,00:19:56,v3.1.8,argo-workflows-0.4.2,2021-08-23,11:13:42,106.89611111111111 +argo-cd,,,,2.1.2,argo-cd-3.17.6,2021-09-02,21:59:12, +argo-rollouts,v1.0.2,2021-06-15,22:33:04,v1.0.2,argo-rollouts-1.0.2,2021-07-07,15:18:22,520.755 +argo-cd,,,,2.1.1,argo-cd-3.17.2,2021-08-26,14:22:27, +argo-cd,,,,2.1.0,argo-cd-3.13.0,2021-08-23,12:14:11, +argo-workflows,v3.1.5,2021-08-04,07:14:30,v3.1.5,argo-workflows-0.4.0,2021-08-17,07:31:04,312.2761111111111 +argo-cd,,,,2.0.5,argo-cd-3.10.1,2021-07-27,01:33:24, +argo-workflows,v3.0.7,2021-05-25,19:08:55,v3.0.7,argo-workflows-0.2.6,2021-06-25,06:16:05,731.1194444444444 +argo-events,,,,1.3.1,argo-events-1.4.2,2021-05-21,16:00:05, +argo-cd,,,,2.0.4,argo-cd-3.6.11,2021-06-29,08:49:22, +argo-cd,,,,2.0.3,argo-cd-3.6.3,2021-05-29,08:42:00, +argo-workflows,v3.0.2,2021-04-20,15:37:15,v3.0.2,argo-workflows-0.1.1,2021-05-21,16:00:07,744.3811111111111 +argo-rollouts,v1.0.1,2021-05-26,08:43:12,v1.0.1,argo-rollouts-1.0.0,2021-05-31,16:06:49,127.39361111111111 +argo-rollouts,,,,0.10.2,argo-rollouts-0.5.3,2021-05-21,16:00:06, +argo-cd,,,,2.0.1,argo-cd-3.4.1,2021-05-21,16:00:04, diff --git a/scripts/release-analysis/plot_graph.py b/scripts/release-analysis/plot_graph.py new file mode 100644 index 00000000..8657fe20 --- /dev/null +++ b/scripts/release-analysis/plot_graph.py @@ -0,0 +1,58 @@ +import csv + +import matplotlib.pyplot as plt +from packaging import version + + +def plot_time_difference(csv_file): + # Read the CSV file and process the data + data = {"argo-cd": [], "argo-events": [], "argo-workflows": [], "argo-rollouts": []} + release_tags = { + "argo-cd": [], + "argo-events": [], + "argo-workflows": [], + "argo-rollouts": [], + } + with open(csv_file, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + repo = row["Repository"] + time_diff_str = row["Time Difference"] + release_tag = row["Release Tag"] + if repo in data and time_diff_str: + time_diff = float(time_diff_str) + data[repo].append(time_diff) + release_tags[repo].append(release_tag) + + # Sort the release tags based on semantic versioning + for repo in release_tags: + sorted_indices = sorted( + range(len(release_tags[repo])), + key=lambda i: version.parse(release_tags[repo][i]), + ) + release_tags[repo] = [release_tags[repo][i] for i in sorted_indices] + data[repo] = [data[repo][i] for i in sorted_indices] + + # Plot the data + for repo, time_diffs in data.items(): + plt.figure(figsize=(10, 6)) + plt.plot(release_tags[repo], time_diffs, marker="o", label=repo) + plt.axhline(y=72, color="r", linestyle="--", label="SLA (72 hours)") + plt.xlabel("Upstream Release Tag") + plt.ylabel( + "Time difference between upstream release and Helm Chart release (hours)" + ) + plt.title(f"Time to Release Helm Chart for {repo}") + plt.legend() + plt.grid(True) + plt.xticks(rotation=45) + plt.tight_layout() + plt.savefig(f"time_difference_plot_{repo}.png") + plt.close() + + print("The plots have been saved as 'time_difference_plot_.png'") + + +# Example usage +if __name__ == "__main__": + plot_time_difference("merged_releases.csv") diff --git a/scripts/release-analysis/requirements.txt b/scripts/release-analysis/requirements.txt new file mode 100644 index 00000000..1c1b383e --- /dev/null +++ b/scripts/release-analysis/requirements.txt @@ -0,0 +1,2 @@ +requests +matplotlib diff --git a/scripts/release-analysis/time_difference_plot_argo-cd.png b/scripts/release-analysis/time_difference_plot_argo-cd.png new file mode 100644 index 0000000000000000000000000000000000000000..738c0b983d2b5b7ef9b2e0782ba7637c5fb6588c GIT binary patch literal 84009 zcmb@ucRZKx`#yeaASok+j1UQtRYvwqrEJN}9+8zj3fVMB$sXCOl075Ygj7~ml-}n2+&*SlWzs1w@dEeJ{Ugvq7$8nr@;7vujV+7O$7=|6YA}_6sVFxEM z?0_adF8pMku7w%?Psl+=(?P|?#KFnH&KSFH;Be2%#=*+`&guKccJ}5r*1VkD7dS6) zoHlcCxMwfK#dY^zui&(?Gv$h~)3k$kIdV__mOX|M8KD1g(#6uuF&qrLA}yin9P?+u z$yvpC6K~GuDa)_85FSgaCRO4?R1XilAtNW2(IvZAv0(oYKb`f5c)i~Vy~ttAgPi1n z#w{K)nFwYcV^wk1=Q9`0U-7wkdYzfzGk2p zF_QhS9yZ6jH@pM(zbF$j&82CUTwYJh@)51-`VEA`d z-p3vdJ)OR;(~Qc#?KrM*Y4bl{+1wea3lwntO~%8^Ti~{8Z8cO$>wlb9(!hYBa{cEi z%^Y=y*+E)8&-K)&i!6+pQL1c_a(amr0yx!)QvMfA+i13yd-Z~Joql~zRSXwlWIWIs z&Hn*i>&l;7G7XuQs%+$R&OdOXimr$i>6G0+?4mx%&cRXFUt(|j%{YqT;zbH2C8f#k zj1wj;FCN%WwDmN_w8aYh3)=s5rZIZeY66RcTT)WuyuI8z-*`6u^!fAW^PinzOcH9C zAYDDF=T0K^h|t!pOgAq|tkZpGeS&<~CnO+UbYtwlef%VcPAM6@zTv?^yyE`MFl>3jUA#Kzme}%9gg?f zsriy~yR*nfFRc&$;ZnZz`Kmjt%`r_BFh1}_V7V-SKWLlR* zjtQ3mW0JngSgccfoCvIv*w}0pY1FC!=)1_YF=x*XepTRa@8;HRPM za(K3U@wir@h2P|)86n+eO4GKO2gC>3MK?L3FWH2pr?d7ukA{9~ZOyS8n62DAuA$>d ze&@~|;*%%+r*g}V;}Owi-{-s<#aaJ?+YrNgwe3TjmA9ORJWkRI-}lwclk0kY-FA0- zl}Su&XrjTZM@<7K-WZ)3$454hRa8goTDPrjq)!#pE(4f}dla*m-b9M)-yu>zEXT#zC-kEpdva4rfm{s5VV?!o`Vpr_uo< zp5b3<@v=qM1CJj+_I~k#Qrodd?du!k;4YW2yqAZMQY1J|ed(B5c3vHDvaKiAz%Z8U z(PzZsqd0YbFW6p-5g^&#T*brCVPK1FGH+e_+4^d{SM|;vM(gro?Sk%27$|M`Go^r zXlG|9D+k9R%zb@4YO*8oAgoYlhRRuYICz|!wrlSX#7-<( z9BXJiAR7dSSddw#^0hva{6DQd&kPQ7)WrZN7nCq*9bbNhd-6 zB;>Zup%;SoEJ98*A{r_SjshAFOa2c%HjD)k{PqvP3-SzIgreeBBANp-K_#({3!U>G7X!vB45PxCRSj zjRLMqtQ4Hu0Yjdf$HcamPQ25~=?zyQ2zd7N>6jsevUI$tM@RN8-j*1_6WrX~Ya_v2 z_qwiM8iq_<`{@bOfUeEr&sNHdR+OcVQ;)vAHI>RyH*9>$OnE^cLp1^=fA1WUuMjjL z1%?etE{i|crt+%t?+r_$tR&ztNt~3NJl?QXdz9g!7?;+ATvr;CPkM@JoEK6E5Xaa(k=_S-d|*DSbm7$s&% z$%bF^4KORq?_yhXQvLV)?iNqPx!qJ%^_2;xF!=PCVGYVaRzx<}tv82KQ&abnWbYKW z-IzQXIXQ~`j}@zf>|T`JWllCx_8Y5JyP+nn(FTL%F3yvQ{`Vl{6Ch7x-q&AUG=L8> z>&Ybl+49oo=~L43<>*AUSq-OOTEkACm9ei)~?IHS^PN_r9#`4tsSHtk(Ki}S>GGw_`aULp! z)1b>)q5FRV8tA=f0s{lTmN{`j9`=X3z`-caYx$x8pByN=MCUR_5_8#w6um2?u+Aiz zVCsg`jF~5V4~&eC*3XYN_z_E%L-^d8`%xo_&+y)6h!e7DZXL0-^jIyV7_R<`$Qv&% zNTj5uHV&B@8R26|1|J?Viizoo?m*@~ijBN!<~(8Y_Lit;-`%1kv5IFEu3m-rgoO{R ztCO~E7g-euwcputdGh%2&2eXARLil`aDyWbm)Y5`PC5v2JJ0DG6lji(+Ei`7$4*ml z>1t0qMseI?!~$SH0wIV3cum^^$l28c9vwSHP@&7!79+?MFMRKZcxQ>d={olj2HzeF z@(QJEcxY#Ul+UV*PS*C+p{~uKL1W-6@CcH<0r2u@NXd z&%<@@e={B_oyyHxDR2?ebHcjU5QJIZUL=tWfUJHLyR*J9zEHp<7lw~X=BNk54akUA zdTzVoh;!U}lk$DtY5Kd`nKNg)*96$xYvw1k)zw*)RaELHJCnx^$H&K$va?%$Rl>fWaPNR4&3z5PQ%CYVsD}Te*WbQIafMaHdIX6q- zi$bk_+XmW&0yxF6+VA_U7tP8)e^yTGeYWJh{UWtgsVB>#IvA zWn^R)3Lr%hV2ZQnv($4)u{!&9kqL+0S2mTm(pA~kZKRzR78hl-wPPl~y-j01ch0u- zx@*PDYb>4VN=%)pS5Kx54M3je!q6IM2;)NDOq35SBbL++FEsCBA*2_j!8(#;jz-0Q zKS822O~q?M2$gVb)@|j_k?QxA0L5y56*n3^6;8D2FD6-EUoW11-}g8+_Pm!lAN3N% zvVu!~+Qqxy4?S!2m7{a1GjE*|S?%|MW!akb+FhI!^1(eO`Qgzq2-u_j?u)GeCu@H9 zWObIi*kkXX4#7Q+KEG`(p``TW@@`BF4Q%tFhA>+DzGaW0N)Lhie<(kOp7MuZtXJat z;2gv|UPmOhb$VBrlAN4*sNL!!)7i6lcfY@rfD#5Ln`!9zix&Ytctj(RtvDN&Oe@1s zVYBKlE@SI5<_zVFQuu!M);4pL_Ctv4cQ!-1o^d$j?Iln?)ZHp-Yilid|IGaS z@%5QRS{EufiiU8f5Z;(~kA;l2HD^ zoMjXggfsLjHEQI$WnO*Jkmv1jQK-l9a=l-smKUZP?-ZPdi-zkc9(#IKTlC|R6D$HE zPVInJ#dg*XI`!M)-7z#AAB9RS2hb#TW)m{1WOC<^M1MLvp`FR(a7p|JkbrZ)msrD& zK!8B~Gl_f@#uiC{Pn3F!wmzQ709v^JPIfz?aZtd<~eq&J( zuswGB!h}353WVswG{4J4tkb>u`jg2C2^dt&kFYTqoarIYtut=hf6p&K|4Nsbdw^{KC~FLnIw z89)xblyz=A{wXPE{tQ(O{rW0L@8PSV=RqzPM)TmC)${PQv^0&9*I9-N_g4GyteVBX z}NXkj;#XZd+Wr^%0NWo%rf= zjvA)$%MW!cTp1V`a3C}c8^Roa?+oPWiNy%m9vE_8Ja*CQt2gW!abDGq(4gC_2x<{L z0l_MSOibA~$KId*ZZJDoAz=SAq`@*oglekmhFCr7$PhXyXrPmVs`ik-U3)924| zF~C&mDl9EVJPb@sAJPg^^rxaNb88^khrZ-BZR-7EQK+k@;`(QPex85OsXmDO#RY={ zx*p4F>zd}~8O>o!jg5^j_{>QG8~eiUEdh=L&|3qo)pW1B2g#rL%iMSB@ZDFwnXWB$ z-I#~s$bNqSs#XHTy=IABYS*G263iC&@8lq zlT-jv0R(Wv+NV9$Z}dBQGP9zJ%uID>^$r~Nj$aPWi>;Sp-^2t{oR^f4z{xF}5sLrm z2CYXjq&LlceH^Its9Ye#xYq8qU3R1U%?ZoeGBJp8$vm+ltQPdMFZi*1B@t1T_i(NiX03^HphlB`JyV^7_~_ zT|Es2I)Rty@4L3y^u2F2x75KXMcoBBD2@(#Zr)8BMKKJNLcd5A>=7lO+2gIA zv>WtT^^Y1K5@;Jw>N?{9oK)<6OeY0turuF4svP=n#oKF~I;GutLpUT#=}IYd1<+*+ zxGWe|e=#G0S{Mv%POaZjTS&m83(Z^&uqo&-V?;fu5%%jyyAjXkl_324bLvq(>SL%! zAR{9a&+9d;_Qo;mPA8%B+Olnl6+S8Df4u(KrG9T%?IySD!WXv|zCbN{1ZYzq`g;VX z=KxJ4*bG%p_LuO^luXdQv*;l}C={0OLDlX~Src6+X`xmqI;~JjrJz7^n}0ro+AY)e zxccYkZxhqghx1#0!LZz_9ar~-#Ckanp&vlr>@|-uF(Ie{ zfTQ93;{o27y?bn4-a`@H>+iJAtLJJ5LhF*KSLIne{`@xFB)wUo7R_a6;^rtWIc4Ri z%@rM4_JCgv$D1NitA(P;$jImi0CTueT5V5kQ~?;JCs2rCiHU4&ZK32#K(A4;b9)lD z^doeR9l&MvJND`^wX?`9_VTxe{lS z=8~k@*I<(rAy8$qZ@ra`5q469ofhzbAkklY)B3%ctLl$KT-kJd%5*bL(eTqYdLE+y z*a6}vPo5+}21DG~9pK6M+g70gCCh00cEq^+}I9_LIf)BK)=Yy#g+Hb zvh-CNv7{yk1?qdze?Zf4`Vzz2oEQlco*~Z2$dJtH34+!q5Sl&RY|VnCruLMD=l7t< zlS5u6J$LS$WL|IZyLWuH&F6~(pjPUNp5@}YaV?tf3ZGerc-_a3K@3ul0sssLz>ByI zY7ecKLno#Ph(_uR3ri4?FrB$N!t>DCAAQz1#`pT{q9dMn@$SxM#YV~c#^SG`s;Wsi z5RtZ@KY!M?KC3a%&(_@BeBy@K_B)8;w*g^c6zJ~ZM2)~co_zW8C4XDuf@O_GVG#7F zf$*V;y;Cx+K&YJ%fh2(TP?r-x!c+%< zAg1lf`&(uAh9CBE(?mXh9t0&`mCyXMG%y5#q8=Lo&=erFD}48g`an4>+hV)e$?5Nf zCtNFZ9e#IT0sc!Xgib{3on>#^uX0FE+{R60o$t(55&_`#y}w(J_Ve9&gX`*fy60V2 zXU^}^xGqgHh;IJjO|u{LSk-wF7sm;JeR8m(Y;D+|KJzjQl&WjY(#L4EF8?S#A2u4z z!Ei{GO)c_`C?kAjzAAP2^$=Pf#1R#WkTWLbCj$h}a~mQ>H*3c8s`X}us-iHT)j%mZ z9CzV3x0w>H7{G07%4dA`_~zkp$Z)j@5 zi72i=`4q919fA8Kc;>{a=p+WGY+@-gGSUwsco?xUa0h#A-rn10A9gsl0Wjx+<8ReJ zgB8LzrHJ==X}`lVUlPi?ifs)6sPH|OIuz4mQD0&|0rcI3>iZk}?D?2H{sUNexRdU2 z<+*59(u7$EsHPNPkLQ5_Ndk6HRAPXEWG8wRw&-0r=;`0G1-N#-ZvdaOjqQO|!HH;tu*ZvE1Sjf{3W7 z(ZI8DsIJ&fb}-b{)nVA{YcC(}ZqItHL5+ak*c*?|8G|!e3rFEl^_Q3#Xi23kEZ97E z)=iB}OwjrDR?n(0cUim~EvKzbgY^*!h>8xTHINcQy+3u)3cWc*B6*dF_D6g_!8zMU zy)L2iqH0ui9@|bSC-f)s(OwK71JS z9vd^ls)3+2xcG|OtmE{03}DejnpUc*( z(ybgY<6~rD!36^HJe**4<80VIec-Rv!npJ*X@IZw6gj@Xb_9ALH$je)l8|_C<7x_d zV}clMgGl{i5DQk z=c4}|DAf(OivD#BuxcY7Bv%0;R@AH$1D*Ih!tXEiDe;-d)8f>FE1_A_!vTkQ8to zu-H0niLWQzuETl1{m$$GRCqezL2QL8p=8Fd5zHqgVsctRu7l~7R4BR3?a8f z^(=1JB{MjXh$Tk)#<)GSLSJ%qg5g9YYvk!7V#)W&iMbZu_BFnQFn3 zoQmq#MOMC-*Ko@Av#PVJVggVnINsW+Iyxm~T(FF1Z^VUkcdM3f{LVrwJcdp86*U0; zs)y7lQJt=5gN}e`oPqT~aJ^XM?D_M@;85kz4AXsfcs#hZkH@&8CEbHiP8>W;1Q{{O$Luc9i=^5kZ9E z9bokDfqumR`(|!#je6vI#}MnN!z-|#P+VU@x-JNzvXYVq=-lTd05YiC^JfNvXl-DSxV8NGDwhG& zfv=^G>~?l`G1ed`tJ+nPedJJo5KC3^H8!WVEks*0o8P8T4lRr735G)(n(J3 zYS4)wY##uLtnEHuzc7uMGaaV^KP06rOc{NJI)5QzY#HbJ%-9hl*ZdB zQc08iM!8HM@4@EfS~x*-u(XD-T%X$7p1%cJAYL|2F&4uB21T`V0SJN`=L3jeTl96O z83M}dm2if24(=g6AorCkD~gLLH&>>mpnZ7~6Z7W{&&J&F z2h_;Ngz319M?yqp#f$lEG*4g^pdl%=`TRZ?tfoH`EoFT*KovvlZ7H1c#*hV_&Gj=1 zSv85Kk5mP%3$>I~HGPZM1k!un_f%DxjNKV|8r^Hc73*-gG>uuk#LL(fN`x6PvZnYQfE&IA`uWIouPw{rIS-tjTjldx$Lg%;|aJp zuT9KtB|A?_iE@*lsaN;QOf>fR*3BS2-u}E$29$d;!xT~_-*MKCYeXoHE^VvbJ(YAt z@=Sl~Bh`FI`>M>lQhQwIT`?#;m`Xdu3*To&K#R z$Je)};aeV1w88B#2OMH!LyHNo=jQY!RA#UaAXGpim)$wweU+<%3>MYCOtAvqOYzt! zrn(+iK5Fmn39{agq1_#)!q{B`0s^>c`UL1J*MQ9c+e5A9bAS4?uC8=wF`tO>S&*BA z=O50Al(PJ_`He~FP)aH9xpPOLA$EqA-xj!OtHE+Aun1($dlFrq!*sp29Z``)w?gN+ zW-vBB-bjBOR`CZU`8wpOu^tej5puv^?YAcik!1on&so%4fkcq#=pbaBh|=?{ff_Uq zt{4NrrkJ-sy(c9i#Gf)>odeJ?g4&oGAH2wQgKibksA76}GsKPMR;*}&p(p8fku};x zWF-Jz12~jnXaI^qTIKfIaR+@yyU|7Eg&En&j7gWh?7Tz$J>v*PSXFtG=wt?t^_^_> ztoikc_)*XYBq6d80%&je4>~JJku!z5|DhGugQU={6UuqTC6&!XfWu+Sw(%woUG^1 zqn7+0DEGj(v{O$isfprEqNScL?41MZU=)%&Jt&c3uw98MDTj_x^X)OU7PP&sOy)R_9-j(i8S3ONT0wXTG zQ#s*a{sfAWi&?@+&AB}Gj;!lUCT)8NzygVPfb&Jic(+w~cUD-9B3|5Wg=q4Qlh7QJ z+KU)61by^P_|d zXMG>@PMT<(O4_&7`3cG#SORYCD82g}4kGJ7@>q99suXD7tlWqE1fSIh*=3#QF~yDD zTi)MH@CP9wgbn~rnrtg{iF|4j>WImHh8R<^$rg~YaR~E)lA;`fX8-38d;BU zXg_Fx-cb)83N6b~cG3jUd<;Q7Q47nvU345`LgNnH3$9AZ)~2XQ{bJD!#Q6oF ze?bZ(b*-QS_>Fu)$jY@I6U_jhlH&h^BM-$f|Zl=_@2#t>d?2|K9|O8q_R5tbXthAVVYPM1#M`&WDpl8i6!ORz9ewh(T(En7-doE2 z5|*IEG|@*pD{S?mD4lhgN2XW_uj7)!7jT z0ydX}`TQb%l^(*t-l$D)!$$c4V^Ulp!pnOCuJQw@cskQxRbF3{K*lOa$`%b*6%=X_ z2n7~t7%sg5!mQwK-$kq%z#&T6d(7zX%&dFhBsKW<#uy!o9k3RuxeYV{TRI06ZxVzu z3My1ek?qcFds+VKRfPZMJEVvN2hzY6bm8SS0k55M4a0L1(B*zSWm5-vjj&oh8sIV! z>MD!pKb|T8V-`BfrhIB_wx;`L;$?J{ZD;xg(Y7G52pKVv!=T0P`bF!0e4m=rQT3P1 zIxr-B+g^7B5mUv*%^2k(uw`aVSBio)4-}e?99UH2vOAWbIp?>K%oS zOAc&ZmN9ASS&kdJsmf}?RZZO%{JzAB4cd`a4Rv)OTY@GCUd$ih>5>9o0(A(Z;C_yF3+V-#Jx+&QRlK!|~Yg`ud{?@m{`nblJaX~dEv_4I*Ela5;>d$~9$IM8-i zP0&qypk#&6GIWA10d|qj)Xv_{Zm#vx&=1JY4PX%+%R|&_LPElK=1<`7`8fQ+UuO^~ z^oz*X1wJs-$Ua|UB*-BfH;M)5XX8ZjEf6aUiRx>KeOi~HFlgWXlR0pODA-gU&sa>^ zXh0&l07NOWHEyoXHUMMj2gaJ_B6@*)7vfTa#l105U` z91I*I45FgCXe+t*^@inJii*drE0)#!!R1j5j3QD|Q9la;Uhe1mZSegl)}(`6VrR#L zShSRslpkQ@0pqA$={B;xjMN7Y-1mjgKV7*tax|*wyly!q+`Ust?$*xcYy&`^d1z9Z zAlXf{#{+tU9{r&<+e{8D#|Sz)$V0TdH6aH5{D+p8yq(~XblCwL2R{%*-jGU1!E*i) zXze*T?>&@Wxj=USeqOukoPYE$eeYU z0mAGdd~lQAK&j&g0M7-$phJcKd`=)L1T;y@FWFCeT{JF&)ey<2kX;>xbZ_4Dj%3$p zx<0{nyZ9ahbTb$9t1%Fwj)QA(FBGBA>1~MjZH49mHKQogO!j1*^d;6TyPu;?4JgK~ z94aoNp-{dWh6G*@4U|Q>HPC{nN`hx60s1HB*@{(kWD+5B0mU}20scmil^XKaHx-@` zZa`RuKu9t|){N4*|I*$4NA&|Bs!~X$Zoc5nuiFD)zqu=P!vVo0Ho4k^+6Z8IeY0w3 zBdf_H)gGzT={>pj`OxIo0YlS27zgVPXOBLwVuc#HCqFfuASJ!2t^J1&Pfj_ogwG$k z`65Gk$l_Y#Ux5~$;gbb5xj&$MVKky27Im+EZgT;CHj_3Dv~bi!_m!LnBdCb$Qgx(; z?yYGt>0@yL1?*c zQ=tYR@TmlzHwxfjuFC3PU1>m7$5`J6Gl%krn=kI{1J3mO%q%QI#tBo&zgJv{a6wFi zv?K@uU?_C|qj1TOzFB>QMy|kR(FA;gdyqA`QP8Ii`vDD@JWNY50NNPm@Cny zJmZ-R?0laaVr=ryu!(9FsAgxGnZZngk0A#!=ztgo{5w%{XF7t(DVWGPEj;gi+_ezj zZ4e`W<$+aFn*6h3&+QEZV6c(h0IbhGs9}9|$>t*ze{L{iqKiB`?GtC!p71sp5ium| z3RyicDZ&80H2}uoq~I*td83sB74JXz)YC^8!0&%=xb`q42Dpd%hMQ-^y`aBT($XTp zoWYa;sutqw4FT`H;J19f7i$s!u7jeV&G^g)%LP$Qht2}A)ohWOO)ir75fKrG{!Q}N zAfG<4KDc922VmVmEn460vEVmpi^-@n&WOv`Jgm^th9ktgH@`C${`IS7N?O`pU4ZnE z&|{GmV|ek^JTQs>@tzNW{6WN5J`p}yAKo_LBxFoegvkp8WJ9U>YavAa;X@G;P&g)K zAWzWtAc%jmWv>l+QUy%`urM%K@QWwm=+eIk@ZUl*b_<|JNdfJM$dp#ur|W&-bi&X!&dfj^-4+IsMWNlsmG5DYzl0ob9j;`R~oq08wNKbeSAP3nYT zIAf+4Fy7FsJ$d=^*7zD2+EIo@8*k$9DPd|Kn=&T3Dm=kFz)}x`7Pv?#i&Quai2#XG zK%jh}b?Q%qK>JAeI*71Td&Jt{pV_G8V7Ly@H#@*U@XoCB0NgO54ZJ7hlT zti*GD_kr5sdGTIvsN|6h>KAyb_gX{O-{(*)qd)sz$o~EP-K@Itb1hWUR7;exvYfVD zyu9Lj{C?7gOo2xSP68-{X5ZeVK8;Fo71x3r4c8Cci&~PN+dxM^bF;kG4VN~1gnXZWLR=!v`rg@ zMx`FGFv$0{FA`hgBziR*Z1JpO`SP!Epb`l$TWe){Uw(F)x>w6|~< zT99tNP84bFy)4O98o(_`sR#gac;zW)=oe}sqDtGom0y8S!l1?WSgAtlLv`cZZf&x* zdn>3K&#F8kipVS)0bPCb zBT*i=0&#tiHqdMml434U5>oP8kO99K3_y7=zFm%$w!I(J)_T z85BY~L^m-1lwJ-1-!nwWTM^pA6)bi?H8N(R7h4u;fnQWFu;iwQ(Hl)A>!I1pS~l$o zeVcWWFH8Os5=1fz{SD#t;V`Ul&h}iUX^1hog!8-i%7MbGd)*wI80jZ0wgA=;$&H8{ z>w!`R7M72{Rv-Yc2O6*vUZL$@Cb5t<>%MUNJUR2szp}X(>r)A_dp|JFsx3R1r5FZ= zuntbkcplX9b@u^!&ovyRoWQwDRL(#EF|7}1YWzrr@g;tk^h>jc5uN!wukE8?b&|h! ztq#%UAQi+uXifedbhV~#}C|q;GiY}RtvClE%>~G$D5<@jM~Oxn`rxSPD`H0()Him`}^kf zfSMohKqpOj>SFeHdl>UUV&&j{(BdIvk5_H4oGNviJ&rlU=)?sej?e%Q@ShnY_AIlX zs2p_aRsNQ8ReC=M@0mbwzb66DDi2+pH_pL1urM<~Cxant8%Rn`HG&u+H6K3keZo#N zbx>=wwDZ7@2vchdtA2idFn87Xvh^n>Mm==J-u{xDmkm)jrJrnHyO2WKbFYuefn^2R zzuU`mMceel!MA|_5hQ4TePm(yfB80wThico4JGK!#3BFNw{dYQeOs}w6!00yqOXc) zsIsA{r{Z6)UyT_eBmoQqIETVeokti2oGIY%1F6~vVTR;z(OPH}V{>~TZzIp|j57vUI z1!}19NeKz!J3?Uo#ZJF@`_`|~h~OI+G@>vj!%T=PC2kF?NWbkMnbNAsKBK#l<=*yH zLnHVdm1X_IV{)}WZE@ZH%kHt~RKed{x_?|ObJ586u%dDQK8%V04t5W6BR^-m3%xe- z{z*#<=;fA|(||U^3rQ@k?gGCB%<@q4nR$;kgc|}_l?N24uC5*_IR5izsZLQY2=IK- z2eBOWqdDrQ9=ot-ymr}eEBkEtH7bEgmY#wBnL>Z_;eOq;T#>f#)c@1w{Xe$!|3ksQ zERyzqO_)mtTxdU|Eg!#nb$i?y8Ee6Q!Tf0M6BPGQ7+C;I+93>C9f2D)1h!^D5J1)= zXqvzb>2s0GuKlJ-a7Qw2(XF>)?AQBELib5e62P63`01*dYz@#q5}!CRy66}j9E_BU z^-W+y|MV3Rfq_|GQSl>8iXu@Qh%n>~d;wJd_jl$#pe$n8cNkPf)_Jg!A)grD+ixMr zmjvL&7;lx>fbZM;Tfw$pO|H+3{0qI3R2^_Ix3Pl}O%Mx&A|Ku6pn!}>592s1>l=`^ z?V74@#0rsP7r-nC$|5o9G!a(=#%<(C14GA0=%=Un!l51yKft3yQsY0eeK`z?iM9tu z7+<)unILS^aW{0hsi}nMpL9g;d3X{;Bg~3w31u)Ujpq7OkiIh~ERGCRFyRTxaKsCu9^OYh z8kQY*clmEc9P2p$-vaSW)Qx>J+2L1=I{kX?^D>uLz8Y#me+NBdN*!}X9Pr>_%rl>< z9p2hqANfN2sji>jA5=F2ai8$;X~}24@-1|oI8ws=N>(&`=!{Vhyl6w<3I#S#N**!?-EIm;S$rk83f9EP3?RXulzo?(Mkj21`+X` zQp=C~>(QT(TB0j2u{^E@lcwU>O`I2HKZ$dv9}|RXjjuZIgPlrXbkUdwX;h-CJezI! z7d4}fLbmZ0iQWHJ3++0y9D{~NQFDOWgD2R45{x}xV|mt90DWGnf8quG0)mJaS-6u5 z&x=jTONiP$1jF|Nob~3`%*b&Jrg@P3h74&ysKJ=2pa)5b@<_)aPFeaFq^q*FPlDq1 zWOr#YR;Va2HQfMi6GWd)F1sSe4$VkMgEKr_Y)2Dt5Fyp{?d%LSZ_%WY3`zz^Tdq|x z@!2PFAuLCp+$$>8KAZp|CfFV}MJVG$3xG5a@#rMFa|TghR`;@?#>v5B$K`on9@PojTle~gPJZan{G ze{GDQrz-;UH`x9$Z^TzZyNc;IXP;$Zfx&-2hU5%*BXQVEHEdjc_n<>HMT$*4H`aRM zu7qoN@Y8&cj~MR6-cFM7AWI8)$xx?(U9kUot$eXfI3OgX4zMKh!<|F#=hNtjt1~s1 zt(w%Llcbb|xt;TPr}*K`{kFU9XRERxBx_X2FQ# z*?Y~b2ni?rj^?JEfKK*HCK(m>?it^9MZWC&QzBB!^H6g2JV zVLL6EBUz%BkgfeqytGbNT`#Gc!g@al6_h!|!EiJ?4<2nMc6N~b?dRS)&)-RXlz8Dz z#H%_r59;4c-K>{xk)5|aDf!7Q?{5c`C=2}xSliGjT?a6zkb&#Wn>iSrQtp09DvV|; z`o-9N;RQ#~A3x4>>_w8l1<&%Q|AT(XA;=I?L@YCq#X5n_N+JxAuNsP>9r|;$vzd%T z#;GOxKR$?ahUM82NRH|w%Bta?bow3Dcqd)mysh7`o|KOgI5e*PPgjPnX&d-UB=bcU zll3qupLEioa`3=-Cc})U_xnc}KbSA6^Z4DJv9NnPN4*?w{_8vQ6KI*ie4l2o=Qhnh zWGZivRf-y|+#l3Sr2be%Kb!u0&BPwo1uF9Wm>zOJ-T^x_wd4VYDh$IrPIFJF?UC(R zSVU)7XGv2+-^2Sd2bUCXEt0CnS6aCJ`7Zop?K(YT)OK;s{fjlCH?epHUKc$g3q(GVjKCBfluA0f(8d7 zj6fN;!YNiE4L+m!<`Vfo-sq-L41CJ_r zb@8qwC>R&u_{p#+49jSF<%Zv6l2lo?PxAibqkGO!w`6Rec1pjvPLA3aWY|S>FwX%g zqIN+NADL&ILA09x#1t-`)x*ZGLBO=IVSf@(yT3#d>+5?Igd+=%XEC`yh&F{1%0ghykh&Z_d;BW6-b6c$?tdrI^LXl5*qjD9Wqix zWI;;#r$v(t7}Dv-5yyW3QiVPY{eNm|df4-uMm0yfL>bzz5V)dCec6qW%yB1WdH;ro z1C(1a7;N7gezMFh!3EdYBZXAukvC)?6~_1{`6G(izn)Q~>(U)*`_~;ns`dg>3yGwU zi0E_c#?$FwA#^`nv?MTwLd&3+#psi(eLrq5vwzYH%9gkRLpd7Qqfw9V)jT05OL{FpyH-6_Whq! zc{8PM8<_VR(|C_ZV2m413g&zW!bhnGfJ_BKDFf+2yn*XLE6hgb&up*y>E95pHf3A05aaY0z zCSw<9YJY%Z$#6szw8MVm2>Q&tudBGT?ALflCgr>1>w&)cBu8?bQut>{eGq;qBfH4n zIs|Mb$s2tJ%L3TN*`b9#%eErnq%tx?%ola;@vrAi-++-Yqm5fmC75};pGL-rfa600 zoG36s*+@kT{kW{StPz+THhFgDCXSsvaxU&ZQR09%c$1$COOEfK3rRml<{9V~{5#F0 zK^Y{WrPWEjqHS%ROZwp^Wya*ljF3;Raz;Y<&E#$?HC7+%GT8{lgON=X>8Gw!SQi2y zfG-9xta^Z%MnU`0?<2u#pN@U+KRoH3(^AoG<<~gk<;{6FgTgq^CcHb-fbUk!d%gW) zl6gJI(e~^@L|5FH>*@`O3iX2#&w+r>1H3&tr}wsh;Gcv0ew`-aBn5@5JLf6rThFno zXT_8iYP{CC$F=lS0mn6EyXs#>q;>)m;pQ&*xZUPQ4DNz_){e2@T7Ok*y5!*W6~Qyp ze%8tfU8NC);hzOfI%@uIFb@<2)aZ|0PN(DkDqLLFcjtOic>aLyYjN+H2#J&L`6t5~ z_6xPeE3ifG?rcYbm5xdIV&4FT<~B!eVWLiAhi~tEqG7X1Yw8W}dz{TiP!qVwzB?!v>oj_$2O=+R27qBd2S~==4HF1L;q$oMW zgHeu=u10@JVAmMYZ6e(7Ec^r@bO78X!MKB37&1V^(+<#Uo#P~m4tIiw^%d=xgo6Qh zo(b%iIBoy|VEce)fjCEw!n1qi&}ju27*Nnsi90Y#Sb6|Zy#E2MiMwAk_oYASM08WA z%RkfP zSVo$Yn!d-^%sv1RS@>_737BUW2Mc&$*D5?dr+RCBk-Sf98kCA^@M?xY#$p2L3XMis zm;Pc|zt3>Uq&+Sa#RWW~06pgec~C%1Y??q6BRB@@kRY>fA}74p z)Jd!tn$kw5aYCWLG+qZ{P#@g6K)I)}#X1ezx@^KFpa)%z00H&^8B|Z4K&^JdyLYOh z6MDNFCy&!z4uHCG2TC{s{`UY);!ZIb7G zfSd2G#C!&~-6PO+OUkd~KLEp(KJwhdW#VAK=W`=}3Cy(`0243ZzIFjU9|S#41{MJi zL(erqqp-RzM+%<83(lFgXlrH;B%r9TV3sF2s%TJK9D?*PR2jPjh3# z%lhqphD@x@Biw)oI>c5MY2~Z|Xt(`QjgvMCk16pH`%vrvpMr@45{eDGWZkb>ISq>l z0~AlXrlFhzh4H*S1D+1>Z?X=1`;GAJx9qQ5ku0sP12o$eIvL!)>5wc7MXpb4x?b`8DTJwR?-B+^er`z9kOWjD%}wuxa~=^9Q%#nTA%r*_GCSK z6Ny@@oV476nx?a+k4fi&F0RFG!81B(=I^QrHyxWes+aWc`n1m~g;7&C?VIX)KAG{| z=`Xg0X)bYiPQ&U+V#h-mlGdAt;stCaF=Chqbri~j1ULfzP*NDF1lu;u=1w}4eY2vV z4wVH(>hrk3{{`WvVG(kpN}Kt!NjAAT?-v5YE9Qm0Yx9#XPc9nf6#pDQ@7X%sH?&Iu zzY97ww4+p6kzTABCugE-8@qMu(Z+vGu+2qF{cl5Jh)}Bnp7AiIbo1s9mHtzoua9It z1F{r+Uhd%A1vA!B?6%+roV)QB=RDmC&^f~){*%Exi+O{^;R8(2!Ynjr-hT|^z*Ox6 zmkR`$<}i;lGt2*{XSzc!orL_>^28tK&=>OHWi={LFNwQkf8kqHzT6b!n4xRz@eO?b zrluU$lWbAF1k3TpIxqj{p{@V?>E6Bk&ulRo&KsF6mlP7`0t*Dwtf+b9c~ewGU{|2Z=6wgJs(2l2-v^jX=lmy@Z~}KsP@{+ex-p$ zLLvR;BuoBEk2uv4PM=)Ezg5&9CJG)NK03CG#5#D?jz7xrFkXatLvGaH-dJ}2osqT` zcgBw>FS<_f(3r8w(K{lOTQdrQF%nM4=b)NA^SVB{k98w{*n5kj(du1D1)-*KF1SE> zdAt9ClelL{LrzKx8Iwt0d+#|8fQS+9tQU;5I0rcHHbvG5=MB}v{p4xUhFQ@Q@S zX&(L;7wp+cr%SqXtkksrRB1qv;!GtQf5|tKP@TWcGGM$7$Wmxp-Vg!<9xQYg(+34x zv&foObnVAMMEx*0*{GvT# z4>X6QV~_vxa4N>Pw)T}1xy6BZ155O?gjS!uWtI$Q#1X=fn+N(mmEU$`ughB#*p)}D z^{Qs9kGbZrNa#78KJiR!z^6&LG@gsKe(c67BHyS|_EKn%A()=QDvt1yx;jO+`h@}n98PIH+XbiAL^jZ#@G&;bzL%!9kXHHD z%wET$dINg6U6|`ZR#rU%KY zb`>+?uSX1{$2>ZGR7R`|gMvs`wOSJXi*&6GXQWyJ@*h3&0SLTM=qpdB=RCCp;k1{^ zVd%h;vVTk2-B*P{ax^W3uF1vnGVS|v?_4qnu#i{*5*L$3C7qssJ*IU9JO^&2tS~7u`8zGAaZ0~c5xR~ap9yPts5HV!1yc%)OrHKVqItbGzd}xxzSIASM(_dx zB93%)ef}I#On6x7ZiM#L8oPI#2iPJ_dwb0PY$n`x*Y@GOTkw<7XQmieCvye=o$^~5 zz+DM0cgTF~_u7#I2{*kt1>pg7;5t194`FcFdUVSArX8hnfU4bghv{a_fgj?L+E;O0 zL;R=OadvqpKX2G+;FLOC!@qr^RQ}|x`>8stZ1x+XWnagBUfX-eOdIIJ2e zkThX}GUnjI(RyR+wlnBmlQv|Z{4c`ZJ09!){r^9akxe99q>PXvBYPH^*|U_rvXZS% znIS8MY}q7xr;LzUoMmU^M95aw?|7-t`}6zUe!uVM`_FZ|U0q%0dc9uH=ks_RkH`IR z97eJ;V6#EwT8I>jKK#Yzzx$mKfxf~Pjkv&{$u+|Z*yWm0I_MDfApr= zbS#I|J3E2`pIyifD^#^aXwU5Z0RCw1>A(JvIaFofR(^+|p#ZZZQ>+INL_~Q&sC&P_ ze+!i({zvD4Z`)$c4VLVv^i~Hl1AVs+VQlKUC#!o_1xVa~@>%l9TmwNj^MCZuDRvJ! zBu-@pz$G9=A!t-MTM)h*mRJEZE-a8ZZ})UqQ0W1q1e&9JweyTUIP~3`B%CWb!oFN= z%oOcrSQ*7Yep+sw-n@UNi=2-PoA9`Q2e}f7X?kz}41;@JKKJu?kg@+&lDMEuO&-3* z$BqlA$hn`;G$Eg*SG%sJ>2%}<`^Sz&adk6Pm@ig_6P5A31l;qvO}x=(Qfh9?oc_0? z#k_(C8KMKg(ZJX2lh`0dj`9!@{SKOS8+g$3!L)(Ob&LGS&yQBmQks9g7CJBzHBXOs z>w)9N4SzCkMS}5W$Kf%{<(zlpXJ$#g>vfFVZakp+SKohB0&gIc=d(x7AoC;H0Px{L za|Yki*>*iLUUGFz0>`_UKyceyKK1M+&XvkCg2vW~7yMnO1dY#!)2lTiKL9f^8g35R zQS`raK{7kNyFMTb>D_~BOt%SK;H%@JS{1$yrxUWHoyv&e>!DDyjB0NTo+$5p-WzQj z|LM=_-Z9g{An&x3D_tsWYx1So~kQ=`9$ z39*ni&0JMYF8hA}H0pNG;RbdOPOI0RL44p~l5qU=*Lv`CL=o2CFp1l}u3+!Ls(p_( zfxyz?_|YJCB<)|yH$k85C=bU$jSv2$cZbE%m2(AN)B={BXNFTuL8*Utk1uDkmn!{B zWD`}!>YbGofuM}54=)mBPh>(sX(j#YXCC|u6;NeDCM8ME?Yl)&=)s%SH-#f$HK_s zV((|$pEz~V^efc2$VQ769#{7yRS&E7#;*VsCqelu`_i+^x+Bb&6YbK01|bg|d$Zd?sp ze2w)eCP^f82oFW=zD@1|em7F> zz?BqPYr4PYI9wWH1ftPjX^-LQ*z%SnB|uZlKYQ$7z8c`)rg%f$XGnFli1vAsA8|16 z=RDmPl9_lYos)w(tJcw2ROE;$5e1f=CpEK4D4aJRR?k+yeqNO^NBYf&`K|xerpBer zXjKG`Wf_zLK;#r-HixqnH0{B3RoQnNCB*+&B9b8Vsk>Akb0tG)`1-O*78Rw_W2*$> ze!D_xj6?A23Ytp{Wur}p4aP>)n%cMq#ev_R?yhSqymZhAd;HVa*mLK_i*Wn+_^%~* zE{R587+ByrY_6brV{l1Gl4Uj8F2s76B^FNyb=~1bD6+HKHiCohfiP!kKxa&+m0w=S!;8ErI##ZeL9M8*yJQ>@OqoFFrxt zVg?s!F`Da=a;2raN9*g0=4l@Ll9?kI>l%2~q>#Z?s=+e}N0KLh_yoZ4s4ObwdGqz+{8WdJLSgCn@jVDV_2JcF;do*Llc>J<04u*U^ChE zEno6@ay_|BZ~vAi`$d5KF4w*;x1JM=*GM&4u4U(tFZz8@g#7oSrUxcl^DLrl8r8nT zMRt9{NBeGVeRmG`?fM$Gs=U}8+l{oWs)*LMM~C|EEE{=||DcdA@+a?3)c*wS?gHtZ z4-~xqboLmy&efA8FFv$K4y9cSXxdM?1TVDJ7h+h>^8;MUTbNf@)ue_t=hKGL_5zOd z*BT^zsz%)S;FAf4OiwSC`fT*{mi8_7GE0s9uGH%B3Cb~-PMhQ?QfXAq&JpX&cs{|A z^5qxH+3*P7A5(2ULA%XIg@10bpX5-`doB^ZzPD27PmbdqP1$^CBnbGq zyloTnNsiW7&Y?8MpdF$zOVzFUb;H4B1oWYkII6p0z5Z z#pkqAuocGk3pEY@&@wgjv8*E!CjI4KSm_!Oxb%J-X^@UB8lMsmxFH?#bNaGSaRU9{ z!}`Zx+(o6qEw?Gb7#2O4SS;*Ha4;q|n#-HetfG>#IbxK*EmqnTz%qo)K$~pX54%*1QAxCse_L0HH@A>!f ziSw>3>TX0Ztj&uH zLz(08wA0a9)^md1lJzB-NiE271*;AdY4GCwZ6Uo+Ee;R-qJ)B5G}r3yi(=-Oex`*! zH!hm)khgBTvbwLoU$GO!C2+AoT*=U|%`J0qBctm~RG)A}&L6S(1l@fm71hE6vCzT6 za52$+ev@ACAb!ZPs~uMSZAMFO6LMq4_&*82-5+`93~v)t}s~LHWh{#;f_; z0nzubQFMsyuCZv%{fV-B7)?1G9?s-E!J%MlyVV?h{HhWGxLYjWU15n8hMO$to5|YV z{at3>Ex2hYU&qES&Qro|b*D_{=nrWeEFT-1yOMG&GtEaHy;1mUlJ9LvJH)tlS zhkMb~?pE^=tx{z+G+2>&Mt*w|P5hG?E28djdpF=(I(Ge;)~HLlL9 z9E2kU8xi4;IWG@B7#pgi><|+zDa3i^7%3CRPfaB_T!8VAz(`Sa2yPmYX&ObnbtOrU z-hN2V$us(*><>|%#oaC;CJ785H&w6M2HFv zTif5!8fRj{JQhn`>SW543~qiq{#nnIuPjw_h`o?`P&MQSd*cqDxn)gnKy7 zApgYqbtL)TKdN$l>B`sy2a~S<%8+|W?%09jR8Q?tvFA=8c-));s_YBFWKu2lL=kZW==Cj`R<*i(!j3!N5FB|(gYqyu$c7Me@`_ef+3cVM{ zG6GSDaw}qoFdx|)iq`w_FT&~Gei@J~jB=%BbGGv-q7_M_{jU+sGSo!Acua_)l6qkS*p80nY!=Q>#40IUV{BNPIg ze99n93>IVd-Xw0TCh1*TCjgsUXu8ptEkVN}u)Kql&$@RdQUib2R)QLc#v+O6uFgD!yTmDc% zTN7cz3>D}?M}ZUw#sa0+`ntM+!?Nr_e8HOjNfpY}EMP@0HeObQD@9gBh2DL2b;&-g zK1H_lbt|-npzM0V_lTrFM{+7B_Q4Ibs8667;bp9$Vya*0)WToR#4HFa2MBT>;$`kK2xAI z=ZcJCyCkLSPx{T^1l-Nw?Wf+R2IvW{-f{xQ)PD}YUYdnze_(JRH9dqPS}hYz&$A-g zK?IxBN;%6hA2nKq@|&m*p~~0QU#^LKmr$c>KXTXC5bZ>f+5Kt4vOmXTZeR$kiVVW+ zUwGn;Apvyy+`AB(X2Q4Q2{o7uQt$ssnm}ovVjtib_rQ}oF8&Hqp+-d^mSPB&Wjy%m znhAm}0_N0~f0j7rG1jE1^P_6!fkphf+Vn*|Ev@MlRXWc|C}XBa88$!K;kv)ei1R@) zwpr5E^1DFCn=S$9hz-=oEE4S0`qhMkW>BmGm5N=x$d50fu0{;0I0{KwgIyH=uf8L; zSLZsXk`sKEV(5#DF}`ufGC*R)@pW#H)4L-$$s=^}W9lo}Uq9zkdlticccVtIvUHyB zPQRl|NFc0eHSJ2*haaRbFEPPb%fKiqDDU09UkR519&wQ=K+LLGoUOEw(BY+9;$Aw& zWpMr3f2*|nD45X_8j6b)|Bzmfg51Fjgrs*NEDZ=gB&UHeQ^2AN*W7Hqa;8dW+Np}@ z3=OeC&ept33|0T`ucsRx$(7o-dN^02stJYAPR}l5dpTEPjL0Bynr8In$z}MQ+0DLg zZQ9RYpN#n`bywyq{`|jsUC@7x-`DphdM&~;1IqVW%yD`LA4xMois%=7io1}GL@>sH z=e`dxNQ6m(Bz~YMOY~i?Va^%)X!<#)vHO5Cp<4Bum-B+(&uOPkP^UXa@oMS3AH;wH zWIk7=VM1N9luwxcK$Pm)!Ecs z%`8!FG`~ma&htJ{L*Mi;-0rr(d$csoAM{LhjMvkJkcpv<7V`=vIeMq$H>Z_BQAVTx z1fwt?1&%|v{QCt#L^RT}frOlfii(_;78NQTj&q_A06~FCfmJC>E9~q?RqYN(PcJpl zQ=P<}R4rFjgu}b9aK*{)JV>sj7Px|KM_KlhosZc6E{CouVAU3?2)G`rYv8#};b{`U zAGB_IWFJ@BEstE<(EXh2ffE4#MuHruOAtww0Bj#(uf7k%9`1nW;P}$!&Q!%O=<#4< zw{7hmN;88SQxFtyWgOSOZjCI}N^ID^?(uQONY`mfbDurTJ;&OFe5Dv2)n!r%_F zfT!S9)MRq&4RF4M&~M5Jhq+Y~)@AcAKjC-zl#VB(UUt&PL^V$9#sB*|rKXr@oiB#I zJ{Vj%`BjO}fEp{cw4u<8Vsfij z9f9OK9Pc^4;d4VKfk<$q8Xw<2m z3{ZfmKtMhr^N4iph}H)>9q>?7;lX;FH#JJiW~ye)uqyBrbP6_=fZ3#f;(1M?x4|^O zbNT5!>KzN%b3|~wnLmM;>foj}Op?3$;gR%zT`K@9G(jvJfoLO{7C@kCnK-D%0p@J= zg``gv-1gBbJ*W3y>EohoX74DLR1iq&XOPypGf&pn>ieBw`rI6bAPO zInWt{)b*)?5I`t!K_ifNR-Zd__5>vz{UcF|Q(sj?!ZxZS>PtCSw3Wtm?}DU)awat( z7%!*ZVM3p@ilB(tL>HyEK6TwYeOE2hvEzMyt0}S~J#A=sx$ie4Dp}Qc=H1k>Tn?)b z>Hsw9cSwYX$r&h%&<}=GoUi-z6k$&Y~|QF{@h^doopLs z_MdZu9%oPSC6sq4E3s+O`NJx7*j4iN{M(wM6w77g>88;H5gF#I!1hw)>I<1ao8h9D z5k8u4QsVJ8ZK78>M8dA@nom3NRA=TDG07-St@5SS*Cb1fS*h9A`#TDU-73^wcl5~k zbRZYA`3Oy3wry@}x_i5Yj(+=)EYMNf2YpZrh<11*B6uU{w6p;_3h`J#j2Ga32;L2` zwXW36kR#8)tD4&+myCo%*LJ1AAFqnhEDQ{~exx$iXiI$|=$CJDrOYa9ZD!++rIBxiA$NulJ%T1&6mi?a_iTfS3 z5?k)A)d?C~*0zVQKd6kJYiSY+;}zCFu_5eOe%jJJi{%Zex7HTDdpf&J9}npP>QYAr zI~zZE5QFaq`tx)U6{0LQ8P1Iccz9&Ie}pVAi~L|I!YsHS>vPED2grT^^h61^(}5~S zV{jiyQOk*1_D8>3|LMOLW0a>GsEhiobcLZqpLI&_0wz^bJ$%jaKn#UlrvG)he4gID z<97X3OnPDxpKDmaheg~?ah++iGRGA7;lo!=vQC~ZBq|ghxxoBKgof@kTW*olzCZFg z@>U?fkca?$5SZe6>}&{$q9qqUZ-^0o#m%sGL5fwNLOeTDEML+RB$0J8az=72tp}eQ zo%-`GS`^i9`;&9U%w06`v7>2FU3e{tG#5PY@07_h!S_}h>uUIT-)Dr49F^(*$e#K_LUnE{HlyHmq`xVT zi|40wdzHXeF1~fuPalPY3Df@a3Hxe>hmdjTqAe&BpuKtcqkYGuIvM84uOB<)|@+DLxSX0C%KE95us zGp4&F{pAsAHlsDqFXXay9FleX9PJc54&7$Ttc%G^!o;!IjdYagf;^CYzHssPVXXB75k59`+S)pHzYvL_u&&iX#aNT5&t-loXqR|yN&L21$P zF#YG|`rk9W?~4Jz0#Jopha*jX^}eH!wRmII!+;D!LuRf(izx)6jQH+S8MF5uDAL(E zchb8{muG4RmMVl@oAP>DKQQYR=2J1Ocip0j=tZNA!u&}M)v=sW)la8sM(dkG*yRmt zO>Fzw+QnoNhhK-_EmVFMI!irJN7QQnk45qbN+T&SjYEGG8B_qhxb-zaAkab||CR+& zH5_*lFmHe`;ABvU@e-n}-{JQB0MSasgAS9BP9UK>pk5^g_Hxt2C-LoG>(lG(?@AQL z3Ti|1hCg2)HQ5HwY6isZ)%5o7t8YCo- zF{&I3)L86iRfkOi-L@HAMNyqiy#tz)L2-uZcNt{S^hjhMEpi0^I&#$^e)B4-8isS_ zs(aP^u8M|VG#Jbd?120PTnCIBX$XWIz6AswE+zLMvmSh%Af46^bOrFo;XwtK)4c@P zasW58%kUth=w9?#z34f_FMM>aNA1t*+J+(}ZfNvVna5_jbK6NPtfkfX=C#3tJk?&_ zWTOX;vc?VSrZWeHjPiwAEe=$d;^V!9LNcjGYhtMEa@|Z#%{hY_R()d1NRzHtVxm8f zFVlsq;Gn{^sDyj7?i7)?Sj=|!FQm@ht__4@e#W1J&~DSIyvE(N7rC^%+a)@N_PG_zJ}t1fW`$N=aZj_ zAf5KfxS`0>1Wf-p6FZ?DIi@gtr-@nU1j#dKb@Zb=%G-Ee$%z%zwxUCTSn77JgNgWKc7To)fW{HbA9(-OZOg2r|YX8{!aM_ z{DmtQx2sMHo63(2N*JyFY3SOC9<)W_-9F9pyCygKGjoCwdY^iY?DTosAQD+ zCAQL5>eJCz;yeDQi}Wwk`~U6_q_L&Oz>v&+-~nPss|64x4G1uZrUdp)MOeC#yAK{$ zQJ3ixU^jgXQ~_jY3E*}Tou&VqQ;zSbUa2@?(Gx=8BBMyRvrm2HqSV#4t}9<3f6hL` z2lH_>Fwd~d<6kA0r};e?qPNp;q|A7!tUO7z7Lq5D$tl?N(#ySLf?a*W@0sIi<9)%o z+)C*8zR5{W>kXCLZw)dcG_!0i+PsMu1g*dA5g)e;xO-Mf>%f`_PQ^8Vi++cpnK~Bg zERbGeQ2Gn0MJ6slMj%)ztHrT;JQy%`2=d~ExCak-0;pha4Kl9^7IxQBHke3u_Wt0+ zle)@AlFI6Azy2pEV%1Ml9(VdGox!P@@mwHVedW9Wp1Vesp__z8C;!S|)!ohkaRnQ@ z!;3{3OsHW0K>p=NpdAYP1D7vs)K_R~V9k)wgMzp*EMRCO%!wJWRDyit@6Im`UF8D|=6dsfyi zob*C!&v)BrZ_0+zixHd}8E$W-aUVSVlh2ecQW4Pao+0WUAdPI@I@REIOH53>3m`%y zvxtl-eQ{=9+5yQda)Owpdk^Jj9Ke4geE2)av9qJ9LyZa6&E{_@zU_1YzJ_xpRl>Fr zvR==qJ@X&4wbzq+M`e)Cou0e=TcwLX7T0}#(pKdu`2~S9&u;x3b>ob`cW=~8dVws( zT>3x7$5l{nU^L(qTq!~n@(`(4{~l#}+Mqwc)?2+bPi^a1R!YCgq<95Ot2Qm+HTXQq z5yvSz(Y`;yfqK4xsX@F`Q2e+esg*kXgx9I#qi_gR7P=j?FOsr|V8SgdqqBfpX@h=zif|NOVH+6vYR;_Ny zA{(MkY7-y5CzXeOoi5%HC@{BQ&EE~HZy+#zgo3x6x2424NeeA&d79|jx{<^(}jXtw-i$nMFZBtCuZr%j`xoq$t#BW zV0%UxFU)Pt>q?JlkMc61o*z?av~FLLp}3Ok`t;3S<)|Ji^&bV+ekN=eJQw<(pgL$ST(2#lkhB|J+>C$^+JGh>Fh5BkZVoA)D zu?S?b$|k+Nq*UfFf-U@*?!%f+a+YR!dgbf6-cx3qb{9L zZJP^6(KYwo=XNR055Qw=Luw5zHbMA=7s?}1fqG>7yv~Hcx|v9y!yR7;n=VWRR)_gW_6uAfkY4_?v+`@de4jBKDJY}@ABd(#4 z{k4*^ErQoq+wM%kqj($#_+gQS`S!AEKc~n2=mA@aiNzxED3D_}i-fO995jquspSh} z6}S6@rr9|fy!Xjw*m1t9j?K`%47Ye2VY&({8+REk89tvLPGsGRV<}gVOmH%&SFV99 zk5wuEmMFK*$smJX4q+e-SkHiz(w1Lgl%ow_HS;NxPhf@u!FbaHiAkGa%J+qPKNu30 zrpR@8TuQ$i8e38H>lTE6@==>5t&_v?E|ZjT#wvPUo6?+S30Ir`Ik&_usLL9+c_&Ku ztM}>bhres&W%ab^Nzapj%x!f3pBJbF%8x@t06-cCfO#daOw!$`R3r)!#yVXNoOt$_ zKdy~9s}uJXUGvD8#oTZj-UMj*^qV%t?K2*`TErq@yq8DYx2z7tkoSE|Kl0N~Weik( z>dXo*E39>E8OY(>Ju7c0?)WIEjuIp&f2&HO5FK=zl+N@#5nZ!VA9aLvV?6 zWOYe#NvPk}q4}0GV;j_3`0$1a;M&r(iY}8}o?3ZWGRV2YZRSu$pmWbA5~Ng7IYqV6 z_8ZZ{xltwZiG>oSv>b zRaz+^H7}6XUBIb}m)+r!!SEPQuhx42=&E$O4HqFcV`C%+OlX;v z{dOjF6W5n|m!Q@6poi@A-A$^{0o&V`4DV;;J^kxU<5r1j<~N5SjWBfS49M_0)2_2w zAW-BK?iX_7C`@QW5FKX5L)02# zxxddA>U5>^(xqQe(*NnaOt#>ga~TWklUt8{KQFF(pXyi^^Kc>W0GIlNRZj?MosN=U zh0GHe77^}yd#ZF1F6KGRcVX;R7-0;5|cFTbbvVpzRvVl&~rCE(!E}mloreUaYj4)zqw3tgRM+M?}**!IH zAn`LFc?#r@gVZ=_9`Ty`010rl5<-B@zee}-Tc*EoKtN{1*Bn9Pj5^jAL};#wHe@sLB9I)6AcYj697H>)%keo`?kyDF z<>C$LoXG1MJPC`#0S<|xQzk^67dq+AkkNo2gJ_nA%o z{onW}emLl%fYAg4_V14nOxU)*iegh|#fi}6I^7Cufxz2L?fY<6)FSq9**PzhSYP8q zpUzuB=UoCPp{$MF53%M~Tw@G17q=hautCcojQW}SOEk?t=1DYE#&WtMK|s_i46HjX zb^TX@&UESugj$IEBmRQPW8TsjqSY&{A-}NcXM3e-#D^U9Yi5l}5p(fE+jV$w@it9- zswCm4MeZb{?dhDkKhFtvRY8mj&Se=N)0THP7Yl7X#CrU^eARz!A5=b{BytmcX0Q zu^=iq_rm^pPGi4hPrB+{Pbcwn2)#|De&4QX9Up~&@`zPWy)afq|BB5Q9%#I^d+-&3 z<5~2NhM@X4%nb~IMwLOFP#zxVii(cJo4CJ?<;UP)0V^pJ63nZdo- z*}fl7w}&zd-`gZUi1~tB+4m{wnp|_<(v?ygZpPHT(FEI88%?%qW5tVd&ZLMNfOS{wtD(YsEF$GNYgQa=;FL zfpcKuS9Yr@(b-b19q(jeFuU*UrBf__IpMjjR_Z!7X%~#-i^eYE$f1(S4`x0K?{g*; zsxEaGLPAkqOh!L*TDFtg6ZQ&gCH@E2g>SBKV6uuQkmE6z1Qe^%Fv;bZjtr@AnZn|) zMuiaMMW)oi)6W;1)H+9RN8aC~_wKgF9o|&go%GhmqA_9|)@nm&hMTTyWE7wCR+!gO zETj*1cOXT5)ilPbqod!X2|`PY_Y)~qe^UY?LB(nSynp9tNjR4d1yk-x|>jdLB zTUdP5JLX0s9;2R1HFtSXxA)2%Ky%phlYCcSR4jsU2`=k>_i9sgL|WixO}__uIwXr9 zYG$^MPyYMz`&`trIlziTWH)SPL`oFGw<$InQlGcgj)MFlfWU-q43W$gH|U+cS10U_X{1f44@Syt5k(E8fEs* zBk@mS3}W8`yVP64U}UHi9jx0H+o9zAc(;IqK*+gb6v=Q>%ZMiaMT|X{d`fS9?^a8^ z#nHQr8x1U&t5+?4=}Hd3gp+6~ofzCr-z<8|xznZ63q`htBD4<1ji#e#b=Np~k<%MZ z9WcEoA*J~cBw2*73*AK9~_345{$>MiWWu*7>=^0>GIGr zv@g1pq|-oetN&7aeYG}cmG^P={AM9Atukmy zYBj{yG?I6%{mRnM$vXy3Nq3fe{gIH!Fb54nbJa0yuc>*%B_og2&c`~$X{X*Jxyd)H?oz09`v`@!lJ6Q9JmGU~ z5L|0Jg->7((|fXony+ACiVDIK1ey~vLmCDwdMdxJQ)SJNtx(6y>SQOJS~=6@D4R0K zJeK2y8iL`qSFlYduu@mU;@-|52-p&t1~FK%*1ywNF4p@F*K_S#X>Qr!l-H(;#^xV} zrhASNKUGgl@HrC(&Yl^q6+7FYyjxbpe&*)sR;-ZCDA(x=el@|;k<;156Nove$VRhe z_)SS&@r1;jV;>ItIw|rwp~+t)yZR;nlzQssoQ6pOZ+5K5T{5-S9R8I~90>EIbtYWF zO2yYG|2dQHENWv+$C9`HAgp41q+R}Kx8li5}& z$z*9TpcGaw`bP*mZv8m9de^i1 zTMiUccwkGr5hvOV6-!usWqajz?2I8O#x1B~r6+{~w%Dx~6WAefd~nA??CH+YH{8-y z0ZYemEgTzdZhPJXsatRo$2_6-v_1Ge#~0_@6x{5Sfvmc=+ylB%%1c5lj$3+hN#5kB zs#H9W{BxK|R|}1mzF5nG8=}V_(4A}WoD*P;QGtw3H7&NU3Me7%NPIeCowJ$71UiSB zw;&^iw+WEniGc0dGhg&Yf;sXV8ugb5LZfw>+!{Ijf(Z1@2Py4$tSx4~Uv%GGKLp&K z2B~v2q4em|c1jogXmJ9ZD`1oiQXSg?K#oynALbWWSx}HI3cMwzWHZEbv1UuV=xY_7 zac_RinVdFC`~ty-1+o4@kK5iCxH^wNGAlo4cNFVoNGN+Z__2ANA2TzaeOk)OUVxm( zU}Uh?^ktg&)R_(~^8>!ddY$9a1_W*(<&EOmxOwcQk6yvX_!r3%qBIz5RYy~AjHcs{ zJd4UVsFyxv@873jdw25ap=RNf4rlu3ytN;WrUfU?YR8GLLjLEGectn$c}6wllAy4I z@1sfUSnYuT_PaC}h58^a(lSLJc}L<-Tc077sJ>>n^bvPEXTFP69~n`p`kJ zq+;<=UlU*sVcW`4ORVY`-Wxzdt+63Za+YP_a90}P`voyr&gn(tZWd);{#ogX+kEvp zj(2U_)v{0TFZ-Hc4_GPE_AN+=k5-ee)~shL6pb~UGC#_B1fi?Zc3r&p;i&OF>K#q8 z{+-lLLKLzexIP7kJ=rUYakxZgI(F?Md%ZZQ!=Z9cluRy8i9^Cu#{jFDJ&vPY=5&lz z?nBOU^(F@j?D9d{;SW?1u2eJ?&;9`$TH@4C%xQc=b7=({9w@0&feArESKxFm1;Wsq zo5)xsBlZI{r?7ckja?8&(6jmmRr}$DY>c<|^okE6CWe@en=QqzF0&fJ46V@iwMR$t z4)BxQJeb~r9nw+7eb)D^f6vD!O2zMYQ*E&?Q=cBHohWI_#zEcw-TPU0Wd^LC9p_z| zgvv>T7UUC3_)ZF(|ef*HD1IrvxJL9Xt^Wt_&w0KJ%#-`ZBBH4AK? zYQFOrXyMq}xWA(n8CzNm4!9lXsilxmxiCQVR17z~1+24z()y{{x~|cHH=w^=e7`M0 zG|S))RjFTRIv%a%%6W>B^A6$;B$))Bq`uoGVbUy8mDYWPo;FW)Labb7yem+sqOS*@ z36fKDq~0m>%^J2|Xz=53Hd*H4-7pH67>Wj=vaK(>)!|V~+=ZvFDCG_>-7|@PuD<$8 zJF8_pcm0|3W+|?0mfm*@I$f%D3Cc0`wWhK(w5|(y-pR^DgJ5uVA$U&EyFhE115z3~p0wO_4tuHzWJi%&n!BPj9{| zMuMto)KB{Cs9$LtXceXfg7)Ley(=zm)jv=UbDM)z-h*|n8aBdq=M-$UG%d($FMAg1 z-cAF@b!{4GkftXrwy3}@q+CU}gxtp+-#^L0`=9Xxg!*U_r_%S>b{8lusHzUUa6}&1 z{@B>R%JPR$nx&iI_TIaq^;LHM%eeYg>!ptpa_8ptcz^vo@-@aR{O3nuQd!De`XD|L z#I?g}6tyrR;lPr6;eCdXL_GX3=~4}Zl=!jc^qatxw1AS3Qf>-KXg5#7!5InScJtSh z!gwTIn*th#i9>XP_2dbd@38bX^S!xIq+OMsN@=IS;3w(5myFjyT|Avtj81+(-LfU^a_?2CI;Y78c#``Y58H_UL zQqnRM%k*F{(N=r#?H27)zhpp)_V)fC)nxXwb&J~1>_>!gQMIdRfw$o*f-{8&s6d|* zl@4bO^7px(4?36~`3x?9cdc+bgU%duZP*>BO6x#L98F=5p6@l8R|t&a)zt-f%zeyX z^UiL^EXU4i8q%4vZW9XdR!?=79-&ZAm%hpQJE~zVeOM3X?j3ZV4py~&nAhO{Ue@m+ z1skzYGwvoByb!?Oi%WNKoAy?&{oX_V00JJer_-z zL$|=ySW4f{T!Li*P<=9O4DOz^-P)bQRX0b|*3lz`xne2O0TM)Kf31-lPxTOo{Hz#bUn27s* zaXrJl#EW}-vcc5x!OdpG4S`)Y?Us?G2)2XR_3cXY<5Jnl( zRnyv4Fo`urGdu?w_xYP!a|2MBg|^i5HSH^<7Ne^3h2sH)bDwWJ2hc_Ni@l716G-T= z?WJ{B4CiOEnawkUoq7e$pHjc~lqD+U?*4idG1fVL#>l>Z=lWjSUhScYcG*ypHLF4q zEUB;=Rj5X~8CwK+bt}O08sjX~y)8jhS+8w9p8o}E*&m*h!fhUzG_KL1w2O#aE3^@EVV zx{2pvA6spm>4#?m-Cy!_A1;bxSQW109-KwTwu~H=dro}UqBUibs$Xb~lT&3oft&H9 z-zO$Y2cP?~J5Ig|RZdtq7ZLl_aI&1G5H4+e+6B&Y@szk3r*KbZW5y?UI)0c{ub%gb zySUcS_aUoxekJ7!;2mFGnR{BfV%xOF6(@Dg7j)9on)EPfd8xMrWR_A$<@Z8Vdd% z(2>H;fI(0E!9=eFh#oCUu% zOb@k(D-+pIS&@o+yu!TAH=jGa+_-4wL|;_B@#`QgSwZ1Tvx}vxr_jDbu!#P$+R@~1 zpZFMK8E(b$_ibW$rtd~o`sAbqR-_Y$Wdj`Awd_#?KR$bgh1$G$lt8MWP<7SSj`cP1 zY3tt0p3CHio)>hKjkg_X?g?EV8(Z=Ch#7k1B+->w8FETxQ%hKQ=^lT(_-a^mIW{p< zm(aMQI$JF(E3YJX5#RCDqJ7oOMTdZs6!&uy?YV6}W4Xk|bK}}q>y=Lo4v4*K49wyyX59^IUld5@8BwpKpH(l8+U<&wB#{s;QbCsC4qf8r4sq7h8wrr~+v`u=MXHPygD1=HG58jaXpGisP$ z5+PZ#h$W%6=2NXAl_crNG;CA5;1t#;Gj+$Cf4M%}$S$9mNj>?ra6|s7g;=|P^b{aMM}z!FYtYAP)b61>)vFRq~Zeee4>^JXnYzx~*$u71FPPp?)T z_j0eF%;Q&BXjPhEQ{9IT-_)5lf6r>lg-I1$b){EZ%?x0?qlpvJ zEt}1`m7=;*$8hnB#{v>UL#;eZ)smHz2SPRRf73QLTMBMmcv5b~w_IE&DHr0>_Q>9S zUx`?3q|?^6nWz!%aJUlnrT)?4!Nl!*r^iRu4YiY=JY-~U6}GmmsU+3eH=sdV-b|(( z5fTq)Z_ru3*~sSkptmPzXZ=VdW}3MwSXSI#j+#)Ck1w*JQ8yBHO&?pxGR*$`c@rEZ znUGStk@1*YxxzZ(YGf33Vg&!BPeO@=W{(jGPD^%*?D3T#BCq>H?P+iHHfPn4DWLoc z{+{UP##}KWH{*)-Z!^YyW1LT@zg+y9ym+F9@rI!X!-qGShMTPFW7Iq8#ucsO;Y^z( zp1M9ug?plOOD3LoiG2E5>A#{&4qLu?R@>y)-c&j|Cvi2&3GTAk?$Bx2jV3-bHSU~Q znj(2ouvbNpQZ?$NZMm!fX6!*69RqTVO>Ssh2{EhhW zy+j9ji{r!=A-)#UqS)9tJe;|w0o>l9&oJLk%4Pt6bg;zC2~ zFeKRp6TJihBCpkmsPen^Ws?qfFiGpSCl|!I`gQQWJ$+uy-nrzcR%vL+-{~p5 z1vd=?WzixLliKx+Yl_QEcbVKCyRMu0FJ)&>p68ypV^5!5e*TMUA47Sn4>`N^xorPDx9RHQ%?`RZMBQKU)3;OV zwPj_8?$jik%aOlXkz?oc?ebr)Rk@WP*gISF)I&<8GAosJx)U@mbYu52=XyV=eM%)E zeOe?J^}sb;wJUwnA{GkiYvx)%=NBBGT*1yqYzvB%EOHwrO;dYHlGkNWsH-=3 zMOvpf8;5Oan0(EXcFc?NY6VC2e6su;i$?mDT~j+>&!M+Z{%p*v%eD1zE|}G8XnA=l zK!icNqI9=WQeTMRU3f(8l@o2tTsf9>{Ue!v16NW>K8sqtRSvR~nU1cx2fxF`vgOz7 z1N)8WFMdOl@uioXmLjxtBYS@stNPeGcyyIueUv6AL%UeMWCn}S^2koI)aUH5casnktymCan=r|!=sbW)?wv)55CkC zbWwRfE8!`3v|gp%^CF&qoof(-X7N)NMziGqz#4{U+#Sw-F@E}aEu(8c-}02IAi8>M zlUb#kJN-7R_2Ox&Ji+_t+~1Kp_E0Wnzgd<^&aN;S@mH#}KB`o&>&8BL`3p~wURAvrw)>jAAVXEnE^#J_&b zzr{Sms~7$`DnU<*ghpk=+er9Dv0q*L6xYyR#quXpo=XG0mw4)wPiU9^`9o-#>P*u* zieE&kYF%2KA)rka(<+-LWJ}E~?VkeEMXy8Bk<)9yYe?Ac%akOR_KdkcA;VY&4;7WA z?JL#uLvLyBwhUyC%<#O~nZ{dty2z_BC*(UrZ}pl6o&Fx(M{%45wBYPy`b@F{ScmDLOSaL1S?-XLpK-{Esw-^_J74 z6)Ago%AWh{z)k8Bz5KOG_-St_b~LGMy)9Tlq2fpM3BkH1ar1qzSL?JYcBg-;@!9QS zKV}v9#8yX0O7`%l$0>EK!PfbTTimSFN1>C+U0Q_DyHZ|_ojs}YK(35AX!=C`MJMG2 zStEYGgFfVsKWA0-x;^W>_oa~Q#W!cc9W`sc9;@Y@Zl(@h{=|WgdM)C8d!LL=^PJMJ z2+ydie>o?VaoIqTVhp^%r;W~TD!6LXFCy1%+w z;@s+!v&q}i8k^@nLFS!wOD3m`C%@(jcc+*FeeIK3n+v%kIKdprbac*iKCzuTmWerf z9@)E7Uryf7lA%!U;?o>FDH$cB<00_sZpRlv-5tJzyu;Ibfh&?dXIbfd7`|kOPxyQp zm`ECseoMS%Pon?}E-d_!o~v3)ERIq+3>STh-SQ?j9UNz;FaB9o5})@GI8T)>-o)Sk zp)>ncFy%IrJ;vIN>4Y0|Q>}E{iy_0z^U(>5y&_1f{#X1w>F0q@|G(6+u9{Rl2*829fSYK|+yE=@K~e2KRp7?;HPr z#yNX9wi3_ttb47wW?VBaP0@}(J@=G>=7omd!|esiul}>1KJ$-UC}QOlhMXsEVt?9d z`b|H*Y9c>pC7imuqt|B>s645V+BX?PuxXwl*#(v;Tb7tU_L=(18>;;m*OXFU7Vh4= z3GF<6cPVN_Tk_I<9Mhi6_H~ddtG@DGL8%wIDTT(;Zflz1sN;Sd)y})7)f4Yx))hJ0 z>VwLy+9Y%pwFc|as_a!8Sz?!b`H&vUccULf6|?-Z=Pxc>OmB(xu^t4auZA-oosf7u zaFy5{ux%R{38Z(*5LI*&Rp;{#&Ck9-mpa$KM%d+A*Y0;>J8jK`N~2iQkUCD7nISWq z@a$W`D@aMS_VtC3k&`n~Q@=)f#Wgqlud79NsBOX7kNz^t+qCG;363fjbibo@ zSsis#aqxySM#!J*aw>sb-}NQsI1TM@t8f1y)mW$HCvE#6SX3MmcCU}Om4V{;(B`gF zd~qR8paOkzpk(p9blxJW*x{D-`5EG9FRt{}kHzkdz0%iF+_%4CQLB-!rPt0?@USir zibe>=&O4gjVH)q@ee?EndxPf*q+WZK8Ictqqc3soyl{8x ztxm}I-nie@@?NX<8{`0Mc^$((RNIL(@V;1o_bdGUJsCFhz1~Ht0Q>Lvouo0=9nxaX z)79+F*q9wph$eTJ6*^8G2}W(VQ>M)He{He)5TUG2-uy~2E4a7@3uX}~hD^q2e$V&t zdAyny0t%^SBsoxNZn$G4aGEpe*IhNlcgR#p99$9!AG-VP+lxO(Q51`ob_Nz|I-L#M z(g$UQS55Om2c)#N)>4xqT)YctJ~hFg%5fmB_}G?q^C9dOeV6z#8dqG zS7sjPI|V0H$J$Yw#(9PJ40KB=tp*8-v5l1al#@45e>Z)V^t%xCZ`+QCHIzfJ zPYeA=_O>Nq9|dZAh*kp~x7L41(b6Q5&#n5#rU(*hDm__Jq4ZQ@z*SxPP&++qA|J%L zv2`=dBRoVp-71T3MUd6Hm(Af#3fcb2-otAB`$A(*Ll4u{=)-(n#R4Sl?#>-?q8aY5 zsC|vEB)pX8`XPCQ2c6HGD_hQ;RCCz$*~$CwzQ=bfur#-AlRB%#)>AH@tKXlvW;baf zBqFhNti-AnH^{Mjbi{IuYc#iHrOd=?7N2I1nYzAWzBq#Yn=JQvAr<)Iul&8`cb0gr zx<01pJ?@C?+4`82a=7j(5Zid2{G(!Lk}J=GFq4Eyi|*jy_*7C*=(OEt=J$(NOLJ%B zhurnHCe+7Uyhh&~;E7D>J4gw)5m(sH`!NqU$#-$>ZsM5h$1Yn=+aK?!``yGC)s3^B zwq7vKXUA{avnd&HV6mLx%vzW;`&|anUFl$PfMP63ZS%crni60Qprgx97Y2;g0I|## z(0>oW_-bWn3=(qR9=f*$EWr>a6^iAUg6~A^Xcsd##gpcZdbypHDb8!KN1Z2bMbFQ^ zqgif|k&b|OK7fwzBxZgx$Td-`HuUxe~kr|;bK6t zXo_yY=6d~J(qZ|EDC8aPiU@S<8!0?Y_U~uYNm<4vs*o7#(BL2L`Ww zb1Q~TJG+DlEX@@a=bj{C^N=T;%jj~NSTPU?fXN;7WUmnWT(7iGz|UcWx?=jYd7F#&Av z%&g(h-B}E|wZA(@(K*EBnkFQs$gH!bxW&1$3nf%Z&N;1B-7hjSJRtcQ$|FZyacQf7 z(WFG<_WW!ovvZYpE!$Mj-V+7*7g|{J>=1U0B%lE}y^fu}1^N^9 z1D*Aws3dZ)@q5Iw=9oHJ&Cx`dyNfu)DQU$6z3#kDPEmRNDXv2L1~EL*eSz;R50&N) zZH#Lrzf-@l9gJhc7aF@j%_9FPUjKXjuKlNU2X^U@kDhF?729tj|G3C5i&!XYEG$#t ziVV5Mu=TS@GGw|(Q}T|C^a2E8zph{TT#$|>UI{-|rnljXCFAV!*InzPMb}j0^om-Z+=amz?%GebXOddy_Fk)K}wWv|4yDDQbsCZESy;rSO;8g4vrQ|LH@$ z@t2%B?^AK??%nn`zpuXLkXc(FiK#TwYQ$BZ*{(W3$g1SN^C#6<6ARUbtCYNjj6sa@ zzMpZAfq&NHBDT`9h=Bz9tm{~5=O-iX&XndKGzQ>TMuaNnVSfS?>DY-jsR)f5YbQyJ z&Sb#%eyUjzM-J2J@r`!;KIg;0Hh+b032aAhK;x^5h)}xj7s?A6u4HC(PSP&b^`Vso$c(+7r1JWRZPwON6&Oy zK0t<^X4HP_jwHdQExAq=_d81TX}WrmYWATq%a$32&~#nz+F#Kj?z z>s?1Z*#}V-cdx7yl%>s!6XnG8GnF(3W~XN3b{^G~y{qYag;mk{yI6xVoGm{>XSSBK zzP5X7|F_I~tMobKG_fDzSm{PsOmp%%+>V%{G?RKP{NZ=B(xjW%&L`UsgQ_Q{Sm(Vb zu==oR3YiCSYx&=e$~yqOMt>pq=j1OhvwneBbi^X29## zk%{3S?)ms#Nhi-YKGo;qqz07c#Bl9Y!*CR7I}bm$A)`GA%m>;UHNcM;I3`|cyyO0> zRR&|nCe43LOxKc@XMRpPFAPtD-0V>Gh?&A=Z9zvk7?mqeLGEhJ){yM_A9Be!>Qt0Mw7<{Usz7yo>qj!{v0M7+^`+^{ZtFkbit21bgJ8yaaBoqX5LK)-+`(JydCzWyn6f zeeOf5Cx>C;m$?>N`j=9|cUs2#XA0H&G6RLTnLb>W9l)56`0)OjjgFjV;6Y@?T1^TD z*HhUoM+eMO+*cHVgZUxMkGJ80U83_m_8o$JM2bp7KHBeL)_AD%4HZ34RgSJ>@zSzQ zg+s?)^qoCsr0Mx_th-X*9?F*&$>%nE{K9k+9jj_+hLf7)>z&4gnAQzZ9r;b27^h@c zi5n}i!&=olU9B>0we??qgxB5~i7CSPZJp9BnXa1ABXA)h2qyzo`7L+8)bVQCX7<|n z^9n|pna-?yKPtMOidbFZ|Yv{tz2@Y?-BhSE#sZ$thog<55ep9FR_ zh1jIL0|tNKZ~q0Gp8Q%|=FCWnE<`eP{#5xwqoGG6Id}fBIUdU_d## z*8II@34!?A+wb-6t#$W@E&q9(+u6>pL14b5sTaB$Vl!OS_^JH9cgk4$aos!`k|2SD z@VuRQ{?nb4xZ}cg6YALVkjK5={omvb!2JpDnsfN{(=;qjUBshFIJ6Pf-Bg<-Ts z=w%R2BVu>6elCd_zC&dlGNqiAhDqFEVwZKdI_P4F*bR=IV=?d(0C&ugb@=s4R2ZE0 z1U;#=L)_th24;E8e9=eICpW&d2+y<^^Y^O6X%~^@@WfX?G4(Ql*2hDRDxOeP2P?!Ryt;0-k$x!HsnQ_5P$9}%5ZJSk5u-=UUe zYj0PQ{HfG!K}C;qr3y58e5*|2MK82Ub)Wp>WcT? zIT;Mkf4lUYr~iwPLzgYH>s|B|W$XvZbyJk;E`3?(kWum=T=){3KD}TeeZRRZrCndi zWs;q#fQxeWxE3yy;Jv$_9||e7b=;0`a=#0B#`F`0bci;MrU}&OehH}++7#XE;&IAZ zk=KmCd8ethVz#e(ot>fbkoN5`S*;Rp(37p6QkZ&AGLgim$!WMVcGdBYtu8-nXq#;>Sg^OqAMns55BhDiu88TeO){o z7M)c_rZ}FgtWU;Zyw-$fw!JY~#92n(*D5UI@BNICC+3d$2d&iWhxuwyz!k7}kfTr9 zSy)(ZwBSzT^}_E3a^lns{G=a7D+t`3{-n(wF09H30Y^N3(E};aBzfvTtaEYH~RKmElk~ zg57az5TcmZ0_~k)$6GPklDAtdAp~OJ&eS%di|PQGW=D>$_TZ2ncjT(-9o&#^RXw_T zfb;aNt}ArB2pYJY#gx;@>CKBRW)tIYOf`W@PG=XRq`pfO3PSKy%b8qWCeiZg>b%?i zHxVdbve50&F7Hf4sD4RiwJnHHos<$a9J!FJM$gf{wAHSR%zw zbbaKv%%XM`Ucj?^;&VqD=eaD7WciRwP?ODb2c6|^$>#bEwy0Xcn~K5J^1B1`rj9~v z`$N_B{Lv-)PNJ8QDL>l9<1 zimYOm>wAF)J-@Z&(kcMhdF z-ahiZufhL0cd#roe0#n&Rmo@tZt6Omu-Q~LEqpZnbeSXkm%3yXQy zyt6&A=$;1m)qJ3n{N_nAyC%ofG&WlSXf_C^NB;U)EXVZEC+2NSc7RilVpb2 zuPchLRU=QJe+>pg%)+E&LW#7;-lTn{EI5gz7zXhe?-qy zQ&%V`wct^FBv%*?#*zToV7M!}G5}nY)RN`bcoB5CA$StblHb|3YUAaGa33~Xa2Yj> zCI%?xjotG0_YsI$Vazq5tV}!(F9^~jHN0?HLI)6#JEaQw^B=y|(z|<15dhfNSFSks z?nS=eqy8lCvNn_eHMf7Sg$GRJbjfGeE%D*J?XbHP&JD~9slY1NPiWvK3LHu4z#*nu zW;H$!bX^*mYN;D{f*vvBHygWqbLGlWlKP@&Dan%lETS-FV`E6h3wtRk#kO=AGOobV^P#T&?=4i$9~iNW8WD zN31e7%T`N_r9#c`g@*`xa}38hyC`o`v8A z+vbmob$hxT)m=Tp*Jd?h{UsF`;h9Gl>ni9ntNePbm}Jrc|F($=?4*l{>S=R zYsuV*V7CS8477l^Uf8WazQysUE3vc_W zxI9I5W)j&)X^rDoSK_^jSbJKV&i9D%;=W&F)l5k?JC-l!!{?pH>q#(h&G=xl?%;6C z1v6gAkF-38R=d)nG3H@-+Up(ShB2Qp*#&3%STXf{<61G<+x{0-$tUx?i3vzQ;XZK* z7Rh>P5c&I7!*iVvSx#!-O!Dl6Djf>?jsp{4hy)$H()d0(ZZi7ip_FWV6#gV8Q(e%^ zI2c&DAyMHMe|UKLBGkg~KLce4+eN;y#)SB5t*NAP2|0Cu*krGL(BcF?; z%FiB!fmYj9C(`S}L+oLFC5d5mEro?2TGI(nWduB5l$toZt|ZYk`-$r`K4t744hiK$ zpLMIsxkTlYRlAms|J_2N%j%<psyk7q~;`Y3>e|V^_rx(+G z1oK(KqjuMLKP@a|rHVjCQbXn8^R41)T#MUJl2bSQk{U=X7_X2IKlDs=<@>sm$}LXP z-!Etrp5kb1|MKmHt~J%S@a^ksK{-=WOtlHE%vLEH_@Qc#YO!L?57pl4S}rthOK-KT z7Y}9{T{BZ12!bdl;1D_0XQb^}tn#5fXv)Qy6WQIK={g!JKlHPVm^68H9(!_B3>q1& zY=6qJ*Y*U(a8oj5c%W!=d*YrNxsBx9o3C3AOpYW%-Lnq2-D51d4|JNCI+``d7(b7{ zqDY$~))8A0*{uAUw)>*aY@;e!87*Y}*}byLj6gq0PO3v%4@WE<>gmh4HVJtDW8WLGD0(Qi63CMpWcu&4_f zewq5IEy2Cu!R6;br_6O6*)fAeII(;VNkAZ``=MHLtj;5z`Cgs^ummQ<^d-NqFbq}^ zhP5!n3OK9%I)*7yeN#>E9QyayTPWK`Mk)qZjG|94hKm@ptMpr@%tRd8 z{ndH-UoMr-Yr}Q?o(}o0-!dgkrP>!KYuf49<<*Vonm(YYTlz4O@?BzH2txCo>HZ`! z;^l3@ozJQm5y3>NIP$|(c~Dqe*5IQmySyLoS`=^3K=0<%GpV+=?(Q@o$yC$TC8?+) zo%BnO3D*IW9}(-d9h%MJ*@cY+ozwdNiW7XxyeyQRpvk~ zm{BfB@D1vNJrM!-ov(@{c-JM?wgQ3`q(9DhfIbr#y^}{Qd9f0oKfpbTqTl@f&8s2D zBHHHOTq#zP($u?)SM;z9%0=H_rf+WNMuEBj#1*-{cS3& z5A-1rH0WtuXW4G;tJhy!>*`b0x6O12*V56sFVrC~?fm`6&m0#koqf4Bdx5U*^tZ&! zE!5RT3?n1>!T}QjS;4uviiJt+Q7NphceBItl!vtxP4HEZ#vx?f`9$GB)B@sh!NJ(itO%p^L|7$JMyc}@sA&! zwT`CVnB33k(!C_~RY;7rcJ<{o9x}hPi>smwA1(yvbG6DSi%cORLc_>3Bd4=X`j?r0 zXbDwXTogwI@5~KJ9UU`I-u)7Mbw};~+0DDjZhOi+^Uy|<2I>7i;Im_7V)7;7Hj{wX z+@Z^4Ew?Zm1U`mGTu{ONQIr*p-jZV^^StxJ)q26sx;@;nQYPiOikw?>h-ZH9@MvugGZZwI!rplRdK8Zp;K|%sLHv6hlVjmHCXA)`4OE2iW?8ut>xyX3L zJHIX~iS6?8;}cUYd*=2k%?Zzo{w3N6)qBoSY^g5Td=0ROTbSwx=yM736^#!BE{w;M z+j~EXE)okRw)YYfopjs8BImRBfiXd{nS%lo5T73hi(#F;EE&zlw@Lz=55S?=gzD(7g7b&Y( zk_(Ix3FcpL&CikD2!yq>LLCS)A|O@fY%$(UR8SZi*_ANq`ayhTAET%&MBRas@G`3* zvOkicf^gVgUS9Sv4f+7OgPCZ=xfg*j+P%HAGhFV{*|Qs>NRyhrZoGVM%51M9I5yzP z14(%EW=z`mqIC{S1P*Hxu~w6{ieRTtmEXsYr0&1#(ZZvmq``CY!Z$lz@FSuNe@JP& zi|AJGHO;J4pTxjob3&eI+e7mca*2SyjEaGQVI5(sUI1MJrABA3^Z%j2wer|Bn1|yv zKbj9Lo5>D7_yne8Eqp69eDdsBzKtLcPxR_|6@wSX*+Vy@tF4Fz&7rTtQO|hO-kz6B z4aLXs>fWw$S_}P1dKdXV{7DVKckPApl*%~0>4Z%@Cpb|~X*@J!40?cB#oz`WnT ze_vw#Q|wfFnEyTq4Z8f;?G3qFv?DDu>=~ADq@V|Gx5CLwIG7N8*~s#I?ZVeEGD*r| zX*d;n@ksdW8DVT%04PmUn1lGAN4wF4=k(~rna$&FXorznbQ7!!{{qBW%$ixfURMZB zKz8x3T@!~zaKUhA5}0Hs)ys4CjA{14UqtKZS)c7XMSP)!@1;e9m|Vjh86E8hUp7?^ zqyhO&CR8|oI)ka37kz%6ZHOnWD-@E{o*cWH0UH?jQ+>Jj%Y1z1;U=cRDrHk&pS_af zWtgREFwd1hovP+@Q}AZ(*I{Wr!Y2p{E-UD=mB64J=Yu<5Q(evVy5;Z9O7%>YAG;DR zaaX;_*C$9DIWBepSieF<2m{ZOfjTWLccm_SHaRJY@y;DBjO%Ad;g5R}O_1L}6obz1 z=b;p-U}9W4V*{lgWjKYob7nCAc5MbKDu{8x@dKQWuR zM%R(HJt3oeEhRnV}l8x6k&;_{VI<;;7N=`?|&li5JOh z4}8=%HLzV2g`?C81K`*=0^o3glUW9aBE#_W<>k(9-cwmu;Qg_fVB6ajD>?~*U+Ml2 z9Fn?)>gTz;ACgOUr##gPgOFDT(qbRL#Zpd8Ow`ELP-fQ+Z9WR;zHJBu|*fHsM|&F_(!vEFIj$Sf32rnRa9^4uG28bbE1# z>v1Ex%ieD)%aI~U=6_{ptdZFMmuoK|z>A$R*%zo?f+OYA@zhhfP9N$Ot?1Ow+N82{ zAXy?zALs=cWD*dF0a`9);2%tITp5ML+~0?*uM?f}?@3^IO61rrZ%YYVM}rm0GY?dq z48p>~KsHXWGE)3jKu|DMCi3hhOsKP~qWMs}pye_*C*b?Jja^X>fJh&;=6S!^u)F4Uj2lfXr zb7>wphD)5*^v#B{uCI(&MM3pXhFk>mf9<5%EQLK(i4g2$X5XXdS-EmJNJm;hMHmN* zWWu7of`|4J1`kQ2VUs1eAMW&l4U)~&2#t@Ahsv=teL@pmh3q%rneIXYp>BH1+<9n# ziOx09WV%W`%>330k47W~_5vw2fe_&>(41vLQgbj-91WPv$$(WYa5wqv(ZX??c+p~I zW>UVlKH*wDES_FLIe4P2Zbq!@`?Q-F6v<^!Bzz8wy>BjG%YcEV(?5SwNrs+DxB>^q zZZx+;+>`9pZKv~4oNhdam`~ zO70Y(rnW6+;VwoV>^7J~4+wr3+1M24T%@E>Yc|?h{wFurBnk_U`Y5)V z14zRZ=xM-Y#PU1Q-~a9rrp^eh@X<0LJ7wSgTH|Ie+X{cZ6-y?X{9sPoE3G|U_0!Lu zqrwL?yA-sFu6@m?#Ko1AmR1Kmr*&vZGkoOxcXey)TUcZ~z0?Av%tIjN%sYBL; zELb;qnrtgNnrIP7yq%vv?*%Bz6e!E5S5_2-kG8Ij*SdcU(nY)skU*L-GOyxZ#hwIV zDET$&Yplqotr3HtG~RVKnBAk-HGnhvR zNK{;0D!aG$_MUHSZvNK;p4_y#TZ8t1=W$m{1mdp}nIkDAX#Pm2laEvpeYGflBdl#6 z%B#4Zc9RJiBf1tu0@H>?cgm_8(?zZivl6E#0mNVX66gySt(=52)r~hZJ*{%Mv%PTvzJ`ZCH(Q@$Begc zhf&keAkd8(ZO@tcif*fG$$8J=8JGGAO)y=f>oF{+Q>6a_H+WOxmZK#hoU+Kq!xD+m zRmX03ee=B8nQ&Nuc+`g1WgHWlAx6t^TAR=)Hdf5iDW>0E9sh_;A;74)adr#+iOUIp zk!`h9qajC~1%~tlrq^VE5uKi$l^RG>Og0@z3#qE&-(DUGgHcp0|GHk7es-O@7^nVs zAv3Mc)G^Et?Q5a*P=JsEH(xQ9F9J%I6xV8YDHP)bbTGL8e%@uhcO0HKrEHu^)8D3= zT?fT$h#lIQAPkK+KnR&7k&*QO`J6X)y|*_pWHaB?AKGqQ50A*dL9IW9JRh5k zBlZEfDLHoTFdccY%IVpE$;Cxq8tV4Wy8`cSE(@2HMVS9VwuwntZj8iZqm5zeos}RL*K#=e3;?fV=Vj;I|g1N%$?D-W6 ztsP2I2Xoxoxr%U(CXeQ@jf@D8O?ZvRj}RQFjnXA)axMrdjQ&URU8rTO<04 z1e}I59pzn!{YJ!wSSnE0RfEfOwd3|YyuH>1e&jFsa~+dv{$pYC@R`Orc=-2KX|I23 z;S+VwQ$UkAu|46bCsIgostaLrG9Q-v-kv`dgjt=}r*{MN35It$+ITDGf#JldOgTVV zDtJhfTyA^TW+O#(p!8rm6XIj?xopAs4n!2;&uwcq+uqv&7kynj&zANU91hSnnSg0e zPfttC^~9%F3k>;K01g8*_OAbG>Q0Goo^e(WeXG=v3U3xiGw}lU>K3XYXIHazLMV!MclpwQ9Ms#seWG;c$Ys0R8lMdi`eyLazmpriM)971x15x^*< zvVUi1MK$i2p z|LSC&vhbhZ7ix|VmbMnN^W_r1+<+K^hLV!fY^9>1lYl1Qit(N!|MH zE}@aWzCNGnEHDs?uKH+nO#Au(yq1yh`L|BeOu)mBRHSSX_wWJo71x_Kk-g+Tp}w|lrMI1>Q) zDT)a7ePrvw2SyYzk`Kts%WG0HgooXNSwloMbHL=Hk*-7@y9C54DVML&s~8*8^Ma)T z?ZZS%`=<8KhWvUQOjk!d!TF7u4txrVys+jZ$#*6&U6=1GBzUB49UX5vzW6ID9|i@I zn&vFpv`}^X#GE|#pOwv&oW#Y99WghgDa-a@jnpDDnj9NGM`~yc}QqzlARzh zJDZxCHp#K@@)Cn5%5lKX&aS-n460nvsm1j4$WR_O`ryJy>ilLw_;55IbePTUGSJ%9 zC8?|X0qO^0`EO7Qy!b-|l)qYs?7;nfayWSs91)?({69d=>m8`wPn(K<*2VO+nCfH* z&E3<8-(=w|vU8X&E{m7m=B<0&RLi0jhGSmvYE!4s;uH(*tVypv5rj9F(6A8J7J*5L z;@+5v;OO?I$cAy{J^TJC09XnLM`3c)h$$=}BtG82ciAT}kiJ4s2_gt+O#`I5A8K+k z6B0xOj#mJ4)u?i`tm*jf>qACH)><#>BpeCAN;9tQupblu|1UvNscRXSoxG_Z_quhw zUP(OeL$2S*ueF~kA!*#x|702dx5%N|tue8)mdc0Tuz`3u1!giX>a77mA_AdfT;~JU zix?QxFG+Y)F9GDE7f1My$Zg}!1aQIMb?*Yu(Kay=*X&O$9(D6U5`+x>0CJhmcD_%2 zeCu40}Or3x+}wX*C4W+kVjJCg7&x zlaR=9aBv{~y8jybrq4s7GYL=4c;~+y+qvGac#eY@Q*xPM=DTKtJ_v_>X6Tu3`iS-O zxaxIT9&vMDS2?Y|V>_hV<%y9MA@TwuXgf+(lLd~n@R%3{xl}cA@OAhz2hR-0E#n*A z33I0137f}u@PJE_;4wD(UgNT#R{?uOaIP16kvP>D@zpX;jURYujlC51k9_&pgb}kX z1Yrh)Qj83YQQHEZch!dvZ?H%GRj*IS-q5W&k78Gv`SPE+m6YICfwG0FHB z$|RUFdx$D1Y2WL78b*u)fZ+-l6B8Acs9(yNLLs`m=j2=E7|b(-=Olb)-TA=p_E;(X z3VcaAh~fqJp8-I6EN4$ttQ3_~!NY8b_WkH<_>Z#yE+E3)hl?9PA*fqTAJ&GBg68|z zy+>;locE3_uljxJ!j=LA0$>fJB`WDB`Cbz!bksfY1=|1Og(s`GB(bL70%D_SYMN6^;Vq9yPT~ zsJe*U&`D_2m9yOW8x?!|lJ0F76r%S0c{#LhAcpo)^keE(arO_Qgxw-fPn~hTkpHg`m7j06CpqrS zd}qQYt~or=urGL9fSIX;=#I==)F z&v!V07Q6B)y4B)f<`g#s=qNJuVIg9P|Mjbbo{cl#agAoO51yPwJbY*87f$`x-&sYd|(-52k^ii%IU{e1=?IBkm;kX!EQ5g|PQfxRBGQ3yN3e-a2OYdM> z88X~Hz{8XgP$(hc2BIHuadUM`{Q!QVi};IMrxBHBuE2+A@Xpj)o%vO|2%ZnU9f(O7 zEPkr&ahopytgiM7Cf4`&1p7gF14D?JThx=lcNM9V6eq z`F#Cfu&V+GZdCc)b+t6+VE%pUi-3R=Wy8y0s&5EjIyrXZ_4Ticii-YoVXkrbx$09H z;p4N}oJpe@tndGdu{KFq_u5?v57&Z@`lwSdxKNkYcS;CY{XPgdbI#1p;-LTxgl{=f z{eA*Qck0%?sQHiFPbE3Vj3$!}Ve-YlLT*V7+>#&|1s)RZbSH7m_gkrD{`jtH@Nm>-hLS9yp|T{6U)_7(b!| zAskNSFl?52OnavP)H(IuMOMr)IpZLKd8ztiv>NEV+}c`Dr=~6{EKGztKR}us9n%1b zlYI=}FPt={A@LU>`*UYOQBC+a(cR6>WSDym<5*F^tb`IH5I_8p@w6WN@RBh8RGv%2 zpW_^W;mCx^jkIBHAf2irA}{M*uVYBc4xRn}ErK6u1dQDSZGp=cw7iXPk;`^TZaD!d z3xazq1{UhH0|$uJx#RGi#*@QX|LFhB&*fQc zHfQOU|MA^y-ua2MD?4Nz%yXvBF#O+n2JD?IR9u1{2aDK%PI zk$k8cSB8;Zc?_vD{n;P8`zGGuw6}4>FEn4JixUm<_fHXjiyaabMaXS6_RS=?9AcFS zjlbDPbp?F6-l_4Z%PvoDP!r<<82vsjoAh(XIAXPYAP@)Wlnx>qYU;(W`SBWm!^c|$ zw$Rr?kupOP?&$-6^=CF}nCT3pFN6C4D6ZOLH20rhyj)J=|LRDC(A${&b95Dm&SWB` z9XSi&;HYpS#>nVu&b}=t;JG?8V`M*B!3VxMo#vTvHQFH-x}! zji^#n*ff7!kcfQUQn^1Tz@i4TN|?ZS2IzjWfXVNO&x9bq;AmJD{H8`kYYi%9;&$%H> z)G&d?eg9-BKk2?3yH^JIH+ahs>83*zB=?Uy|978RZ47GNcoDB37{|mRvg2~yv4F8~ zcrd)SA6gk{{xN3AZO-fkWiKruq2lHy;0_rO1a(BRpbtNzAeQ42Dym#!(%98NKY3+k z_NVgx>QIvk)Lh|laY~Mkj-eeaeo$ZXpP-W`9*I@wic=wo`&*F%-+;jF*~PlT6zRZ@ z&u=40X8`QiC^Z|}xN|06$U2;*Ktlv7U3IVv?iB3-oE!jeIVC0fRJBYh*W>*;C|bM8 z7$H~baUxVvQ4yj*&+^O;GZa<6S@Ukx5L`3+|YqBiUzU9~&PJ(9)8h zxi0zt4uG7N$DIYP%*f9C&&r#Ba1RL01=fH6W?X+p=R0*gYM$Q*tb8Ik6aqKkao5*$ z9Fg43sj>xJIR^p)56HwJ9`>IjC`|a9Z$^IM*bYt)hlI-qCfrd=swrHy0S_4R*`c1E z;+d_dXY+qv!T$zwH2&`xPqb@KaUf*&Ai=ueMW_$-%EB-it5&J?5JnK{X8ld*A*(sP zi62J>Z@W1`NJrfE3sJ18eznZb+HUGV7h_r+6bK}NK1f~KN#iq*W{O<#M@8{F_ z-i?iqR|drDRMq_RBRL;hifyP2Glc}V8tq>LkG$)NtObyZB&zfR=3_cp>pqwudLj0P z4a>c}a4{@(ZE&CAQH6LU|!E-HzYZ75NLIUo=7&bF(% zr5z-@KqMn%b%+{bw%9UZkl--MhN+?qrzZs|sXS!T5kQ5IT|Wif?RO_h$;qG}WIjXm zfk0HKGmu11fN|=vJ~GefYTfoZ5y-HqKa;)jm0BjN7D>|(7}2L1%C@$gbaZsYipABI zTnqt41wR2ivS0qj;kg0&styHAXb zNseMuS2$GHzfV6c6+C7y6;~UUci$+=h?-Ri+0cn`%z*hs@^$hOX?2R=86o94o@>7# z7mH+Jlw$de3KaVL`x)uzyjCY_vcD=N=DgYYtl~=br;K(jGT1|$4}>bSpddI-$UW=c zi`~@+?X9ghD)g)h#{J&CONRWO8n6oJJA-b5q*oB=+1z_C7W(Nhu(8v?#uAgeX_hH3 z9tURfNj`D*XwitJE(&zhrF(dM4VhvM?%B6e^C~h5%g8Ar>bG2QLNs z20*vA(vTU+kWrl~?h$GLwd63(#Kbgp!h(-Mz7Np)Iy8D4LXZ!{ac}g=;iNvpkrh6y zKko*0w0s*tbNI%~>nAXpp`aj&N*D@&-Q3&|j`f;_k41fC{A{JTw;n*@R|Bl!DhY|- z-HGQHcGo7qhO{&`e(vhR;(U(@Q-AtHTAG?3bw+c{kCw6^oC?sIOin6%xO_Y3K@|be zA${GixdSPU=5m`~y%3vp#_+0_Joo`gGM*QI%J<3~PAzOF$jNRe-hkCQpvj%W@8OR^9<2=R$Qp+`&cwF#*`% z-&*>LQ+Irjtt14BpXE3=e-aO9KOxoT+w*Iz!jA9G*2;H6h#JLU9I*A???+hsAb?b1 zZ7Ovy+*49h7rN3_A|dzKYc8*#fLRU80?OFN#>V*+s_@i+04%@)Jt1m}tqylY#PYn{ z#3b%5&Ga0)_+bqG`IB>?1b!|q`ay;3Qp9Ar&4qL4&OHb89_x6buMhVcy@CkTX05lg zT&jGO z|ENh|Y~-kk5|pN6!EOG%x!C|Rv+X$H#kUS6YspZh{Cp|54CT*#24qo7OYfk{<{>0P zfB*jdIfmDctG%zM2L~#fB*9bpxw;y7?gHu!dU~lf>0J;-YbU1`mi+41QTi^I!MAz? zb$GY+Y?zp!08i{|`BR8KkiCV?aGG>arz$QH)M7Um zw=7C^P-1-7Z}C)Nh&NSDXK^K1EffDcs{CSXq2oMMeM>FTCLHW&tFd=whKVc;cbv!x zz4EAINn5<|aKEgre=StS>Y!HfJg5z6kjPtb0Roo5MSJ|7myho;;JiR8doxQb*Dof9 zEVk(P`g%Pa1;S6E5X*NR@;uKsrZ1yt9{t|f_yWNHEf}KjPsDNl&Ye5j#l~2ioSdL5 zAPtUFeXy7v&1**ww3FxFD|kcg&M&ye<&cg7jrL<^CY8e{?Klu)Wde4I2)x98hSR51u1%pdL5eWFRS-5Xzk%E$v z6r^bE7o%?7AR#Bmf^tMwz4EJod%p?_0ypS+f_h}?$RtO)(mA@NHT38#_2F=3^VCLc zq-L?HFBNv3^r$7A5|I4YA3uKFD`aA2Z49B2E`ZpDOyK!dl;4p3e*}{ZQ8bbb!8|sB z-n<1BJ_yMUa)CfcT?S1CSgiQXsCUV)UoLu?LxoQh1-##TgnVjktdM6NJvW?g7QXmEhNtpfDdkaQ4>0ZE`e*~ z1tJNi9?{xv;Kq{dA3^YQ>&2hv)nMkWZEf-3wT~bFfc-;E!^^B!zJYyKP*CwY>$gBZT0~D?6J7 z2!#|;KD(~fpb-)hj#WBbLHP}MN{LCI7^^vocF_~xJtv@TfkH>0k>aNpP@sy=`p4&U z-$qB1?&a(AIB(FFyax_a5OJF0qrG**>ciD4@P)Mj%HVTc_JRFKgx{O*PkpCdc5VpW z0#5Um)2iP3=)v}qYK@D-She%Dmu8mgiohMYB`L&OtRZU_pJ%cbHW%sp`b z3ZUc>C9X z)!O_*eeLPV0YMQoY5amchV8hF7)iiuL^CyjqL`w-zJAKCyREGrK-~3i{xy?tz-x1a zlV7t#B6KiMgRBx-`d8M$(Y0P2WGb(y@O6-^Qv6gRh$>f?dpo`R+-JY*EONQzp;;5e z=5KeFM?CdwTpmp|`l>KTw03k1WP}~=uC;)N!Il*T8_Aum6lq)o=%a8SaJ^#0_kf=B zS@TiLgOED*k)jGpMnY`lfI-&uxt1jmq7Ku z0Y4@gXwnf~{m|T;<56<%NP0K~~)obnwH5p9g}EDhS_f4x$VKEH4T2LqyzW_yF~Kf_3rR zWddHnIuA;uaMYT}eQ$DpO9 zy#ci3NFNMT{CWHMphNh19>sBO0;@tV@TMyet5h%3qfPZ#46QVpk zsA|;;Q8srRgw~265^lN99~r92{>O&xXkKEk;sjm4G&NlUlgh}-D$x@s*arh*_V)HZ zx3ygc1mg=3efQP4IzcoF4>A+G~kQ8A|xk{}4{Fo(^Q#PrO}Ih2i! zjjPwMd%?sYeen}`!Brw69}u_%xT^@YGn|Vbn6Sc-&W?_TrTn@;pfMD+xOh&pVPRpx z7s{>h(bvK(CFaQ+&M1-$pzz{ILqE{h@rKg7+P4cB1JiW zpbAu~gOir_A~3M9YLY?%&>J$7*P&v<8;n=fYk+sKC@3fjii;aS{F=6YO--qkSv|0+ z_=zaHf=A-eOG!B;XxQv8s-c0894^Q|6)P*Ijg1Y824yDrw8=2$(%QkH3Fv1ShS^?0 zlO@b?@xOXPu=oqAm@uiuAVc;Wko;fp0ZIS^0 z>(25yls{Vo%0#@jw4tG)66E=H$9w=)zin-m0hMKYz~v&8{pib)gA4Sg84_b z0LsrXB;LTmP+)kShdK&zsJOz#!#fWaY46~`Ec`A0nv_jkS>jWx#c@Q1AbV9H^xWAw z5rh!&qH=VK+jEqNvT(S~hcDtjf}NdGs|E~^hM5@yihJiLYWR`q^T;Ov+>jKeqN4H= zbbAtr2no#}xYuvqzJ06h1P(I7h-@Md1e=fmCJW)QhUnPuf=bp(Z!ncOY??4! zwEiiVr#a+iy$R=#Ge)`EA)gTjN$f^xO7}P5s{Md!cAy|uFI+Sd6MH@4fG3hU)B$EC z8MJ-UK-$r&W{TSju%J_RceN;?^8(R?0zd{ucYH_Z;DO8jOjI9~fVDp1w3w`Y@awxq zvJ@7VNiPcMQY3zWW7A|gX{GLR+*wIOs^E<0|1^F#4w<)VSB4Gq>0c+3JuXvK>yG+@*3akPC8YJ@I8>@;j$2|lJj2<}gKPUI>&?VaWf%^(n3N?Wf+f*H8?9npDcPRt4-fsZ$ zcaY#8e8}kAPXmXh2XtfY-$j-~H3<>&-?j2&wXF_bzj&0z-F;(eeGvdw^7S?gdw^0;-i9da&qJya-GDIW*E4-`8d7w zii%>J(;VZ?3e^S8cLB;<;lq`ZlJo8z{r3qy6KsSOMA5!Y zMG*aq0&M`2Hs>Eki|W5K$Faw$?f}z4n2bPXR8*8np&eiO@0nw*S$jELivN9~n6tEvcpu~hzhYc5yu|ID)>}LV^s@i{%5L3+HTPpM| zZEb^584l<0K!=3sjLJv}NxSU{7Kv=wz_ac^p)%G8-;yOki0>gU_5$<${Q0xW^F~}; z`ny{kn;9$4{Vd2(1L}d42~?_vqht1uh&jRfWx}3NEqnz8sO;%kLF)|Y07*>zei}Me z=grp#hlg_jKANO_m*2XTA1ho92fn+Pmkc?%>gnl)c3G?F+dpvsP*{t-p_h4I4PaXf zoATZJ_qUpxHykfx;e4P*WneHSzPb;uzAYlnb@t~E88DnOupShonq2bCv{=)Y80Zg3ul543-ktQuVV<@6`ScpMYP z<5s@g*Wu1{)FTEE-^$C&)A1Gp@Iya*FUSC&&w?@sUn=ZW!nTvFsD}j2ED+wgkUzaA znzcMI+7A~S0M)#RoZJ!^7#MuX_>0vUoW8fPyStlCL!iL-g8Ye%D}UY$;#yWb}rty=eQ|!wjuwahESI#G?xat~$8P_%%8N zghBO{rsw!NBsIQz#Sd+OihT0qiPhxk=Q&1Ck{VD8Ws4@ZhiPy>0$$Sc z5g1kzIA415BR7RdaAIMRp%n;&VQ8LX(Ix{*Q})&54MDuEY;RwJw$hSA0fmLKb68o! z8iWGf(9{quf99KIlwlx|kEO1zp%L1kzCy`6L*}HI{5zz2e#J{T&r}s^njd}4yoYXq zH^cFAnm2#VG1l#bpnz9cnD~wG$jT%Y|K7enW-TqP&u@wsg2A(EN;LZXa zwE%WZ%C(xxi#OUs?%j9S%lg!kSDO3x@5dAFMRS+6VFBYqW8#L`G=uMZI(r8PLnz(= zv{596k}8N>cs{DKf}d>&-01jU@K^`zi%n)y=DCGo3F_j+sZ*MH7G<~)KYU=g+^W^9 z{Xz^NeWNPq2V5e(;9~&&nHkv1=aI1OK5xTPmWK5v7^=ix6eo<|!hwGf zP|?*T1QtyhR8@gh^?VBawl8irdu*l398G1`Y{|&K+?~Pa(_%Y!uAm@~RQNoLhoO_B zm$4zSHJ9hfrbmc#i=k;nJmeo%gN$vEL7@tyrth9iby#X^{z>Tl=>r-HD}@&uKWvTEW8O-Q36|64&u6x+2N&v)qXUjd1+<@%*BqYMgtw8mL1#efN^s(+66X zv!r#kUo-o7eXDa6()pDGib%p@ynG67gT8pqaT(oAL0uw9huD6i07?kLQ0g&~9D)Jn z*%%#nZNfF<=NM#ro=ilmq+5~tUOa@EOo_WVvrAI2%ygv)>8qMAz{(_$uBY< zpPL!-_f$;&b&%P(XZ4792^f>1*=&5d5MteX#F^B3(!hE;c*im9yl=F=E;_~!a}fcS zfPer3kxQ2@1>9fMa|ck2cnsceao4Ve0v1^!nE*xypxnS}7=z{08qHd}?$Y8HE4`4n zdO^5h+gKr@oN#gB>$wLkzH;Nnzqy&Pt-?Ol*R{2^sjw9Nz-brNGbi6YncJ+*&)NaL z!4L7*Fm<%4=-B?q^NEld_aS7^>6%rKm@{V1A3l88Dq1a>YpI;00OB?;;y57f_A}#i zaL}3xYUV2EgbJ{TL=ZyRN%$TuT&sgi>hB_XSedQt*oFbMD2?~HX@;BS-O4or{I3k+ z5@J-?l}R0s-{buFhMZFvsGC?XCEP6bW7VQ;2UlM%@IOAlzCjH=2O$631*`ZBM))E^ zLMqlIdNV`fiXCn*J@3rdUM66m+s&VzH8$3QTWSKadh7OWW`nsGNiPD#m$OjD18E`S zV99+=7xp$qYk9MCAOF;i{}_(3i5zNln#VjqPTdp6KYUc zSDEtn9$G_oiouuZJitnHc&zf4J1?{LuKnCmzydSy)veCU%?}=|PRmslME!xV^t|>w z3)|PaHHntsmIQDUnVFeSpv&{Q=kbc)zkgFz0AyMfl?hr2pVI`zID)kO9G*Sr684k{ z%_Qjf)XOs%TA|wND#oV?cgDob2~;&qIc;6(H`lH;gYUzO_+zJhqVMY6x^>GEMde^e zL8_*$X$B8O&HTep5r{UTY(ueuz*b+O zAZL?DwB^B%QOqc38i%oXG9yE2s;kdguyA4X1Ls4IUH7?+()BbTyTrABZ8vi!7!62q zsjybH*x^Clp2FI+*X`F{F2@QKz&=dtC#-o&#rl4yoleD<`>5?(-TelX=)RN)Zq zx7Y<^=3vEL&uK)K$U^QFN)e!*#6(1x5c4cFH8ttjY#{pPt999S)2(O!OcbdxWQSOi ziX--!+`Ti}HAnfU98;D}$NKf_1t-l&D=74Vz!jWsfTA18SA#7Nu^dmbamUm$D$>EAT7T`W?Bm>$ zl(hl~sCH|Qw?ATBDg;OmT?fJ>8d0BP^?gOEIM%_taG^hrGe+oUCdx%pi-9wTTomwLaxbOi6?dC$HB%IFWMyL4nvz; z?dv2Yc4e=@cJx5qV{m8RI@+S1(_^;}4_TBCJ3C*9j^-us4l3j7 z4lg;nI*@t8>gnA;gr%jWs9Pmj6Bm3L1LKbHneX^|6QD^*Rtr0s$!A6DMGm0%00v}aP{V;b`k0s#S ztxjy1oXL0lw1)@|c*J>!pW=6_c3fED{gnw)!sysoBJqg`6s!$r%DPtS{P@?t2)Xq! zMXJfli0p_g(b3VqF#qttXCd!1Q&@QlS?!EnPx%hIS!i{1bakadb0;Vqg4R!{?v^4+ zZLjQZ$vw`O1LY9!SFawvshYg;z{h}I?VzFfQ*%5p zB+Moy{v-C9(a-hsY)tS-WgbHZqxo3Z*Wu7{)X&k^uZMw$qelU-R|68D0H)vPi91(- zqf#?)6d~mZjRyUT=QblSbrsIF+kfa27?LGm2LhDe#ekX9nmoHydisBsXl^{CNk7y6A+6mL?KPd8nYx_7OW_I9X!SV&& zyLazlkB(v_#dGv_sh5U=PNNvzDpfVLE#F6m6kkq38gLao6YS^$`GB6J)_ednRFn4|7k)GjW7o2h1 z5ii;;y_T(5u_5;dZ@1~B+%zcFKF$oVIvdy86*re-i5=$&fqrCpdbWtnvi0QI z6WDonJC=V{hh)%DJwhST`yl@!htU?%NY{(Ew6^w#ohKRmrDsnOXmcyb=uvsSil!6q zsHKeqMKDb8U~7)q{->;yW%Wo?eyORcn%lC5J(Br$FPs`7>C3>y<;c9u zjr0`6Qmw(3+|q(((nILmyU%3Yg{Q_+1s+!$R`}116miqXNLr@Yv z)Qb9oB5l0F+@EH7|I9Tiar<Nm81P=o}R^x5jd$p8JordXEAGF;fB2eJ$&**Y}-n$oqW<>u8vOXo(cw z2fJ!5P{>6f{;4VG!+gP1|5%XKBldaC$rC4d54nxV!uxxkpbs`8tf{Y}hlSjAb#$Hp zMt?;!pckdF{Hf0Z)W9>&H8*Wd_Gv^=1fZAf%vg8f!UZw=lsmQ=9QNB9D7jPIfVqM zmA<1KGF3+>Cy>aQhTI5*TB@qd>n%zp>PLGX=NWyRNK3Z(I8j$L9Dm=uq&u^rO>E7b z)U%DKncRkM-sc|iw9Qx+ppc$G)dvyqsUy+J)bpSd);h7h0l&hUE87$kfD={FKBp*1 z5{iy{wmjv(zME0!;!R^Bz5#U!(S}(Z?}su(J3Fp(9OX@jS9zdk=GjJwZZ|^pj1Fg* zP3C(3*c(}0nK}K?$O~X_kjaL?(HSU_#!#4`vD%MrgW%+zUkRwM{@x<|a+SA3Iuir5 z#=WchPQ~TkSv}uCWDmVJI+!c$t&_;rIc>Z~Murc_p(aMsC?D1+m%uqH-%of!0*KCmeG|NuL%(oR%jrg{z?S}L0Gs=U=XPpUAS=J*w=SzE<*k2fv5|k ztV8!t{nV-Z0?YnUj11@B&pd)L6a^vS<5I8}9gp1CqR<_KNFq{U687;h*AZ{zAQs5Ocn3PC zTVsbC(q}f8dW@y$DdjBf_WvER5K=R0_RTSDj)mIAL@nXcB|qGSe&A5gflg{)p)IG5 zb|hMneiZ$!c|7p>2MX;(>XBR=Vt)dN^s&h*C>&6$1>-@B(dDT6AwkrxRam*Ar%H>DO{mo7DxY)v1imkMy@y3@`^?iPK#P3B$XqNHHkOgyB61!8yx1z+^9PQ z$qj1yPtp&zu098^SI0i~k0&{%AVBCtw^SViQ7dKl7#WRWzC|ydi}+m?y9PkwB3_^Z+qp#1YNo}&*><9?4e6J%Z>rqS z?_JJ-+9e%_w_M@DtFK7UjAtHPa{I3g3=L~PbV5)ES1CtB*3@Fh@*;8P1t6Lvq^%62 z^eB%D%GjkSHnYTVxsuR$r0+kA3n{ReuTVJpy3qcz{6?!?!7@Ss4=V~1Pk>|unom~o zXT@)GgBuWMeY8*>6C0YnIMYPl8zp+9SP`6VZ8t=71O>^S=joD)lXaL4F7m;sObNU+ z_Jk1dTmTMeAcP4>8oE#rWpYSpsEnsRER-r|G&O@%rYQwPM_U@K=e#O#HyM1_YA1Pk z&CrPFtPlLv7UY((Ld8xxQPq@K8EEAC97}rTZH^r2#b);$7#jTmG&s>MCjSyM@lino z@!R9QmJ75bANNm|#dAK7e!5W1omvH2tFT%(fkC6v6!}MRwiS!q?LGPCtHw92;;(Os zHh;O*DR4N)kW2fm^x>B*H(qvuR zw@hc>0bsqx=k1PBeZM(R{+e+ok{pc)s16cej5|0@gTIvhzW(|p7AdwK$Q?J^zNkWy zltJMTDG`di!Z$!eOz=rY(#3l+TboF+N{s_z5gx|vQH(@w6mHL++Favi{>W|K*|TR! zz(>44O7+lL`vBIDxPrbNXtPy$@d#jXM35J#DAMsmxHpdB z*qknYg~O}9F>&XHZom;i$T(ji!|C3#Mwc_id@w0^ugwkbXi6)dBJmQ$fN&!lt^a1fOUOUU4=A zUCdr=YzjU9>O9?3EF%=)g^j`kk()Hyt*_8AQJbM}2LjpV>p?Qpz~edxgQIz=wV0Pkg8a6$ALhL`SUWL*^p z(Q>o_;v%>AXwapYE88^!8HXTX^qKnGHYFND6Y~{1Y0IW06^ivJEcqwCyft%cDH_17 z34{rS+UAgiU3OJ2V!Lzb@mZ?e@Vx$tKJXHfY9yTdeTHjWlB=t*urTD)wz1}B!7E2! z-&+I8fn+GDR#Sl0`<}ck*&2v<20%B-z|Pwaf*?AtfXD2g4$Vy&fJO zz9A$JKrM^q039~$V&F z<}>pHpIFAD(zJW~XbbhLF{Y~m@;JmT6zNQShwLSPBIY+qGdD|96;kZaFiQ;o6Nkqj>0sDlgMgQua3z{8#+`UKwGNXR}Z zzw}MrLq%>S2&}3J)H{Z$*3imX?w8E0>+9Lp@_-tcBux)hm%gHOP&E za&p#zU#b3WprXP=shqGiw2s&qXlXOaId=F`O$BKc#6%(}n}YFzkUytBcbrE_M^+W| z{^VWXhpZaEn_sy{nB)^+eyHIC+{#KqJmh7}Ii*?^E6f|EX^J=cIaXd0%j))M!0oetP!>Si7&=ALVqA3@xfVJzopCd3w7S%DTl0fjCq#;7g61Z|><`<}xuU|?=!(J3yTH`ID znzC|TQMTpqMgJEu8$i%3yiiWD-~FbW`!p^E%3lt*q1HObX#}l}nA|$XIYEpA*oGfS zAt7Q(NzIa zNOKqLT5iolqnSc05}O!=IM5kZLP=EZ6_Dx@koIq<{nblb?OWzxTTxBT*jrUkh6l)p zu@BUtt>Rm>C;;G_A~%upWbAy>fO*4kAPy!fZ2l{6^efl)^b;$YGBsN2|w!{qpHGQXg94nt@4G}X5 zG~Wcm52ob0IoYSbrfA5mit*Md4& zHT?W{1`SuWYw0OYLz_@{W zLbKq#O|pLo32<2RU?r&rCmDi$W(6r4`7%IJaKXQb*5^u;!c=flqt**t9Pw?MF0b^S z#*}8eWsDYa@$l3_W#>Nh6u(Z=R+8IwOmbk#yux<3Bj>Qr=lPsc_ zZ$>j2dp!Zk6$0EYvSWuZ3cL!yk5%=D&I~L@zTFkWQUNJb^=J$KGb{HOI)DZh1j=4@?;XGi#0ypE z<5zibBgH&LauPwG0F%e8kQyOwW~G|@dmc(y@oPV+ZHTU8Q@Z{NLky6~n2Lc&U3g-C z6}FW7%?Thbm(}^J#_?$(u7}l!P_co-6=o=JSNn=)jQAx8aj`ZG+&XpCf}0o|4Xubn zV1OPJ zeM5t4@HV-@uHf7#aLTKEj9e$Z{;AW=vIdR@S4Zs^^i!ql@d2S|FhaJg6LUvvd7RE~ ziWZxHH)cg)Sw`|XtC5d|sxk2&7IP*aq0UL-06A;Q9FO=7A{GWG=$6&WA| zBE4VVwE?%Qh0ou(dT$yrg)KkOi>gz_zFCXUE11w z1FARNP#u$pkqCv}W>8XMnWacdeW$lV5J>8%AKp4@T6nVz@Sj2?fkvxfUF--RF&~^) zxMm$Get_9jiF2`s*~*xcmRDJUX-K*3(^oZ*o<)Xn<^rHJP%;0;P7Sr`#>~#n9{cR_ z8)%KpbYlbNz$~ns0=^K9LQ;Q^X3Ox7SkMn433f5RVXV+P02TV8xTBey?ORsC&bIfb zBDkhC*YC{ih^^NLvkUP&qXLZ*US3{b`g$amf`Cisphbcl`Ec;}CbQE_ZwJRvz6v&{ z?XH_lD>(bhGj;sZpn)y&3_xM&i_hK=Pj2*_u!HGxUqpJ+mjE4cen*cb?v!xRD$<-{ z+MrNcF1Hf-mV6;7`zV5YczTk9f?>?k&Bw<_ zBGl0{sO}A+GyJlm2QmQ6$O{J=xng3mL;+h6!dEpIBA+%i=!$hv9Y$RB^BY@vpbnSu zz-)gf=}U39qY#J*^oN1zMTOX*x@~$Lf-MM{OfPP6zEMHM@HE{ zjID2*1}#S=3?pmlJmii@z3{a0mX_qv2v_9+WxX46yVum`mwUCc@#%>2zZeikg^FZ* zp6b3QV<@Y_VN5|lO*bA;6+6%_hq{Y2vFZWfRzhu#NX>XbUH}SkcRkZv_DNqU(MKEa ztPbQJx%LNj2Uqcl+aAbu1+YeAs)WN&O^0I3r}u7?%d~IXfFCH%9<9U9r!d{Aiv1g7 zBWMI_Ucw5eg6smLh>7T#efySBSsLCV!9jGJZ09w6ax!j?XG7C6Z0hYCatvjVMrfpm zEf!vGu+D|Q+hxSF7}hF+4x7LDN}VtSc&fJMLXi;xde3FG;p}qV0Vv{<4MN6&!`>lL zRsaMtWt2NnHy5ESAEHu5R;B)k7u@5`XmCT3c~5=3rJdwclzzbqEOuva+zRz1b)LXJ zH^Dt{Q^9>c4k$oqWu?`Hkv3J;)%2)HE9Ad#06+&n2MAn;-D8XR=qRyH80tS|x;3+lpkI8rs>bhN*z@bKC%$+G*`YX~;_aXr}q z8aEhs0qiK*)cM!?l_>?t5w0Qfc(l8WmfSyAH>&hYTb%q-U~F+fA>iA?B7(wzL6KP9 zkt(Zvrbxx>FC>03E;b58J*gDY(+WT*@}asJ`t|;y$oy#CZUz*_y}|6rg)ZV6sA+N! zJ&wYAP^k)~etCI0aZ$LVE;AGM;R878#D0jtD7NtyJ+2|>*1$*jLo-r|=wu$2?Q<8n z#GkW%GHpzHh|)Wf9>v~*Jcms4gTcHk9{}@Ttwk1ui0vub2Y)pcXpXI3U1L=&hczlE zb*|l#?QOlJghZ3PzCe@PqQU`m*9ewU*^BPOW!Di|7&14)=?8W6&=r=f9dhb(Ko#BG z;njZ2Trm>nb>#BO*RM_UN>?d_9eeujX|N3HZ{sXuZMT(0FXg>|Y^;eA<~Vom+?W_n z?uq&vJJ(B}gxW3^;}!z#{8z>u0B~W?=wkfU@RIu-oN0{Cgokn``y?9f0-KJ61c7e~ zGfeb?{>pF-v@HQZoljo9+V31MnY*kh+lcgyz-Ybw{nq*22kvm6$5bKQSdu>C#=_{x ziK_?)qDldN6TJAAgM*{`E`nl7Mn3>K^%Lp;W60|}v^LRfN;LoVmiIjpHsQeP%FRah zCQ@-vSbcf|@W$kn_Ux*9I8w0;yO;r;XxjRb*jx2i3PO_e*aI(|5 zHw7!6ohn!)CBB6Vt@q?6Xxe|0h~n}c61W8qTcxFt z=$p+Dg`m&>$w{mbn@VjZ>L?agPGtl)p!6^>>&L2k3}K3V_N;>3;pl@ccP^h^4Gc!A z1s8^dqM{I4OR!qLLNSqyZ%KqU>iYmt&8E^DIA|(uxlu682<)N@62rgmK7nJy~JzQ*!=p%IP zgSc>K$@{8(`{^p=j;!P;3))hpdpot*|%?vhaU3GOJq!1G8 z*GEC*in|$()w3JY{8R+}P#YY*vm1+;Ce44!iL1UieCGkEy!ZY6YNQ^hgwVhpz!hWO zL_|fMot=je3h2}#a;RP3Y|EXNo_-lr3fg-wk)CMc@dOZ_5jZRy8Z@+S7!v>-3a_BU z-I}j*P*2^nOJPK|@SEu}VH+F&Q>N%~5@{QriH2t}q>Q zKug<^JdHFXt`LGgB*2%))bM-aY{d4NIp0O!I{WD#@yx()=D zNf2?jpgjBp`2Y=ZpU=frv}^t4I-R!|@(co82ik)qB-j=pY>ABtKsYX9;gjrfifx*GUZHDH>_qkB?rUS=g_(9C`pi6_$-QB*R zG!ugKs-0{wI4F^8egmDP7J$k@h!AdpGZ?uam8@IP6!rV;X!i~-A)I>@%*St!$G121bsZU6b<@|E5m^y2 z^92LRwIGtKeCaAp6z|Q(yKN#jlWrME=xBTy9lZc7Io5TcTOsV^C1aQOki(~xidO2r z$>C&RQmig2soTh_3-}CyPAJ;Zxig@<6vm;~6@=mn*1)=3KS5w9D8MKmxoq2|1g|gK zF#lRVbBKJpaJ4jA3CDJj8Dj=jeBwOe_OILjEl|0UpTAKMObsR(n)G|Z&x}QF1iAMo z&@OHe7a~G)19>!~LA499ZAsne+Y;N0QIs4Yr-$7?9N&BwD4jyv#^sour9>yofVdfi zG{oF_UB*K2k5*=|-B{EAqzePs0#Lq)AtTT=Ud+pL4)oYsf3NIU-oQP1r;Ey9s54Rb zPhc_up(vUoB`Am39feG%L6H|afN1me8>YN}?@zEb^|^tGy6gZ~-_eH2PrR|IO1d;A9>Yv<2Zcr$`poUila)X!pbwW~ z?(v5dP-r#o5BX@iPoc1xe?oUhB#0+zlY9o^+f|UJo8i#MXt~e@MH(|HkME>!xLGob zEK>R61^0&1uYPUs|E{3%u3Jhhwu7sLjHY7lm!{B^`oELcDi4gCUhG}!w)Q>5V=oaU9HAoh0!uO%fdeG7GJ zGa?_2rw=jST!4s=;}=$iMnRze5=9M7A~nXmjOMdcmri{%J)2;YoQjE9SfNgD9$thX z0HzH?9KPn9pQ8v0frcndpcvSL4UNn@aP3+8mX3<)RriMDSMs-ri)O(o3Pf@NXeh&Q zO=t*GG9BcHOGg4X-L3RzZR0)ZPLW9kun4=5`O|SDF4LSqRN;cInAuBT7OJQgv_&)! z^lwvG$1tVPfldXTr~gg;|2r(szv#VD*}5f;O>6S(^8Jt7ptx-TQ7nOpwjjFoT#L;k zwh!U>0T3sJFs)I>{d)*4+C^4%ILRynUlQ?Nv!I}$@JQVy+dUYp_w`U+`ZhV#i_P%% zN~~TTgr0~xT7awdm*wAQpH$BpSv54e!gv1E_6Aig?DE}LH=d`&jL|shkiA?A*_E12 zquT2gaDV``nu90+Q?LzpE}Sl;34kA7DH=8RGc}=~@d?PYZwf}=IJ}MyXj!yifz{&a zpLyFG@7e|HxL(@rqSqiJzTuO-Li=qDGX#Rmu4Fw{mp)U+p{|a}3OGtnyngMb@o_od z<|+(<1fWubD=!%(V{FK-?3>sKM~)rS#n*S6{q96_fe|(Mb&*%msIqZ`8`;&(?G}77 zJ1+lkpX{!KZBtT8Dhyq?T{J2a>xz!!`hiRAL z`lU;IGH)S;zXZrYGk5Q$p_QVvy3yroB2rlFr&Q-RX(wScb8ew86b9NwAMHY#1KSB= z<3~2<75B$ye+^=eRw{UMTlhn*SU$cig`SRU*ROM4Q_C0GOx7^{ENQ6!m9o-LHrY^B z%JTZrqdFqzug9L5*J`gmwzBAZ1eRR?QoD4B(FAH z@8C$883V#^(NfuEn4Yst-zY+D_rd*`Ms@*uWvPWRw_jYt5?%-#J@)ZJlM#ntu7b%_{6mDFaB%sdEiHS})?rQ+ zj!(fTC~26v?2NrkO|LBwqaU_8zy`buyoI>#6TcY<~f4YxGW-Z-(bR}%xo@L85G&H_WOsInuBKsKlIf1sbm}jtk z_VYc=jFZ>V)g?*?XC^E|^R))KQ+oCPzTF3dg9jr!I}eay8cePSPU~6sC5mP7;>D2` z=aAlLgv$vO`FG?KZimq%C*8Kl7?Z zfIL3N`}Yf(pF_#x0)iOcHI=kI*UI$Fwk6ya2!5!eG#n#?>v*=uR&Cwe(5DX9M)tF; z3gGPnS7Zg{fGU_j^kc%X6{MWd_348dcL{dfeFHeyMMYJyX!7@tG;aSEA+dI?krjN3 zrbjrJy5?U|h^%{u9k0qR0;vfmrCe$`Zhv~22c{C;@cxApw7MLk(lf2zl%6q)xpE~G zaFZim@718U-Dr92K+$2Y|MMkIKbEnC`_l?l)NYG&>AP>N-W`A6b^C4^ZkH?G?UKjv zVbN(Xg07c*^V`yYy6NBN;HE&U)Iv9n>fWE4$jH09bamChsbVIpA7~2F`vGECAWxaK zb>pev2P&a_yu6kdWsW?n+&3hl1nqi!Ebbqf? zmhg|$R}SUu3-9dgoXs8Y>J-?rWsA-s=t zqz_d8U6^xxQR=ANX=8r);ArH(GE>g%gNNW%S%5-$A?jj&Ae_GB;N=UXuIQkVc4v2I zj`)AeZR%KFZtfB!0Z}y1>e6rD)?^n^2Y5Cq_bv{Jj9g48515i{b~z4*iX5(F;N>u6 z(n>({;l3`XNB}*?K+RNYG41o&-nCg%RrQHaBb(9pqT)k;zgGP_l^2TEwZ0&uI3hL0 zsD88g-(xG9a@UAGCNx}lQ()8kmAdh&Z)Ue8=f2(N;8BzMADCR+ zHrpa-Rp_R4H8pQHpIXo|$Kn@k!oh+Gad+G8BexZ5aaz|Te=pB{=IUe}AG;7QIFfnq zUE{p_Aq(B=WX;>k-c7AvUikI^g*C*s7`3-O?jy0DwdZF>9EuK@4!nx-d2L=IUY+r{ z5hzwDp6A1tV@4GI=wHE)d=4m#Egoqlq)8eOBT|(}>zo++_-cZ`T-P!ra zNxyadQeQ4*&gL2mLmDFI^xu~a6WBD6H1jcvrMkKrpzN+jk4w_++pItYH2ns9u?f)c z@^_n)Be6?TkMI2sTfCgYisx@%-44Mg{r%VERB_LlsU&OPf86iy#|E)$5U7bzGZ#;E zuU|ypH0$Nnv5pT{XSdE#Ke9A?Ad1C(Z4=JdQ!yQgJCK+5?Yz(Kk#{P!A_;Nr)&I}S zcHMqlaKFnM(NvQLVYZ=tNuxNm7_PSGZ|=n2`G5JnpyG3C%IdMTm-bKRtnlw-oxT42 zyfve3%~N*`#N~9G|5o*_b1r^*>O55o_D`pMe_Fo!WUqkoWZj8_7e(0G?M<;cRbmyK z;&s?Xp8r~}#Amu(B%o4M2_st0WBl%oq8n1IMO@#vTw|$aWa$SDhjDJp*J}vFUAfz; zJ#_+a?3D7ZqN{!6c9@Ejzt8Ru6*9g>!COw=;`}fbPig^ln z;kADZ4f&8uQ0zXBpU=m4(e3Yt&D6rW9*hLJwKKQPp&8FvE_|VoP`HeBP2uZr*K{D_ z#xLQY&!0bk1tcX`6b{1KdfLHB^G=)87P+bPjErY*>=*D|ywY-2kqKAgaKPPt3nl!@?!)^a?gFx%h^ri^l*AL)xR$6_+nv!YBqVs3J&n0)2Px-A2d?;7p|fPUy0NQ)1q`cQ0CJRTxna1Y%M1 zjMjJbvyGHykoS(G^GU`L8t%b>0CF+9UZB3kmY@6S;*AMbtkYDEAm`CU2*^hCS7RldINwA=)V{vg?aOd=3IGE$1++&!rg(yk}?d^e@0Ikp)MS#wi}Z=vb9u&5+~ z=>b7c$F$_*=;XArloT?e))&l2&l>{G%f-m4mEe}At(~2DAQv4NLs7i(M6WW2)Zyp+ zplF@|+uM9y2D_m$8san|gIL!@pYKcYK&7Ol4tzd@gBP54U3HW>8}&ZlI7wUEKk*ViZcJtH5j$ZWF* z+z`_3UHyq>G9n6-JN$^Ptr#RTC^D~ZvYF4Ip|}TfmVn-Xd2c(^IqyDvARp`6=^-}- z5~R@WaZ?bcF?4trqR445-KNc(WiZ(ii`){aS#weas~SZ694{{~n;SCI?fVT4&!bC> z(&8}s31pfgT@N{ip)F=(81LPC7=1@}E-nol8*!S)2DR;6NQ8jJV5zGH=bMk(9RjG- zTes$54zo@K6iZ}9|8Ig98%-Jn<(rIQjL-__D12#aYXj}43B4Oy@*AGVEAk`9?b6q0 zW0+%lEg0rn*rEMFDdYQFgVV|hQ&Cr!`v=EYT;x>^0pT!);$F5h0VgqT-@ZMjmW~9# zJEvr2>Ab!Vdm$vcQWKtKBK^ZsV(y1{K7EzYiGx zRg4grNlL0c)YXr4{oqEtYCcDz6?sL)wHMgnORulj0RT<{FoE+%0BTe6;Xw!zv0~?P zOvi8-JA-z5-p`V(toaJ@+yEk4-rl8m%aFh@yso|<=SZ4_QPc)2trsIFZQO~M+lmxZ3vl|$M$^RfY~98%7TN9Y5)FL znof8(L=3W#6@bho?Lb;uT1HOJT*e}Pelf%|ECj;P@UaGqmAB9}Ve{P*u!XMb}TdIDi3;1t+c(feonWUEn5lp1Q$Pzv-Z=N^`n z^h1>qd4IpLv8-aHV_1B=FpZuAYqm_uTL9c|1=wMN;M>QaiB0`_j4fCHc1oIw=~!J{WY93-Y+tcb zRCFfqzqF-=4To6}Z|r74W(HJLDEm915U2eP0LNf}&F^d?%JOFoOYq36zgy5TlK(tGC!JlpA_AieEPQZZN zsFp^`?%er!$u}nqiaq-S`>+`^BJE@&&q+(JU8@GN;=bc+KeVzL3=DJ%)|@RaDG`IF z9$E`hBnR=Vh#DVvrLoj>P$1AZ`qsadi#~k(n3|o<3Any5>Ld!tN+r-C^;6BmXkmUo z--q-%(kt}^_w0`cx^v)kLck0D9S?|4Bo{vlQZgT~&cb!Tj}1_Z+U8$9S^#Y5=IAbp7ic5a^ z>BL}@2u&$Qy^7uH7Z=A*?syUxQjJQJO1>_0uf?H|E5J&TH-tnk1=i5OtCQlJ1m`sP zBPB%?9!M)RKO$GZS_cw27>kn>wnz}~AZi8GD zUIu47qw=-FTA-N*G(wpXa^V6kMp9aXyu&nP*&9YU5t5|Dn4JY(1`QoLkh5<(3t_+C`xchj|6_ zm-X)qO~CTL?@l$A3@K<)+X#}2wNmNA_HlLu@L-Y_DK zT7t>SAM_x&k!Jh{Z=D7~`BsDAHngxHtVN5N%ooq&ajcgq<80OcLB8gzqW(j+|KC9{ opxMPa|2L5R{|mDI`=-BnspWZ;jshMsz^s-@rm1?ZiPg#Z8m literal 0 HcmV?d00001 diff --git a/scripts/release-analysis/time_difference_plot_argo-events.png b/scripts/release-analysis/time_difference_plot_argo-events.png new file mode 100644 index 0000000000000000000000000000000000000000..7e6c6431583a8994cc1188abb110857bebde0334 GIT binary patch literal 68592 zcmcG$cRZGF|37{y+3O-BSy@SDk-aaJsLZVFR46lhMY2heWK$AFlD#vt6;U=>C40}` z>!|y4f4+Zw{{4A8?(z1%oY#3Cv2199%{)3k-_xcV74}-acQ_yiwnjdy^*S@(+ zxMcst+T}GrvkQiwEw|;km3`~+gbW@fWo0Tn>^QCFwXtLHU+&8I%GdB65Aj>+-~(Af z?89DJ8i}jB9GoH_gQC82zuxxE%Z=aQl<4w#ap7mDv)m>J4ZZ>f`|rmfZs-Rd)qnnh z#)bXgPhu^8a>(DG76KuK)Bk??0Z+X<^xtpoF#rAN$^ZX8+M*K4D#x<^tFO?N;mJq) zQP~!&bMu2GT|d$XIF0tVT^2`})6>(xQDo{gN3*InM=_7j&yyvnKRSP_Q(uacoju3= zc^VB?mm@)4FH6wqauQ~2qA}ckv1-#{by`EStHO8RGu+nA!9iYL9@7-f8ZG6v5F+`k z7rsS3;oPf+L3Ozjn$uTwoOPz+V`3g`ug+vDhtoMYIzGtE zp<%3QbL6b^lXv~Ug`Iw0eEIU_*wd@Bb&tqTUMsmboJ0NuS9H6FeQ%{r@Eb*7$m|2A z2JuTeI>!$VcI}7C?~_VMNGxq^sO0Ls>rPi9ye+~g{D_S`2YbP8z-)QHWYjl&X=%x# zIZ@j-Y684Xg(y@t)Ge{;=s75i>?X3THTpCj_ zE_HZt`0S#-l@+Jw=0fD`?Cl6932MQrHEJDR+RkLD;3C`piJ4TtroPzHfJUl6OZ|vJUBmF{aaue_6#vIDWxDt4d2nOLJS7o= zY~t%xxyDeM(__DXlluAjiAzedb8#ILyEo*ol3Dj$*m4O*YgyZxogLF9yZg3r6Yf&M z-QB%lawFUC@Zk1fF+XOkk=_*d&amjc)o1FxjX`?`QJdJf%*-$z9-i9w=JiyptkFKZ z8|lt7opdFF#-&u3pYgrfc+R_0cU@8O2u41)FO2T8tLufNQf74l5S~{-$yu>8!PDL+hf>Ti;@ZDd(&Ok=+@$Mj< zQL!EN{5|#z#>E5CSuy*Ohw9w*s;oW_yW|d;PMtdC;N+w@TJ7VwyK$E&z<+bpkM+TW z2M#VS4UbPLJ$~{;YrfKNf1SSEW$wtWTenKf%Pq!gAHdFWH{<)=pWoaP!-0p9@m%96 zIDQx|SS?>@-I1o3JHEIW{rTx>4u1Z3pZZ5%U8cu0CA4J-m{vz%IaF%Dex+fIB)B_R z+-P63ub1V_BI9{{e`h_gqCzSuDXIINkrb@yaCzP5&&1@6BDFB> zc$nSIMb+JnKjX8rA#g$S{=6HMGBa1@_8%7B>YDgdGAi&a>8O8V;z>FIWBvK9#&G(c zOjSy835io|Y?#aO0!5`Va&oMz(;Z5Q7w(QNEKtB`xXgVy=C!#{RBGB&lQ7j5pXs~5 zb1k=TYa(25X}~fX55ukg-0Z-|q{i1Lv|reF&)wzsH*$;+Y%187u;quncT;4%+WoW* z-_a>OBCC6KIi9a`dBkf`f&1w=+TYU&x5mcDH7B|nIAH-oEx^GIj89A)5fc+zTO4J* z)s<3In))WSmQrrdzsz}t9q#qYl`AbREf|d5_YcQ35-$X)WGdXg&EtEpJwv@~WOeJ- zWTe=L{IzRTy*8qZqBaksWp{`I*kTzc_gOZ6tn{d|qVI+QYh;nS)yb5t!}~HT>qT_j z)MDS7bCvJDBor6QcY365Zf@$&h45grPw#%VI)|>CXkRTXH#*rIO^C6wwzl~3@lN*j zd=~f`Z*TAJ*H>ASB=6_6_g}$rJ|pQ$JKU@}RMywme^Zj%XM?IAZ2jg>L8Qv2g%@#F z`4{dDh3xHlS8n{Uy?E(T-IrIFg>8Cy*5<#{z!cUS*;fU@;uFZXY^(@cr&ktJd*H;>ErTRQN+?$cR{pBSw z=K0|+47d5g-uCQpg&4QSi-%{g=b828=!*O9iBm93;=j@|SokfnUok#DZZ1oQ#Xh)_ zEQwYGESg7!h39?umQ|&uCA~@}ySJo-id~8Q=%d_R+cz`keT0^VoV#S!B*UA!^G)T* zPF^6(REhiqlaJa#y2tAD>}ZV~X7a^Ge)SFsY!wmiD@h^k?dorDRM455n~S^7>lZv( zhsRTR{dN3Ryh(uJyCx|5F$oEw@W<#k=lmFY3oM(dEj_oV;;~dz{?K*IfAzj`pD$=e z)fF>PWJ|xZxfuQUF;(T}h*wKT2TbbO?l;<}(Q+9W?S%r<^WI#E&+y~ygU|L*{C&5l z=uzdbtE&r%j&43Y*px%t3hLg&nwpx%{ZYR|A6T~SNfI<39v;`;=xnWa$u0M4Uquh3 zU+FHarLDdEiByn{jjeW~Ab@Qw^mIz?NR=1*UE0mIX9ES6gd^Uo8bf8ygsI*upOsQe zK2#P*Fp82uZTl20cMu{r>iu z%^#bbw9M-scyAuKZNCm=ZYaWU zSv~*Ya2eDgAuTrCS5x?6H?*Yh4T+~iF`Hh@%*epU1eBDNJbw1fT2>aeC!T+IhBB!_ zet%-L-2U3v0JT@tE|SS?L;;Tz63*N%GBlrP2&J2BXlx{2SXgL`8nuU3cm!jIx`_6W+~U>j2G-~%NDyWnuP0<69jg{yuo%< z7h)ir-ktjSlL)3vF;&)wFKT#kX}tajW_-}TMwHdICnHG6VXT(W#K>ThpWHv#ms!rY z@{1g+0@Xu!ZnzI9V+qkWs=W;`Y%NnxvDjfzXg8%56^S+Wqt!B)$sJchLc;LL?d|R9E3;75E?&M|4{#^)drbgfSnq~0TBU#*$eQ0QC3E@%-ArNpBJH_2|=lb4)9{~>Xj=h`uYrTDLtG1O=w?ZKZIvm*LbUmxx> zEO+!wle>U`02IBC+q=-v6>|GBEEK6B}PFcz!%pc%_vN z%bCvd%yAN^4jBJBGkG;N68PyZzB@?W_9U2+mBQYB(Wz0BuArbm+rvsQPwKYB>()qXa=QY*_D+Scl*wz>H!SSHYs1K<|o+#@HOA`7>MBSS;$0H6p% zeJm|4eID%w^$FHRiTgadghKi?Gbn*{&7G$4`scF3Lg#mqgZ5YikOdugoIJQ3g2xLtcmzu zcq)SBLlE!-uh@BOf_a{SG8pJbq$dzJ5IktE=h3Q9^)s9VMnU zzRXZMlifz@q!uf+CnTt;sl(zHk8I}o43#>*ib_pMp`fIs{5d^s0j*5GWXaH>V01&hR)9!Sl{nBzX>*UH*Tleqv=}D+GjhzNx zgoR@_DkvG^{b2iM>T{HSXtEGuSb|;+2(4NkNDB!mX-5gP3EGOo{Tb25Z)pmF7Mpjw z(;g^4@%#Oae`|M_epjgRLkUn9prSy$qXcGfLqx>H9%GXs zAvpm+J*I(}Cb+kFp!-D2@IOGDgcmI@F;2awl`IFg_Y<7N%wtUFD2>K~CWt*)MR zt;r}{{MHTlz?pvYbgDOXvXooX`7Y@|z%R9pjg3r)?Fr{E|9POLb?(Se#RlNR_r3f@ z>V*;cRU3@Z;e%mgrz-_hIJmh510R4D!*Bhk-1ScwqDlRxevJT}miw-ojw9;#t1ovM zMof=)B#g?kGVI`9ToxcLai1L#XazU;J`38DDL3ydR4fVs#zk<*eYHbud~)(=km3Vq zi1fC+MEZKl`bGwp1|M%@M?7Yjr2zoBAMS6C&&?47LV}x#8wjeF%v**v@M&**wPUpZ zoe@2d6~2Dk@R}MqpdSIOetX!%?JhrupDkFNs;ZI8s$kb>?j>bERlLcab%7h@V~G8s z`yLNwwfOvmYoPdUV%Z`dR`Wh~YWO)D(KP*6C;{dGl`s*75?rFir`R)o-LeV!IXS64 z5iwssB$s=~;)lv=Yus77^H-okhJ=OXbn9nX<*G)r=$AQhS$Cz}l`YYF!?!7+(Z4V~ zz0uta4T=_~w!WFw&rUY$>zvyB#l^X~P+}Txvri9+TUuKcfoLE|KMsWOtqu^B;mNqh zvAV$J{ms!y0EqQT63#fOMVJySHFW@xB7;4X>fMEko3g5RYPzO0*W3<$;{{DspvUo6 zM*e`$AzlIq?AwI9p&_FUVAbgX=p`oe#kjzxx8n7qtwH{S2S2@8Q{UAk6yKi>^Bhqm-VNe@ct_lw)WfZyX zUs)-Q$^M@K4#9GCS9&bio zH@sQ_BV<;KIZj7sG1VGJ*DSaFlLpF^^AkpxNC1?HHBfKy)AsWD0f+=Erq@C_i-xP2 z!2+aXwThitERqI(A1*T*6cj{v`8sBD^a&u?ZTp0fY{}4bfz{sIP7x>06V&Xjkixy+ zbtWE$*}pve;UUzFcwnlC-^`?VQ2;b+f(<7)PG0%;8VpdjGs11axGhM1RzWYlJG*`!9#ZOmdg$ngUw5I+elUGeZ>zvr#NdBh6gr__0dVq;;L z6o~5H!R{i)Um=hH_&Pb%8&#-oj$2FS^FNAm2g*l*qhtVyzWp_eTv|rPaiW2ERZoMP zHnJom$Ez|}lQ#~w@kylkpu*UjtqIRY6RXArI^O#`U%5eci7lny2_$0_AsQ^cTMzU@ z*kMc_r>txa($8%ux1q#0F8%7y2hti2MYg`LkG8Y3^EN0RW&OE+TjRlq<4C&9`qP`Z z*Hw1B01*OqYn4-SZZ^8*x`1QPh0Kpgy3U8dfLX#;pE9Jc0^Nx0#5sIGUa-k&9=~`I z1{;c9M5K3OM#O!|4A|FEkTx#d8>tMX<2N*e@!MMOHx<77Lu56=^$u*r30UbMdzgLy zaI>Yoy+Qk`%uUDYmA$HGs<7hU+x83a85NTq92^i)P^dsprea`#6|Iu?PqV9ok#N}C zat!BXWY4hC{(fQU*s)`u4)%A0Vq;@1N~Wf#NuYSeF$aWXH|4Zkux0h#N^jg(8$9^@ z(Z`_YZmIevB`GNl0On(nDjdK`Oc?-gI{;M(ZmO{EU_8aiiMz&gys>!B5GX-+siURB z8y%AB>grD~FFk#TI$BEMNAY6{RM0$wV40Av|L&&;AcYTj9l8gRWpfnm-rgQi=QH^D z_(XvOyx!oV{XalksPdCbo+i>G13P3ZJ z4x&OpW@hHt^fWgai?n{J`*KF3kNV&PE^h8;k}8^#$yeM#b9o3LmNY6VO7ZoT1tsf3bwu^Oeftw+4kO7&egRNXp8}xKi@@{PJJz8*BKnYHDguTSD`ogT~Ga zDkcf$A$$ih;GIt()|~lxyGPOC{(V{~LP7A@M5f-$$_e?2As5xpDex$5Mg)VpR_ZdR z6?gv<+HUNQAEBH8`XQpEEOF(*;apguB?Lcu^vvrdE&BI4lAcv8uoUT$U@m>Zx$Em)@N(T-w}hhDk5* zT(<$*G6|Xx*TU;7INUcbwE%(m(ZmqJ@}M9#qQ{@D8YM@m;jcCO)UIA_zARYv5b(?? zVPP!n@7caw`h(rkL)nkZC$U(AU_e-~KUm$pKvU$E0$PNAG$Xmy0^rJjf8sb=WoHQ~ znB2$y07#&gbHAbS86 zbG*MkR&CN}qprC+6^S?iK?Jy!(1_u3w z=Flf;Kb3;ivULpKRTB?*==Y*F671ha;;h@OW-2VRI z6@$`$yqLb*8Jx4w_>l0tzdz05x98}+zus>_rtoj*bu!`kRh5+uyanUipo@`1S!$a5 zk3C}}4L1z?B+QZV-;DHttc}R6lR%XTC2-kU7s*TaIQZe721^NEX%PcLxH&`r?$QuU z_%i63;~*Yl{9(aObcl`OKxS!R4EQ_#+3G8+t5{mvV}W&St=sqt{;8>~2+xian0@0! zmn$Oxp;Jz-hBs6p7JnaMH7NE%b^}7{$&$1fhuQ8^YrpzPkqQpLo1;nS-_uauv@v{l zjfd*^ar`o4lR0NbG6JicH|rW3m19?R#b9dm4;k?lfd(X&s82C?Ec57%KmZu_;I$=rwO4efMicSm6YY=0R#0J|2j;4u_HOu z7L5PHhxl7tTOlS30HL?i!=ymK$gq8C(7>dR?xsJ63UOH>WOUbD#5>&FufJ zELXxq>Oil=YO5*%lkinfD?TIyA4{!*vw2Y$Yl&jD8r-yHy^0lAjIq>lwBTkTXugLCh(f+s=+ByzO6ZFC+V8;NHE&e#<#Aer+Lze>u zho`vT3_5WG)1!aWs&==ADtx=f6lYi7>D}J18{|ePR`0L6|BfMn3zp0)tvi2&E^=mw zgaT4#M81Zqswz}`dZ_HE-Bx+7gOJDfKR4NDu^XhXzOxXk>_mYfPS}24IVVzV8uG5Z zpu`>lqx3$T@u{gGzzX9{ktZ<`=RcoIAWIapSAj~C)^q#4F~ z%Mv+g09u-m5d~{_9LgrfA0Q5%kT09V_R38=Ab`;G+*dxI?g8ftT>}_L6SO1F?auv- z*wR!9X96hZICz{!apu2m$IO5|x3;AJN?LIR!6L=IFyHi|cg!p?!!3RE8FQ7)8A+Eh zRPpIbtDCOR<__rTAJ$#c-S}v`wKPsQ3SL}4*sD!ItC0_cd4Az8Bj73P>MoGYg+LN^ zzWN@p=)~c{;$eFUcvO}EgSYlpyLv#G03j2w0s*Lg`W3GHAaZw5TYiU4Nk(wAdgs?! z=ZT7Y!;-M>z?i0lCDI6_q5v><<ef3NWTn5WV%tw zJ^dmZS`kKa3@|4=_w~N(cnostTR)#(eGhuDh)pjMAO{RaP*4z>&!>(K@;i6#T!g+2 ziVI?RV2Vs>oo*%b1ac4)8_U`B25n}WhhNmJCcoT&zBc@Zmp_J!eGZTeV~X$29T2E$ z;Ue&GM=>AgIJrlh2F&$�*cG;HG6S9v5*mt!u^TGIf>8NT zFIP0x63j}v846O;KoAjibYdk^Kq2hiJA{qz>+6du()!F#5CLF2bATHaNJ!ZP>n?0S zf37A^&z(SqgQI@$5I9*KOvZbl5+e2^mHJP?(<=#6y$D5+Qy6yFs$Y%1P3T*)+PzW1 zjH}vmJU_n(G;=;VqWbCxtcbX|>gEhBA>ZNpe(U_yC59izyq?{eUty4T7y9+>T{v>q zM@Lx+0`UOiwsdugjW&P(US>SQ7mlR2>GlM=<_{k}bZ2Rtgy$+4*w-lh5iPU905mBY z$O7I|ZjDbMlScrsH%gkEiZ^Y7ogbc@dHekGuJc8RAiUk)+D9VN8|~K?AQ+>Ym5Gt=IQ|WgaCp{84RgX;R87avaBbqh#GmQ1YMk#-E<`np1fT- z1w2f5diC}7V=7j!twAo@OuJZ$UVE96L|M*eF8=O4%iO|zy;PJyeAaR~S%GEBR^G+^rQW{9z8tvkL z_bwUh^~mf^j*MS@f*&vF$qbec$j-{TZ7SsFa7R0pG0E*M9nHFujAjK@hg6@96XkA; z2er*r&?Q5{!|TC_OTWgm^yRW3@^ncWt5$ZP>M6bcY7P=Jux1?aeef13kObgq0+fzP z+yP@>wT}4ZBS7RpKGUw}o6w#A1sMQ&X!Z{C1Hyc!)k70ZV0!axERIHlnsX9#^#^Q3 zXqlvV{(5un(3pvd>2J0IsK5K>uv-tr7myqeJgN!AkwEb4(0qXf(*&}+@$~AC43g8c zFnx5k1T3%%q=<-!vS%I8I(X6}Fi@z@_2H&LjT-J-4-CVO$a;N2_HjMeEz2Ea!~6%&m- zh_6bMPhOC?Ir@PQy9Aw8&cS(iZOsLB2dEfyUXutc_E}|7e}AHLKa>v}3d=ZM$w!dv z&I$i!rAoUE`wiItC`*%PQWb`jkuNVVfn53tkg(;S?(8I9=|ErDH%Nd3>*N815KwGl zagj1oB@mdnaiu%@hTFsCqR#|wgn=R+azYG#5uz^OG92>_<#AvT{S5;QN2b_$)#_wSJGzE)v2y~)TVq)|~HhrIQ5Oaj!3rH=<*b<&N z1$8P%_}=TE`fnBJ@r5K#vu9}Ox|2(yTbI$dvM6rcbo=7`?l>_PdkODviY$YdI?hVH zJFqGVgAu+nw3!qVqSpL3f0i9Kq<(>WHkr{K5A)>1O8QrN!}E~q`e6PK-{*w9X{frH zCZ*#vX|p!q(wRYn)%=ViU%-yB+M!-mhMh~-PDT%3nv#TI8*jpG;vHD#$R`KlISF%t z@dwg83CcaKEfK1(pIbW5$}3v4VA4|JX{2?UPOLo_;hx1=B?8KigrGy(`}a2S6A=(f zgY=VCT$H9}rfPH(lCg`Hl`nN)2W=5b3hLzmInT?bgD}w+FGz3s_u`j?J5szPbH^64 zAI=P)So2FrqtQG=O+zDm=L;va3PP~1pc4|2k`@k3Rzmr|*;-J2c;LlzoJ2iEx~zS& z>xC#O7&k$R=@>Khmp9KD6y#fXyhvazbYHfRhBXYTL{M}zCBn(Zph3;k-?c>j1t<~{ zj(I16apvn6907@^4lLxmzUT1LpwNl?9aR1!otMJO0=@WeVf=%ChzE93yRq|jfZ^=8 zvvvnCk65YaIxlF!Vkma<`Sa%~*?y>D!nWV|yg{1io?{u=odAKp)NzvF5hd$A*$wcE z*e_i8ws#*QQV5d&Y>AoPogb}XMKvIXLzRk!g#sc;K+M^tq$*yTzvY#aJ51jsCMQ>h zg}XfLHma+HYy8J?(;=PF7zO5GqPGRAk~u#*EQrgO#V-$qW^)20LLrd?$c!Ng5yUHH zC|d~CNdtwOlDv*$cH1+o?I|)Rqor4fz_|nqVh^OC*{`oDMHnNupM!h}+FQHn=_^U{ zHa5H{fK=TDatulzfh0!8Z}_nmG&?Lab0plotV=t}{{RPl1g!`H2V_+y_SO8NqO^c; zgMxzzQ639`qj806hxabXqQT&C87A3puS`Lc|3fIwY<8u2y|C_vm1J<$ z)pgEvv+JDPY;{@L%?f)7&;r5JI);RBu=08DCjeWihu%ECun+}t9y)L>d}b|C01?po z#)C}*K(|OS2HD`5C#&|I($}wNj&>CR4u#Hf6hx^;RLB9{pu#de2!J3O!jWUp4eCMI zK1Fl{3}~yEhWJLHD2`LDv=4)WCxOY2@lk8_aI0ap-O)Dn0-meA5sDx`q{sSg*m*e@q2L~C>f)v?J7 z#2cIyVc(sa(Av3slmG*@deMuOmF;x%-a97$Z)+MQ_iC$sHW!TYSsusg>?H+Uo9>1l z^&TRhNRiLIp05JqfyhS$iwq;o=k0_pOCbjI@87~E@h_PBe$u}30oXJky2kC4LV>Is z9j)mdw6w5Tf`VZVkeiap3#4)+t%Lf=%J3SdUN6rWw3G)xYLU$|P~|0t(mycN<7k|~ zJNzpE)WW~V9zXsNdI}A!8K1GTa3@#SCh(As#i<>`AnhLHMd91sNT19AMADd3x4*w1 z1C$JAmC%<#lNOht;0IYJwCdZFrRV|ApojqKao&)$KnDMRHg#)DjI*};h0!p@;P-$qHp!V(39lZ-(KgSnQg#}7d;LX;R8 zn{;w^=5HNb+yqGok_NKxcXxp5I*xw|Iu{o#X8Wx@!_NR{Ld@gG7z`+&)G*xL)jnRU ze;|W+yEhvPO>d{$nZ6H95oeGEpu;HuAw>or@?(H+;I70_T3~7+wTKC0&Zo#|Pdi$R zIFofd!_S{T+0LFNm6esXNPh8mDQFe0#yqp+tA9H)MOKRmB3rtz%fWpk*iYMe{I}lD zNptobb_0V~qk5bM_?RILIt`#}=gyr2y_uk_-setlN8&^Sp?qdf+SOE9R0oj1S_v6M z1YTg|tN|2_gu))XQ)*abb4paSs9_KmDJ+9Xxb;r<@BB8cv1hhm zxkDlc51)WQR^$pOCd*ao+`x9+XD8KvI!Qd-*wa`TD&y^h6)G>pP>4^cb>V@ zo+w5MIFkjSI0dL@82DN|jJuatyaY=@$hp9j#6;Tz7nI8csTzU_5};_F`KR@9HtLL+ z4Bj}Z+E*pEe_&{-)v4l$)0>z#-s#^jY^E%?kNLUzV3Sq>R%_dkyOe~)36SK^BHkaDDL1NSahYxypk=3DhoQiMQF(%DAWDdev2ZM~ld}EM)X|Fp2em=j~pbZwT0oqj6_zmy#`BANF1D<1NCwn;kNzX?#l8*oSO+rRe+w- z(%1m@f83)-%C%0wu2gB_R>jHD-a<_#?64pV3$Ta=w^5&9Xt1Yvc}XDt`!_!ccNe}p zQs&&ujwc7{7D&MrnAa0PNiYXfjfk9F)DL3aN5Iwf8~X;vi@7)$S)nEGAnFH|TF~*v zHtZ18%TT$1{;X_l%rr4E@z~3cqsr;_!2466>;*u9M6FZYYlAPvXTtyx`18w~6>f`B z4GlQNRX}X11(QAsMPAZp4q%lbq&*IHBuX(??{64^xa&MY$#8Od9lrI`^7Tg`NCC_2 zMj2w1;~k%wxm7)YV%Nqqt(~1J;dJ~N1h3qMnSsxg`DyZMA^rG{|-l2LU<9j#CxAzS0*{%p-PQfBtd~Aj@)|W z;y`Oabw0o5fRQ(j1o(PA$i@h+hvU!~XS1sld$#PKpEaB$lLY)T>kF_EiA%tQSlw$9 zDfJf*<_o)?c@9Fh5(QKtTM*}7@%r`YEcJu{NNSElP9Sv~OrqVRiLZuhC@T5XY&=WA zH4k5uk(O@P{lT3ji{VBpkBP?=ZTK#Peh)py#F5fkox!}dSO{ttYTeM<-RJ191wkXS z2hxqgdPCJdCn1d|6n~VHlQVXQ^cohtG$5r)5KQW52J5s3+5wZSHv`52oNSQH!e#cL zM39#m-!rL4zjFEWqc5XQ0j1xJ%d~7P@d1)&d?@#$bfNjm=<=+TCWhY=YK11K#7?5N zxp!jKUU`H|+EU#l@Bxz&H9#Ss9T(&;FiW~%%#t)}{H~U@!W|sNfPQAkw7I@6I!Z@R zfBkJ>C6p&{&iNOd{Z@~Bm6)8E7=z5X-8=*$!Xtlaqz=ul?@(79`$3{@SIjgS_U7wyK#l&VQbg&Z6k-x+hTp1`HF!4|iUi zxsZI_rj@z|q6mZXB=u0u{Qt1IOl7{T_#0Op z{Ym98KI>~Npq1}F_frnT^f>Oif2!}UoOoFA_}%r#tR)MLhsf`6dIz#V!t}AId*(0_fTbBClUI0xqt;}!tBMCJ= z9y}xzYyJY_#CK1@DEwm_2xmz^(g7XSaDFp)mT^0bieEv_aRT2LqU@lg((lIFfUuGg zfn{PMlarI1AE_EldVC8)=+GaZi`=2cq=8$5QlsF-fRB3;QwvUnnGnNYfaHUMDzHda z!H`j)jMmncWWv4Tdvc=Z$;f9uupU^y>ef(hTj$%M$@r$>EKVK*WxXhx9VZ zOq^f8&0@9NuN|wC5=a>H*Mdy*%u5FeALLdLGn~qJ?v}K3b!DxpMS@{zH^T@31ti4K znzp$8VY;atgb-Zj2e9D$AyE?;PIO2J(fs#9LWmOrr_$4V<{>CoJHW62Z73uv>JhZ( zk9WSJuJK*$@6IgJ0U6b}L@c7l~lM_|XJ zj1>a0bmxCUv&PYy8~XYB1&Y&rHJKHjvpcS;)5rV8JZaWE$H}J}jALkKpCHQ@03(ZX zDyhCZX8@xtgFa&vn-PyrBy~gfYjrd0r3Vlh{Tg2xV9h~*a8Xx-DNzEC2r|d6;a>va z6q5x2Ipl-Gcpx5IzzP<#6sq-b`AoYoJ<|wQ%^rXe*T;YV3KBQIyu2na8e<^ z#VK(V`LMrD1KEgRkEvQ%u>W)_Ys@pVz;Y?n0G}qHU?RdmB)_Gz6Ad%q@g9f?P$%Zb zWdSRr+ZVPM6Bv@z zAiLyn|Hl>JlOV+4`Ty4#cveA!9X`#iLFki?i3=R6{I=)I=Xg3t7BZs)vVCz9*P%3l zG{8w?4Bm5ZgsnRRuyC-56kmVE!=UZT6Q>4%SPtSQ;vlk|1>;jkBTD(z5WlTp0*39v zjbKa7Gqcx5b9at#us`v?sO?b^PxJGYcgUR=3Rhd&l}r>)^-@f5Qi5;c13o{vC)0=V zZBrm-7c;!(Vn2Jag-=EzzhyrpWd4$l)&>7BZG(8VUk#2$YEdMQ_?Nmc|MHCUH3cP1 zFyoyKS|mv60l$Qin3x!Y!qKFlfmx6%;QDHtbyt_9;wF7@xQ(A#5(;i-)@7jx92h<; z1GUT%z8szLg86b>o7J=%EG9QFXj;ib$GZTw(*7O7KLIkDuw1_A#kXO4UHj8+yuWp3 zla2j@Y0NbK@Z5vV^KoUP=9%K4uqi^n+L-^oH5Nz-`p&%qdShS~ju1VCNi-bFRFzjLUvuV`!8 zSNJZRYuxZOSBX9cJFl{dLb}AbZ#Sb$+Qk5*RsH>LFi${pDjrw{-<5-nO+MmONcM|$ zn+Z~)rjBpFBu`>6!zVq?gCfbR?BYa$kLRE%mG&(B*Mm*byG3+QJCWqL0Go~#&IBQq zAIJ=x>w;q%V_=ISDYYqz`R`139B6bXr(?uRc zQGSFeQoX>*3WqD6vp!L*e_lAQwE5*6oE6b!qzB0qQaR;nuRgsHwRMc(bo+TLx6GS}@)6f>|@; zb)-C_6p*LWGX6UYul5{FKzVa|24#}4rAoqL1%&9sD3ow|79+eZZ6`vGNj`M1Q~u+> z6(OCpFGl|Em%F}%B0Kw_RtmLSt^PDiVqSgnN8{=&2qyWfan6EsEbw)ooLEh)fyc3nEh5iy;$Jl|mk#nQ=921(1o23C*?z=v)&8r*qiE`nM<}*&LF2V~!82w*oB}Ka+mHd{d=R)si*)xD$@+ z=A@zGv!YKh_Y#^@eD;J3_nm6$Pk`QBemNFj2B;;JqE8&r(gC2?vt9TmKDq&CrpDkr zAr;zODzB<~TwobG*BfH|ndt{Ql0#ZvN;3~>EO5=1^M*p6=cOuaDmcV;jW-T8+NV#S zZf`;KF$kz0I;*0~@s(w^uE;oSnC@FUJ?8x+JJQsjl60gcULJDJ;pB$7O(Drw5VV0l zhmL8%IUD{cIQK^dDEi;_ntm5h8D7&fKioj?^xea_^yvdoQK)9eb>?NEXmIB+8NE%| z8ckN{>ZWDWejS{fWoO$T8j?LteUm^&N@~zzdI%k~gkU0CdWC z6S<-S?CeIIL`T?ZBI8u2&N#YhN+W5X5b{m^kzzC33Bmhh=-aK~#L>lC5K*%!$ zJz8dPoXsQA)uWjC5VHg+tfoyA3+xY!yiERw)3fqD_h;b?k{+7Q5$Fu=v*aO4kK zXfrr6Kwclj#vX?=u^0bth?mwg9Q>-3wQDM0ug%MvcX%%!u+lqDSd%;{Tp64Cq;>+z zSr(<}{;;Tn&Y9Nr0Su+8aYTn1s%l5rzL0r>g@Q~QaH=dJTmr4Q2@WJXfP8|Ypntys z_iQ}UIxUz+@#v5lmH&-+{pl;Xjd$!YmF@r7a0uHcvT}%9KyczcYe@Z5s4+&}3j_!LC)g2OI_oXUXkT(WF2zK@WqVuz0#lt+(aL}=T zz`Hrj%fr`OO0hpy1m4)1E(<+2=3RM$m9d;j4E}KMXPHN+tSY>u-u#c=OFOB9v%0xS zy*A;MM&H-ne5|f0DaQ16ZS~pEJ}e{nNMUblS!TI6HxzH7h#$LXC>#X)D|12a1)a8X za4p^=w1NDs1(_1AFYT?@cB|F7hoYt_C1r_Oi%lD-%&&+k3l8`9NMFW3JR5*k-UahGsbQtXQtLP%E} z9%^YGe77$f+VVUZ7aIwy9~5=$cZqMB*cbzy49AVisMj=1txGD}0`ckg+Lnc-%veWV z#*^3>eqLM44np(OQ2)*Wc)?k37L#~7{GH1aG;2%Y%aHQXrT#lF22D*bC@1p!FlOk} z7Vu$Z+%wDlvP-*ES4*XMW0I1iX~eX1c%c|4y4Vv`O}v`JGn};i{u%ZOcv>+A%4(u< zBodyY!g(^ISga|RBh>Spi&*RK4x@LD1W-2?U~F0cak0iIdJyM8?MF^QUs{Ik8I79@ zup8Nk(3aV~cI|fUpI9c0yn_U9^g=W0pXZ?QE%sy*YH5YV7iYbG4MGJA`eR+bnz50S z9l?Jd_}1i+SEXyVI-cgI#|od&#j;>yI?A3tBLxgq6v$LGEJ7=LHSJA<41YYU6EzH< zCbf$KmDIy|hjB^+Q0jONVY6 z7ydXTC#bA)c(AO2a)^cdZ33$+uEA0j$22lKcyWFSc2lPYwpjltAU-D9Je!7FKTmP< zmkhB!p~h-Qeq7*Sy@bt-rnH<0v#he>ukA5_6POkp~ESYSsc#w-526=V*ypr z(BNbspNcfjiYqP|+IzKz4<6=q=2xoJbQ&&HmtTIRf3eA*Kcl;iFLSM}3SRGV@uk4R z;r^oEGMo;Z0J+v8DJmq#K+gn^`rIl;=N|v7{6vCxzivZqmk7Ut6V-?L1R$l0fK<+x znbn%aw892hi`B3eqnV}XfbJ;)Lxbo!5gZE)7i9l%H|t76k+F`0n~vTuWAo{An_Ftl z$~dcB-ip=6{Ug%iflztk?5J;j08L8x3V;aeGhg%+{Dl<`7fs_GInSM#lkhB+(iIp# z&Hh1IQ+Y$4Ua1!B)Q?OuA67}m-qKC+GXhMC;K@ILND9rQ2t2!H=mZz^$fTZ@e%k93 z=L>e7q#qSgyj_zB4Y7-So}Y*r%hCL#JL#`}1JB}%Q%`rlZtN;GHs)i9)`UsymDfrt zDvuiJvEPeZ7hn^-w{Eg_oQL8rs;jdyoGgf&9lK}oLisTM<^qg7>iJSqC$+QGAAlDN zdMY{tzpRWa)@Y}88yj)8-OcA_7pu7z>kK=Dy5RB<9$WWEie#gAu$lP*D}w514wxCm z!r@o(v!i{bgy zNxx}{Y78}(0(i5dU=x{|K@JXRlRPv^A-4r%I2cX@hRbn;K-e!CY`3(Z^;ak8U3P(l zERchJ#mK_hp?i@bHZP1mOJEwlZ)ap<7J{zetTuskX=`awQBxnmfZDDEr$I4ku>XLj z`Geu4Nh=(8hu}7Ix+X79D*sMJ(T(_tbU~32R}*%2+wivmE3RoRdbYr{*gqHn^FZff z!orSV;84Q9!0TjtxnAyH(!svT*bus_QmAo*(p@6=ar)WXo|fa9T^cwm4GT91G4oI< zEEbm7RX8{UZwWYtLGCU(cL`a#tgER}U{z|Pt{nEn=3u`n}UHK>iJtC4j?n=NG+CIfZ)h(~IhmKu;nMx!iy1;>&6_C;`myq?@@$ zB?1sKGopRX%^ss1TG?o*$$auJD1O*3owN<0__xELGW(MYlb!T#@dTmLfdcVu*Nk%O z-u+~1csX?r-of)hDT8Yke1Rq~SdqyVSoeYNH&9+WTLyM&&2$AJH;%k8{2PDLDb%M)jXS`KNmGhH@^Z4N?r+DTJF$&?E zLfip%0pJ4vR)u@_u5cE^ioZWA#W8V;NHH!#0ptz!NCcEJ7QD?rf!&1L(13#qa7+jp z!|n@ZGYyc~)P3q@bWB1)Q~7s&h1kl2R)whSmv+XNTRw4A=jooKfDsE(fBS;KksJ90 zP%Xga0x=N~cbFqDpyKKKvAWkr?oDL4%FhrKVK7nx?-Ql4ml7eNKwEY1#fIWxyjME3 zXfD_?^rqfe$jMLxxY3DR5DlSm3oqJDXdNnXt`KE^Qp)2zrPoMH*Y?jaKX&}gT%N7t1(wK3Mm?z7^?)e zA*G!3h8rlEH=ADVDj3&!< zX-ANXqy(ELgF5SUC0VeVxBw@@lTKmBzhjaIoLAARPtb4()jg z_8e|CEO2FbXr= zcuMFV7;crn!KTIp``zPAzhyaU!<-7nQ<$qmd|R&T45?V;QR7~Ume#ZK>V^W0Tcvt) z0Qs$?ctr#Aba)HE&qm2Icpm`TV9Pa!`;_qi;mp}7kWq=@B$nP=OoUf{&1$CGl)tFGO=2_Iu9S!r5okbs@nK3X8}b{bRWc+^oKNb=UuClM*B^jL11z zHbF_m;lm3SK#K80klTIkRXi>_zJ)Gf% zCIYJ2_+Pa4>I<>w{avtlg}`nmV-lwVH?|%f#s#;PNy?SX-*Lkm!b51OAio&BSpkl^ z@moL=1;UgV44mSA2x`FJ1Emlw?kRJ=g)%HCD+-@^>wX{C$MJ;(Q9gkInuRDe&Ra8+ z4IRgG8{~01ESi0L<#YL>dCt*)H)e%aRrpn9lu|)k5rw|cn+%dxpmLk z_2P=u!ZR0)qLvjH{Q5%FMV^)R_t>y78tL9p>QX6MT20X3yDv-dE^r7Z!xS6b z``;5=rXGNj+1`~aI>v4??iu%C{0Gl`zpz~S{gd-Gga01pVyIcaG|tF-GEtqU+}-F1 zs0#s05!8g>vK$kne3%R6gJcL7T!F zCgn?9onM4}mxr#LufC1%A^z!m!PcV7orY>S-4?nKy=CTwV{$dUq}Wz&l962TaoKK4 zBAe%b@2$on<7>p_p#WQn>*aX&4D!?O@lSrUaXjJi_%p4;wE>kuwl{|qcwheKlprju z?<=A@7X#35`6Fse^2Z_ zlm=%L*tKYUp4)6U9^@Ah(1aw}Q49*$z$*PwVlQa;7B!-i%rY1Cvjsu)H2=qATYijF zVdG|@g4EpGDa}dOX-N}2PL-N)Ys57Yj(%JKJOuBBKqfz{=h`fusp%+5oNrtoQWyX+}{5NNo^fP>dQS#K1?hfVu=P z3PHhlc*zF2pWh*GcybFJE@4yNt-y&>zDuS0|0C=@z`6e0zu~XFva|Pyi0sJ7%nBjO zR#9g59wl2wWX}+?SJ_1Nh|G|Y5ebnfZO{4E^}qkmeINhlevadJT*q}Cmmi<+=ldS# z`C6w-{E&;p1rj|C*o=8tlw*IiOs`!1;E-f?Hso;&e!~?v%EXi*RGH`iR0Fps7P6lQ zVc~R3E#OqZnT4F67J*+4K|p}K7@+tOh3mlP#cP1{;9+h74(mcCUu)b2`Hzh3&zSk%~*n#v@Qc~)cno@3p@IE+vL3ZU^a+ok+4J;cL ziZ0p=1o;4L!y^93`2PCzZwll!3A39o0AW6?<92LEp_q+Q zMd50s9ZBuH*mg!d(ny^Vtm{k;qgc7lS1d6d>2r3_IvAe^-{z%sX*nvfSnZWf zL;ql>^50ef8ClCi1Ev=2)SZR{Y^8UdB3Ey4`9qQKcbwAus8ip9 zPJNkfwVde$Y!HUj1NZ zH>F-r`WwAB`)=W8PBQnN0(S1gFHH&<(whKU=FKbe=%eNsu7m;gp@E1uC2qe?P*XpKGLm8Dh_uNN6L%$Mf>MvBslhP*>!CusrIFY%dS@1) zqf*bc>13ttupI#1s_syakzO~VF@CXY1|tQ{O`s5vzX66`#Tt$kl#lW<*2JKDO)B3GZHzZ}vz3C=CX)>381vR5&2dK$2u0F3M=DAT;9HCy5)01J;Dl2GkKesTSjmgTH2+{n1klfPh&28_D#)7h=UWM6yu3 zNCHxS&}liW)d%qpP9HpfS)*^5)MsBAG zwmP|iz&|0d#3lFz2!=&g+4K2tXAsr)eEq-!cx_6hwvrnO z76n}|4-Q7?SlZUreFo%LPQ`TT2h@&vg&?a(6LPI}2c(|w}3?gbUc65tJ20aZqTwS140Rvy#%pSPyI3d6SfgDu% zuSi$Qk5r!tK#jjKo=b~?hfnaFf1ZcC@EEP_1&ULOk0IL3;@%%mW(Xk#yhubu1O+GF z9?6P=(&*m<*x}1{&(+H`(xJ_d(t>NrV8_ZasgL3uH$ajq#xc_V-yA`^h)!;(bvEAC zodL`X{g!D9f9>OkDX1p+`NvOU@4gxSf12=M**h&wER<6M>*U~#@k~5Ee3X+IJRtWM zIg|MK_!?c7vE!J}2ZMeRdBJaHjO;USHLMRiHIlUjV8UpgoYGU}=RjTi+xs;CKpjab=S&p751NSIL8n+^wl~#+9=+N1e$;&Di2TtBx(}5}6{# zs|IMc(kMYEZM(N5e=N^E;NmPDgGTKIsQ99HfdPB~VnjCw2~H-eWLtk{@gc7AbfJ-V z8hvq*QZY`~`k>lKV5u%7+u^xyqQ;EF)B^@5kMUCPQ~7Q!4Ft{Nzm(G6Yw*yXkZSN z&`||`9{XybiJaaAiqWmyk%1>s=1I)kT`)fQM2Wyw!%I(vRJ5A+JSS2#=W&kjQuE?T z#sg@ChFAPUULvP0ioKxidkj9iL7=B-JY*yYK>eY^j~8H8IEN(%pX};x`~ARF>f8xB zr6&d`BDyrs>C^`W3e2@woYpMEH)MUU3|8*)O3;A_kLTH4Z(jgWEg{|*^hLEZHK~?& zXIK1ToppA09{&Y{=ZaZL?_SjrPIkW54rx5W^0z4=G$%F?RTopb7l-EVeDs_U56Q{4 zjEtGb2E4z58CjFUU_CIM2#>fca-O%AwWLa3GGXY}#@ws4q}@i;y%ulI+$8YE01^30 z?B`L@nh~l7O8G&BW)Py`OMdVxy}2pE67`eSZsIBiR~F`ebbhmt-1T&W!hs6?D0-d3 z`%KzV=OWLPnpg7zy{$el(zln%ht53v;!KU+Svym$(c#z?{qq308(aaPu=M3la^od; z@`L;&L^JJSVYaVJdIOY_aIRInzjcZcof}g|=yw-yw_*c*f`tigbKH%+ees~hbp3@G zCu=ZL0#IEm(s@`Qu)0-LQK3j+gwPIhAh4!%kEwRU*pJ`lzEV0%@zXRWrbI`kop6Xy zR*{G)X>Ci1W^`hl^Is58Zaf+S20foKnn+rY^w!X=44Ohc{?SjA&KN{r?V+Ckyz%)* zkMPii1!Zp$z#TiF-(3Hrctw9^G^)6nW&x*-hlu2B&$mb^gw-+yG8x0FD^+w1bkLk& zJSZra-8cvvJxy~p4pg<>S3xrXRo?m$q%ZaoumvE0JS5X%9V=BKb`A#$Q=P&P?))!h z8Z7hCo3s6NWNr+Vy*3=8A|xD(XAA9jd+=CAA| z`U%dcS4Z+-m`6q!pa(?QGNnEF5!!&_)qvkmj(!w5C|HXB>Apo$OClA^rvLJ;g9bo- z4>cCDO&zfQJZj&puM;?gLfc_0Z^j4nLYSV8Zc`h z+HWl$_(kk~-=Q)zN@2ty#nLn1@%y|AG`1zU%gKv`V z9^Wg+9-g(A)7n;_;=vK60vP_iwd8A%$7u@4GZx%_>e|{8_X-ONkb)u^Xn~I5_sp1j zxX^1mGk#!W$jmOOI9-q@wFeL@V4uD}d zv%(`)u9HKbSr|Vw`m{vog}fINl!9>P={0HG!OuR0_DCwk#eg-TM~aj(YH5*mL&6_H z)93cP4*Q&}Y*b`vWhn;(??)AzIcaW(3}cWEY03!x01wKh_wW!0v8dp2D9ud}Ru%T2 zIW6wo!j+uPF5*$Xi$_<71N5xRPcOz6MrytEkHA0ah&XBU)lnV3YQ?tRIB=Ob&GrRc zsE>%@llS+lBbx<^zpauZh}jy&av_!0lZet8L3DsU!K9m>u}qfz6EEFd5IOz6dk!DS zAM|O`|3Kq{9fFDdviNtUenevpL(Y3j-~FI5F@vPx?eVT9)_co>j4CJ;215A(7DGxL z@bMt8=}d$3V{|MrsLX@olO?jd^fEC1l^pYBB``0l8BEw(S@iA_3nDE%31XA*c7RDt>zg#9&*-cZIV! zoHs>XWKI!4#gEP=$1Hg;@V^e$Hs$LvJ_1MGR24pH5rYN+z&QBIkf zeu`^!mtWnsn8;T*z114O94W@+V5BgpAvxm{S?mFH()pLkX2-J0d`1ljD0&12UD5Nr zrK&*91A)}|b}y$9IABnWaII7@6H(4Kn-27T@dDgmHoLG+qOc^|A579;h#Rv7DfP7V zZb4gMC{&VS_n=~T!E>X}xsaXj%xhF!3!Zt)u4A7_Y%#)L%o5|g3i4mnGe>rJ;$|0z zM~YX;H|*ldDQrcqW9?AjUZ1`Q7H++d1kA4^!5);?scIVDFw|_z{M`-JW5K z`X^Nls2=Ve?@hG%A?mIZz*c16fyOJZdUQtHplk}kMd)rKk55aF*#525e@lU7=MQPR z*6o~&V;5v`Z91lf;7>Zar-d&EOXx5J6c2CDHD<} zP6cHPfojc8n*Id#dpEl~G;nqGM2Sw(LRdQ_QlFFo# zk4S*)RzZfhK8L5+(dxUe+v0TxMC18DKQ(%N%IG-{h7V-u1X~h{77C-YPyjE%Mh%rA z0nbJXQi{LVe(G`*>TA|amiR&@40P)i)by0IF&UqmKYpl$KJYyqV|-G!4SXGu>bUSF zh~0kG0WP~5a1DS)9dtl9z>%6JWVsOF}3^0Wxt#WWnonXbc1o zidQYSXk!FGHVkGHKxv;l@$uCmN(KQh0;rhdAc_mlFXj%EPGn!MGIdH+@28mJO+Il# z7=&;!$>5cf^f{2$3wZO^x*tk6UOM!=QWD=at&J0e6d@8}r%&ymI0--!L_m50PS&M# zo1FWQ&wJs|!4+UlKsNa*MZh>1Jc{L}4I=>pQc^R&kAm5+|2OA@jY0B{|Jg&v3U7uu=C=ioq*_!?xHQtHggOG2yNkic@*y&2Hpp`UkQ;Ii0u;n zAxlQYPWpMN)hAnUnAO4ogS8rS02aXb#KaJYa7O89p7tcjEDY}ljp9H?eh4f@iA5r= zD=Lr>^V!wa6~;j{{15?$2qcBdk-^Cgsk^I?AuwuRw+=rV5@lqAGOW@jZG@1Qr(Oq;)xyrk2 z#kQNH?!(gE|BBkX1oR>GfwYNd-EXtf&GW^ditsTiyf%g(J=Ons6G9r_f7yg8E)!4d z&dyi|vl}#zh(YQ_Fnh1sec~G*aL2V5FLj%Wo zIQ+OIV33p$vFmLi>H&v=TyV@7T##Ggyl-7>G$F1|SRNM#4A; zYB+y*?Sn1g*b%?;c5=lCVwpZeR6iEx_wN{gHt?UBzRLY?7aBLWQPz{(TnyZy>wWJo zS6o%DxJoAjH1?fusZUOqbQ?4FS~hPOtd2)hIH&UeVbEARuZ!)o8+9AGSo(vg5)Z&c z6QWvCy57%!ng6w--GAjrsy0lNe(-$8eN&#mvn{4g?dJG?>6*#^`FU)HU?n!H@NEtb z4BRg(JA*-ib@b;P>47*!(nIJFF2U&lT)jcL_#a3Vhv?U{7^^O+|9H#-{9$SlVpzfH zisq7Spsb-RS>N%1$KZp3IZ?S#Yv=b~GMKX0e8MI2m82rp@O6FoYHt0~(06_$* zARM~88(_IYJfKWt;(K95A>;PZw^HA)UJf`6Fb&0{1$7vi+ku^lTQbBJJS^_c*hh3V z&jtv=tv4MT?7%aSi~{)Jt`T-$*P1N5hPqG5*9N=uP1F@&D`MTO>0|9e$y|`V%nCt0 zC`+~GUrcmwz+({HE!Rz3bfGBJK34w|;B=gM5!ll7lKD8k3@l-)Fth_*@g6(#3}E3c zEJl~rm0;Et!9S82H?Q>HvSr(js>Waeuw1Z4yVRNO;Sh0A<*Jw152s)Y91BVFNeGM= zPr1@tko=;D8?=cbryWMsV(9OK?t|;xIbfKd3$yKlek#f|#Sn$*3qy*PzB9D>|0mbP zGiJqAsv{l9u~V>yy~Mgfo*$3HvgLpCLk})gD3P>^CJqrGD8DH@KX+5G5kILBr`PxZ zWF+w8xe1TU>bfAiU6bOD6(uYm6vgHCqwPvPczNMN(n0`E^Fuq@{slcEa^5+|q#H<5 ziU&-G#Mod0MS{eCpf*S&2TXVvNJ1w14Xg`T6jbltebED# z(j96Lrtx#u_DgG~YcZOJ8(&Hdx4;Bl87onLJ=T@YW=k$Us7)*ik zws`l`i4Y8PbAmOh)HFFAjC^G<-yLG*ytFQXb6UL_t~EMf^C7th7i@7dC|VsZU{pav zShNxf!vvHMPPyxxo%d3V^Z`^sDwt%+;{z~9_fvb6%x)$Nc#){foOJwtBTpzxkZ6plH+z7EL9=}Amjy@#)zHnR9M9L1#XDC2G>%xG7%;8E0 zZ?DPmFIQO*oH%fw=r9(18-7BmvLlyHq{DL05`KzB3W~J&PkV&EwGk^9bz%ZYAQP2MhkkXd$Qq4 zCHUvQWI*%Lel-N7gs3ZfBsF#p)AoNczgISv25AyA; z-~PzwdEo@=EtA4TG6Zr*c=au z-l@DfiN) z-*1vEv!`-=-pLf@mywL6y0htnK>)8m#Ah^|@iFCULN zJbRW5&ULV-Lv&v!cz)5C7W7UywVo+>%4X*pM84S?t3+=`Op&*ir0DAhC(sp20pcC| z-5$vFe^UODkp@(&7%1kqKC^_o14Z>g*$Yv>d8p_D0tjWsLuvwQ?P(|n@LiMNe4=E- zbjV9SO0c|s40lhxGQHy0qQFyTY+8;55>+w~t|5+!QX~EUZjHkOR)UI2rtzAE*gZ)k zDhAs-97YH&C^eb{33)stNTFUMfQb9G;;Y0d5KDM&PEzhCsTg3p!%@z}Vo29y7Jio0 zVL4Sy1WrcEhY>!;h(%B;VmQc{dAYz1t?a~@T_m!Ca2o^vYV#^hZ~fO<)B5uKE($#& zsgSdAPO+_fL+SMBz&8HFXo^5-rEi~K7L_FaYDcQXN9CaX{AYo)Uy&B#bQq^&qzLqO zsE%ixiE5PgwA&!XL`DuM+`P@&x?A~<8}!UYEJ=+7=x9;@0%?NC0Rw4*#W9eyDNK$)P>={8N8W(DG-|uh zIRcOcU{z;*k9+sXV?XKtxAkq|)>{DitKc_PZ25J7zc6V#z${V&EinT;PHq3(=_Rrq z%u*3(`>o0;kb^8i9Bp$b4A5|g>$z(`hk+tq0a-TMW8N2eZetby5L2AGSQ7u_3eGAm zi1opy29eJakGV17@wY3O&TD8pR_+$!%3CcmSlhRX(ecA*&2HR z-QcNxI<0+tN+C@S8nlAucHI+7901#YHNZy@R;CQ6J)we^1=fn#7tBl_)9~g^lZd;Z zviR8Khc1nqkVT*u<&~71$=KtH9AFw$g~^~^yM&JREGbuP$Z}4TaG-@o6^2d*!=Zt= z*X2cl_@~c^O?Z=&pOl;rmd)0EH^(4J^=$9;SMCF6i(@2H{Sm|`rC-COpD126Zhc!- zbgV=i=YcHQ|39Z2;Wxt~;{|ZH8Hl9=mGC_7m_#Ys{DFKQ>f`)!A(hixW8n5jT{U1C z_4Fc?dVFcQ*Rq`+`dBUGWzO6?MH$TQ^3XS*u`_3I4hz948s>#IqcB(vN+MoW0hI#^ zt`x(b=mxHZZ?LGkfx*N1Set(WZnwN=$ET1E#999j1~)aAe+D<}>6q-u z-JSbR1pYrvlpEAq_dwZ$wk=&tD3YL1-7oo4oRiJH;ns8lG~Dx=BQLWj&2arDfA@kO zRw4>cPsrXw(_km3YwrGLr+V9+r3kCr(#-kT1#ORL!Tyh(44 zdjgdavlAPDaCk!{$8a)VJp9u%qWf_gZ2IM*Pf2WP3@`qvKv&Q+ptoG&mk zG?=aeEA&yULY^GprI60Mi(g#OO8Z#*_+CXMcO1)nnc8%?_n|U40=a$lyo?sf<}ZyN ztzC71q|PqfY<14<3hJ7=|6ED1%3NhmA=X&$)Xdfv4+PXi766HtpyGnx2Cg0cvF12h zjLQwLbtQI9O5??9_$}BkhSn2Q%iKS~4?7kjYs1-|Be+A-X!mwxQ9l-FMx*%K!G? z&A|V3j_*8p09_3Dm$q)-BeD;ALm8Fs3(RN8`u!br^+XP;C)wqpR3rcnl>Pjq(fkvL zo!h@=ZCwDk@~lLqe3b<(F>}T@*d3l5D*B%L$9kPCK_0U0o;J@7=`(6dDk^J$Am#vE z1I3H-SsRAadWMl&&tF#rmzT_O&68)V4{rbQoOsT>Ne1B#oR3cGiEhH|7A!R87WpQy zM{=*VpY>+yF$ecAaHHt-S-a)8P=0M_U@*Zb;%GtD)qA|roSQNsDY6zn5OVqG#ce4- zgBJ%4w=#@Yn12C+LJ@fDKr5F$ZYX0M{=Gm!nRvgw>eNl!G6ht}ts&QV{WCCqV6pa+ z^V~$#FgG8VS|Bt?0cvneu2G^CXK7<=u+r~LKkqVjXP%8Ic>G1U?mGUSfr6=khkxva z{ER>|GI}E`{7=xs#-OYun4n6Bn5u5DHPYk4Wq@&ZO1@Ijd|@S4=-UEZc#ptAAO9@m zLIU^ubyV(1xjXI>`GM!c?F-3L0o5HFb0E%@fKIzsHU)TLB4Ve0&7T$}>3)#3In^9T z0CE`hkr6c&t#DL7iZ&qL)=Ay@x=yqI*peI9N6c9rk34WGl z^6AH>55WTy_chi(cegzQ74OC6`QKmiSc@_seLA;#lHXH=T|#pMU6lMN0Kqr4SAg*3 z0ba{%U~yW{#B^G%wPydOESZ^hXHpJn1@r{Tirn%uxX|TDG*UetIIdhkhX*kTH(`P% zIt+KLG8D;ggh-VMe~P#(Dow*6EjKUz&G_sk?o*QKxj2mtbbcpnfI{Y029r6^Q;5sb z>_}(d0}~6CTAL_jEZo`vS1hV9RSakWRtAAI9*UVpN_tQM!5C8|2&g7kgPyE5xWB<-PV&wSn23aBsE(T9KMge+NG|vr# zhVj819P~N6Rn_Xdl5*K%wZcIZhnAOkz{2zQyLY`=q>*Yz0~!NASX_Hhg&dDq4ubcE z^n zQuCu9@E$bB0m9n|F3axWqC@id_e2@{f;}Y2?Dl+gW;w*uPbzTrXV^!C(hfdQ%_Z zOgEB&>iE>HH7>C#j3|R{Uo@K|c2Ii?T4MT~no%;C-{5-m`8I1a217y-J%ItQK0eHg z)h*|U+$NsZdz+&}YOe?x<9vkL z<8R!6uCmIk3C%d9l>u-)4lussx16Qepk1`?5>d&kXnDMH4GawQX)#_dLYhwuz>iCe zIsWGF+y2UhE9`%h`E6^0FrdPkXQRH@H%LY{+YlU}9UnKu5lMe>UQ6^__|jHUAqM#b zAE7xbD5DTfnty^`>z?ml-rWJNte6lwr4dql zECiwmg3>@`FJzdiCJ}0IkI35Lw-6ljnBakf-h(no z>AAVJ1Mb9stg3;@f9bUHbaP=AEQl+@Gz*mg-$Z8(&j*#{>pG*eFBf=zG}@0ouV=z6 zElD^vs9KX~k*<7ydE50bh_+O?8S(?VnIZcSh<6bkLnmafhPQ}jLF|h_!XQen0wNd< zW`#H*m~tk_N(WKHz?yeL<|ohxXfmXpuCDIz7AeWfXvmE_?c5Nudea~k^^ z@E;e^5%5jFh7r#9e(w=LUL5$^ZtNKvqJV$&Cw(AcP%sX*JPU%q(9}#gBvA+~Frs4b zEWk()e~}aBwWB%Ph`uPdY-fd{q^#B`YLM%J|Btt_6J8GYEH8z=WJi*;W;>lxX@UfRuPYxHd0tgG#;sYDo;38@al zQ_p_Z&8@oY(u!hOlw@nR+&I6PJy7O)TzZN4JG0T_$*R1fzA7Q{rEd#@-NDc8Gh1~W zTX%I+_mmxW!#|id9h-P8%)v`LN9Z05ZY?Rs$e8BUeXimE!*&2#FAgu1ztU`cl zXky~0dnRlU=Jbhzzb9u!K2ZQCHz*>66=tejo5C~H`F6mZl&qGs*Yxx2hQ#FX3xS_M zcKbebpmaV7iNB#{xuZ*%WV4Qe_Ctl+T`gBkw$AHru3_HK>>Y|&n^k4F4pmU4>aF5_S4rOaF? zQ{#?Es-#Ipa<7HB$uIs-Ux+WOCw(ES>8QbA$|jD$eO z36!S@hkLZ~!T0YzU>8E9)o(O_A$mWfxixdgUB1qQw657lBMm;xtYut&0hNv2Hs4>< z5^0P=AltRf=G*>$WP_zIs$`Vx&vS|LG4(m!%C)o|sA9YMU!R5X=+4AeQA6~w<>R`X z5cbPfmlJ1VS~X*ZzP{u5-^P@gz6c-e1)J`I_!EJ|fzKl{yGBWVprcspp+az-K}roWssm1pg+jj-LBAyJA$+%V5iVq84h5&wy73Vt zw}A`*A%BRXve297SJy`cdw+o=b7P9p8VDnjW2!RAZQj~{(%}b33gv9A<|%}Y;a|^E zl)v{^7EKm8m#m2f@u2}N$baPh~R@RZ9KNR`U`x{xyFeBh;d1(jIyQ z6X5vwJ)enVc{i9uYoMSU>me}nW;QpVFan4lEEz8E`3oa_*kMi+=sn>)K%+RIo(%ip z1=-+8PJqq~08*D=I0+cuZa{e7)tC%I@W!ZV*1ML;^MK&&LN_&}+W>R3qI&Zj<98SG z+xeTl79%z;C^IVh<^mo_)7? zGKL0{q65=n(+W+xIr`OpRJPI|IoNl=Gx1s*$ENP|y&Qv{ECVvzYprc^+| zJtZL74l-7lSH__=dTDL7G+gPd@_j`Gr6RJr1s0@orc72i+p7UF_F-Vd#>RlXd<;0{ z7)A+V1f*Y<|AR)NdEI}eFg}UYyB)w7UyTdx{|jRsUN|+&@Gmcy`}MbdN(BX?yrk9Y zVwyPWpJw@?jmh%}E{(FgoI)>M7-? zbk3$4oPJVwtBt*iJU5PNQEU6<~qC$bislqO&F$~LOeh67;J;>LNY^O zA}J;O!r9O66M!x(85ul)9fWYui`A}sVcmt6OAeHVKR12>*h@U1t83P1osjKy$w(@Xq0mlXAzTP$Eg-BSwH$OZ4nEVoPsq}mAMdslteuCSG*(x z1=p0u5nw>9Wte)vEC*O3R&{rqz$=H*EAGR)Q(%s-k4(XXam%zox5E52_y_i659HgQ zdh@X)3sgQAKb-RaygkkP`I7`*&Yz#S(n7N#Nb17^QngzdbfoTcS+aO-Ci7$b-efQP|;O>0{KY=Y0NE!Tdx z+nqm_s%df#_6;MU7s!}DA52`%d?*J+4XUN~(99v&x{!r+3shLbpaD8v;-ZaV$3g#f zV`7q=xT!qj$rFO*6U_$_}!}~UUO=P(983i9zWv6$h!K=wV%!i2#L5N3$n`?*1<45mIB8EDp|@8{#9NV}aW$B@RD(Zi_>7Sh0m{M@h zqgIM++|x&+R#DUAWOkJafMfA`Z5$$o6o1RYbV zVP`LRIG3lXaBn^}+V^@M6w`|zFK**NW71;0desbHXYo>J|F_uCI2HA_q_pIRBmv>(_lhnl)FNO|!l5PK-uYZyHGThC4|BX(N*J@(TCGAlZ7{!t++K2k4Gsh&z)+~JhWYpe0kRiyMS{oFClV^t}Ae(Z6uRsqDt!87kOyD$-3q4 z-!`OgZsfha&ULwhMv9apG@f_Q4G#%0*1RmijUddH$zdow^P2SXujZ9kZMfU=u4FmG zrdB@|g|mn+E2(QSzV&}g%#v_Y(LHxsD7$t0`VD?H{i_$8dT(`9QEJ~(A$-SK{6Vj7 zCjCsVet-PaHymf>9xi$la;RAQGzBk0-Zz|EBi~<7Pt$>OyD{L0DCjPK%;1*bH^nGl zWApcLvreO0iv1uhj&0Qu++L}C>DpJ79;s2v*d+_0w2Xd=Q3H7+=Gb)|^-sB!^JNjM zQsT8!mKUEo?SxWrLR^ZXWt*R8$q;CyV?d{N;hdt6u(PcLbK_USJaWISQ0uXGCg53s1ZCAK;? zA`I`QNbbg#!@u$J!I2XYO9V#zp|jl7%uD7AakQfw^g0o|BrFl}erq@U&Jv4DpMIa^ zIx42`JK2*>q0}9ndUofv+@V>`V+Jc!zreJwz2ykDFEvD+)J-v6wF!59oc`EtH~+?1 zJ+{|!&nMa5!?=3T6u^i-N4=C;RA0U#SyXvL4Fj3!N+La>4t9Wv&RHe{6Y;_$SmUKYSSVBi8Zjm0WCP zcVq{ON#lKYi#+|E{|EqQ>R$>{$kL8HFHYr zmyj5oziqS;iQb8!ag$3bJRhraBx@x?G&$&`NJ~fqO{8!zBdXm0*_-3na>p2=H8)o* z0>hnl#2?9UghrCkY>=8Uc{6Ddf5yiM%(FZQAf=)3H!jsZ*)=d)%uJC#^4RWb*0gF+)bc*v)?cQpXdfuw|=}GNp ze^;e;_H1{&i!)_7ByOc;jL*HqW>yQyG^862(;?(o=^i@019>ZuuG9%db3BAjWmkTG zZVs*Rx|LW#ic#4~qt99nt!-Sm4&?88BE5D#KbNGFz8a!{=hrp*G)&CPBBp1r#US@m z!qq;Pv!ZyZkEEnjir910#fIAibBo`1?(=v$S5Yd{d1sKI#T=H3jq-zMAW#DtWS|8a zlYC1hUfU)EHAC-gvK2o&Omy@fi5Rl_cJ1&YkP*52?TeRRWKla0~nnQCz~dco8}cu>a8q0}0v zh>{*Y<-%T)A{$cud80p-*X8pYF6QR1gg7QGge+wi6CY<*n*u%(`?cM+s#Ng5Y-$## z)3sNv67y-?XhXe#Dp+|{*lOrjHE&Aa(+@X#Q-+M>^SEd}Vn-I#$oMQP;z`5bqY^sI z&CJNi2iaMGEDfcuJKdSq@d-dEeO{9?x;Cfu+` zau8y{p-9b%*iR4_y=OkiH%fm<;^|t&KvGELI81}txZt5gNJ(wc-1u15mr5;;`Q^Q% zKM_!)DCFs$^bde39|4ZxlUVT67ns+hCF?DE8~QjuJF1aysv2E7;hy_T%7i#8bTX`- zwZ2;78oQucYdm5A_WoPUeiGi;7-sS(PCGY0I2NvW%5{=k9eVv-Nu!JX_sLi+Ds!FZ8xtNr z<=}kj%A68o8`3e==epuV^_L{JPxl@pVU)9Yk4e`=OB2^Ov%pBJ8&QOellmJ{1FGompYNYJ zAkgUhTig<5IP-nlE>mMV#^odvva2Yi^!`vQa#2c31)6MBKuF=Yg7IqzUZtY`x*!Q1 zc@)gLNqwkIfz>)z#UT4>m;%C{s>l{-q;=XJRgH0;GdxmEEHZMC%BnE5U9-pQ4Wbs$ zXxTVLyJ%S%pK1}xdwXsA7BlwJi#&y=rXfCx$JN&N&-%H*FfhTW5LK9>_UaYuWxB7B zq_6_%*#VBhgy0^t+WUMC8af?S&TYM-j;PItX-Ui*^iWeoBqpO*NcPpPr2WC&m>p$0 ziP)X4cC1!Z`Qe>X-y|($h?^xvV zb+rKx0q%5cFy;i6*zHjowzakGExp8n(g0U9w~hqA-s`?92-qyeuQOZ5EX-vKbhu7l ztmhE%aF=II!DSiF6Eq=kmQynGV`Uc55-HD?Y5qC$BoXrS*!;D2r*M`3nCHC_ZLRrA zMJ4u8)6cwr3{!Ic=a1%+Xc>7%8ZTD}cUOC%dggdDVlLw~!{CUkreC^QnV3kJ@ z;<;_3kO48n$i=?%YAP8es^bd>)AJ&MyGulR_kB7R||)Ys~qVG zzlg!2B;p926to~d01fXA2z}{&d_GPY^2br45gg`FAaJr@_IH1^`HmS={rlaV`fEdy zEcKtZxQF3GlPcjm+AJ7dN$;BGU#F>`b|rGG2JJ1hYMS@y+Xe6Pcm;=*FxznHfByJa z#xtvSS)+gA@Lc}Rr{Bv`aYZIvp%e+rg$e*8zed>!FnWa(vY!AR67zDlY;rrrmdTEt z`DTbfn^_P6wNnJ0p>bTkz2`?u6rAH(z1^Q;o5$QeU)Jt-p}H=*#)nT^%;rqF-wPJZ zQi~NOAz5r$VgRY(&B_-F&Pq7ldxN9H**kC(Q@Ab_DuApKX)X599Exo3MKov@sl=CH z+7Qg`UbmuFxvoilJ|*q|2jh5wI&75SBR21&bIrkv)nCsFj0&k1az+;kpG@!}Nv*UX7;)VYb$i-{?51n3|Q&d^%vI)3xgTF6% zLwviHp38$-(wn=J7OlWunxOO-I#@Wy9*v;*JBt6A~Gk3%f`h7psFcndWSV~ zRWnp>u=7_--#I*%3Pq|JPtKb7O0#I%nV#SMna9QnB#%5nq4-Gwhn4RROg-!h_2V%kWb-0AQl zoJUHW489K4dFqLKa)bSSF@mWj>K~#a@}m9ySUseF*2YsPh4x;$&&t3M1=9Q^BXATX zWNWj@ZZSdL)~zQ8IK6k;DMHSSmB8|&wYskZ=esSfCbjIE6+w`yJ6%YG9T;oHSQXar zBhCyB$+e1CxaXwLGlBG5BwvNfu=eywd=l3OlvjfqBz?DXgc*rSA? zsUfuc?87%27!Uwyt@<~8U0j4s8k~mvcq02f_GhSTK8s zYFfI*diSwWkz7-1|K~0>rQh~lm?M&(%;h&dI|Uxoz4iJtx(=SQJa_1!T1aYivpD&m zYGLwHUJ)?XX5|JLR8EFQVhQ2-0S$rjJb?EO5(!5WZ;_`7#<#(^iXnIs!eORy#;g3) zp%?l)-nbvaw?PymqQW!IyrEKc`BLEhyXQFZeC;bb>=-KpVrkoR9^zxPDql{y<3M@w z=JE#ar9vWjitC2L3&aM7$)9``KAd@!%rs*FTcnKza zG~p3N+rju{0XT>_-&+@UA7PtfV=gRs_epuu^O@>j#S-0@Sdz*WiB*|js`ID`j;^C> zvKKt7I#$7{^kdgg_R%wvCHsobi5F*EWo^W4E(QDyFvWC`^K#Z4N-qeR(~N{&^Y~%% zFzL0Fu9-<(hXx@>=;w38Z-IGnJ=`$|@{0p<&4AnR0q6F2KR-_W)fT^(RS6QJ`{G75 zhbg13Dz8V|7P>}GXi_)9<{XuZJ2O5kr?@0eI{n%vAA?zKJ{KO9)zEP9#GZGTLt7>W z^Y?JhaQ;&N`%g_xWKqZ9*5&)?i=JzIiRFQRoCCi_a?yhfrNhl=CZ1>f2vkY-57DcmT*P)=N-22*^hLj zhhb({o0>K?ew;9$XVazgh6<7y3U3&F20|Ax6#t7x!Xa4*beDU3lPcH%JKWs95{tD# z5c32pVURXK)~3z;ONTKFx}qaRD^JXYuei`CZ}^fhtXxR#9O=`-2kWD*MB1)>qtTnb?J#a z1xF}hY%2C20B6C)&J6Uhtm?$}&w;Gvp zBS?zzWj6gxMrMBYQ$b9IQ$=OrZMvo1GIA_TVvGOOTd%D0r0=%_)YAH;(48Qk9aCO+ zN5j~!k}>gIR#$>dlrEq3_Z#{)0?do}yzjOi3SN=1(sviE*ZLHbxcl|#N|sHm<5#PE zS@lAHga_HSE;vpX>v5q;#3)V(%Ka!r(E~k?fN4uu*SBqMJUEPaj*Th5K(BfYdr09* zdBXUCo#MiL*yp)I`u7eVpFN+c_Vs$zHCO0Zd^7qSbNB5S&Cx>9$Co)^Tzy#c?r~38 zv4K&E*5{!!=3`aKf4$ECFU)3R)9UiVTZjAp%QOej6N~OoVm}3JDI8v3;L+bdX#UG+ zo4+><54#Q^Z1uBeUEsZm>sD#zoYZX{9iV1mn&W(`5dH9P9@c73!Ia4S*QH6sokG+|#S6-DAB5+*S`)#nZdymRlR$j;>Kt6icy!+m?*YQ27l^zN&;mWQHy zzZ;%XCTHOQu=o3~A0}X-A}nr-U7~iv+x?#UF=mhpXH`4Q0Y(#y0c=)+j$7DiUJA`t zhJnzls~@96pSw1^EWiMVlHcykZh7VB=~hxbpZvSH-p&N>oB0|K5{9G>>~{z;QmPB{ zTY#i|z4qF2dmHPSThabXW>X0|FA2{S5}j2kTuD4~nx3ui;o;^X6$>82G98t)Kf~q_;o>v z$y5L(eP8wog|jPUN1k^L)zhkSm+j4AdQn{1so>Qhq6K?rm&RIg*V^uJ=-?D_3>NRMp5)=%M^|!RI@4KUFo`72eUyVO zAtvm(Q8;eI&wcI;72=EdeH$SW@v+*vb<)<8e!iE6sYn)&q%dlX`_uz>s$rUeY`E{i6V;d{ z%Oxx9;d(DAeR|1;jy;ruWADoj3L)l_lWXh#^6HgVD-_AlimFeV{>khDSZHR_EWrIB zXVev!8hpmRm@~;l%o`S$^uu));SNpa5)p%5jB!M6z;kWEA_klVSnpj@r!Ze-)9HcM{Q`St!6adcg!>}w7qXAZ zfjnqZ#dPzDsFMIFG1?ysibc8p+S=nu7)630$x& zFpR@(=YE^{d<`)8rCKdPH%)hoy4iPmmMj(^zt*NtZf&RI0Ud6w`$Jrx9gW|I#U{V? zkRdRWm?b(%k!N+uLh8|70Z(`67hX;lE9{Qu;ef$|FmCnO+PFP4_Pq*%h|uUeP{QT`q6ZWWvE$h7oHpSG}*=yb$9~ES^^XgA<@o0;n9`rb=Hoo9q$W&H?i~NJcc52PRP_1Vw_Z>iIGl`EXX|q{63r*YzQ)!U)uJ)u zFUJa98MXA)><3y!d~ej(4xB25MuiqHD_(tppCaBVA#_*n|Do$GpsH-Qw$UXDCv@6^PyoWXteeo?^TmdHtt7)m5E)K>IM?)GY+%%oY(KL(sau$XsX2|r8Ty` z@0hW*r)VRxbrmj%oIL;MO^eO9ZqkLbChWzJa>++fHD3S@+)g75y@2-Td`T?{z`X|0 z?n2BX+uGWY^X{|G_p6XA@O+7kjrB)()G%>IEd2}&t|NG=($Z40fj~$tKr;ftZ)$33 z8U6X)tXW`$sid?}XZ>Qs=4QJlBs6@(7Glgk)>vrQ7Zf9FD$tkIumlxo#S{C{2JUzOsCZG+H~vVnSg- zGdd>XjsIQBju}T+hR<3W0YGzddU`a7u_apbZF1Fv5r;<@013Dq@E}Z1i{Y=Aa7o#I^Rh6lg;w65dT!+hb8J_Kg)dz; zOHoreLhWA4%yk0qgdObW8%`+0k&Z`LOeWdNJhOcQj_B(0>-giXU9+mwCWq0$*hWvU z?q)&flM(Jx>f}p|EVmphX(SrH*YgzKS(#2!J`0pk79NABxM_DPCZf58WObk;i}FOo zw;)AN_qqSOetyb?K~*C%KJe_IRF3mdS1LX@#l z`5vcW<@@p)py?&ym2(31o>jZ#GRSH1;^5#ow=2>-V*0JAI;d+`*R0?p`nJ)(<6TQP zifPCUWltcKMJ3I@n`U?k&$bP#@`cznOq6q$BD%S)oO;V%am!*ZK&O}licKlGB&`L7 z*)r;6ulXv`(1j=}o)Z2h=q$*yXqcy<-!O9#E!bn8y+%c^6Xaz8ueuZ(00ow70C;Ht z`GWmH8Q^A@4~>kRM?}Lf6l>{PSeJpc4q{Iy0RGmfNf=6j^e=n=tSAS^6>@TNsF>t( z=Uyxve6y{AdIzRaBuB)<*Mq|AYdZyz#uLv6%j5I|jCVp3bn}o5nNt}=Jnl@~Q%VR{ z^3rL%YZk!;Q>a+3alYXbaS#@3HU+-MdnbqMimX;(ArII{xQ8rzA!@{f5lNOH5kYwZS}N|{ zyW0N#lEE@SQ8uz}Zf-UN+11VXHQkE@Ox4km>r5xy3<`zdr?e_G_%09CN78C=(t0!*h zClsjq2`rXtf?U6-9M?oI{gY5sLng|><^=BQVA=^%7eTtR9$O29Alw_e zoFMK|Irvxf)z;5F&F8>W@dpIY*;3d5n^d6M8@#wPez*dvqxe(;o``=Y7$`0X$ergA z8a+7Rp?_;@{beK5!-eZ*KK;r}u zkdm&hA{ZDL`5=8D#%EYhRtFrD4FH89fWD1Qrtz^nfQN!GzJUEg#Ad4(fIqJTWdT%P zPzG($F#0nwF+m+z8Gg>q1tA*kB}bs^Mcp$FoP|gB6$3hF2HQTTlRw(I3a z`%PviOQV9>yrBA8wzc+z+*>1962ph62t9Xk0$~AdrZ*As;W-3FD1|({2idJhLezC7 ze+y7sk8;9I(LCaJuE^Pdfct0?&0L1Wi=(g7Wj{&xn0B#F*c6a}-4t ze_B|OE+=rhts&h;GRlh=FG_%vDhlO|h4(rykDWm|Apoj!qlrp4M8N?XU{A~lmCfYC zpM{b2_u~m+vF@=D3F#hFM9Af!A$JTZt<_`WF}<3F6E@RTZe3PPO^UW*3atD7lgM;= zXgR$Efnvz0^07uUIG3c!H&k7>eU=HCO3IDTj~SpH;}?GNEq{&$WFJAQUOms545&Xfz;2?gQ5KngG3v-9dv@2y{ z@QhF>+RHC|HC*^}BVR<88Iv_18&VJ>#o~o=OEO{mg)2br^#d>DR6v*_qAK__B0mRu zDLEVO9h=V$ZO zoL3Lq`8Zuc!`0ZSgPUo*VaN~ z*whtTRnTgN19!8aQxBu!z#btw%9uMtc9CUFk+$77kGZuwWu==uY1*l}+J^2e2voSZ z7~n$VAV8!TX=zKnvRu8-8=06_!}6YOx~j`LuEiK>T!p;McHgq6&w$|!q!36wr$1BsaMq`jWx4oLE3*`{`WP=JNi+ zRgI2dBh+-yUu!Y0jJ4N<&4RS?QcWtnvss{IEjfYbV#IG{SoiBHWDgo>;SXom>XXX|FwbEXm_(4C1NF8r`&8{sO?1CEJ>s+2sOl7KsZcEwF;ZS9UG3Cu)6yA2wgQqD#sYqy?~ zpNezmt+3$mJqx<$!0%9!JxtY@ZkV;QDcPiQ_kHIQwm;=WJ1)bY;rFrHmxo^t8#Vvr zi~F`LBsSrJy(;>mJMBq(@B*l5DD5p$89lO_GRm!I&$E}sjXiM6K{09H5au2Y>y)w3 zVtdzH$>c9YnHa?Omzf-wevmYdKShk&>QgscEQ?)1D>HgJx^*-+D zNL%yO80KrpglBW{WyZL8o1{309x3gi)(g@%C2V3l(A0)yEUSU;vF2sK%d{nL6qyBl zju7V#(*vE#zdd0Yie;MiFP)7$ofO6~G--pjXD=sc>fVYuvQ1g0;@g`nN=@&f^4JR3(O`nfgO5KM`^9*nE|N83CGe zylv>J9{$`zrk0awgKlg6wn1BRs)wITr-MY4|6)bLJYOfii4eylbLP{{x?g5c-+HHI zs7~@Yc+Uv1QqKCnw;?axv7DTRepUQONppU4i=<(|sNv15 zD+F=l6Uie}d4oG{Rz0Gt){O5{?uZWECyhr~M8BO|JOeuvs zJ16dQL1QQ3Z{Ij%xfvCC97;I!2(9Lx2FjH@i%?5LQLN1SZ9~BrkFDDoJ(tIz_ORdP zX?4AzlDC0sA#VQsurzAh%B(mDT#?~yy5^TF8kocRTyv-MzAH~l)xA!e-^v)zEFk?U z#!vjQve6s$(Ey$KDWhIy) zL&io{SuC2~Ho?#PCM7UU_Ki#39SE>jVaC0DbpE4GV@giA=vymJ`|Seg=09$YY*HD> zR2CqOe+|zl?s%El!lPLG2kqrtdYJ6R)YeQfU^#ouP|TU<>a&H~irACV9=)W_ z9s4}BY^l4peq_5N1^^dKboI}jwY?Qz$A>%{GlBnxD_4mZWF9lWI~}Ulp_69eUpCtH z<98_Z`S?SSxHer6B&#%qOU@_lFI`|8f6$=ezeaERP%#C4X=!8if`~$^Z|--D8^hmm zspTIQVe`mC41*5t^!A7IUwCOK8p_!{HSt}JCEJ^0Ux>j4&+4Cb)#bWn40g6#Uedm(^Bc2o*+m6*k z*&}>&_{Od^gUFLfnc87j1{@SeW|7JF^8$PqxXAq>6G%gjfJe4hzH(nM3&o$Oe`NhH zMf$`m$4>vfRbpSZ}3t2lz#)aPl8AFsK^Uy-^f4iiqo=zE=~7We;( zNBX^x5q3(bcps2Rir(A_W7)HET-PFhAh`nFPHRB=2;j$c;wG(w%XrX27z+Te%aPpwP&FAzUCq#0QV+XOIC)EM|RqPF^ z0*uilpyLERDQmEX0Fw22#JOSE_ zbO=Xd{{GiWmqQ;*J)Y{JYs|uv&x{9d;D!4aNPI*CqHO6ZyGEC;uC5K_e^*-{fD;Z# zHg3QzpvdPu)_yDe4Y;OC6E>5-wC`wLpiWQENf~@vNoSv~y?LW&)VW@niybA z991`7OJv??k7_yxUXjxbl)+iD6+nbnde^Ka*P1F0Vsw_EnOE->DTTTkMXwGUD#Z5;$mc$Oe$&9+ zRZvnw%;5H%U%{%2-s<<9TUasnZ*#?acKiy{ELV9!p<=|5je>%@?$Nm8hQl`!p)k{K z&-dvJ;EoE}0m}3y%z(2LD?;d_K(jJe9T&jGfD@vK{g|F!U0;8pzklmo5WJGtfjWM? z=n?cnEaR1{k$#=K{!_^!sqZlxqaVh06Osns!UJG4mLjXnC&jn3q zjR24j5Qr-PLl*Z!3c;8keb4c-Fi6~kDgs9L3vt*`_9yl$#`AcG?@r> zhS^r~rPI0r8={`` z=Di}L1H8)GTEj}yDWkypHrKYHm&8JeU*(M|q4>pB$%6Scnf~7FdAjr+9xgq}yyWxB zfN>y$37yko59Wl&saxPI$SvLht;qVbrS$mCJ-R07wM#vxuPexxu@E3;vQMWNa+L!T zp#h~vsb=rdn9r{gImd&;4q8=YCZEM!arx?Qw>+&O*cc+#e^{5vP$*~zTw&8G^#rmo z>}Po0eO*0$IJEeG8(vpQ6>#nGl^qCFPt^TurROy2YtW#OmvSk=FT$?|_zt;F^yM0geiL0blT38gMh zU23w~`~AJ7lp@ma({C!)BNih4kmv07pYQc9lDRWcQCX@wv0GDxN+~Po=JRoTW%OKl zvQJT;F%a&>07Lc_XO=DpA!?X-`h))ef_<4$`1ab^`@D8IPqMHm?Jz4{v(7id{IvXw zh(zaHnDdu3|E>b&+4>(hWp2$^-+TUAWt9@p{1I4?z?F_TxPY#v*o)qsazjasfLFD-%y-_C@$N?2>9y?ArXvyodIt7TC1%xG88g)4z+i zQPqDFMGaDZueun+BIYUN?Im4Ue3^e$=rWxT52|9+8+4BI(!i7%I9IYz+^Rl$6nYA> z%V$gV3QgO}z~!-bgEwIQ{-jDzu2ODP|3hQ?@5znC3#jUPOCA9#I)~ghiH6y{XCP7s zFIe^P4E8{lq#Lx128V}h&*%WK5~dMm3wP#uC~+>jMR+~%UcX44rK8<3j*XVcn+r3Y ze#(TrE2`bv?_JNcdEv29LT3tE?hVjv*>h$_POLUK79J#9VWajopWX~3(n}$EFH%e* z%+`3eif}3YBCxXGq)0qCt2>u4*!lkgmJt^)&PY28$RsHbZwHBv1EEcf4~jk?Mj)~n z+;g%5u$ZrtlU{>IkxR{x)-C(bMhIBJ ziX-Jc>2LaGSp{iyDYmHC4O%Vrnie=t%tB%@M7g-$0+1MjuRjDnz^9z68%V0pa%tY% zaTWkqdZh(T7<$F=0EY?x(Y1e-3_LJa6Bc5nr&Iv=3c*N0V(@X3qSxB2?2TpE@RMZ(9XQhd*5b#r`PQ|9nX6 zbsH378TtXlu0cYx>G<$~K;69ma}B)T{b3}KX>CY>1EJMCes0)Qu6`bZD>qF_|Llr@ zR!|&Fo|PyD8B@Q*u19|t)vv+(d;#wh@B2v!fgOpulrEU4?`+r}A5F8ZRn8k#2Twl>ZU8f`q zfP`PKDLTEsberabekM$E5t|mIl?Jfmgv7-CpN#H9L!K2;mT|U%A5@9;^H{ma4W6n0 zaImxWER@rp6Oc&xbW}DcD|Tgm4ns(HNRX8^`W+)AyVm%H~g@f-*_KaAy`eJs12-535>`-!NSI`b>N=%vjvvtsw- z!rRfFfp_}``b@Vxf(zr`QJl^tsB0gH-8R-WEk1D5An}!|a#tJZTij~WQX9BaMsS(@ zzS5QluEgoPpUq5%FLMel)%14Np6oUcTuz=3NXU*7qfUmeoHHfVn!Mso6s=7ie? zEQ+T#%hW{VqxOZ^bog2Hy~WwYJyjohGObdzTB6lD7+sTY1kuR%_a7zR2x2}cn?Iyd zNvAHh3H#Jj)+Z<*wIk$iJGPW`LzhV^y{YqlE}` zrZDiUTg2I>p669Yvs%+HEcu`LdGQVw z-%i4e#2YOKN=?1<0XPG>Yl5j?(E)jO^^s<_VV^EFp6BM~CLtznXnJ&44ur_gSNClD z8#a4@dG9Hv-QS*p^JL4tANR__!i@7qzT0g&{HSQr8yJWsCL+oQ%a36AH^kM^6Ezi6qQl*xyQ=sAs*{TVo(Pi|Va9MwE26Lu2Q z19s@2fw9szoQ;|=`VlTNklbJXqP@HKGMtLZV@xfFCeP)>b$^*nYs-18tLx8z+wNG? zvYcE@)f%Ohh#o&(%8>)(1NRC`b@lyau~QM2%nFAb>#(k!wc|a9HnP0=0HYQ`d67aV zV~X50c&7sLrY^f|E@QQJ^>e*%+LnKK492VLww{&~%g$f?aWCP<<#o&@S`Su_F|&jl zWaxvx4__|#2)^d@Y;asZflt)j?__!1N$5mH!JW5z!g*3Y(^a}MpV3Jee%jX~C0Ui+N$4v43Ge>NKw#-aW(1qN^*@kh;>&$C{El6>Ei_?yS^AoE$5zc{BE7UN8IdykW;nro1$#SZhVp zR_0Vl{q|CNu!~B$G|l7>-2oMY?AovajE$&oZqa(XOCgt6poHnsZ$c?I%^Qsp%o|uT zHw}HD$ybm1J60f}I~q(ak9^-VrBgj%VLy!8En)9rTg#{nOV-i&tvlLh#`~Ips(Ml- zjpmzVz3ynI>`nBaOx&N3L^>XR4KA+%w6o!qwf=2lhSVb}75lNPO>Zv1PRWRAEpVC; zJ9asTe!GwSK9_zg{Rx#y6z3^-r-b42EdATa3mEvJmD^uMy0!Rd$3*CjlMVYe+0`ec zyCL;5g95?`xM)kL0E4#@o7&Undg-_ESFNQXGXflq)izXLXL)s&SXqPC7yk6;wAiVu zcc1^kBl}>SI9EIB3Go*rHRG{V#Sz@JgR2NSfj1v`5$ANhZZZWf2EoGUR;Sc)z zo@nH{CsZx`K&!pf^G!V}(Qwke7TIJ~NNiyHvf;40I^WXxv9WIa=U2-lW7rw9^QA3F zM8w?F-fbo@gkZy5u=bPYjx{SEHYBRmEBbi`>nnQsym`ZdsTFP;t??r$PZMFD*TuPN zv&r9>=Of>p#iv4g{p-KBsA`(ZqF;_thNWl;$v=KRwv=##`4#o~K5_ZSK6!RNT6klT zhmQmPHb=HNk2zVQ@r9ep10Hm8kNfL=)#M+fco)LG8C&r5Ddm=#-tX`Ae*{xM{Rz8K z0KqDI!Nuz=M&-7dKe0%@5ybVIz3en&145DmOL_9kJt~!K2!hN)eh`~(KTzu=&m&Qbjqyo!l&A6OX#MJ52!*JArChLn=Q6Ha*(>D$0lXc6lk6U#TYq)H zP#_o}!!y5Kj)CTghcd`jHR#^p8|2P8Be5!bk+7VUhoK3HCd7$qk zDJhBUZ|I?Vv14;w*teU{S%TvS?}@~*s-2)$Cn{t}j-cRrnv-Ka^~RA^!L1VB6x zRyN|^Ua4jLFDUreuH&25q?Ijv1gN^6=hOtPzFO#JI9)5`*f}h6b~z-z`80+*fD|$* zBglFHI(61C0#<;3#ZL)MsLdOA55y zd_(A{Pk%q>aB)${D9_8BC7R5Oz(#rAJ;&3FO}8Dd(`YEg&rX%pi_LBiN{v7Q3U*JX zZUD|jO7AAO@eRn_Na4E>-v*#c6&TcDfCiHRl&6}YeTv8+hENN~{JS@DV6YUkJ9tL- zTmTB*bgQ%z%eG6EZisB9oPWP%KlFh#TA41<8BH2wAwb_c1ltpxL)>H67k6rMJL!0i z=u1;3E_L`7DVelk%me6L03_$d(Mw1b0j`57EF_XOy6qt3r{A$u{_O$I21Zjf72dlmsvZtIB~9W*uZ*B4tI2%dnwO9IMx|IF zriZTltFW?Z#_K*2ufD)H7IlgRL!pB5)M1kci!xO8=qME^p;Y()Z;jr)Zsa>!$>aeC zRz=Z`^idbZaNk?>U=Q2Rd@aOcUC$r6Gei1VL$e38$kV(rQtr)Z&^lzgb$WE$y_`&X zZ2S@(o>nogJtHII88!^c$Q6MlN^NE{M=2N{|_Fj`D{|FbR4avhqL8N;#ch{;+3x@j6j(GWZ_pXKO9;M>xq zA+hnQzLR+y?Jz~~Nu?LDi`5L1mCGJ)A*a~M@;(^{7KmD002t!A$g5KIjX)(FIOIXN z;m9Ni!SLdJq~Gi;_K!PNG7mAGSN_2ZPfQAK3RLMRrTs2T0{%T8Y?doFYH>OE`RBPQ zAsz(A6HWSFbBaV5*%jN%#7DeE*k2mbCv`CVt5OjFb$M@}os`1j=!^DzcPU0HT*dm- zv6KLiWL{aN8?>RrQj{-|1R7z=4d_MXP8&y*g6}Oo3rldG668lWg8;V*9G+6GoGWjl zLch?`*81R)7TnPZqbkO?#sA6jY1DNQ9!t&xT*eDkW0bJp5Fl{xR5RJ1*-Nf}CSLp| zGW7|Qzewo$KRkB?|5lQOfBUX?J<^JbPV{AJba-(Y^;69}STxhPy6wdoTtJ3LD!>OO zW);BG#>d*O@l@}4Xii=!N)qOkOe<||suS<6a#fX*;-1ZIb$}HteE-9N6n5=SvvK)T z^sl~%=&*}F=(-Lpe<|mTKF*_8Vr8QaF!#SpYYC0n>E~8q$(bU)w2TgZ{)yx?ne$UH z#^E%c!IZgWj7y!T{Ltq1XTQf(K`Pd!R8Yf(lx|fRwa)bZDIW+|BUM~&)uh9Vk4uI>A^ZE`ykIP4;X5iN?{T&;6jsqofAMn^;TOiaH3P)^@wo( zvGH*`b8IatT?nBBW~EpQ2IUf|rkvf&4O5Z&fn-5-$Y8+zlk7iMo8r;&x#Rgu_y_FA z$vd#N)x}@g513vZ2B2d1*_{U6{mEJ`kk|3b=ZcZRGv=lQ$vc}C{&JdIyLbtu?|p#C z+>oqcRPa=Wa?5I#-d;ve1-VU4DxCXieIQUmz?mfog!r2Hjo(=mg7A-Ao41 zm;j|!D9Qz;SLyn_>^*D^dd`2mb1BzXdRerrf~YTi%s}wVTQ-Gw2Y~F$+fLHSB+7eB zUAhS60^3roHn2P}4n~TZ+kd=zWF}U1l^W zFOO{o?Pd+3DFAdDujrNw>h~}Kc9hT8dpdB>crWh~0%#!JACl2qo%)oWUQ)g|51-V| zBw?$54y++PT7MZ~ek+qXrqY8d*zAh`@8g~|L4!R1Zjp>)<`E;MJ7u4lsQKe$oZAWXvYErLBfUh1UOng0=4@Jn-P z!#vjgxRkDMs`1sTPi)@k_gNljQA=xe%v2>;PO8VURtF#Hj8%OEQne!qXw`H0CVppv zUQej_h;|%3-3{6t0zb7q5wA+NMs_8D%pgM!n1Ad>+F6SWer%iIhUa3G=JUR|(!i-$ zrKVjAQ-hMbl=Ni9H084mVdpOCO{feJc??|3y1wYANcWZ(5>Q~*vHtOr=#0kVqxbpsmV`}x@WhON1^;CLK-CZ!FaS<; zvX*0<2>8*LhcLC$pAuhZ60RETTa8*ds?8Y<$Nl+x#r1cVgIb3`zeGOfSQZK7XN%n-N1kQS($ zKwQm9n5eFOtoPZOpJe|Tj^^#zy=@((__3{X20J@f_P)zs2YHvM1dR0gY?VavEodyR zu;K(;{H;wLkvivsduyeg*f*RBH+FF#%hW(JH_Y(RcL683&WgdFc_+ipOU_@O{G~6Z z3)^(B;)#cmx)`t~+`Qhu)qVzCN$;ZQ?0f?cSK`Wr&ajvkuBxps9RgTF)Y3-k?gcsH zvgPSb8S|;B_!mp&g5dj<^qnbjtcAIG3c0y=EVC4(k9v}0UAi)sg4rvpw-$Rhp0+*{-@BMK0bSTn_@P}@ z#oP!Y=Y8iWyMt(*|B;|@9=!n1xU=!d!vIp#Y!&PGKPOEMaaGEn)t(9d4P z&U$_I&V9oS9;RIqmAa^CVq*VCWrvUVE3*5SBBDP^${BVisiZr1wmrIW!;OaEPTD%`l9W!uf5@$7b)z8tL?O>x}oA4 z)9X*D`|jZ1zyH)%!@HFRH$@^%TI!iz!L%sbkG;-I@%wNv(tsYKq!yd!FV*B$nZ}w1 zEsqA6D`PrQx^1o*Wz+*TF6t1oxk7gU=ysvlS>f2vg73HUu1ypI5XX5io>cF+pLB{w z7RS~+I(2j+FUW5v!vm5vVd3(7RTp7Kl3gCJ^$1u?fNn%+0gcAsk^nr1dccETP?Eby zx9$JGkQ`T386f~(-n3&WlHmWz)-|0M;h!Ovsrqx$AcfV@L0jK`IoPVs78_O&JVHa} z`C^IB?JWL)i*xkFv~(agwQu;+vK;IxeJ+oETH2_`dP~{Jw{zQ;!0JMY4X@r%39p8P ziu`VqMtVt*^rLHTUfScHerCD&f${qpBVJoZTl5F$aZGpAG{uMc2GZO*PHFC^bAA+`*5|w z&fTFdaI_G1{kqFH%}wKh?@+8_bP}OX*43ku?^b&*U%ka3mj~109{X0OZ06%^3EHk6 z!bFi=TK2BzDgB#H$?o^@Ocw(x+g+wCoaynCzx$k=OYF+cy7rsvOaJMKG6{oqVZM~M zQ;sU_fT;uYt0i3hDhNwqfmUBGdLtRs=dy|V{M4Fw25zq1JXS?r&mZ{Km?iNVTiJvMhj|BybwD`)Mn`eCjhpbZX&9-kyIB%mrZ9Kp#p(HTCYBIho+Yt3SF^V7GRWzF|&fcjTS z8O~vTsD{dL>eUx6p~e^~joK6Cd^;@m$tv%h1jXU?8#m5}g@wU+{*wG=2QVxV5!nPm zyMM??Dk>@%VXiCPzuyfC>LBp_Q}e^Jy%7ALPcjcssE5qajn8L;RBscdiV6h1z1LCr zpEY;}{{9~bI9znp9~KmlzcOFDl#WPbd_Hj-l#1v9c@M)?Q3E6TJdN|Nca3R(4Gf^J zuem+!)q%Pg?1E~(KJP`e5A9cniBZ;Tqk_1H)gYN0}dBdbGEclb3Hkz=o1o?#~7G#$9v` zn;f{TA=qOQHk|+fog?P;H8nN2u)-h}hh@?u(~u(2^_iwNWx(_61|PvI=%W-kEUQ;0 zed(y!pL?I-_#7yH@PpguiT%@4(gr;31JJJ};Wy5HH{A;$YseoX|3!EXQ5QV>eQ3D= z|N8&@fgbJ_Q1J~RD*SA3$3$^7GVkI2_cMG@BE$>L&CO&2*4MSZntDNAN)P^EsErnu zJOj{TKI&*a!z|qmMfMp&FXld}i|MwTUfaetOO({L*1n`9t@ev|* zmHY9(x%b%@spf6=G`N8zCK-nTicPN~05(8dqA)4H<){Qq$^paLa5fk`dkzt=LStDL zfM5g+Y-u32af0vdQxlV!@AFA@!1L|;`ux$^#O&Ym`(+MlgxDxbN=g`6Cg*+p_qO2A zD2T>!wm=sg^k(ru_qc1(zJZ1k3Tk~MdH>Jt--0Cp4J4&^JeR=m?H0|90KQgkOn7?$ z4*D`G;>{a6>$iWh`pjT^BU|K*qoOAF{}*%r*LpYgP7&kz6|B}!uypc_5Rv5tEOfs0 zloZere{C(^q~qfwft@bZ1YL@=%c182OIzU7eEPEv4KAqp`Ag4D0p$uJ+C|VXvZi9R zPvA0s`n0;Y_Zs{p;Lu5gl%rMt1^oZ@<^NZNAR4YFlLq5M=y}pbs<|mSf{+*hp#KVh z>w`CQmoe9q;z~loAi&<55=^%sl$QT8gZ_sfls=A?HIJP>@tPAnk#p50&VvubQz|VKcyo z{_p!>u2%FC1MwKvCxsV4xWK*mU?_4p?J;u!v?Xpw-%Ck*jQcOxo$<2%4?FAsIs*Ir z`5ybkN=~n=uG)YrHI@Sb%t-$|Z|@ zB_JT68XB`4z-UZK+wkMW3Y+l>>;7O`to3u&HU+&Qx6~Bz>yL@CaSbS$tHvj9fz(#| z$B%Ub0~!mr`&4Nsa8ZjtNYZ1zai#Y&WX;|QCmNw|Xp_yz%)~>gKv6R&{&x=8f~l z067&6+(mgZR?b2`t( zn{YU97=TPJNhk&HRUy@AA79_8^7Tq&g@G17;;;bxCxG8Hubj`Kl@AOIw6?WB8xntgpX68q_}F*pmWb;Z4wIyT^PA2j*rQcc%d;gp-N8 zS9IBA&q9-QVWLVL;j-Q(Sy1(0N2Q;-L*J4>Lqo%w3Oi95J6`EkBF}T$i!5Nmj`%S^ za@m!B_ZrgFe7iqFiCick>7_s!9h?JvflI8gWQV|F5IT0n!BUR%Oep`&C+Pq^`T*YP z;E0g;6xTkVLbLGcrB={YYJPOZ3$S=x5O4acJUmFQT&ZqrZyy5Rg+Z{Bh*!@s4<~ zUA&(sH!42Hx}#cc)05TsROxsHiky>M#Tb3~^ey&q4x) z#nCiHTVO zwlLeaO~HKZ0Sw`KJj6?1{$+rl#-kGGDs9`Kxla6*z{g>An0Ib%tpnry`6m(*C>T?t z;q3tXI~sy&sGzWL5s18dfls$L@+AnxZ^lT>{W54XGzo;Ek#7NnsuA#g8=LHf5*J25 z5UG}xm32^fz2b&_6h)Sb7dUzi0+(U0MQTaG(vr;uR@NYJgF492tm5LyvNAFp`uh6F zL*7}RU_T(ejt+S-UJ(xo;5*JnUl#1f5Xd7_t%7hYzcPCfo$3 zL1sEJQBm~(k!dM&Ty3d5Todjl4N?^kqY-hghQzTk>D3a`+~Q(0AWomUDy?|9cn1Vr zoLgOOM}(4qL#zqwL>t`dmtoN9m4Tfh>@>_C15J%hObej%>T+9$ae};hDjj605sOrvc zpmeZ~4Na5J0Lc67aeC5LSLcn1g+)OddCyDXP(l+3r6%yXXh7q@0*i@{ZwBSZdRV~? za4{F)Gr-{E^W8{>#$E14GUS3?mUF+|`^?gBM~Dv5Ew%OnACglvT*OnVrUGce7LJbU zG?H<rt3i=Mb1e}B~W@bDDLTO$EH}7Vs(!q{}^9qHE zSHhyDrKJ*gr-FUl2$Hm26))|aU0j08w7bE|9dYJuBstmvGDQn5xQUIgXAzgO1=-!5d;(XJkwpTU*T!+1+`;i)K)*X zNx)Zy6L2{Q1rE+FZZPWRp}fvH=y$f zEF?f{nBQvJs#J6Y>5%i*;=fXJbCphEU;P!w`?3Ej%!=28L7Jz%qo_fQG9D zWzO)0u;f(0qHn;PqzAJZ*o8o!d>tK4EF~p1xwI4ne#|oexsB;yb^|lBAiW>2B-6SL z;5HN#6eLttuU@@&Z4(>}&|pwzI{X!GgGD`ZDQQL^CL-ct-TFlZ-PX=d6R2cYz^a_B zB!sgOv{2%MgK>e%|L)-?^9%TU7I5V&)n4aWIXEJ2F*3sHY;A2t!j>H-k^GT_uv=`Tb zExi)?K#cR`bDvo}#I5`9cno3XUE_E%3ukg6fI`SU5bp}ICYu#-!ZAQp51{f#17_10 zKqnZPtjTb+fRe*!@Ht+A(GWarK8rzvl|Sxa0Pb}yhFwf7DHLXf+Y8;^FwPEvn~WQ) zbbEj6=FNP7pTIzee+OPO4t0^Lna&3oICDYo1qSY$90?yz!SW|lHER&cQ7hNBE?;A~ zvd@4~W2L8;`o*{f0`AW&EjwJ@+(5ysF391>T_vTb3=9kwkeg#Luuecu9v2vRNgEpD zHcvpp0v%ESjSUXqt2zP?!mB6x!BUgT^OwN&M2@<9M2komg6zW~?#rJujI5REBX@T( z^Pcoe<<6U_o1C2P)h`Q2jKTKJWy+US)7m=UW(a6v`stFV{M{J-y#v}y#hE6ioo2l`$rgF`iWk3oc#nr zix2~_L7t>a906=s_V`@#j+b?iJGtIhQ8+D4AhsuO&YzwfK8PCooIHwcV`F0h^Uv$k8D`AbV)*?~k#eYJwA3ZN<(%jw~z%AfE;ENiN92 znqR+4hwm!mYsC=o&6?`T9{A$}^FuxN>JFf*0nF{1B5 z5y;Q)ubM@)9VO|<7J|S=UDkhK+u7OOWMr&sXu$NWbkTy_pITaCw(fzbB!rZ%NE!=4 zgdjsT5ZHkdS&uQgoJgIVocJBTU897QEMu0FpTFsoN*bzqaBK`pe)wF;r%#_!Gk&Im z(qrb7Qf{^V=T8Yo$C3h<6TmHQ0FPw`1emOCYzW&coeRs2!Au1a^#idnve*ou4|H}C zfH~QhW#{N;Wcw5S{Ujjcfkbwo{{}#nJ`KyO35ee3P>{N$R^L_RYSWpVn(~4THU&(0 zFb-lVNGdMog|tY9svPCN@~nfvl|lf!o?0QLNG;btzU!pi3})Q zU0rEkxEh~J*ARak#9Q#>lZ4zedm>F5@>)5h3RQ|{shOP>*HE5yIu-=@O?H)h8 zdnloE`B4sMqXAqcoIDp0^}PMR^RgNVu}BKDcWV2c3M9`cqwZyVnh3_zkJ?)5!v%9u z|MGHScqiu}ej%)yh~}rTR{TFr5WtIokLR!$%)c704>o1vBq+q6%H3pCjI{kUdVs!NK)+W5eK% z)>i{qVk@wK;0G)Kn{EX4%j}m(pfN*y?*PT?c(AoGAFmLEAHUKr22+@@0!5uCy07b9 zsni%wBO&i>VZC!_2zG-Rw^oK)1|AZ)VVzq5O{neHuP8{!QrPHYaISoaEwrrq;8IqJ7*QCNLB@3 z!2WUd2d<_FI39XGJ}`kyE>$p=M6G{ePIU-7nmkdr?eGKFJ{$pULiP*S-|ZGMs%7Fq z^f7_d!35fosV*M3SvARWT5wr&eU1Hc9Pv3EY^AfKQKy}2Re@!Q(k zGV6%LDYZILl}s(-9MMo;|4Xtq$QO#Kuo>uvYG+{i5RKS8?mG%u{Mh#D4~-?AS}`8% zQ^=#aA3b`cLiA0o-2*BT$b5PFA>~vVU4IgN6dxb&5S49~T}JRl??($F6$u6C&2I!` z*CwE_IbauoSllq~JcH*5O~gjcecD$IJMIsWFTp-p8Z1aN#mRvbuMm=jBKTh{nRyD2 z(FnF$duLqfj-=WjXmrBfX+&PS4jbux6}3LMD};nKdf>R(pLw5Bg=k)_*^2Cef(2Ya zZC%|E==NyBu9qz!V9o)lIKq!0t@Z5LGxfF6V54NxM@uhC9hOOoii*%M&AavG1LYr5 zY9iT?G+)qX_RV_C%m-EI-28kK;=9J{YQIVOhT9l>_rb0n4=f)~yZRL09Z z=FhVu#c$p6O%!qnl9iVqc;4RwQXJKq+rtqF32k9ig0+x|F2Rp2)rpllu2R5>fj*CQ z*#PA83~_v4CyKl*927Eg7yo4D?hRWB$0edK8aP3m5DAe3bZ&XM6h@ERRdpaQe%#m2&d~Rw4&J=XW_&91Cy6{0 z=xH<}buS!8on*bF-caVS^6|xFWMptQ26@Eo!wt#WOy9n@^a6sT1ss1XeH!}4A&W&= z*w{s|hYCTlDr%vy3cTALkM?ZnQeze&5o_z|c?(-L05Hg~Md3g=Zqd=VIFwl0C(n68 z38mW-z0vpdN`myHWX{EJlJMKTyQa^F3U6swICDPA=~GJU&abYPC~-eNP#qv0Ih1tx z8@#9(3HYbEnVC8gR?TYY9B5itu;Sw27%@i&-O;Ov6LsCoA3T8N0e2bW_As)lO0!H| z;~So8dli^4tNg$si#%B_&4!zn2Vh^EREhz-8!k2^Pg(BCIEyaG!-p+_4p|KT3CfuH zFsdkkygP7CyXc?`tC0*TG_}heb2m?qkB^af1zG8e$LV2mfwr=;GCsT?YV(njT+^~^ zva+(AVKX865gd(!0Oo2J5fu%-?__kn#0?r_A!=24puTfOmNNT&6{L)BJM?M8=!UV6 zguuOR8Hx#90s?+EN|@T8RnO4n8iM!yw4yK)DvYw-^I7vIAqAjbRRFE9LI7={YraC; z?wPT1gOZZcAUu93eA#;&_L4@g{5?E83}z5V#XIv30|FO3Kcr2tYGsNeazDdG=L17AsEyqsp1Mvc= z2lGKiy#Nj=?ohcpXvsCgLLFpGb~QRmgsW1qzr`y6Hv~{>?E+(1fiMAh#(Mkqr(Y9< zy<(uw(+J&4=u>7P?;j8F8}-nZ0LX$N$gEgEFG(ruabeb@kA*N5;Na#iGSZg{SUpBo z5ZVGnXplbzgT|RcD7p&<^jt!bKn;GRM3i~b7H6tINQ*SN;Go+t`vb<0q}#*M&*4J> zf(*OZ(`eTil-MG+7kmBhCkhqUzUlUTNIPtRAgrFfc+n2;-S|ko(*T4#+Pb^nKxq`5 zdHCq%<-=Jp3N{8NPby_|3B77(XWTylDrj*Eo<=b}f&u|4r9ksMADUJav?I_yVqPXr9HcFI24d#WoO)FofDQ9ST-C&+$Kj)FRJPi{kNM6^$Xu) zUwekz46|Hq$Bf{S3Z*s_(THF24v6mw`i+f_A{hsGFoWV34)u2*Sgq0>;4DTA6>T*% zGmzO3%2PcDAaU~0B$`@X#mi8AVqs}tz}4n71b(ydafl-UDA}bIh#E2ekF?g=oxy1b z_3~vzq8TLX;m+isB7iO!!c&CoDYy)@gw|(f&X_ZRgGYLRkU}ApG1ouM@V$^5$;ir{ z^SnI~$yBxRuT#AwPnj(<$$s%-XONz+dQM;C>A<4B5-hP;y;p${I)3gIkwK#vwh!2! zYR0nZ#^vVTfg|jb&Eyv_8b!8c0n~I}*VM;Aoh{zq-~Z|Q;+y~XqRQSUpc1GC!K>iJ z!}<32O$Y}RN?=SSbwSlO{Vi@O7$-qVV^ok81Mtd0XoL)b8|ZbJ3Y`CT?K?G(O{LXT zy!66}ML!h5&(!+jLItguF;7f-o~b0obPnK#`7r3=@|CJ7b6W3!`nC!7z)fD#8|d&V zp1_chr!cu&ftKb~0hKH0ueY${yq*sAUN z{iOSl*Q`LU{1hS!Qd2r4Wd8vju(PLU^4a}s3WV?2{1)XD8;}*;=}~0o1Su*K^?xf%~4rm5^I?wwlh^eb%g5A9UYqOwid^TQc6!QL78%0v9b?wz2T@m|o)>u9#~8ehDr8o!-kT zbaZw;NM0~H_OFdg+u08)I>TC5Q?8YPK2>%1aoT=8vg%IfEmax$=bdKgEZRHjmrq4G zp|QTJon5)QQ@4@)>H$jg<&bSp{u2WerR{l9Kfz2xh>u>h?R@=WQTurb(y#H?+3RIE@KfGHYd`s%}8@ z?NvI{Uod17c%cFhQ7_x7}C6S-nm7O&8smm*Umd zG#eQ1HTB=!miM~~G=_f3i}JjG9~+%b8z}Roio{AGKWp)W6F_Kc@WF_fDLpl5L>BYw zn&RE<%jdFo`I5K1nI4 z_S$~+8E?v#ruQM6($*!kkHfgnOnnUUAJew@36=&aTwGFHTdM{WOxUrb$1(cy#Cw); zfAL9APZ@vJDY{~yvE5P~JT*fZqB3UZjj=f^>P`SzFL-iqtU}?V!;o1@II)9fN^ZDv zx>EBk7$yDzAt#!Y(!Z(VY*h(a4bH3F1l`ZU;hJRm6y__P;zRXZuHGF+#NE$t=c-l~ zJ>M>L)DFK`6r@Bcaai?l#Sk_V?XS2@s%)L5jfI^zIh8WJ<+N$j9#ci6fd8m77npOg zH!CZnsmBGhdu!hJKMTL#;XBD9Rm$@>+I>-b_ujpOg@uk!p~5s(iM+-&73!%0IXxC< zjQXo+=?P^~g(2u|&uojhVhGz^#1Ut0~K0meScRx3Lut&bCqP-%Z3bAwd3)|+-$ zz1z31N!vf(z2C5?hL1Bj@7i7S(0?r_`Ym>u2os#rRJvd!bMaoYp?@H7_+910pZvfq z8vKrt81nwM$@gp>CI++ZTw^FvZws519!zKhr@!lO$A-=a+X@WI%{oZ_g&AB^!C2s1 z4<7tmN*3a-!>1Kzv8Yq}TmCS^&29a8YxEeyo6 z+d#+;SQ-CpvmhE+pYI=`NKR&$yi2N^I%|oA;wIBU9l={tTvN~QnP3r&KW9;G_Ot6j zVz~?EaRKr(n5ir-6hI|1uMx0PsMc9mGpzwBYKprA41>Esn<3{J4jr<=Ud+R*eC(Jp zf|#+!#grlt9CkkcdjH_I{@F-|%Nq2Zsm)*Cx_vv067VceILvEBw@O+$rOu_}TE;2GQS~uqM!i-Eb{t4kK zip?l2qm@N<9KF}!+_>e8Tx0NrK$z9EIhXz}Bg{^oIaA0DB1yLF9Z*P(2sih`ppx@ zL>|a}*_ugl17wgakI)<{2=PdD-dO5x1Dh61|N#y9g+s5{RH9{(Uaa;eABg+>;{K0Uj~=RN1T@k!F^9_uov6nFTVjVC;7MSisp1o4%w<3JI?NlD1;K5kQ3tZ6JTLEa zpKxlbifpvtj>aB+L!jm0!N#&aDT{?u{nBokE($3`REkxVm9r$i;c^}L^1-eP2YpBD zm<%=`q!e(~%F?9xcnGp6@6tpty?tAPeSth$#diKjF(1En^X4g*v3MAw%3Qtcs}+0H zj}{XrPn8qMznkw8irY{4`V&{K7{Ph<*g%YkclX@jj1MXdqIj620*C`z@}`*?xUAY3 z^!`-+boO6GBT|@V3XChF^sk+}yKs=kP#e+6;0>1UVZc0$MG#YXA%tVUZoK2U$hagv z>x|3%4Mi$d2gtz|3h5(7*n)wxJ|^P(T$d-UkB^Ta1o+U@_b>rHYoX9F9ct|1;UPn= zZdO<8A~&(Ox33t|NKAHQSKyazZ#+1#9R!D&gm4M!bV5)Y1=LTY2Zv1f^j_(?bIzRN zX03{PaNwXp-H_)&E*2G=O1jw-#yn#3LTJlh>Cjy%6oE$H2*IM&Y3m5j4 z*Cu9TRD{hHUjiT&uDE>pvJ6QPse_Jk%d!HU)hp~y8FUX(yuC@UyPk5qZ``zb+xqA5!xT{Fp_O~Q#AMojyJ?W zW_6f)1jC5~*|n{Or2#AOW)essd9T~LZ$%&~Ca9T#HD+74ZNpr)4@AmVBDUhEYiHY* zCaquZHn*^@mlX;#!b2X_Ktx*FM+_3Jo zrKOe3Y;f`9v50>*5}MPIoAp@npvSb#`OVN^sE-7g3O0;TOI=omezX~DU$PjQYWy~5uf~RYiT?~zw+?A|rC+qf$!Nel z9RP5d>#nD#_Z%FR$b8WI2O&gc3Ifp15Ohs~D~g&-QNPiam2`65Yh~RisQ^T+fzZQt zjbAPkS6^|Ar08C8OH@lOlgXr&*NzR47pQ0MEJT#zr%8+AOzqc@DkEY>gs_@sydJmTDCRP3JD3xraj=%M2zXV z8U~K4MW(C}cy2LYFds%?%ELj#H%a7+tFIc48&cPS93lw{D`n~d*2Pw^k3dF_$)Fg{ z(RM;a69u*sf91iQJK<#NTeOX<2}VO-+-V<7#w@x_Uz0Brlc3#Gc+a59IqAz*yQc2@ z?kSO}pN(3VZA0qoHl80JttGVu@6$g$^@fzdEi}{l*vA{BAPWTO zxOwyDDro*&q^=@_>%A9Svdzt$G&QWl2&m`dj(!2j@T7dsa1^wpF|IdFB+SuZPB4yEt-F1vhQz%9{edf5|!87c?C5gz{ literal 0 HcmV?d00001 diff --git a/scripts/release-analysis/time_difference_plot_argo-rollouts.png b/scripts/release-analysis/time_difference_plot_argo-rollouts.png new file mode 100644 index 0000000000000000000000000000000000000000..4a24f4912b2a6fc5a56ba66c03ba6219cacad7ac GIT binary patch literal 75003 zcmbTe2RPRM-#2_JA!L=2tjuhZY$BB?N(fnz2$dPxC6yFWY1z_JgoHA)8&+kMO(C*U zl=Zwm`d`=aT=#uH$MHOmmFXl$Api z$_jHj8hmGx@0|$#Q1#wn?tS3oQE%VFo{p5ghrQk1PI|i?vllq!=;?Lre$1 zb=6mB?^`F{d~b$AwPN+K#@*4t5VxbTB2=;Oh1FgahO}0tt0}0B=MFcNjL)e{XtPkW zur7ba?0s~cm-6rLtn%7og3DjV)S^SW|GwzUs1q(Of9X-(N?!Z#mEx4O-v3@HxXSLV z;lEejqwHyn`1jIvp{rH@^ZqO3{`*ZS|KHy9o}AFm%iHo?KDqIpxBmMhzdPCZ(ZrXN zrR}Qgb{K!Jd2rx?AssVwz7H4kubJ+Uw7qw?y8HNq>!-i2yC!y=H@2c6ctO=ff_%SF_3EqnG1QdymB+MBL`=+~K3>JSqd>l+qoZeZ z^zy`nd(p3!Lj_)gQG4xQdJQt+eXU1@zc_EPZ%o#{7#&@+i$Ca`Y{~43l#~?54Z=4H zbN&|Y)HSg*^z0DcyqPUzevR-jE#^^v%Cd!f*4P*6&W@%HW8%HBgP zxCo(IOY>`;>f?LIS=3Jb_^jwX+`LNZWLIUfc9`6$QS%{h)p%7Ode_#>DrT+uP=lK? zHv+7D$2!X6RlN2+wN%`4ta%{2)wbB5UFk$e*&Rh!IsfUQ9OkQUc33P~2?^$yJz|^2 zEjT>foUZIYy-C9K@wuKJJ7qOBAx%xbgIPA=<#uJy4p&UH96CAKc~tOmqm5ths>qrP zOuRZ+J}Ld|`x_E9nu<<)QOa<6dj|(Egfnp3&;9A2_5w-mg5`R0_?{-Z}ly;XTXx_pto zx{jI(m&5(ksTUTEy1KvLeNXDa5m)6nzLm4Dr0Xc~SlQInq|_o9;mx-jabSTnoxYycdvyn%@pXjBj5W>ogfUOx$7%k*zPo#PXy>2kWMOAtrOh%i z_G&y;|AquUX=isy5Gy~w?NCYS{1n6I{FBTF4<0Od^{W52Q(}30t`qS+Gx%1Ye~+Ynp|s#{Jn3@_b#SI{u=(DC#0 zb1~9vIoZYYCI6&siv}~l=4Cz&|FRDs*2>7p47FtoG4UwddAz@}L1`jnX(r_1fd@?S z2?@O;Bazx+H0+iuT(@w`JJs`id~C`<6Gl~1QsUg2$%|cmB(jyeB}!~;Nz>>1I@MF7 zbex==AD>vPJ@mqjiZZ`AH}2e?BZ7C@|G*h#!DoFWHL-M&M(amYSq4ZlT%=r zZhZLnX#0+86)a0i^itue>7o7J<6XSL!NFurnVWOj1pjf&=o1x`5YKRGT$<}%N)4D9 zW7f!O9cg-WK+OC5$JIZ-z3=Da7fdz&{QTJ3oZQ^W&#qY;aSb9lq+j=xhfU(Z`t!Sk zD-NA34wpQbY4>O9>#fa>^es;hiD}G4%9fN(^j0(#2lz@^6|f8s51SWyihRy^lj)<2VoR27^n;{eZc-^NpF2~PS<#K+-o3uMar?e>eRiwTU|yV! z?gPUFchtjzf&#s))8%JZacTH(!OPF!zVc}Jud9jX-_@FFZNQtgNkL)l%y_q~x4NQY zUSoE1)Xl3`L-DZ=wO2QCZEbPZ8^qf6ZFfJkymxycw^qYfT6DZCHuw+~;8HRL+IMcxEs$fGLcYxjIhz5Gi>nhbztxwdaaaekT5I(41q$ zW>K%cyguyu^>t6IUvYH4@~w#x+C?vIVOtuku~|Vuo>b&t{?p^#{Nm!`w-jADs-t)% zi`Rd=zxS@7ga6kX2lo|vI=)NN;>QiCyk?{sfqFwl!Kw*M)CfpLMY@HKw|VpCXMuk_ zpCA9ifisq!)=)&DA^ZL3U_;1}sQ`2Vw=XZ&gwd?g!I~QDe09M{YhfL>S0(l>3lEQ* z#{!loLxSN2@dNh-BqbSC6PVCN6c&GFg^)8ce`ZI;#>OV+@^KToWqV)YS%IE*r=+Tq zpgHnAv<&K3r+&P?d$J?~HL5=?TGM}Ya1BMqrsyJ?7++S=6g{~Jsy^R)aLJuN++WlD z;e$NZ)$HHD_WjjY{C>APWjnr&vkzikx5am1py)oO2V-}v;95_+ctmOWa*>t7?S**+sJY*(~(k0_qGc=1i=>|}rVg#|i3 z&A+G)7>~42Ff{&fZuf4+1WZKCfA=izU3(I?zU|l`9=QeeSEM!Asih+KWjG&b@`Fa ztB-$v&g$~%u?R0NVA75!qStmmG|h->#Ky!=cekcLc))P@@L?S+X6Y!6A#CgwlwMSq zn^B4Z_R4-_x5hAtgJM*S^_BJ98tVj8QqS{e)6E9W*}h$;cToh?ajmPkWfc@Y^v&%K)bKC1xuxcNBBkIl(8G{xKGvHK zK8W0d;kJ{d3!;=~v+X&@zig!no#+Y}w@?r1DLZpkKb6+Vjxt>78lrss_{Yh6}UuYZKH@8&d?(K0n)E#!{!FoCC_x zuc6SP>KMj&F!5_z`OiN~awR<=Wn5M;bxQcHXnKE5bpQ15hvt6%ka^aHzrQL%7Ju>| zadLVqPtCeNTnT&4&);7^8hvwhSy5>x&_tgfz=z3d4MD*b5fKr7i+=_^mKKAClXj+Q zzm1b-kY<+2#NrT8Q`>M&bZ<`EPt~LExcvP5)&+>W-juQK86S_ndXV$%`}_LH@~|oi{F7qZZIq}U@%E;y!%$<&#mLBOiFf1T z&f}suEG;fHmkgW@IC^ELP+wo)zTBgG{Z60m#pY;Mk(HH=M|Hj_Yb)dVuDSBiJ_2G` zS@#chV<(Hx`JFg%f@|}Ui_-;$398s*I>r9K?qw+mEV+)MLqr$ZdU{R?IkoX~Y%jmV zh>9U?`TQA|L0Z$c2Op>?dqmgv_4mhIyA}q3a40ZJcO?yDXlZFkMBk>Up&{pZ_0wzs z-J#LZ(cVS-({>Jh&XZi6DP3asug}OTv3wFR^2>jCPFzWe)5F8V-OFn``v0ZCD<}r} zv!9CrxDAsuuiUipUyWmIp2RXw#j@dOSm<6_q`k5;EMl#gB~M8I6(s?>6~TYL-n6gc z;ovZHHvPJ^IHUF4x#_jNO6lFZ8&GQ_!3O#}3cadc=KIM~ZmFO4Oi`vXFLo>0WdHOG zDrA}SmN%zt1ylQC(=W|QW)+&k4)6}lDf4F(oJtK?jC9;aF%gm7OIp5TR?|PeaOSzT?)38mSRXpWX&cCT zgeoPlGtiMhFXN&tt?9wz3w&$RE}-t+zO+4Lccm4}1;?LFprU(G)Q zYjt<-6jV|=s5&?@a%ku;?YLyMS?7K+GcKdd;HaYL1eO5(&tXOTv^FWuU zoqt?Qjb#;B%0sQ4V?O>!q<(YB@6WF0=<1?-@0`OWtpGj;Zry&KG5g_SXUcY3D^Mz} z#aW?K<6Tz>G$03T_S7=GDQ(wH2^-g1`NTZiL(B*APgut*d#u>Me}8!Fd~EeT_b0NY z^JK4VBarFa-IIa>0u=5mGz=V4n@mhtLQ^FoIF;i5{2X-n_U^VH*7_t^$?KXLT9-U- z6c>pc`k>QA)y$f+6s({az6wP0$Fz*}3#vjTdhTL|z#3tuVM@O_3h zf4@rx;*@V`2EBBf>CACtKo5y}dMMvA(7NPjy;@btu4A$4`^&QyXsrv}sQ|0Z^7nti z%M$&+ivy3f^!eG_3(n8aU*i1&+CrZYFk$ZOyosD7`bVV2Gy|uMdB;flO`9C^$2Rfj z)VFMzPT@~FJ0la-*tqZ39#Irui#um%LjlS+%F8$P*>rVvg_k(x=H{~U@*ejX^{}OV zYMG}4Dj;{VOWm!jXgz32MXPPd72I`BwG)DZuC+O|#ixIM^BXUonW*Bl?LjxKQD{(K zNx69W^7Y3FY^*WI2_@j;TPJuafVPjldyoX;&93Qv2?m?zU|d@*RM_=Z*aB(UGMVxkn%FPovSC?FkdiNa764 z+?gi6MWHD0&yRj7+$TMGN_NKRQAN@S9vqRYoJ zRB7qVL&g3+DdYVYf_R06h1dO^jm$X7=Qa#ghU3U>ZClV$;IZ?dD!pL0adFMZ+jG9A zJTRjXT|#ee6J)A{NUF1j4G?-uLNlW z&s|%YAWl`@l6TmLBkp+R%S_A6SBX_k|LY>hqfah@K+A+y~LLpsA!_0U2#qlpX8K3%~0<;yKRwybijvNhN+yv}YjY`*4 z8WN)Z^PK_~Y~^FqjD4t6g59Cw`X~%NU%!T%W|)Utn8_d|lN`Tg{)sDS z{kxC109{9pR#;n+H$*R%_Z-lBe(VFy1EZvB@E|F(N9y(Se||RQpR^?uM`%}+u8z(M ztdBF$;Uc3CBxwc_@qyg8Y9Q~X0uP7LuHp@(*rFHN+|8fx)6-{-hiBk3)pxb()<03jrFN#-eCNIe4 zGBMFU)=&s#y=8=iw%69z%lu%`)n%%=v(*)3v!u$0*>y?yg>1mHy^Ww(=RnpN z5)%{8mfNvFE!lXPOJ0X`a)*BF+@n{>`p`~mTIaI&xqTIV%8AaGXU#I$A;}3}-k@X% z^x-$E!O!tPfDZd9b6?udH7PhS9Yez?0lKs9zrLIHqOuXFzv`)(B#52GQ0J?BFqJqR z{%f>{#1fP}bo|B&2dQmsZMCyn86ag6MIqcaWWn^M=*ErODA4zM1_#9o3JX_**>Zwn z?0cy3Az-{%3>ZrXkdY1YQ8*|OJyZ(G>A6hhNliw|;rZD~k-r5NbCbhu*=f*A!*u%3 zoj=dfZaB6-TVoU67(6(x@!8?+kdt=EaWU%n`4z|o{q^3cs`@uuUVXOMZu9MP=y>Fa z&e~*g-r0IwVia%H)~%2Vh`#@!ZD~o*z`%4{oGbI3=2~j)wp^#^#uvvAmAAKBOiWC$ zfcptS_p9&Y&UQ3+a~s`WvkCgZ0Y3o7bIHj9Wf zmR}rzxGrAQ{{~Vy)SS*hbYE&(+J3-A^E?;Apgn+41m_;DWsTWf8=K52HNF4Y@o)jU zeUD74#x!=5Pffpe{rb6VhnhY>w2N1+glA+(s``#y25K)&mzdwFtLtbKM-AC1BxK+Z zK!4mRI&w1jx*%%sU-pDI(ms{t;c6!KMjxUK|>mB*Rlp{N4d&Lf+9 z!H?X1ee?aEl8@HaHIZKpK1I?pwc=uFHilThn@n9q8~TelQC`6*w`559lxJQ zehe-x>4(@CG*8W3N8F|4wvOO`;wqZeM|rD{YKYX-v^}Y4d-7mlmg}w$*WF*&d6Hrs z*20Dm5*F5d!)c(8i*T4I@91%HUs<*a$+*r;OzaChJJ#2?0zIHAh*jbL&07Xs&HIw< zxVzCPLDg~6oP}C<*RKB3r3G2EZowKZmVXl=Mne$TqBfMuSY=u}lX|DSXB zbj}eTiiwHgi2mfFIKQxPSdMF;K;u8AP{lP7ZRRy=ZuG;sB40Tm2LL3`eYiL-?-YuU zkH32R_M_TUAN8Y*R%ai}vjiI7{HoM#M_=&Lf^XnNIW3WWD9Nb6e(01-?}G;gB0qZw_0Cgk@cuT>5rFIy=v8NQ79z#?mFYjwW3AK%MDO-(~1C?WCYyN^mH=8cMq?BFYxE*ab#n04d5D?q1b zWVCC~9!845rcHXk<&W%cB(BPiNRHlLt+qF#_Qor-Vm(!Z%^pgnE=H$BlO7bxDg?H$ z3HYHn`ZO6*0dC z=l{dzC{lgDl572cHXy%4E|WuUVr;*ITgzd$mII!Fm*1INN9OZxW~`Ns8#m74YVQZMj_eQkJxa<5&vrcy87n$i zk;lXr!p6FaBSS+ekq(B2h7*&M%>Jws#-Rx$Hw;O`na{X zw_~-J0fE>IjYw)}6r0S%iD(lAg~a>K5cGUWR<-J<_rUtmP}W!EUZADBZfrxP$16FPLgp{GTr7<@f&jQPJ5J zVpzA3Im0qCGM)=th*N8C)7Pi(={4dSHA z0T@}ixHcXC%=vX-Kmf)G-h~p1D+S=)(8oQQ?e{)x+CM1eD?@1EyOQQ$0rnkr9-IH4 ztLvdUWtH0>cy8#Y*9LtI-R!V(AYvRHk&c0(0;*Kwz1?f)(Ng`sKYDQW>QxHr$lYpD z+C0lOH}p*hT7!?3avpKbZ2_W&C19KRg?$*DP#2n@RFn@`Agl*Ll$zBPVi&WmT}x^p zF-<7Xe8+9TN1wa38^8R9^FI$!TQd|D1#X~W%-b)^e*MF~I>pt>Z0nK9-Ph%a427PS4&Jk8Ps*CPRZd0x? z9>r!EJM8QPzJGkQvP|8p8`S3VdIcIZ2gvD_=T@(kJ5tN?NaPFd5%C@`b1TxHEdIp- z7d;GmOdnWX&hPZ)kU`AK_S2%=UcssthVJbdHoy9SYJB=pG+*yjert|d`R-l2c(PJs z9IeZ~zP*Y1A3%)eEnC(BB;kr~M`(ba-60?zG$xgp=%1g9Q|zV&>d0S?zQ1ES8sPT% z`DzrR9jI5NL=ke8aWE^c9x|8x%vdKli!P`Tar*3_O1Wi|g{rIDhC}KvQ9ltAzp||J z-k!^IQ_80jBV=A>`;O^C4g#%N1yBr-wE?trm0hBu*&~x#Xfuu34!dC1k`Gl;Q32CP zosI``V}NeC3q9%{sWgZCDkJFV=t9fww&ATN0A{o{$6dJMwE4Ci1UnPRa_}4X-q}(P zcw#WEiUt+1#krA!Z{pflpxZfn*uXga^5Qs04dF4Te;%b=oqC6&tCMb=g4<0A?GBz> z12r}j@Cjg(AYZ6wX}a0%vA{G$cD;6O?WxhWGs(%x#>d;nKR&uv>f>lgLW7LRawMfx1i++C*j zr6Kj+y)PmIDe1|NWh@&#qkY9su@I`1*!@c6L^M z^L^TyLqv0gY#;b{_yM{7Af^|bl7cwU$94dT^UZNb^QxUk7jS^QGuv9a7+$*gmjQnH z5-n~ecvY%7{{v9VWHdzZ1!lAp3IJSuJkRt@V(`!WX%s?%!ey-tPCHQ58jNH@Kh0JZBJr!kon&5S>$aoHO2RuLX-RNF?;Kf z6DNENhAt(YTEit*);9?lNCbbc!TR#|@7GY|jx`Ib&vbY-D?-k%0me?hV<&0$q>L!n z!-1BT+{CGbK9GzPql6+B0vxu2q&cA3|Eayj$1@(rtXW3fUf7uwx%}5%`6u}yO`nYh zAI{G5nCz<>>L^q=S|7if^3eL#R;;oMxU!{ft6!FuYEjBsTMtT1^YZgY-@7MF7C7V+ zie1-=<3>j;`fN&rgE~q>Y@-gLvg}`VU;*EVkL#JYp}`kii(w{ zk4>^KKI-vuMUU9GIG4ZIurU}wqP-*bBfzzMX=NH0hEuKtH6k97_uUD?_1kdz<1;J*i8 zi*P8V?!d713P;I3#3Gf**yrfzb9U_OSI6u)TNY|WecJoDwOJ5|(*Gqxhl{TALMUc3 z{AfJ`8%0;lu}|-ax@GG`(2$R=E_0gkqf5o_ih`s=s84gdD~adUDlwT-R%onowtZ{+ zTWJmaqGhArB9{gx0WD?z&tOt?U=$Q0!XyX|hCoiC41D|62Y1MLE}L7?1>#~as2JUv zHLL6lPeHdix#!N7)f9lTP+$}^oXEO1+S7i10?Nu zTf5-&Pf?VV-))1%M3RSh?b7lj0^7_U*#}_0tD+{>*4FYTI+Tn4e7kEr_Z>TaqlN}A zR2vD8cmgH6P7m^ae7Julslw>p9#aFmQPLloHxNKHF>uYOuhX}?s&w&}ER;|dvO6LC z2wMMy^yW}?iJdfOPcN@Y#W+fB4DVjrP9IXnBpPKcLWR+G| zMyw_JDYRWXNNdIn*%wZaJk58X8M7vSE3`<^1gV$4<1+7et}F{#nzO|nE1K<#gf^uO zMJ5~h6~BOho67Y-CW7MPt4|h9(g1Tq!3%QhE-5x=@1W|55KAmWek2kszZYk{1Iq5V z`UKbg0%H}-T9vgiLZmB$GCPn!*s0N5-d%Ndt05^?5FyXCMe6yPg=4> zKV}?chW;6sDbK}d{=#iN%nq|ra|o4Y1Ag#GNZthZJHcKf>!I0axRjervP+V2Uq(MW zTAbF>)ag9=U`_R}w+EP%5Bi=fggOd(MVv!yBQyU*NYLCgp&cxdyfLa=b#Tepg|M;6nN=4 zFZYeBpA?3GSSpH6|7^^2JxKCjKzZfmx4R=Q@|>}Jy39l!->joM8w$k~DsIh~f9L^mHg9YiDVriLtc41Q z@RuQIu7x+bZRbuJm?Cm+ZF0nVfGXr!ZGd-YdW>bry|_N2G)s&^srF^87#RDtPR(J5 z?!9#&HsOy`uLb3(YIB0SIl!amQg%<~nMD3{|0<4~aovNhZ%u0k;xAs5SeG%g95Ahu z-YR17cd6jx=q@YBKLdWtxziZIBivpwvA2aZqV~S`ul$4$j=HcMGZohlHueaj;hhJ03ZQc#L)Zc7KsL~~UhRnfiSP%zWX<328Cl6q&T_%?v-Z(iXj{mNEuGn!MrCJs&s4%R zB?O7VtBJXGdKdC<461EP&`3 zF`jqohvl9GRd(B;U+jp<@CPhF6^uY3vxfrOoW0z3RW1K=A{vRvB7$&wFTY_k)S#Jo zz+A+wfR~fq|sQJ4b1?xyih}uPZ9x0jwb|-dC3WhyQ6wz;DM=`VkC?N#a@- zW8~M*_BTB~~kvQjKsCh%G~+ zvrr`Y)V?AA7YcQlWR}2q<+y(y+$$n1+yf2$Y<|8Hu2CZ*Y{U^%)j~cFp{UBfU@%N= zkd%8hea3&`@QG-VsRC^85kqv zLk8aNLN76}S+QkBZlI@fy|=D58>vrHBjtJ#8#ozDuBs%u?g;rg zNzPHer8<%3CnzMu%E9rwaj+9<1C(24jgY~5-ubDwvXJ9`3e_Yc8u z0Qq2ILub8dAk6{s==u$G0oFK=SVd6yi`r@;+Jx)OW* zYGPs(GOzX!{7BdWNtAzr?LZl|_SIMqTP0qn#)yYH+;Vo5v5vwp06yF`zF8;(6EHB% z-$`j9%ukJsYa>b*B{V6CAAt|2YgYM1?eR{{AIf7}~wPH1o;E z{q3B{?Z7i4Tv0fAs?9ti2eLtKkf;aCWK#{%gSG2*@Kfme{P4*5;KUk2Yfiu7b$Bg{A$(STXIxtr$&iuygyz4Mol$L zS82Ws6Ny`U?$>A<-80Kz$m^4G`SS`ARh5IUuP={QFi+{i?+ql{0h~lay+j;^5V?v1 ztB;m~pdzOlUt#U$u*8^{jm58e5IrWL9g7@lXn1k`zp-twv)jE6CeUR1KUkqKB*nH% zceAHY&}=EKQ#8NN@iPN6F|BWi5?&=!#LLNffn?F(#3>pks*5kEdGt{upviYTN%8pS zbwCc1QytLqqDbHuKsLM{&c^DsqCH^SWw3_%3on-x5P=Nr7W!ygU!HZ5-+qbdZ{VRg z9!ufj9iMhcUV=(MDg#l7KR!A@#w>o1bxI~^d3|Fffix|xQsdIN*jPuJVxTtS6i%Rf z3Chc}679k8K?P*jY`;l+;zdRsCXH4*0wnVlAEhTVSKUx|U!{5YGF=uU}QLA5)AUN!8E5{U>n;?1)P|rPv}UQVubL zsBMvecN~RTfvC_#K@WzCQGgge2q@(pdrty?pitT^wAyf331p{|+;;ESSQJTh!AEay zUO?7uh)qokyS?ZdVlUqU_! z`0QQ0%37i~AS@%5xq#t=#^=WlM23*!K|~F#N>2THs-KIvI{E#<`>RInx^e=620`gCyT!9J^bkj5F zCvzsq;ZtL2$#W~6xC}MK?#*@a=;ExKH#t$GE|EYsq81eZ&&zH)q0yLWp?xEMz) zZaUwB)t~_`Ma-^HNZ0+CZnT49{IYeeab`W~|#BW&>%SoDTw6$U@zG&Lbcy`Yqdl5$pG2W$`!r zvtuzglbr_dT#b)$$an@cdmZd(1Dt3PiI#89&n=&ROs(gDx8ek)3lY;~%RCn{M*(iT zrcC|rqMeZn5KSuW?tsRhaRq9RsF=e}r`Wo=+<)H(P^$;I4m$eu1vCFFx}DK{$Fup1 zi|TSJg8-+=)COE4l5QCGBXTB0;{U#$E*8Q}l=%*Cz4~|BZu(nYasniQVktSlw3!(h zb?xkutFqB~YkdL;?6YI$h*(LnRno}pG;&H&#^=f%F=!-v32|Ev03O{_FB}`1kpX$5 z$Vg~d^4yMh$#buUrRvGQR4ul01}^++B{^<1fM~?FsCK5YLXWCKZRs5z7XOD-lJ|(F z)KYgUo!pvGjAnGNvYxrcgiFjnK1V854BG@c&Lp{!*s1`sHRv1Yz2^_woL&Wj=*g&! zn#d#}UP0%O`6t>L9ZlfY(!`|KS4LG8YzVG^@mMT>t&{2&<;m0IOIVcoRC92b9j zx9E)DJJWRQX0m}nM=t+gE5X!M=PlgmA{Ef4jvYG&7vrn|9Xu0o``pwnWfr)%>6PD5 z*ReU`>h4kl$#!*hfoW4w$b=aNvb2$&in(=bw)Q?L_qxWBc`M$2p(>Ldmq)Lzcu`Jv?-AfU~8v%rfP7j1W1(z^sN+h^q#n$v&4 z)6FwRMB6soeicAH6$L9`D-=0g6fkZ>ez1IH%CuKsVE~P#5{;qaIz2Zg{A=*TlD3wD96bQ#2KRAa-pu9shBhd;k zMnqu72!&NS;P(?N485_&tYlm3T}m5QFp|ezu;HE8>g!VXlS0E*Kz}0GiXi3})Jv};{^nU0v z@RO-v#U17+bD92|vbV)YXYg_R^lA<^^Lf{UR_|XWV8HK<^$ls*4nRj4-5S5!gdT#4 z5QC^Ma9wa-CTEldw6q7=e6joKP_A}B57_~O;cJly+2hY@M2DK$e8~jm!0Z#lMlqvA zt5H`@SsS+>NH`O1BYnhPzJT`YjCKR+_r6E;vSFAh^;`$_3IuXfi_iQHeY}uah$AGR zjqznxhKk33FNx2dk>mu6EE1B(zvLU$E8`|TTyZG~caS3Itmv+!yir7fHv5qUnKP|T zsWYy!_J-0=3}|3e3S8BJB4T~3+-keNhr*nsO*?hXm)uIhU1A1j`2da}YNuiLap+S9 zxm{EgNPDj_OtL>U;0HDq3amCp?l3b70a`QxaST7mW+ZTg=_EnmZrS2#Ho#^FkLcN1 zKgJDP8R27+AroXKuOg-F@&3_)2S{fHK$kgp?wlPuNK3IF?nllY6XCIq3Pan@=y)t2 zdpYhQl!Ou3ouQ}g_sG^U&%Tr^E0q8 zTKZlhaNY~q2G^+!v6p8dOTm|U)y!0r;Ix8z5cUhsRRPEujafqnv}lpQuVgoJM`!dg zt-Gb|B!c_w>7Mi4;tPT&xH92jo#s4QV4xU7#bx=0897WONKM5<55}2DMLjjoUO^}| z1lj$0E~fEXA$&xzMtbcE68$SFak92iHpTwEa2vMaVs1VDnN;8>hw_;)3ILU&4BVBV zzewFg9QGSSGeenJ1uu#^^dZTj8c!OsLE@!W`&(Mxsd`sPruO_7DnfeSY=jPp+%z%{ zlu*cauQ7%Lw3Cbo1PZxw;H=!=nQ@Y5Oa%yQ9G-&h1BnW(h(rPrOk}un?Z%DpCr{?J z7-O$pqq=pobHkPD&Hg^=V*dv>pRMoJUFS@Tv`-Iv`b?BXCri6dhxgjYDjZ*&GicX*9uBmCH7yUTmCVTy)cXCSIB^7!3&jp^%W;hKDTg75uzX{d zZK+^`)6t`;FfSe+%9p`)qNX6pt4WfD5N#~2Hb6{A?#m7e;84rc4Y2wrh94y950bG) z)b<|es1M;Xreu@ZWxQ~mY6+AC!R~k>kMDXFvqDOpTbvsF!u_JHlx1cE%=? z5<2&&{n8(Ei9bKz{Ld^_vxDRnW3eG%9u5ELG6II-=->Q(s*3yML{B*(|0IhGZ8h>I zFw{XM#@p4E3sD(W7yZdXB!!Q zyu0-{$x)L)2}qqF&=7^pZ%z+2tt9jUVvBoE85M@zsW7BK3L?c0nF?SfE=8Ah^@$ph zBtC(CmuLPO?N8S+V|Mk+KY^z*cR&7%e-B(dG8{(mx!sS?d7d5gkQa6U29Q2ODI=OF z{_^gQB18Vk?rK~PkC7H>GA9UV*IbH{Xz;QI9?d>XJHX^xPa@wi!=?P=1OA_Vd6TG0 zYU@2^{ME^y$~x_ArhSv1wh;BUE{9e_OpJD<j6#@iP8d1Q}&!kDc3 z<7a^$m+I%>6GG{ZF1io-XSP3D>k=;~x!wk&u8Rfhy(tsEAB0HX5x02QJ8ssJf}gdY zLkmYmCZY+20(4`-awlWw`RUx2CBXrPdml;7JpISiwR!$8%k!6*?4QP*Ln4e!F@L1X=- zeo;C2#J3Uq1Gz{L->!nTcf6V_HlLiIEZxr2T+E@jK ztk3Aip492z!xph)0f8mhcV6bAD%K3SZHYArk{ympcwI&Zy~a~nq%-V9qf1Ywua3SM z)7XQfzfRX0AWs=`gC( zSrd|^rsfQ?oP}Rb<9ah>sk+d)<1K z+ImH*TG>T2oRaPj9#|zZ`;+tbdly7=(JyoXC8X_rLc!5wJHOIY?ipgb+{w^HU+MyV?(AbLa9*RxZvqIoNbk8l~_F_|E z#QsYki44coex|lA(p0NChl}3cj~C}CV%?#O*h5qxGvuK1nscKHWHJjn>MY{PU;nAO zx^6ZxN=s~G+Dbrrt#>(>Jow476~wP&L~eCb;M8gwMlK3b72zC$f0ThIW*_??`X8Xb zkv&4Pm(jm`u)~SiJxqFW)EWQ};1;xYT_{!ba!@#SXs2 zEGh?riW3m(``;^dU;oFBD3iz9hy^hIiplMqC?`InW}0}WeU@up>19S1Ry2I;m3v9s&_r?BV;lJ&L167y*_ z6dBG6xEqIJ6axS+2RmYCpx9USH6fh8giy7U*mX*Tjn z|9RDu=R5isE!T8Re_Iu5^^I(k>hB_B*TjtC7Q2sZCPO^S!5c*vYQ&;Fe!w?)8hw>) zo1MpQ7DP7eegCF>;iH?$%uUJ7xFBD0RkcCG&Qh7OVErbz+<;R_`t6E;FHTF z{+{bc%xkJ=PkJ)V4wbGl{2u;~5AMOEQ!tEa4^0i;e0V*8%3%cP%%P1RTaHuHZrpW7 zIeD9`_ZWGW4()-*)C;%>&YvEC+TNfAzYl5X!2f!s?b#DHg`9WqSbx8TQ@(!Bgg|L- zU|xQIO%ah*c$7o>`epk>cad%8^`U+pIc=`SIu(gPtlynX>{CV5r?K&9oKWvf$LPovSG z$$m|3cUa;L2OSqP!$+hl7}ICWLEnch5`~oXDk3@}%SiSfr3{aAdFIr>M<#mkV277d zX8=`Wg5GwAo!Im#DBg#=U^wCGof~0o*QE+JJUQ782y{;v2ZCX8BD0f>H<`GB8VZo) z(wcb%p!jg}z1@v2e+;hSiVS=Slj#ytl%xfW+TU6FF&_=d_?$5^jw-v8@aUZTh6xh8 z)R!0d*r2Jk><>QgvZ8kj{#L5XD`va+Cq6>4Q~UH9>SKOKzKuzaoLPPZQq;L+Gx|p1 zocOnPuQ0PUNlo; zF*pXX*(J!ZvF?!vQvu0u6~pS63%nmj*^!=A>Sff~Hd=09g)s>N8~g3!H;=txL~-?%9Hv6jRgg z+mtP{^Hci~FPbn+`a8tRcVuJ&lOwx-YYd&9se2>85m$SR=Bd<-2>OAD#nDD6!NmAc zIS~#-k_LN|U2xDU zbG^4y!cLdgQ(8B|NgegjkT@Vff}24$w^@zk1UZta_iS%?;T z9_dMBXQJM{o3C_idv+K~l@u1lGlv=`qRyd^->65IN`tiw$F2$<@dO@^L(+w0LqF;l zi#>#7WPDP6%EMLhec38n3H_eFg2r14Zx*Z!O}cAdmoP_4y?ia?UC@SEcqb%R1#?0> zBhTvSDX<*-?u>sie5YlLDptfm4*D6H>84CT;Z8G7*C!E4GKc>EHZ4@`w#j-QvlYCJ(p5Qwnxqm)~>1$|KS@6Q4RUU3;M7Lqv%srXcP%p7DamEnLR_ z?Z*$uprN;Fg7;peI_T|f~#x@HJ3p^`lX{7*ICj}!?;5TpkzP{19yf;FA z^NYR+!#$F}eRihpTEFY3v;N-#gtI5*m&4gNoC53C?>sViORdOn{l{qD+=A>s1$V@# z$3)U^eyOpjOFHB~+#W*vTTpXu~>Q``Eh2E2Er|L0uO zgMl{P{{;3!AdlQa9VR32So3urZv|J;(5#?9D0Pw#3m)&%0A195DJm*j-FNyQrN5cT z4>t{NpM{l>CP&ukt2S8|Y;66y%(C>qlM7))1wkt^|0m0{3>w2e|-8F zCCujFP|?#(z5Ty8El(I+$hOE*?=z^CYq&EPz@@*XrQbedV3?6|(Lfc zJvS1c{)mbKC9Mkc$>dQ!N%z!H{U`}B7vOU(N#g+ zxD+)cfB_gqhO{x%q_<}e$tfhi2JgJ(GaZ`Ok_rHDj*=M~L-nd_tbDldIS%#(yKE)bDJK92hxp7j1tvlN%dhHg z%YCD7bTOgxQtCZYM4!*re4LkqwaMXz=~=?`{qI$!_XoRhyq>pmEY-q3KaGIhIA&de zWSbm1E-8uiYbVmoayP%L;WM8y)V;Sw^jc`ab2rK#gXXUT6nGy?QUkKmxc2nr zM=}J%Y2!y6gmSpYR2195$yMYjc!lQ$9yg{=#ZF3e)lW3t9ogazf%dx0MvV=HqCXp? zY?Ts5XE?7dnwxnNU@BmMDQ7&q3tJJ-DXWIx9dpBRQRFs;H!+rr$Kvb{=e(g5#@F|Q zvAbyZCfE`&%@Gl~(HTsiH#;*751ugm`;R7Xi|f9Q2Osc}A^^W)TgH3Y#%7EwAW&fi z(LzF9etp*HS4RFY0p0+U)|KF-*M2A6ET1}++{5U9>UKvGIIcR_4YVFs*kzl%JCJh1 z6L&!8OnP^Gm3GR)A&eK9rarPz(R(BJSxy3y>Dsm49`_HOSX|`~YQWmA23Ck5m{p-? zdgCNXK$0g{IMAii8%ePptopKEbxqIB{F~R_c0}majosW2Vzni#ewl<(z?W*UrHK1R zlxc_@By2;TjtGd)rF0@56wlPTT}4z^%xMMXv7gG_rIF){vM{M)VsAJ`DiQ}~85gd| z`0|8(3oI+d35XsB^iDb=NHnpET5SUMlB@B2=pG~83cJR~>9>Erv8h*He*;-CQYH)= z7Z`{xgJ)gds8dE+|Ee8FZH>N#yiYZGDi?Af0!Y?i*6G6CyLWl=#U4+j_EmAX$~5yQ z_3a^IlJVy3O98iG$^SUsu;tFxxC92JVyTeNpiAxNo|INWbis23WCx`q=;BuO>E0+_ zvm9TzzE^_n;LdJiy#JW{(9umT_zF;vZCo?>aRR54|fz#x`oM zI@*X+9St|s)j#r1aigZRthQ|0dhg_IDay-hQ|;j6_0u@dL+V|4&Idg2$`%*h&2Me{ z61BqkMjdVX62U1dy@iUb-`=m0V~xq{n>yN{=)zuP{btPRy1Dwb8;FwDcGWc>y>jtQ zT*2ky9yZ@FGa>2qUpE8133@CQW@RwB__UiIRLcBaWm~YwPjQRbyrOKc_yZLEdupFtnN?Y|J<{XY7p3lw>0Va8+$0 zbfCXbOQrel?hz&29<}&#)g(-y7h5W@l=iQ-XZCh_MEmlh!jSI0BgV|ro26K2m!G^^ zv;Q%5F`guKi}`~`*>V`T#v3R z&hvO5@8fvAp6m5cJJWTGQX0An4X-YHa?1vV{o}|3da4V&@fL8NsHigQbLbv=1DiYN z>J&}gl_UKbJJ`=baIj{6g8oZ&JrK}|L(54Yt$S++Y6G=Lhv8EvJR4olsDCn2WCv$u z_gn#lUX@>gllhQ{fV>lVV;Il!YpXd@Ibj)W__ubKsK_t^ZaMi<;BuC0V5F{%7%w`T ztOIp(ob@TE*w@~iCXg4C6QKu8Wn^`lK-MuKk50`S=qC#Cd^p+rz=YqLu5L>bVAI%N z`%>XVl8mK|3@mHVK4O!O7Wx#DWLuxvaLw8mUST0a#_=*LclNnAJD3e5|C`E3#S!tyx#ZC#PFJK0eqTtmECg z4VCCoSVvZ73DiU)YFNuKeWyQQmoyC?imGit(51-`1@*_@!h#h7%j6J21q~HB2AKum z_Im?`p*9=0z8cT6plAU+OITEm@Gcpp9~6x3KNvn720nhqX8iI zg<2LW0QJmiL|MR303lMoGUJW5V3J(#CFVJ0_;C6Ug%H57)~JG0+_6;0Qn=H6ii1yA!p7SRNDI=Fzn8U-Lc=m zBtL9Og1%4V)~_1_ZnNU)h2xYW(ot=n(M~>JRh21LHPs_6big2;FzjCx4dfT{22g*7Sk3wV+Jw(yQzqQ4cKn>+` zP{r_?YTJCJsgEj|2Lr$ev2i)qXE{FH+%tbwntFYJ=vDs(J|2W8tpjTL2deeMaAyGl zOQb|E)c4#_0K7L{V(`K;8a-eqaEajfxOfHA z{9su-z+*lI$Kv?(BiI3(FC8|ME`72Et;=Ztlh^C6g3Ytv=T?51730F8gc#<(Tu@UD zS~cVeoiO>y zP*V1tyZuoE1c3q%0Nb&hP027OQnG3*yl3$O>pe|hT7EDljKI)U50u8!{TFH;u2~9z zgfS@HD%VCJQR@qJHy2Kohbi$KH9HjU#m_vcEekwlrawoKqUCu~0oYC1ytmN)0e9&i zO}WeH{jgtQn(jEN*6`2h*ir_}vdfFy@=H+q8v(#nZJ)yLfi%I{nu83p4AiYg{OxsiD{vxmQ(X3U1saw1AJNpT%n&4d6{WV&OUXW0 zOx4r8KCo(D3@aB`oK#c4kTy~DiK8VYa_3*lhULy*PZmLo2Er2s@b(LTm!shLZ9T`1 z&x#B0dO{|uOXi{fnr9iEg;mz#lm@X?zjO!M#GKmmP)VrlYuW947jDbWYeN>=3ghI6@TE4N1dHC3x(Q?98- zzui6GSZcq;N3j0!+qB9I-hUZx&`Uu83OaruI19*k_y=jwkU|gqLS3lJ0~pDfPv2t7 zYWE1fF`hhev{!hzrU&+&TB_WJ%RA+H?(U~Yc(|5T9$uI|mI!O?Z@bm|=*bgmAanLr z$51bkyt0s82AC7Qy4OZ8^Z|Kt&p2C|=i$_EMQmA|48!o_mwy{lVIS{~wrMRR(L2}9 ziEeg84g;;AfPBEvHIxA+1m=F^0sD6Wr&2V*4%K5+o$XF%A#9J6=#@M;T%ee$ao1)- zejn#!12*NUm<>5dp)nW)kRwqfNIO8~KLwRjELu60f(ffYVjLGLFw8650!8{Vkf4fT z_ym-W(64I$y#k^^3rHASSy=&L=yjf3S&WP~2DIN>U*HzO?cXZH8V=(Vq8)>($lVaGM|U60AYW1K%_V zoMey#6aYz^CJT+Um_QC>TLv~f5dH%a>w@dae3TCe5qQ~xLPIH#pb+{xV2hJBx;X_@ zbxP2uO1Q!;GB)KC2qGM)B&q}$`I^LDA#Au@-90%&6rzBUvjqgG&JePUl7W#N7EX>_ zd#I>_AtC4*NQF?z3ywz=9t^@etsx|oL2g?>6_B|YAU_*u`KmlMRaqQ0wMVt(gGAPq zp}3^)0L0yv=`VoA1CaEDbb2V$3#IRZ#$^&r1DKwQ zd1ToK{X6V)Z@ zZH~3Q5Gx70HGqBp&9Ye}9W(kt3ZyIM#ycp~_7dPGD}N8<2HHyiWGMr|y`Opw2W=~C zR3Z$ROF)+|0_)8s*8v@euz6K0h$Y0p^N#L#;FG{xQH#F-e>uar5V!gB8o2qJ2WtKW zW~qU0hXw=GKm23&+eQ1rKVa4y$M!tXfdQhd*I3ZGavW=JCrW|cxvwfH0b%fCt`qN|gGH;8qYn z!tI0ta3E|?8na5{1AZzTm?KEZ$Ta(pK`1G7KTTV6$B@q!1kbH)kyznnw*S$#gtS8v z^jX-&mk68tc$dMiN4i;A7CMHL@vBD-U08lT<*kK}9NB%FwGqsbMy~H_#WymU^tUv- z$gi`x22v5TRCk4ZIUi*qFJ1ilw;{7tNm^uk)2@^T^gDc@Ifg43^6wa-8UO|k&}X=& z!jT#uNP(1dPV6qOz2PCC-$OB-_JMm)m{@~e0g1$s&kI;6Yxo}lphhWRcE{$GP-+|K z7;-^t`t|@NC5nA7+J2Rc1z}8B*a2iVFe@G$oHV`a5R%KGBC_r?!yk`CI}{TCjN_v6biJIFBVO>J*MI0aL* zm9TPAbhePSp!UB5F#xX8gU}hNv#~YrznH;ohK%8Wi-5LBVHYw}6QkkwVTDvmIIP~H zZV$xl*FcJdxra29$Y%%^*!y(HqoK>iyh4hY>jRLa9=cDPLHZYjirV15f>Z!`B>MgT zg{mo}{THe>TOV&beqR4m$M3Rfd7-L{3MSvIs8c#r;V^$5kNd zFb3CGw7-JH$TLKnCMNtt=uX1?3t$2@j1~brEW>{@xK&zX0V23E+qaBhXqm|z0$KI{ z3AR-fl`$lqhYtDicm7^RkF@xs0qk?e_WCQ|ps&jxJ;|el^YmUwQ`N1Cw zSZ1L^>Z*oTtw+`{$NDqs7tS~j-o{`yF4fRMXTKB*i}(NVh1{5w$g+-LG%rfbf^8ZM zMSx+ScvP)M-{D$rrES{XJ-208i$NHRbdnBNfIJ>qs$LN?V-5NA`ltBm`njsj8q|28~e!N)?5 zL6U;d&`^M{q-1eb^=E_!RmqS_=HkK*C}?zF6XSA=vpFgDdl4Tf6y?F_t@B8n461_t zn-^Rqn7QFKP79D*ah?CrDcr(vK+80{q%v{@}u_=zE9Q`zPpQ-=o8t^*uD4WA7M7J=*3sevg|s99#}FE0-* z@fj)eqHxoul!HEzz^>>bwR!g!>cNPbLbo=Zys>gr&U%ec3 zkiNh;Z4$B{{`{b)07+XYF{K6#4S~Q;IKj}$t1#UdXv;C9ow8cbr;-n90xGxN*NgR? zW>RC!4_-TK;7%XqFumnIE6QN}g+?0LvSa1o3~KiNEs*XtcLW1AE)|d!z}=3L4WS@1 zLtE?dN9zl7Jj-)FCZk8zEaLA0x2d8ZHP>o`Vtg!^%-=C2CcR(Jh&;XZZMYWr^D^8S zXnNaD0HOe%Nr>3PD1tQ!EQLq*U#s^Y1RY%z4K1u0*$l`}6RHKBMc4k1n2WnxWNI__ zNR=*H1TGhRc$FdX_t6QFX6OVAq@f0X&Q&A#fHWc*GR?NI0 zRXPdQg{C8G9HqNfgfeD4-F2O=mUvhDk`q~3xpwnhEh*F-{~%bveFO~q`&a( z-&<)$wK^3cyP?WwByy^0E@HEcGw#EmhGADM*!#pQBNBqZ1qXb?z5s3MzEHE8@7=pO ze@zNMrJTLwv8TkKXys~gj0Q{Zd6O53zR)r^CaQ&j69zC zo}wO!S@6~&TvAwswg7!z%@Ha`Dj$f7U*r_-XWd6rFq?=yREyFh%3t z21>tIA1+g44y>Q~Au*I65H=(uF2xrYo`Mm~MQvTnJtG9RS^?1yi6Td#2Z4zn5Wx$h zKLFF`3gr>O(XC7}Zj`&Mq}Lv_eR^K$=SRv;38Fklo-b!la#3V`Jc2g{+=a^rZB|IH zB@hV89eNP|2dYu|L2~anOLdYTD^%e9CL{aC*o1jhS7I0dZ?fh`W zEXu)>PS~(yVrQUjc=eQm2_g04&vTf>(chqpoZRdsJ*KX1`!b=G606Q93oB|`wp-M zBUkIdzJER`z`C#x^otfj=}@_UF<$WmhLFT!3h)3D#qLv1m{;K^SLN|R#$K9av5glO z_FQ8XkhnLN?SJHFMjF+OtJep*GXm@LwE~RonJ<7yWH!YRqnHM+-%ocf=_g9mb+lM? z&+}v%xm__2(XicUrCQc99~X)9&a419gkhNIa-o4`tqU1o$;#*NOEKhk`X+}*sH7^1 zcJnO1r}4HX*LfE4Th2>Pjk3S#vs$oan=!M<#`@L0g$f-@0uQM%$>KY1YeGL*3 z!Ij>0x(KQ0z5v{O1v3joCx-pEnPvY}Rxg^c8ty&<(gl`FMfo99BC|XMHxg<-!lyqL zlk?BijiV|5s`4bc+NwrR`xSUyH+xR`Pji4SKRs>jiWDhqTStdVsmYwE1D81y)0%*t zDeTJJz$&wP=Z(qJ1dw&T65rSaKBF@hAQWWRRyFj7<_u`n4gjM?S__FWjF3!q7B>y%8mU zpqxCYa@FAOhrCj$RG3HrL0~cH2z3=~S^_Xm0JPqbWJ%S9hH5`nN+*AiE1a_&mtV{I zMf0$evo+W5H8*k^(mT&w#%?a}*q}kXV@4@aBZe0qaHa<0h7mu=PR* zAqxW_59j?KZUsLa^nsu*=TR3@Wj^m7P5JKaBh0-R7t<+`-^%?GMkzf*({P!z~9#!eeR7~x(I4RPkd?=zmwfe8@Knq3>`~5_z#D>a7TYp|QZqp3Z%2|x`Ojfyk z1iyW}S#=#4WM4@C0N6bLO<06zGchhJ;^Xb_%HzM*Lw_syU+i9x-`v8Vp|yiq{6jTM5bR~Nza7yY1dV1EATOD-cX!8)@h``lD)nvFn3O&DubqY!Riz`Y&_ z4BSDmCUj*6)}QnzA6sFYYgAo!mabnW9Mym>m%pS&zQCfENeYg!hTh( zdD?{#(i{h9ARRaa##6aRti$U+Q;+FW23}mETINdB3Q6+%G)iX~DO&Lve&L^D^GCr<|Cx_`2TW#1ZOe-5m-4FcbRt$4P%x+NcHB`O%5ktdTm9pj+Iu& ze{&STWIQevq%pft_LT3tN^?5KMg%Y|IbDl!7hLgqqY{PgA_z3dImf`dbx;d-pMSX_ zj^ZAu%O(J91UnOr4sW-DBXU#@olEb$*R~QROH;&PJg6=4{gdu zCNw#*F^;XUKW?%tSh7qqNYUWD>YqMgzg_vuykNU_5ho)?vav5xJ){Fq7aD9&7%-Oc z;oAfxddA|RZ3lTOS(w~Fx2sn@;3aj_eW0v(LW9X?BIsw$KmR1~l4iB7ufhXI*xxZ7 zFOvVvbNQd!FF9x9?ZS6}*%X6T5YmSx!C8+cSnNSRhr|o4_f6FrW#QaV7Emm#jNIta z9$h?C5$K~-To4&D1wAsb!XuhMm^atgUbNUJE;U|5`Sbw>g#oOZ|7rBSE-;&WKj@E} z_hiVp7fQs#z3F33w-zT1D`qSKjPAoR;EJ<4_-k6n*kA1TgCv*57r^W@37N+6z*y0W z`iJ{$^=HiU5u$5b|G?|^zQQ&0L%x3RP-Sa>Dcc0CC{`H$2)FHSa70yOMly$;;9lPP zPXSB<1u!HNpaC7~pc4NHbM~%5)F{i}8TXy_J4glz2^Ap#!yi5C5C&;0TJvN|uYm4^ z=mk=kgM!9zLd;uLjr#we!ZlIO7%~C0NAHLQr4M=hanG`WQjog!(*ft8_-8W;{newc9$)^-vs_maNbXCR@R^N)VmSq(k3iGfbyV(pYg)_RlFyAmv=oMW<(rb+I{TdmF58&Tj^Cj$yKK$nVz{1^p?znN_2&(6 zib&By4~3+D=m-P{5NF4C_FEA234kg}*2}elAlLVQK?=;HopcqN6#~F57!;PF4#6uZ z!-(dHIO%-<(++U-uE5G?gUTCo4??X_i2~D0=wN!C#awBS0B;#6913Ymyoc*pS)M=< z!2#I$)M+4<*#f+L-?6o|)lcoM#u+(_=G&!wrjuiDw_ti{+|$ZrL^`GO^3RgeIc&HM zGq_|8#4n4J!ca=kD0krsJHEj5Eu;blIB*g@dFWeL{2?_I0e$p}Bo|>)QZ1ZAzs)OUK?LV5Ki;YVx>c zQ@C_XccApEp4xO5Pbq%yWYu1(RoGeoD}z5>Ma1tMiK-E_K9xl~#vB=2rTzWU@2l0s?r2P+lo>o~alC(8PNkpm$7 zcT%+k)ELauWe&sT@5dL)XvkL|d<8rljVsv&@z*9G&rz_AuEE$Bl(e;Ydd+HuKU>@m zKHhwMs=Vq>L9kO(R{Nx>L^|bLwQ7Or3OczC(grV8lK6}_GI}$w@(#s&KefC#jSoEP zTQHZUZP&4NnBgstAU4Ijb(j6`8y2Zkrpb#*f=ZZi*`fgbi`R@lux?5Z5+iFu7!2P< zBOYPo*3X|Ow+eKj`T?g;AOPgnAlke+kU<1#9&K9yH3KP+f$6)Mu=$X67n1=9J5uH( zWF#k|84ZUTv~_jQgGnESzkxU-Dq{v4ne|n&iR}xrmrJF+-AeDoe=b?B zk7)5JeIt<}024>98qwG>o8Pi%N~ZcS**sA&bk(%E1o8rmJ3RUq$#ws_FudK?0&XF^ zoTk3DY#8#hqvLEyw6I^JHt`dkPn`z~-Zgvlb2Wc;U>?bC@V^FE#&xdUw`XtOo?ST1 z<8O5Y%@Fu+BQqB+x3UtB*T#m1pJ32?3p<^Pib@%JN#SUqPwAl3m&0%X^p0@`C2r)A zHGr!!VF&+#H`0U_r4EBC@Vn zYWaMPvd*knIkLfz5IPJs3%!qh884`FV5>_HZ_C0sBQn6SgdN8l!j~MnJ)S*0t{^gW z$`gXOzaeu_U0@zzaT0Iklfg~xIpl|qg(oFBpeik_lw$sK`ZCVnG_ zahjLSPka-Vu}u3x8?go;JoSg=1G|R=q#@8k<^~ub;bj`xkx7`O(ra>V4kHe=4E}~8p zJ%R^Oe*X__$3V@O76J_ogeVC;^_r-U#X!x%_%F)O}r zmZoq-0g6kgF;t_?nWRXS=$&Omj~KTzdaNRr!7|%;SdwdzC&%stuhZGmq@L3RKuU!R zwkC$C#U$~<(EyD8N)D|*mg?{&_RUd1pY{NK((QTm#}N6va%7>Eq__vM+axG>5v3c$ za90uxj1Q(p;ma-um29i6FO|n6+60=Bk$Md`3G3%lcxR5B#{KnTcDhmX&CaX;o${VM z9tv#YCGdD_Sj_E%Q8}srG@v6IDid0$Em3=Z`SRSAak$Ii$U)&X!xF%8#pIoSd31Oj zTk-hBZ)MR!Sbi}j1sCKy!t4}Ji2Uj=ocZ_9v!(i9I_ytc9dL?9!V^HCrzKPTRURN& z!pl_KMm#cWsO?_Q1q#vO zv?!VclDJU72H>r>L#=+(5oS}%Hh+Bvvg5@eX_f?hof5laT@I;9*SvNHPE5mlBOvRe zHvrD3eJ3VQT<**Y0IV=~3Rx8(r!X7d92f$HCTXMDD1g6|+rOu&3xr57Wl=nCUACtm z?4ad>O+y@?NuXoop8u{wSK8xlZ-^WA4|Eh^>_C#U9M#;t$g|)&^@l0fi1UTG88Bjy zgV|Eq!9i%;cf(T3n!DT{ta~1eZKRe;rwMdx%GK&n$$mkPU?xX@`t9v;%)ORa@Y6Dn z_{x+{iBw+RR~PYLe9nZ2AvP!*gDA|t7@8!r;%pm0JR_t={1u?tjh$wjvSaAlF&lq z?fHTNd>e4h=Z-I`GDp??9qmw~D1NrIAfLbk=4s*n{YV{yqnG{a*CC7$*~8O)*Ds^- z4G{YUBCz`)HGw=D;4WDe|Lp^8TiW*ly4K7t>wBFhXcbHVsc6?6GUeEs%PG?VsQ{KD zPJWWNKEfNtoZg5HV*(>NfDDO3+M^raNBBDKbiQT_e;|6s)hY(#I#L8A*-guq>Rn<% zo2ex{GZ_fxhT-IT+0Yp0Q+tQ)=8?I`uOjVJ1C^2uqtWKx`BMxxQvWQy1U%>=QdZ_% zgkuCv(x9Xa(6ZZ7FXuQA77+otDlQl?{x(5XI~8QGA)A#djCeagp0b zW3oYhGtwKGm)d4do+eoDA{mvc7En$bpdD&$Z)cHaKYqOb4UU`Nk<69HNIF?1;Y?5o z7}vcjw)Nd5gZ%hGwEytWeAdsdbYvSyaZDKJ;3&{w<@v`B0pFLhj^jYc^?oAcS|AUy z;W4*ugedR>zwT}h1yL!&kPzWt>s!)+5H_(qS9ywBA5`~Z&j_tLGc%7JSTDQ{3;D8; zpaN)uarXI&+W@OFn-ryiT6Ok^(mv?aWl*qhJSV?e5+)5Yj+&YoK91VjS|n+M;a3I) zn76o_9|amdhSZ+vd9QiID_iB<&^M9}m`IoG1x3&JGkadDWO8 zWLOn%Z2zd;!lL;pdB$BPA84@I2Dw5PVaQ%d3o*0S1J#s`p-Jo$P>tttFe_`t%DzL zGYj}gO@m|Eu`O@pLZF|-S!Q0MpZGzpj8rDFb(Opb9g8W)A8J#d!OIYqP+&+|XWHmH z(;15rV?iZlOBumBR2+;~1?@Q5)wb2BmGz`}jWY$O79VZXCa02YwGAcIz&YPG(w3UR zXPc2*9K`<&LB7cw$BrKq^m(I}r=(oRkZf&m@m!3;M*fs@irhayI28}bGm!~{dmhA7 z$fAm-k9T~38?YqhL5KNiD{&lOc!e_RZm(QFom%^dc#$|0vs1c~i8Ux*{R$;^p3nHb zBZnj3Eb3^law8EYv;@#&BUWHDxO0vXNh$`Wp9@O=uVbeR#Om^%Kd%-6TZ@5_O94>% z*?_6`CgkHm8m14N&lF`cqDnsoGZ--$Re4e%GhFa}(q@>{n!BqdM9)_an#AN*(ET_3 zwcr+URanY!5@KNH5$Tm3S;{ef-F?}9`leO~1b3vh@AAbYY$|mWxlA){e3he-xOw?QnFNN5=TCD~G~2qivvQo30Ot zj%kx&J{lvoD z&LctB^y)`!?ij#B7V(>fUEba&v$bZQ}QTMRks*lF7XHqb$x!6H-Wzl>mB`el-lx} z$hbtm>B#NBwNNzq5gyz4jxowT$ToDwYEss*?T$k3UxZ3h(d1u{QK2qFRZT4ul0z;Q z_Imk4rv_CnCgn!QhYD8)!ZpQ~u5_09$06RYHH+VX-bl4APtaS+QxibzyB3FrNi1!h z8V5wjFOXlYheIvNOHcv&n^2Ae5qqpmZ?6;hXsOGrqym)-~HlAUGRL2 zkP8n|-8O8aCNF-xGw}Qk{f&V?tk=VR#{czeIAE9)3dn`YBw(3`e;{Xl1?k7!e9CR0 zobc&`JxP&V9SP$@NG43XN88v5Mu%YYADXf`UOWhS$ZhpiivdbjhLU-$5nO0oW&$>r0>C=97-<_1>?4 zO$ps!WW%!y2Uk~`OWHLBPc5a@v|8%;CH7bW(DLj$C+FCKM5=tFx4j^%6msQr!B6R& zMw&f_M7GQ88KoArjP`>?uK^ttW%GgT?05P4CmLYH2ef}BtSvEV(Ago-(6tu?x(1UWn{E~^yB?d2rgVIq)+3a@|etj8)u1s+KX$Ieo zqllEaDtemW)i@BJFh>0+t_JZt?XfA}($3suxxF0f7t=lZHXywF)oCBjJ8)?~=CcdTt^4C=993xNtXz2a!nH^-_~MOC(lO2K^B@w~_2wj}C~Y4GAHedg zv31tYDI+Rwf)*ag6;L}307LlO4MJPv+Bwq)WS-*`B&bbnK3qJlDCNXX|8}-1$Ow+R zeIB3xfddk39Ev^XGybvwODs#%<{kZ#?$5#>@yJ412vqr=0g{$)iKC)3-xW$3CdiA= zODWW?=^mBU{{%-U{Z3|l5V#E3knp8oWpe=*TM>Q|{IdE_ zj)F)P>cvxYj}Ik=CAJF7An3$fbWQvHp6hJy#p;6P$e^JqH0Mhc$W$o~^+m8Hx(*Rd zAcHDDx_rQ0F2sHe)N3#e5Iq^_u%NnK($RXR|CsEDvBHbb{e{N}v`$!I#`jT@Zi1Qx zF?XDPLHI1Wr3e-@5B3xSd5Wp|MsBW=ul8v**7%lXrR1cV8zYj80GphKD+WC0`JK}+ z>izs}0Ur_*)n>~FAz~(qZvI1z-`^S)8bP^>{VU^(r6?V*?k0sW+FRj1VGrecGoAoz z=wJUnjMCeZjF%9l(vab5Z~~+-L(6%Y_nUuR-wM}KfsnGRly#fl*8ApTD*b1Rp;ur? zEnq_>LZKWX<=4@rGA_Q+T=He!Z+suia{b%fxI^nyusnkCdzz#9q0vM8)^O$0<@NCz zX4OOVtYHxoe)>cV`WIEza2Xj~f!mw12e>Y+k6)xBlO|;Nl%84K*o#ennHzLgPE$AT z$9$c)(uWVJ^?YwNo91BvI%oRehrm9Mj(#DQuVw^+C|XLX?MUD6YA;)l>T$+rsSE01 z&d{cP=50BQH(#9UtIqgv7_WSQlk3`h;y(})dhz7rvr>o4*x)bjl-iNpwAyfIZ)V?q zWKMRmpfd3KX^N)bU}9sSdi3$lt;c;spBP*yC|^q7f54TSJN+>()r34M`t_%GN-wc; zw?(SYhY4SMaD)o)f6QL#oDQS9Fd>*;SyeekWSLHW^J?*rBQ|J4BnrdpllgI=jM`dF zmwPTV$AILDi8`Kc)nWaI`gR@1t1+0Ml_;5Pa5Y7;&+O-PfAMo4nT+FB^b6mDTMKdr zTN9o>eckALukdDv$0GIGG4%CP3N%EeN=otX!c3X2)=5SW(*6S zj_#q^6=lpp9j1OWe0ggHw?p8X-j_+>Vm5%0_nPkp<^C%XN1R5l95$;T zpi5dQBf_NEU01!jX^gi&8d?I&uz1=Hhi#84GB`!PS=Tjr;ulK;dvOCtvQ~_dMYy@w zRBfk{hW2N_01*mBGHLikxEI^Re*jn}?Z6@5-oa}AL@lHWhwuep9otmsTg2phT{vS=OQ+?-0!i_ zBr34&7%Z+sP=O6VT$?~;;lSoL+T>e5Xy9yC%mTnRMBu$ac|H&eWQ|zzjWLhjKYX7L zHTn2_)o}8Z>^8gWe>cEy)?JLMyV%Cv68=0Ul*!g$(Z?$sC%onCE$y0?AsF% z6x6?b`OloCg#``fAD7{?O(wF}H%_~?H@w$Mtu?}64iAp!Y3|r-RrxVk)x=sxWS=V+ z%L-blcylhftmC_}BR__t_0qL+8^?u?GoLR7w2q2%&nIP=2yR^eQ^H@qB20*F(iLvH z;@ZHT6=cB~@6st`%*9!Mcyj#0lgL*VrA9Uv&rXL)9UEA?E7i8WAuk#dG`z>+$}S_y z_b2#SEsxgg@p_?<@*{dZTPL63PCi*_P1Wle_7v`I7bAM?dDqu>1q9eAl~%a1karji zMTlVs`;bcJMU<$DQhkj}t)fsa1o)pSBW_^`U^Ic2<~~X>Lk%2&bRj_IAMpe07%diy z1>YPADBue#`l0x;fvE;=j$eUtNlhzu5L{FnRB{6T!w>6M=o}*EgWA=1@Kf&_#X{{CA%C9Gz3s<=WMwOr3rRh!VJ)F=hY28PDM)-=~ zBdR(k3Jm7qsLY^)t9{DqXJ(`PmDeGE@&{ZFi`}MS{ZX!(pK{!!>$Ep|sW;qCZ>_#De0WRn ziU~&1TR->RhNxjxtLz`iP1=Cvz`f#Ueq*#Z=R-?rd8hC$M69f=kKL>etxCZbSMM3V z*S^Xu@O%D@=#3+(%yUli=Q_$(anAQF1Ol`QRbnGJbHd|OBern4`zz3Ooppann0%^| z=yMbmfU-ow5&yj{3YcN4mv#~UEswsQ2m=FFi9!BS;x+;rp?5GQw_&CI7&5f#@U}pv z($4`EIwB0H84+IxW12CFpnXEG5oC&Q?kpygjKD}%Fc~p0GxL}l```%PA_5Z9!Co?t zY`IGJ?%ZW~V)bB}((AhDz!Q~1n;Oe}(UUC=#jbIZ8Qy{Qcm^HD8+T6Eta`uv6{yoS z=^o4Ye2e+!tV+w(Ft_sG5(7l{rX@FPx?=TnR2?;Wlx2%Ib}zs|y-jJ50eQqz0Tk@? zQzgq?5T*wwV5Org4i^BE4<^@xz!HwA zF<-QIW3d$JGo!}y)gH1`k;Bay6G7btmvj+iEH;siB~jxQ|8CeF;y-BL!~_LX5|>6m z6HFN8Tt0sa0#*6B87bMl37m$;#@1-w4W!J`C?sp;eg<6&97aK~)-^RXi2X%`v{1?y z>02+QcYTD9VNOX4Oo*5t%k!{zf;%{8Ci#R!GwZbrsmvpzn>>TcvS}Q#DSkX8msVWe zg0q826OXcqM<%eyj6V=-H4!cw9M?)REqs0@=V6ngURO(YV~Y@5D1G)!5+RxWw`=8h z;;|PW%_x~sjVYuZL(GObbMzo0yMu#Ck%tYq+8UTU4^Mn@VL{-d~B$y{LuhftG1_LQ;6lO^u zJ5^u(kZ=e?!Q>vY{Plb@`8JNh!&R^NXa(DX-58W{f6nDxc4pm{XxW|@amK%h`~B%Q zfnk}Ff--dN4OJw&y0Y0D_Vx^tPgo8YZ6g+4c&@GElm_~sBcMZB*-A=8si_5gCSDT( z6fa;_DyO@WYM9vlF_X25uTKhmWJI48C@LhyP`9_%mf+2rn#j_Qx7_L7Y4a^q4%Wx1K`Ds0wK$>rg=%)+}vCw!v=y)v{fYRz@tJRnNn|7?~=>wL#&BM zg~cO(cQXvXIlOj?x-_KZlh|md2-(#!VS-#sBhB={rB&gfV*&Iw`IXW$$%`GfBir0K zKS!hZR()zz=2A1|DE@_su+E^%1`JW@xuG?vChjkPKkmC0OJC2y6>oeoy5@nkhU6bo z+#LOfcI-XBEXg!oi|K*WREbwk2smL zQ~t(aQgyN%ms{&*lApgi%#rB))1_)})y!s-n!XM7O>RDzgdpP{-yc z$6pZ2n_UzLg?C!|S@Y&q$07S7f04>5iCLnBIo%?x0{cjZn&a=%miiUvI3?asf1}RC z%fL!#L!v02f`UTl$=M6}^(VM)EH8h@aKvj3@Vz;@SjsPmWwVTV5?XFaY!u(d9 zG*`Ap_-LF~u;-Wd+Emy+zZo1R7a#=S2#nf;th-ZCNReUCP%q?9%7pKm^}-_L(%bFj zy6kM?-nt)q5_PqalnNuY5*{5*@jQGH^^PRyVhHh35}1rJzIg53CDyYGQOkZG7o}-ddz_s%pqN1f{@f{2!KYvs@+;pR1BN^)%FYhW1^@INJ zDD{IVM-74I*2f2R=sPNA4D45oo5;N{h(t@YXMS+8Z;kle&1f&{w?{9q|F*@!+lI{e zKbm%EVU$I1kcwOB78QM_aLEjfHsSY-&$pywxH!kq8`lZ#g7CoxaS zw-Zh$LX?^{oG|dr%S7&r5!?scImQ0wesXx+Ap)~Nai%u68_ucr@pS*4Yv=DOHh&2)e8b7p%=#@P z>9Tox%v@Jx1q)s!K-Y2lNtB90TIxfsD3)kigUFeQ6|$lyZ;06Y#3QdWFn&G8QDI7%c%Gs*=&GyM*$99n zf}-%yESacNsD^q@Sl{N<<(->+&7PSQt=eh15>hax!`K1+_JXE1Y z^tqkUUSb6sr^|hLPfELU?Bpl2gp(4OrF=z?5B*b)cWeec+OJ>jYj-tj^Q!FO;+b=h z4TX=#qIDjQ;=`~f6n1}-#KpxyM0a1`&y5Z2lw)}3QuK%F^oIlj-J_4PV`<0UUDwU}0e-5YC9hlm>RfkOKl4A!;y(4$X47 z3Y!H6@;syWxS$${?oDwb(<-eW^2z+A!AuYnY zU{1`*R>v^1u^tgM7b~e51IqjOpA~pksC`es*?EhMSu)My9_M%AWd7oqA5)G#@WNVA z%gJB*+Bi1Y{&aO)ZF|Dni~+XubiguNKkSu^oiCaj?urUU9RLZ!N1I79=K6eT7i(Fe zeN?2+UOLg@-lex>m5$Uac;#dMCNF=xs+s%$F*&Ay-TeGE=N`0v#(}@hsX@XG07*0j zyC(*68QRf%h(f-><@JnsjQl6u;4gm%6lP1-$*em~2Yv0!nKV@{QKQDg;mT59^TdZn zy1CU%{g}u=vs6MDQ#f4Xt-a%eit{UEb(IfPHasq!xmADbkC{@TjYg+POK++HT!1lF zrU6hPvDT$uvNspKaXBh*?9;{8P)}(k>zSgTXIf-AgU_UKBo0C<5AsE!H3juJ((9iB zp%DOl?O1{}VZ3kgYdf|%O|ydFO=#1Sh!FUQaj1-}_c9+SwPPW{d>Q$? z>1tIvXcgnE2#XH|?t!(NUqbDbdwR#OJHv&vz!y=G^k{TP)$>HB%Db!QJZKd&LW#AP zqe_hE=i%eVT#9%y{OJm%RIY|#zM@j?(Y$zS=j~_~j}V~_}WX4 zucgx~KUR++_JykU=jv(;N_BwAj4-+PQdm6?SM24S*0ztz&a9`zwPcwv?S>Z)VV_t9 zXSr0WwF~7LRi^vYcTRG}rIRU7iAtx~2;2(PQ85FBnoEMuCk65(5Is5&=SwE4=x}NG4kG8TWwJ8FgYX1;)Dl5b77YxZc?~jIF+AZSOnb0`%9;9$tI=2Q zak-v~w`1RWIA2)?z>n4F2De}@`vhz@bCStvA3!837EaTxODon)2yy zstQ)dTSO4(>EPu5SZA62iL){zOE=O-*_~fYKtiKSSjE8c$huW;$!{M<+Jk+k`jr$~ zcJuQU7nY&elz{rR8Eh5^<0QgBhuaQ8Kq%;L-w?8~p$_w{=<7LI%GHAbuKhEz$;FvR z)4?cYm;p@^%k3bhR-#=qLSN0J;vd^LyNJ`AqJj24Z_=vJ*ID@C?qC05g61DaH_u2oH}fSk_k}n1#anSh*^RO zKtES2b{~9g^=#9syjHyOZi95x&VChM6$*u?HFjk2QawCH=rjn^A+d2Arf$ux+z zzkB!YK%U-lWNkr-@P07i6_SajU`hzwu%?{>o2>bjIto=idUr!EHEaAa+Sn{&jKpi| z2)-CY^~~woC+=A_i)ZEcQs*bRTjXAEFK3^5BExW^{jiJn+F0%%i|>oXag`SslZ}d6 zo9wq8XCMBitZ;t(&Pc*1Lelwf-?J#p3&YkvHy>(w~mT> z{o;iO5b2PX5J3R}>F!3PrKLk!N@9={>9#;YQbf8$x};HBS{g*Ur2Fpqo%g-}+_jGD ztmQ)HJ2Ox0{i$sO9aKAf7Jm)!OmeKME$$7pk7>)<`QO>^pLqKabquz>d4Se3hn#N~gW%RpqH=I6b=yC+3pFyS#n+IazV1 zDrq7rk6!>+bezxg%V{+#IsrEltO!T} z?CeMHk?fT$oTLcuuiA*ajEybRbrk`;U`BuTnKHSO#!KxSe+z9ZPP6MNa&$M@G4o@- zLL?N4u}$nxw1$c*I4MruR!)o0S>D(QA{jXkjWgV7vFIrqKh{-uX70Uhl^DMxKfEmi z<(TWA*!l5e9WL<+_2_ilL-`U{4FGx4H|s1`z2PDiG)!#DBX{|5U$!?157%B3|%SZH8eJ^Rr5Fti0_jMge*y9 zF=#hKzu0ds*}86D}xH=f1*JL3)Jidu$yGp$v^G}fl7;5q_>WdAl?xB*lz@8H4ca}TBYc5wNfaYD>3rn%!VGU3 zM<{<()@763j}oeY2LBAF{y9_Fr1XA)cX3$qq*)kSt1`}Nf7=E*f4EmHUvDxMDD@FY z%1qm8%HKxwKPelGe60+yq&DLFoAV{cc2BIPIp`vRrOZ;mJca2E2vjaq2bh#HH3zhA zR$3x;j}9~G&gWNd&lJ1Y15CKPba{oJJR`oL3}?Dei7lUxYumhg;PUdTJB*>pM{Wr^Z?A+4~=PIoe6Mbg^fNnFsn2 zUe(k~Gvp)9ed}nvfw<)vGT(Hy`i?FCtQ4(2#?Y%pg?VJit2K(B6(kT zWRmW7m7Q^J>0TmBo(b~s8 zx`v?T8+y8BAI7G6g0iYpXvNV>bLfc6Y~DBYqq3dIqttLQTR* z;U#r_TCE<_NBv=TX85F)e^C{{U%&dv<8^vz$}RQ9sjMi}MH-9*p3X#& z=VoK`1?oVXCr)rLpFif}6BYdgNNe9FaLeK8>FKD~eq&@9Sq|Uu{(8F6Th7ch*F=@q`d?ZOHb~xXMQ^Xs z{h5D4x$d=x>7y69}2j%K1E#Eb~W_Pz*s`~}i@P*D80 zp5%lHqySzFTB@8l@l)%?pd~_*ednTWUcZem_H{KmfA^**i`J=bcE5AXoLt1;64;%d z(qIN0`hI-+?Y^PMHstKyAJAtjnsQ|c5)^Ic`A6bd{?6-}icHbc;lC}Ih*}P>2#q$5 z8sE1(CsmQ)!eKa6dxd`SRzp(8-k$aR;sUOWAQ%&p0d1PAyL&4PO9z00hg9z9@ZP$E z#4@~`8j#;+mK?)`%n=ySCS!$c{xvQBbvt{_;P(*ffk@jo;b53BCItRHGn?YBB}0u@ zV;eOBg<@pf&z$DG^)a70yspU?J7tN(kV)U8-sH~*iF+i7ogZo5cHb6ixKUUd zbJxuonDgv=xbeR+i4chJE-~>FD&I}y*=J&;M$hL$t>9LngT*GrSyH=s{*HN;D6ymu zSh0FoSfrj(LaM~JESRDh>G&Ee6$36$5?=CLe9)j5k5dcfJ%!eI_|ew$rrp!>esjC&ogM;9!B)0ubxh z+FFsfiMo&8{p2WW+hRXWv^H9sF&)~FxpBPe%}e6`b7#56L;SZ`&#%|egEL-hxF!ZO zA@OO2HM{EW+ISo*5(0g0_*^UtbQsx-R7`B+bX&MsWb6Xf&+4d5TE*4Art1Vm3W%*P z5bD5jNM0&kwY)T9HPzC~&&@tyAgRuck%!;q{i4iSt)H}pVOPJMA2{ zGTt*<8yV~}mzM%uTQKJcWub!U5CagyshT2u1MG+7Yg>^whc{-Ni@Hr7GNoj8m$KH? z=u@s74!v}a;@lc5fZMQhYtxXf6?*^N55Ay;7Ky=Lgfw zQO;=8?kUs$adIzTvvpD-4sM#nxFN=i$+gbRboD-=ANcj~?LaN^Ebkhcb7j+Y(UMwB zlkae?aI9=@mSRfOeYP*37xEPIm7x?=jdqc#TIN}iKETA~@o>93&|yQ&H99xDx_vA9 zF~7Fw+OH{pTzk7jHIzQ??qg9xhL8`bw=sPzEEqcC=!}*Rfep*b%~gW_j&u>ljM!bg zyAm(CGDm*t3z?yxTrfbaFWw?TA&Gtl}9OF><`gBty zB{I1-wIKtK=8J;K)B!%n3R5D-z@9RD8T)7@3#=+tw&wFkn`nqxI%Rp8q^0ni0RD*J zR1%(|1~iCPxlGrR!?GfS+b)F4YMfMG;Bx9`T@}VDQ?q5hjk}P75V8?-BCWOxiA?{ah; z*7s0nm_0@>^}{<&U;dT(Yi)pO7-Nv(7Dcb6I;j{I16vmzQv$W0KX)^TkQmwuV=i@2 zMlhO7dUEnm@Q%-a55oB0WOS6F3r?GMKmdOId)M|EdhFMx250~p1nEw<7MWZLN{)N& z3Zm3V)FCmMz}Nh*_!Kv--QjYt3f$wGS2!omW6)pHz1dv&r|jmAk8&VA*Gy_CX!f4KNCvF!g1FG6rHr z4`P>E@+)@To2h741{wMDLRvRuz_cJy-0T#UKz;6d7e|9Aj^B!R{k^^(4jsl_+PO`} zDi7Ldl2)qyw+~O0dN_jNqIqcIB9!N3mS>Osh^!0UI8zsk@=a?b^ZWGwy2W<8B4cWEseFWa0;D2 zZBtV0bhySR{rD~K3#l>`JTd#8?`gm&B;>}-&pMvEC!!cp0p^$Z|1>j>?1JY+orc~GdV~mSLQi#yjpbr-KwG!&YNS3@1Ie-)P_pPZY=^~cHSEGL}i51J_IiH01RX#x)Q^d{m zz!SVQ;Uenj$nlx~;br*LFP}25o`)7r`L^@dr#N5qHexz$eO(NM%MLPd7V@9NwW{g) znz5wkya=^X&)pwOiA?E;t+kap0lYAbE1NaqhD8IG8pP_Wk_Z|xL+qO?)zyPx1 z=xP+{6lkM)*YK>Ciu37y?2h2K(>|IB!jjlk1mf6Z+Y<${#thc3AmuQ91R_I%iKHGG zN1k+MUM(9_>lo5~lA9V784h3$FX%7GIw)Cc;+*LiiLu1X0Sap<3w^q8!V*-Jvo8Zg zihy6MxPA1zP7|jC0sWPvpqES*t1JO5*V<~RhVJ;A%&nNy?A^lt@sP6}nkRHb<5VE& zMEkcVR0vc@10n-#S7cjCrW5tF*H&qzfp8-!VlFz+Wg#n7=kqLq6hm@D|6E`Bu&{@3 z8f~#8oD?4hn6P8eP?fs}Eu8Zr1?&TWDaAp^M=PigE-x>uL2Y$|-s~)-NQaFFxn&Hq zd%us2kP}Jl6My~s)xinI`2Ig~I=h~e90OySB;1@gduRwC!tSRiddu8WkJ$GNibKmG z*~6^qPgW^(OSy<0{8LwLORis;yDp$cj6@!J5hy}odr#lK>=~v1z25s;3vdmgAzWhD zuf1oE`Qh*5dKc;!bOfAfXxmr*2~qosI~*&3VIX(QBohtsE|U_;LoObGj`d^mE4_JkeYBoWMrt8rgmXp1C8%>aeraG;%u{rZ)+RS?xKfTU;# z`cTxQIFu~lmfwy{Yd<7Cfd?G{ITJ98ZysRtHjq^9fOgJsLF4O(z!Gavf~-)j*pyFK zgx(5IOE!b^UNL@b+FP`H&e8yH`q+7E7wSVpZCBcGB+FWKw^U#D{4>MXp`?#TABdG? z0%g_j$~84sw5rhEgLcEfCy*cEk9WQR$qcV&UeFq1G*Eyz^e=@+>mOH>;Q24Fl00WE z$yb-7!hJ)~2l_c=N-Sg}I7kbnrNC7NQK(^{wE*iV1_CwIhF0X6e69&d_<$!v&DDgI zEg6vEmx0pm^XJcVz$77FeEP(Q5(yeqIFO^_n_+5)B?L4Gdu>ob+6x+D9MaF=$SrkS zRPPe~{zKm?vlf*t;&WM*;YGa9S~7BuRK7szy9^ zciQOre9#tyIli|`-33J=N-fc}Jk;!VS~34|(swB`VE%Zgxo=K*u5+=fbSJQEV0B~9 zK#(~{Uh3V;j*Rt_+T^BaUyB;tK(juC^z`I5zsnP`F1ovbGRLu+?2A#Zpuj4z#Xy8r9hG&>4rmH896VhjL{uj}e%aIVl{ucq<(`pp zT4Ro4X?RxqEu=ebRmU}7QAWvvYgNxwGUIj%56Zth8Cs)qev*KW_SMK9~)vF%((N|HJ2=QTwYpLkQ4oh|pmEpBmLBWJB zmq)mQsj5NBMeS!t3P~O!JUmjfFKSQly9*&HOuU>bF14!s@{X2Q*{|H?6rKR7x9ACq z;p#!oD`az18~zdV)dHWhC(ey&cf8ZN3#Gj9*u6~UnnrKEBoruLva(hFPtz75mJSfS zVREb$I{y!p4gj@{pxMF^5)v|oX;~1xje>oF9t`j4=}FxBWC{*pXbZV;@$d*Z4p4*H zK&a(NK7>Glt*B^!5H#FC8I`7LJ@FuUkoO!$3(&%>2~=1R{2F~*Gmsv1z>LbZsYWP6 zg~g1_kjvwKgtP4`^Q^W8Q*wAlx705N6MW|6R_Q?@% zyW8;M_1)%qRUE~z74E!*t*s{4@C{t^2~4c6yZG#&@@T!jJe=R`+6kQg z_UiHU+}*|hPZ1fX6;@SeKR?qlKWO_*_-Q>W8b#UxjD4x9Cy}_>bybW|>im3b z{sVVrR_<4vP4Qxj)?G3kpAf6_<6H`B-|b&$2(~FPOT-pVWzV8>@#5&Kn5-Yd^?RaZ zGtE>|jVk5ko3(E+jjJOFgKm8g&P*3!6k<=$=1+9`pd5{tPA6mI#>6`%x=_RL`qK{^ zWhP~U!~m~rFL1fyH(sz}7*z>RdLtS*Z7rMW-@A$GqhDp1`<-j@(|&F-J0RZMBgjqF z=zRDnzz;&2ns>A2R-aDPTMB!bMm|4Y?Rd=nKq!V@>ieIGz8N;@zmY?rZP^(ewor_f zqHJ|@jL@9mHFmM=4U(trL3XZdTV3~sVOrvGb_GAVi_3)MGItvx%%qqQ9zbG!DNc4Xa4BL zZh8IQ9~lxN%%6I^YTx^KN=5i|Ii8?X+m$yj zW8y3?sYo_k!89o#?j^Pq@}rb90nU*dCIXcEg4I_YU#ELU;up86p43>~`#a|3KkZUYd)GG_)3KTT&7-RVr%`z^#?Wh zT$etCa9)PQp`}ZW((#g#t@ifX;P58lPgtMosy@*oY}{ISoZa%KlXGAQ6Y)y_OTJL> zz(jx;5+r$fj@8_@wn<=TwNYD9Ye|$ zs5l<2FM}vIo~F(bc0i5ggd3K>u;DUJl<5V^9R>G+FJi& z=2fJc-QMX{O5tj$&N@o3hK{J`80Bsi6HD0kyVF;eGhr@$Tvhz4TSUhp#!PhJ z_wHilNaGfs`mcD(J$14d%9i94Zvy&eeGQiMWm%G@6`1x<`Oq8`Nk7Nl8gvJw5UY zp^XMRJ3FXAw^H+Fbkqc3P~*458420S!2uWh)AlIIS#ItPdFpE#OR4Y+=`L9#e1n#H{!PDL8r#+pH}>exWFl<0Qjr zmH|-M^)z)}VI4KiSNaaW$xSbPB?&;CDSEvY$dH_eN7i_0G4`?2NX%b&?4_$uqOupE zPtLfO*C!m;+7gQQIz2speB1!lf})};Yd!Lak!IbH!1G8)CnQrYoblehuAK@PN8Kuj zf*+XGQzC!~z=pgtMRW7ps9}<={n=Wql`gY{c{)+BSU?a)pdop37v+j>-isoz!mle{ zVcDc1CwF~c~E5Uku%>yZ`H?qS4=;zyky7{`i6bJ=wC ztf;#B2Mnu*#4s^UxEDYP z>IX6dS6AXEN{zYGU7YPj_0OOrqMDlN|K-*b#x)Sn^5>?>@aMn!6&b#hNIcO_w=k=L zDd#QF2n?)I0gbhjlPH>1FIjnqj2B0p39j@)d%dpGyHEsVPc9-5d|2NUK|1ty+udBu ztT25LOP!aMaJH*mn?^m$*xHQ#*gY4s!4$Z?3u9%5g>vPLR}Wpys)&IT9~J+_PFCcf z0vIzdemL|yMxbnygedB#Fs-I) z>|MTWU5(b>LA%|D)GAQvG+-wiWsK1Vsu#(3;2e6ilm{Oya=qWIc5p9hkfPI21lG>a zWXZcMKeUI|^7rvvXU^$&1~B5P|0-J^Z@m!e@I)Z| zPPWyayuZhhqC`c%9rfU0_H}^hca$_N-m5$01FU!a+{>(*o!0eG4=wHZk}QhtX_Hck zNVHfU@Vr8URQpAgzcO{!2N=E+fKoU434Nt15U?o%gW;ELn^#)LKic4!+l`P(xySqYRdrlcwCYqoB@T))$y@V;gC?;VEe8J0*4 z5c>8y$~2{AyU64)jT&w>7Bj3+!=b+U)?|!>E~lL{hkU-O{50|_#VieGWZN^j+qI$3 zEr*6K=2q{wh7QZB8X|j?ALiH}orDj_ej_zP}a2(~AEG$oDJ@DMjj;L3+^R zX6UT%v^NR;512Jn1z;B3Tb)3$aYOdQ{l{Ogp{7GYkBAC10|Zo(805-`!`}_5V?_xp zu$w?j4fdhmg|ka65qn;*TifG0wuIU~R1B!RbNH;^dkSYx_rtriGeybs=T+r-dJP-Y zR`@EFCTLct2Q$85zDA-XpX9_#?Y*SD>$==T8nEO2kt8S9l}4Yn@q8}uO{UZaUIs8! z5RdVy%&pvR#+a4^T+_GNjn=fpL1EU9jlAmL&-*D6#IlBppz?v#G?X<8s=*xq%Phc* zW;a>M!D&((0%4QDhy9XeQWj9ZyH@8FUpa(6Jtz}3Q*=Oo9zWgVG`dY)Tcy1&@?wo* zKgFgnv`>SWa;5l1IGm-q+j}cQM=<+EUKa(tFqteI%pREYKpVR_i+kfPH9g~r*)Qne_NELQWKQ8_|DrX zEa$+~L4hU2Ku8AH1A%fi1)MBVqPj1X8yM!IyztuW5yIfIpK4yO0lfeBX&vJ){BDZK zgtEnf6N-IJ>Oexoj_aG7dT2^63x+Erq-~GZYhKOd!aWCyN-vYLM(eSky43e)-3Soe zNCTQ{&m-0u4bBikPXoTtpHI`?NY{PII-4e485`@~TeNl)Pz5cbOtBr4%h0s;27|ng z%4nEak;gBRa{E|s|H?$EvqIJ4{V`Jru{%kj^w_FLb-;ya98{BVZj78VCRQCe5F*Yt z{}X|swCO~KCPPLvClnskfyJF}#^o$g1*Vq00bImMvZXnsX?bNEhS?ppi6%zAx6uGR z5AhMPILuH|>CDpy(b3cAg4bnk;ZF5%w!d@HxLw}m73I-*R>|e*QW7l19J&NFooMqG zay@hsbRL6!v*fUzuhp6PQh+iGCpGvx)lL~fPd88?W}u;f#9wJx5QBNzEcmy?so;SH z{6?zIsd>0!358wd%rYh&LDJz-DhBMDX5sMdEw7=H(!IBtp@Srj*L%VFO5Ho>%-c^8 zDgUAl=4`T;UfO-lUgUr55FpYh@(vr}?JLUy7a<;tg8_(zD#b~Ii8WZDPP6z|)%kJC zSAOGJKC?8Co}SM|f7~ugF6Gw9hy>gI$HUB#W z9hofr{@JrKh`IhF+(DWZBAI3(& zYTIT_CbxCFIe1#`T8+l1vC&y_qN8Dr>Z)h9^&@?#kKP47dLiej?^yJHFF?KA471%p z+EdXOVQtbkW|m5SliYkTJGzbWOa4b+?aoZTj#q{w%Bm()1p+zIzRr2Lpk;AQxx^s5 zF>^63J0LKOkqvPFSFxF2Zd+>xvYY?|hlF6vq>@<+6h#2?eY`nA_3hA2(NG4HInaG- z%{I0#n_^#aw^Jb(&+Pn<>tYthysqv!>3k2(#4X@yI!X6jKPQp4kbtNabY~C=MG2$7 z$QFttzI%w;+#A?z@D+5rurf`Ey5lO5q>v zld%)YsG~0RvzeDucan~A4abc27{4K1;yF1M;=?ExEnU&maXGNHR*KUED@jp86SOes z5_g9o=ededRAeS*D(=3|?&3fwC^f!m1s72|V<2v2{g_u}Y#YLfKN_N+OsLBxPbIeW z2R8vBcx078reL649VWKy5(Kl%M-B6SO-Jf|mP=GR6Fyw~z_2I`P5D5MR*CZThc9v9oE z*RKccb5Xd|;UYBiJ*jqo$ZW*)mb&tG1834EFX&%Wp#!Qo)AL=spN1=A_UAPd^*ogr zv~?A1wV9T%+693oEvE5>i@O&2i zz`vgH{+r($;YQyxon+d+&weI!Jig}F5Oa&uV;?IV@PHIZh8k8&ODnactxdkQsjc4Y zKUsEHwbjjx|8&_86hs}0!vl_X?Z34dUQDIZ&goUy{F^o$Tr4o8fUoLh`UpkN%c;I`KM{+hw7RMbQtOiuGjMF{0W&=4hj&Y62wg0Pz2h5La4L!)l z%_SvWnq%etP?RfNkg#Zp4zbA@sqNcH#mCCm*UQP;GK&)I*Ias_7#-HTo2En*R;)SIU$0R23 zjkvh}6H1M{*^z<#j6Quojpo;N(DN!N2Z#vLs&$mh{RXWo;zG-pMq>&+Bb};GhOJA$ zGJ5aXYpbD+0Pla{Z>vA(g*<4KBxI@i=J1%4HK5iFb&TInCJO~NDlyIo&uaK(fRL;j z$0xD@iqqkJa4W)}l%zhnYekwDSjgjFh7&dp*WiRH~r!AuxI;&EI zI|6z^e8+xL*@$r{1WQcnDDWume+SU@5qMRL^k%bv!BJSCUqWF?`8o0{N+upV(WmD| zYip;_WF&ONZ)jO0qn30p&g@G3S3f2%jXh7rbs`TUnfLkDV|tr4&a1-Xo=l{0e%(gC zn!D;ieg$yA^|ct4o?kWTY=QlcO5sPINUq}AxVd82jECGbx8;KxHy4~h6dAGO35F9` z^2TJmtfsV3Z>fYQx!qgm(ED3RxI4`16u|T^za=7lTh!IvGM<)sZ}XQ+;aVi1hG~fBZNJ^-ROyh=L`?zkk?|hW$@- z;2&o$=KxnWd8T|`G4f-|FXdc*Q6(nYm*Oj*I#QE=wWmT|jkC~G0z-@H%LEhbzD(-9s~%X2LYy}<$?fYuZaB%z5NNNyOR=|DMO8Q^o= zc%l_)A<|hw#GFxDzf`^p-#IIM=MbDY2i-py%^}-M)bnd^af~HXf~x`l!&wI}+t+=8 zO?F!EOf-l);fzqMj^_iyc<9GLmECTrZAM*-4f8h=Ep4F1NZX(SN!J>>l4{;(`lItT9+!D}Vq)?+`b+8USQ zWLoDQiJ+a#ioYC|TJO!_{E>^)3U(nJT$2S&BIzG()HFnHAip4*95aRo5IW zw>_`PJ^@nV1`P){e%t_3vZn5Xnmm0o5`&!3Qc=wbiE?6S%Fg_g2m)d={pg*$?yHW zH=yCzT`YT2zImkjOtR9nnjj8?Lany*Z|96)HkLMgjXy_3?_VubcN9y8T13eh?T9P>^?^-di;A3ua^e5-SNWg$Nv$#1P*RN#e;Sz z&9MbgHV{H_U0Fp1MhZlJ`^MjsET9q*)25__6W(}ZW@WW|K&a(oZN=D~FKZauz+L11 zT#Hj#jPBE98(435qm^wqaa-|(vRmYGYBZXUXNarri;KjmM#F}b`YL+-IL_~H1q>h5 zKI*8*{6Gg+>mPO6)H@LSNiQP2+cM*DuuTboJoK=WfrJZW{_J2Kr#rZ`Ox>Ro>&o zP$;h!iY+l3q1u1*MT46HSw{uR7>KLzu4YjqWVz1c?hGqRydEx=C;3B|I932DJOmx<~81Ia;m)tsdRQ09(! ze|PvSIXnWMRS!N2^6*pmbC3^xmZ_4^{y#=w`fhxd2D|_AE@UB?!{{(na|_+9&U!R4 zPk||sMAhh~;TN-Vs$5RlhbDeUSHnKF)!KNq)%(tyu{gTj#SK@;lpj&wxelkLp_G0d z!0FBVrQ+eC1v@m73!O;~Wm`W?Q9hHx1?BqsCG=aDr^1#)(W#O`>(Ywxd@qUDTW-f^>}6s#7q(uW=*hnA{i-r+#)xiwHT8p3ukv8 z8tiSWr8MZic<2~suDs1%FIpS?Fmajfo_A;1H}JPne_DEPqQ9sI)<7ga#ZO^ zrTw0KOo(-(sFzc**GcATgj>Xzsv$5!(ADh z@Nn-hIHgsbo}{6403SjquC8YprP)YBgM_CGWhxwBEwJByJYPCq9p`A?I+}HSEKHn^ zk@T*0l2jDOtLc!rs}(0*Z8dH-Jz7TRl^6hT_a`XAank8K20zvyn}V4aZ0{ar2@GsU znXxox82gXmF^%y?yK!a{6Ots;s`vaw$#ivITH!nwCQA z!HtbKCoqI3268rU3ky?KIj>6X6hSJVQI#{f17*ku)dS&ufM3p){R^-l??9M{<>nOG z=^*cU;Ss`B;w`R6*)va%?~bsr{TsKh|GQ@3rItNtv3gj5c#(v`2yp|y7tX#RQHu7- zXpFLrAUki7ZdZu{viK6QND-QTMuDa!75QDhHy=Np)feqPOQc~w?Jlu>*q1Dru8fI@ ziNbv$MG#L?q{(Hgx>=A;Z$7G#!?PLAcf1-#HWVNn97KN+jj~~?D`A)ELt6`uf_Buk z8F20moEddT3M5-tLRAW;8REBV)4ypz@(jg97*XTN>B+oZWCimam*wz%6mS#Ae`);g z*4B+E-Wq0o`C87`{ErNhZPCpSru12VGv{ZjKTE>t0LYbV~NW=?6qq=tSawXLJe)L)$ zy9`?f>@SdoxHFBMoxeQW?gT}dU3CN0btuv*bUf5MApuRxetI%nOFA>R!9?yZ$@d>W zs-3#KgTibq{|ZYpJDyhd2^dDPvms3GOdlH?$4u(wT|0h=G2)<E!C z-5o>PnkmEn$;DjV({=QWlBPR=W-N@yJ{2FobM1Ko?Gr-*L-v6ktA#(G165ID2#43g z`0kO7^e6m%TA;UHwLJYCAQ&{P@YAXW?OrDV>WebF2xHTW>M83Bl#nv!Ap+%$9wCe7L#D@^*EbWqYPuuGM52^eLc&NOjn(Oxq8u&l zerFNuq~NlrS%0OcDUmp7%ALCiig>%&2LX*CW*XUZksn+=Jdn9pw3&KxKFf<{i=OEw zpW2XDZ7mP8n~mgtx2P4M-!4E-`Uot01};~^OLeM!cbDf-^PeslskqvrNVy}9cK_zh zpuAN7o#t76H{l90Fs1}a^?jM&9CYHTY!DJI4l3&-NVyaB3~&Ck7NgRaq5$=z71~FR zlV9q$PGDAx(|HQ>zQ{}c{&h+DFLIH}k>?vPfA`l=Pi|Fv(5x+JeLK)HH-Du)J?4Pd ze}f=@o7Qc4Ju}nk>hn0epUc=4)W*G5PvEzdR~BvaahuP$ z%Uex~4&S@c>ls(AEw>zzI7;+4U%>Dsj&!DGDa`-qpt341F22ve5X93l4k5)!vYCJr zf6~^`X+xAUUJR9PjUDe+1U669Ty7#d!tnDNib`BsClA+jeJ6Kz!m47UEZGvGAY%T? z3jSY~n;TX|Kvd%21XCdD;U_np!tw3Bjck{HPsY*D?o=WrA%dZL*GWaCpej|eVb`g= zyr9be@ez=H!1sgY8iN*p5g(^4c zma$Vq`);@krdiCpJhjzs66^DbO}X>){Ct1;MjBoE9Rn?`gUXV|-z$}8l2`So)i~a9 z!j~8Hg;)Rl@1MtRZfrj47YJx#6n;=D;Fw=E-PE+}q+iHgkIajwbM!MJO}#U|*RSs~ z8ROnItZ^jR=!6H~?g?!(y-@0l^~8_h-$$6ua-nmvdT%Cq<760!kO%L(0l`RK-idSR>4q9|mUG!K4! zey`x^pPw+OI^ebBc%3=+-&i{=tYju*vSQnWIb-F_Y%5~0yFH_|imBLFA1yKphoG)S z(APAh2x8}H(Ytr=n!})W7<-j!k?LWj1?gtM5|T|f5`e0%mL}qJbe$n{E0Bh$1G#H> zO|ePa@ug6N8^g!Dp;o!WS-3hCUGt7wg zO9uOREs7G^a$imVM+#;~mR?*h59C zK#BCUu$Ugh=zrI0o|0N-xhw!l8)$UX*~gAsFGL;R7l0_`cLR;pE$<9bBL&P4deM2a zsoz6~8K))%sOTl8vQOXl4EyUA=?MBw-JfbV0j*Z&)FT9X+m(oDBtZ@UY!3ep#xEb+Zkxu`ZA}cpKVq>`cE3f2n7T5aY{m6Z?&dsAx^5kYs5&CzD z&0thz86X9{-0X9rS)9}Kjd_GuNw7PXKJ^Rl zo%9DXw{}sTE^<4%t=Z$f$81igdnSzbCza=A1t-Vu#zWgxB9rL7GnIp5!DUC2A!8SN z;KZonv#-`Oj!frVGC$1d`c0ENGB9(J?Dni>bZ=ESO&7;jpR%W^No?-dcgN9jcX{o~ z1m%xjQ`dwa3>TD*eKj<>Xg+g>yDDItm|`xd--f6SiZFw(o4BxB7J5@7k5?@@6Q__w zK2^oLetB+jO4=%q81%n)&K6uQze8>O;@Qnd3cj`xg3zq@(cX@-B9t-|SNQ48R*>$43`^oz6GXy|^o9C3ZWw)3V;nh=C% zT*JtC_9}C9>gE8jl>>yq7XRs3-e z(VP?&=D%oASwX!)-GXKZ8{S=!Pmd>OHu<>w;rDk?8A*M}8YTW3z-?VLh^~lqyMnPd z8O6JE5|G;X|1`b@3iH@JRp2^ALtquJk5PXS82HHic};jJAur<>y3kh@Gz6Vpq(H&k z+RBTuf<%+E!pQF81YL*HbNY*~4({O<3K>`&EY|iIzfTvo-(N@h^Q&2DiQhkp0k|^m z`N#e{<+)yX+E7fj;9mG17oGDO9@XIZ6(nYL7uY6MKnps?L?B-$^`t zO9i=DliqK+9_m5HPP6I-mVPyJ4@#tzloUz<1DVI@R)zCCwIK$tV_I-s5yx-*`bTK- z&sWU;e}p)O*$1eci0*remN?-g+1CN;P-?RAsA8l5_{`hZlI)A0FZxIIFLRLrMKtx_ z-@MU}+a_c|Lr}!Uzm(PM*LvIb$=G2u7%*$ktV{^-VKrz<-Ty8migDF7Kssxh9G7mR#d=TIPQJAA?Zhwg>|5yYIG$^ zX-NB-1kCi&XiolRe`b7LB`XkMh1%74%KQtLt#nVB*~|1th%sC9i%Lnr%Ob#kx8r4R zDFg|_d6ph{r|$g{;b&WQL|S=dw4Dqv3r;KV+YFa%VRPR&etqex_|{XdWvObdb*;tY zd4xXhKD`5k4$Q4cmjpUO*caB~CyY$1@4q(P?Cb~!t;H5Heywn46rpH4^S|#ti-?B% z%*8KTmijysI!q zA}h{4#B2JvAtBE`Vvu76B~^XLs_nY>S8d97y8)G|DlQ>`8KW3+0%1<@7$dBGXct)e zgr`KsS)b7J&MYxx8}>`lG{N)ydEAq{J9zhPxR2&*OeHV1J8ZD}c^8PN}57+rbf2d<9@VZ2+ zs6DVR8x8U0(B8V)qfJXVPR=6&3&aLHYaa-!lT2QwmYt67gLjfvqo;MZO}xJD02k5> z+klOTX<)%F@=NAPqF`t%220KrWbea(MOu_{8iJDNUq84Nbw^$v)I@i(UKdR6 zHy><4W^qMvzBB;Kg<9|)K6e>jpk1-L$t+hEh+u9i?EeDI?3(%IXhn#PoBhA{7BY1~s` zmf&)u2t7rGwXNoztY7IOH6&T_2#ONJ0)b$IistB4@a+Bg?3dEJH23zMnah!{Y>0fn zNH^bqr_QUSBpld{^&n3Ez-LQHzS8C(aDc(;@9H$3$~RM$gFfv5#NGA46g4?Z=bHiI zX))?(oTz4gqtDy8pDh%;Tp%N=@=*Pydg-jT9xy$;x$(NBAgfVYe^si`Su_b9@nNct z-2VlWCuHha0ioY>i!8FxlF3UyR$J=zhj>VD1LD{Uj4ToR?#IAS#x{{+DZ#QMKo?aJnn+0eVF6QAx}k_gnkz z9F62>(re9y1r%<6076N0sO`b%7mW}h$Z-nuOy6#kk@EEf4~_eSa_Ru*xawpyvVx$t z6y6lopWz`Gw>Ie@RNQuQfOvd8q#q5 zLn1;;_v0`PFEbZcQ`+Q#*Vs{MuOq_Wwc%q}akUNk5V^i%_6X1Y3$fxsC%a$r>un`x#?zsX zxL(zA3r1QnA1M<)=$pNc5LbNL`kDg55l|>Ss!aW#;D6bCao0%LkFTnEc7D12%-M`(=+IZOWdL`36s|G}a3!!hhX$YqJ@^8vC0yvF${vmTWhfT)V}W7i~6l`a}>* zK>NO8Rik*0uF2+&3PQYe+U4qf2*Mm-?V^KdI|%*glxT+0E6={3W#;e? zKE8lBAqbjOkX3&?(v+=Kcp9i(f3nQ9|8yyIw2{+pbNwYYJtc(ygng8?S@?69t$-=& zGWbbBc8Y+3;sL$!$8cPcN%^RtQc{X%5NK=ze7lQOUUzutKh2*1) zGvxGWMl2`lRjxF;EF~=JnLbaQ^fy_u+tk+mrte=-%r=v{^zz+D#Kv+<^x%U+5Vww3 zxzK~=e*gxgDwYhViXr>Pr-?1S_M0nKb6=IK@!K;pR0#0D%lW1yC-*#JE?G2lah8jq zCAN?Rw$Gx&Na4;HpUNYxyym<=esF;aoyP@-$boQ1u6c%4$*kVDhDvHahbo$>Ov8iu zPkS&)Hg%*xl*{Gp=X%~;{@Uw-T#zmAbZ&fOby@46gx&B=*y^7U%PZZf9rwOY-8co( zZ5d@55r{E(m0}bI83lh5@?II`Ux~UGWXxPt9Okk8F2FqkqBZ19SdPK*RN+pUnfHx1 zgP5oO&#kFalK^9MC=S>kl`Mc;u$MxFsW$Sd46C%SNo;Q>GSI@u-=MX2~& zV5GsuOtaNGGKdC0;y}K+i7|y=l=_z~5wszo-no~jlLeHJR`zu!-K)_H(^#YD)@nXQ z>Zc3X=u>nc#)bbNZ)5O^{jK!;?V?%}tqYeCr?_(`!qZ7QYpr{X>`>lpW8MWnZOS_aw>s?72++DSrOlueNlo}rQkc?P8LE# zCXHPtrqeaSnauy1Sc3Ye+3W-)bm;vydh z+|@9Ut<$U82mHFcaXZ-YM^I0)_8j4Gc(GBb>1A2Z8xnQcVPXhr=f3|KrqJ2Mi!#h@1qr>nwSW)j~Aa9T;Y zy;2^K{7wL?-8Jxt7;*ZNweB;CTUGRKy1V^&K%RYXf8Vpb%!pzW^X{#CrH*7%VVl;j zy29VvAN~F_v0Nb<2E@$vDNGd24>sSnHl(Y|sxIN&Ibm$n%4!GY8C=Kn#Yab%7pYEP z$j1$6JDX=s&;pT|r;4XQ@2CJDrR-a$BFAzt zQHZjQim@ci97|amWQk;p@_XGnb)E0``Tg-+&tK2EzUMk$W6XR$pZmVw>+Ah`J@QV} zPoHy0^}DP|S;TD02*ieoHhL==yAHR?J>P75U6+4-8^klbu;fm~*20JsW?j%xTNy}; zSDP@lKZC5m+|#yNs$c)!K6&{Pkq^$nulqERLX_Kd+TJgpHRNzx>*DaiUQ3K53Mkn# zBI|)~_sMbc=xPyPje$!{=oyjmyn3)p6a4}({h!#p9EkEAh1bR2Ea^Cs?IBU2ZfL`t zx#X=tuCCeR!jCc0%X7~>G}d=7`lkO;T9oqGrn_Uunbz+9y4hRyMg#;b%&=^{sdL)# zQB4mzEFJ*?^4aIX>$M}HT71Qdn3^6Q9-e0)VU6tBFew<26R{nWR1~!&Z3qyD(-?F6 zIE5j%)0W@(Pnv#T&TiYjq6+(K7sOZ2oDfy@X{K(g{L4@5A+M&aLXks*1L)r|Dp!}b zQMi^z+A_D!V8dX(wMa~rS&R%@*y_@nn%YlZ3vx${_USx-(JBaG9`l=O3pJ#KYZtFl z9J$G*^3~gvh53tAd}(D-S%N42X6~gi>fAU?Q+mTQ>z``&;3Fb>X}M#)N+|3-c$B@U z0h)1(d3mp5Zgn|}J@q9K&&B*i3*MQYapt)LHAqVDX!{iimrjGaYhXJNtY9VCId2o! zdPGL=>W<@f36J6;n)7NDZ3oX=pEsidt-S|Om|tsrJBv%pv; zDrDf-3(>mF^LB|%+GeSXx~wtbMMjdqnZJymzo53Zwqwev6uXMCp&lR5M(%o?Eu#SO z05atIKG(%_%Bi?2L;Rm~iR@MdMaBHe%G9!+EujaV9P$qGq*ru(3wel+4nfRB*=37zWv0D>imud?j7K%n=hVXd{6X+?ltGl6f1;Ds|3pnSmJ)&YMm?wDtTUlfCpsAOF#Ag zdVNv0xUPG$)_QC3@tid^RgbHx{>A~F(S~=HzuywR8f49&UsN7#3w*_9Ck@E>x5iYP zdDQtm-prz4G`NUQ^Q}DU>|efIT*}X{E)l4wsJRg{vv=9B1sWV*b&jtj*ZKc=!KjSY z+NGX*nz6}$`B?bYC+4*a9%uxxpn2!x=H?dE6nPv<>FT<=A(M@P$>m)f`tF?;mVh=k z475*UV`Goy4lsY;fCw}h<`*u;H($HyI3vc>zYFJ0pA2@LslFn%eQ{5~naUclHT<@>ZxEZ&D| zXW(T-9orTQt2hf_TP4eges~mon%79~_ugRRU8KN}>NIS*cIg~^V~lpNm4EAFwci`Q z7lb)3=(p&mot@p}JaF*AH_nnOYg^kw5VU=O9&hJbJ6MbV-C+E-Al?e$ho^ zf+fmGm?W{DTx73X)6VxsskkU+FgW6cr=ZyM^DNo#1r`SKJsY$WUqWW1;?e$K#lXTO z{q%iajlZ_xO4@$B35q`E4l{*sz|K8=^dE;}Qn={n2kLvqo|N24v5oWro3cyC_q?GB z`o3AzH4jcyh=F~8QJ2Dl*A_;n1MN$w#^-%QF5XOkKUKuapf zn)YkN6Ygetry(hT!HhcBYQNSm%QJHQ-t@X-Zwu60=ea(w}axF28hjr!q-zjX*bA{31f6Yxs*#o;kfhELYMAB=S}xpO_UYwS@(x$ zwnAFDRdr%?Apri1moN8*9ENvG2+z0TuNaHd*tc&EDM5jn+vk(QB^27o$R!cGiE{nn zcw|{8|E7~KF{_hm!WOJt))BnvR6d#KH+#31;AWvp9OQp?1$RJtMXyatooe~k+2-zR z_6Mbaa%DG)iB{LR4)=|acE=Hf*otDM20M|3LdD+g3(oK*qJ`B2{|z&h3;N}Z?r^j)i7 zRoGT@e0yni^}QUhd?co%RP@P2YMQ3{;!zo3(w^~Se3XylN(abW7y3C)fIgty{OQ8FQ$9~uD z-Dz^~ovSX?qi9=v`f}$Z#d`fOIW6$w-RZTb>0PydnF<%DB6JQouBEk^71Er4D--_D zFZ0$Z^E!RCcP@4`Wms#iEquCHMtQlR!}IbPwd^fU5l?LRy^?aVKj*| zPg=g}YHhuS>Erv5;~Z(eA$DP;&yd1(b%{`M5yYM*QWmg%S23gOE26|lS#f($OjT!T zSe%5%4tFSssSi`VcS18@78#RAtOm*Ve9&T2LWZAte;=LUHC)Hj@~_>hKG12aNQkk$ ze0>WizQ3Q~p`1K*suG-}h`#^$o3Be`8bAryX;6s4uQwoic)C*NPi1X znuiOtW7925N=oQ3Gu_Zw82sU%nFcdJgWf3({rG~O@#8g!erxa)3YO{FY}mBPgiu~M zyJ9K$czKT|JSse@vk;kx9*%dof{jU1y#QTGS~_6*v}q{_{=>HgheTT`r-~|JpZ{Yq z*&3f0vXnr6JqE4l`R~os^<%XY^v<4Lt>n-bvujH~{6HOe(&oQ+#iIMR$`83t47+xt zCS?lIp+w}ciH{$@GFlGSn`7}>3_Sa8FeKohTp4MesUAFxlY3&d4o+qG7UMZWn++)D z7$y`_vX{bz3zn3Xne_MfORZh&we4HS1HRWVco;9E!xhp2*_0I8c3HNhwDhcRXFxl+ z?%qHSsNhauAUkURzf24FoV9yzXXk6w00qB`w;XvNn3|aA3k#ZBHkScn8mV>bUi)@_ z#eK}1Xdlql)=qo%YL7j)bU7TzAj{>)xFh$&hnEm_GI@3|UTX_WKnVa*Xek+jpCtfhQDz9z{>6t=@+tHLbPZL66Kw+l0T>g;Rp@`h#;Q#OO+{_h_B> z=*b<$YzNzJea|Mbu)nxBM#J>#)6I(kL=`I-o){kp(91S|@7RE_x(-ryW~Vw{y?J8< zBY`s!woykNsxaj=tEN);h)~lg!>FhzJo^lzqMQ1kZMZL0W1-R2jWG4>Dh>ZcnUjXN zq|%}yk5jqM9C44MyLZnR7#N^8H#d_7@vL1(|29`22Z1~e6ZUHEfEC+$t9Pfc6t~=l zZTwZL_c?r6g;cNh!`xmGMDT>oiH8E_e8t#9(F?@H#1a88+`D(LiRLVa%a;Xzl$Xn% z0Co*LNb>R>(P;!Jt}^mrD#QwfkPn*xhYY>=q!V&P_ncTSVG$96zI_Sa3%A@2MK8?_bh-^20{ynLYKAr|I3K=I(7ZeH7hLuXP>Gk8fM+KeT^(l@~P0CLut!)qxW z(bxR_{VyQRcH&vz ze}}p{`%YI`E1!UX7itq?fLu|&mh3k^do~70M8qbW_s4$glR1YNW)(^~5X3G3$J`b>AtT2c{r4&HRPddJoOGYY15g&IX1@Tv_>f4b54uHzsBU^TlV#2ThwX z!>B6uAhAY7N)M(H)5}%2UOrh_w0C{h%!hQWY34-rGe)>e@MOult8%SRk2?(645gre(2iC_M zImGk9niJskErzDy2e3neyp+eSd49uNa4ER)Ozp!~Ho(wZ-P);RmmQ2(BuU`v6 z`f^`ueLrCaR#Fm@e%?0)?t-v7LHw^^_Pe)*Uz`yTq%Nt-yzU>~-%-~nl1*<&4QUeV zE!7s=pQGBaQRu}J3@0Nh7=bzI?~IFXf!C6dF8dtBMv~L#3ho6+M~YwtO`NPAON+U> z6SM08OTSoH*caEia_!n#;NX`+31`MU0fR3s&vR?9;W-Bf^Mlht*K`a#-Z7AUy7l_3 z1iSh$jUoW945DLb8s#{HY}wNo>a*>r;2~T=@X(d_)n^8pCIoDagjvpUtzMl`Zga5a z4);=6QR8JPCpLQ(G6SPpN z(7BR1bLI>mA0G?E6UEp}99Y$jB1wEn+9gp}zMbc`v>4SCr{7Q3@%Hv+Kry?N!wKEB zb7u-NbQwq;F-4zd+s$Qu9Z0%gdku_Ay5(#9KBj%OHZPOnaFs3bggjII=BK_(g{Y)b zXjdJQ;nawTh}}<9-;JpsORGLxHhhC?(p8kIU@)TXwNRMp?CjPTeG^L-uhXB(al&CC!8OWhvw^i~fFcz5o&N zD_o-KTL#RrXY*>K@#pXEI$zpStME*LBlX>}On0N`HO=W+@{PGJ;Rs>_L=vAU zbzTBD%S83^IK%a9cJS@nc@K}S3oQBQDJOQUxp-9eI1GP1_`vEBla6jrmj;gF=xMm#P!^5Mrwl;Y0 zqoaZR*6eMTWHAvJcVqs7y5G7f!kOi~`0pg^(gSd-Sd&#?pe`1y-B zoqm4q%j^_7oxZ%-8V>I9-mxw1qqQNvRC-M^l~X$COg}Jj`CM(X2=v~0W8cMLO18@TBQ?qETbaN$f6Lo7k+C{Fvn-FS7!0dl z@<&E|dqgUy)Ve$Qbj}+%V3IX_ia6HgAAVNiFj@d6!H8lClKeQA~6edD(XxO^2|NBzZmT?>|;>oj1NV@h`X80a{5G za%Cnu&1uKtG^?||BS9vK3KZ&OSYIU*A^(H0GJnQ=!Lu0&H&|_m-`rjg97hNRS+LvN zKJ98Mr>F$R74+ zgbeN?%F36jee`JlZa={yWZzokq0%K|8~u<`4T8AP0}^zwL&-J_K}#tGJ&Tlzio-SFiL(ba3!b!kGI_K@RwI4Q z-9FN}o5x?^s-?umukKyVJM_2tU#Y0@Q&|EVq@_)foNX;psN-YW^)~1|Ay2e0Dj;p^ zp^F!{w91!V;JHI(As>{6C(t%m*dCQxZf#U%%Anb}M9EBFUtv)SLrZ)ISmaH8t8>ks zVE-V>G#I({psKSDep_$Hjwv7MzC8_@RVmyy?9kdPvKL+UPn>@98Z{piotoUVPB62fnICg!eX>od-^K+cK>UG!e?OWsH z=a+tAi?wlr!pd0_^1Xkj``C59^?=bVu*l5JyxX&2tCLDMUPWx_k08VEUQiGs{cr$x z%pumYVg33)7=!5J2zEi{;{IAu;FRFS5;54pS5mm-L`E3@1C?(bt60{;LR6!jN$o%2 z139-=s@EMmw9UB2CMASf{p4JwI62k5FD9-GRceT#1{@cC*Bjf{-?-tL!fhC|9jEa!_|{{eqe3`Ok2N008{{E0YoiCT}{ZkXC5 z`ucO?wdVM@_CYn1j?DFOVxp{a%}~^QwIn+|x{* zK7)e7<;6^4LBARI?%g9OCj=O7*g|}8kR8hkr7gOig` z)G%biK$ow6q#60#}I;RZs`0paE4?Q5_pZ$>`uDJfHIjZpUL zzDHY}s74z{SMz!szK4G-Mq;%{M8prqxdm&HkN0lWzU!rMf-R>Ab~qG@(X{vwd8sMy z&*KRx=;Hb0th}ip6!W651u^pi5yf{|+fayv*41_Wq>Q?*?TH+OH{!tUmv0-6f$hNP z{05TH9f(#D5u!2NP@FU~`;%kijjz}-l3FZUfc-HY!+h4lA-NhN4Gj&r9E*{twBymL zaP@@c?rU$OP_*-x*$YIK&%JVnTBp2%Lg@GWxxbFeb=Xr6Xg9Uuj6=BNy4L!1+lTs- zO5ggWQaxV_8D{p Y;fnZfAPFpynufyf7#ck~DwvLAVQ4{f3Y}l#j-kjmn+|JH* zH+y@0y_JOMz9K5lA@hahZy}@&c>VDrGqI~d3#Melx^;%1pARe;=Ik3PbQ>IJ_OaJjK-fQCtw({8UXH!y@+Y;(a zYMF36zKHEYjSn*3n22$R9i4q`;y}dRyM@?m9MnTBn|G#rlVd;IonE?wz2#w%tzzW; zkD2%D;pbCP;yIaZKOd!N2X3fo1*m7T%WDs3C_%rP6kgzGicp`ZM7sH=<~jqHSu}N_ zG6fAvQfS(C`D;oSL#=8+MB(DJu9~C*H1Y^nBdA9s)2ajgss%D`MMe4Fy0s|KG&3-S z$#c;4qsO75q^-)+OENfCC4(t0uqpi!J^%|b&G;*h_oX~3}yU)K?}wmg(s;X z3~=bpY)?7+ns?{!-C^>fXgR`@b96iMDO40kc~1b&c`TtC4)3#KY|zQ0YNeyT>)KRkiMpR#HG-gKDUQ>9|W}TGTw#Il#dFwt7LmH)Iw4kH{+3#fD z_>gtd!%5Tz*Icxpm}(TMTX)0Y8H0t9)JPb8d&l7o(BP^=O_V;21MSFkK~dN~GHK0d zP4cPz97gxxiXm7{6w6GR!|lSxOg64&D9w8t`EXu#i{+Xp`WwYpt?Eaaw;3Bu9X6j3 z3Oi$#0VTS0li?X|2;&X7LGa{nA2Z!t2mIt}h|>+b``1t?QKro(o>Y`aU}1Zn=geR4U)U9%Jba20lR`N09fP zy(>uULt;QU&{*=9m0j*>oV~PETrYmo)A-jFA*|gHqn*G(s$YkrJpXBbAa^NpPI$>w z%zBb=X0s%MwZFQguyp@?)W!exqx|qu)`OppBOA>}+uz`s-{+y*k&)~jJ9ZF%oDCMp zkK_VQFTBh4$3qvxCcev7{PNEo8kL#s)r#?{h%A}jCnJyxPR{Q8H$;tahCQRMLlVzyIP~F)L%Tc6XOK$4xqi+~v3Rtij>p0(kb1c`tE2=;gKfhUC#L_&QDE94p3MgoW3 zEq9Sz5OH$B-x(GqB$@A&xAXcB{DPOl&%;Ri!K=7GKTF0xgh`d?b;i1_!{C=**0N|> zf9eeX)_L!Bw6y_Is6-bE9u$POZ%mY_*n2FPZ?y&-OzYp2tp8%Wl_LAcwta~{qcGy% zZP}mPt&^YflNlGk)cA>Du%X#JnDQHGu$U*T=wClfiV6ShbuNzi_q+aIe_^!v_3PK@ z4PtpxY?q=jx^wBzM(-!0*!Ub97IYz?bRy9C`f?no3y6&8+PiYo9Qute2+#CyU2$(8 zX>XH~5r76k{t_YZQUX6%p1CM5Zxjgx^XPo*6k7^ux;8}WCwU%_VA}fX!@7%-HYUO% zgoZ_M?j9gRNBOeoZRIp7s`Ti5)bxGFhV()%NT5=l_2c8?Qj7iYfqsARVT57j!|5Y@ zeJHn*-Y99+;xl88#?PxKy^fBCOc|7WKA_P;kQa%G^T{N>duP~aa* zvgi#O)=W)JC0KrBn2Q%Ja+8d5n1U$VGnz~?Lh<@~T%06oE}N}ec4FR8;0lrc0~lom zDtowQRHb!uoim%;5k!V;bINE=6-17Kov&-f2Lp##S1`BjqC!MuUT505H9CnMa%Y65;iN1dEPv9huv6>Ul%H{7a) z2tp0_HqPJmjbJObn%Bgjh(M^yNlyCg*)s$5CMXoJn3EPfp;vMq-7@*B%*3lyO`OW z5!;p&4`np;Qi@?ENmUgcuqjs0`)81VdmM&~;)Y^8n7k>drx4+)CYRw;%6%`VLiKtI zDyb?H<2K{Cj1jcFD*ima;bCm7_|~n}DFGUyj?+ko3{lvJ=4N*k>t~?)@)C8^=ANF$ z#9}f;i9T3I#r>&iOlB%5hJh8Es$}1d7U7yT&1eI%5M*z58e&AKx{6}!nK6d|m?6dKk7xzWH#3=9pKAX@UQM>J4^O%$q~U<}$BV~Q?-O*vzs zcnhBLm|0^Gf<#IR$`Q3$IcPmHP)tv^JdtI)&d1yPeBWo?%!_MKriyDG!$b)cA)ofi zlZf7+n$fVcSH}U zpd88$r_9HIc$wh_TIt&GRg#i7cnlzOVd6_2!q9&jdhO_Y>zLMK9b}L{#A>ZKZ)`&8 zZ-_1TUUuZ^7s1P#eVWlKY)ZpK3$@>Y4Eeo34+F>8 z+}+I>QIU|CfmmVB!GpW-5)~CE(w{~1IuC%QepJ#6N=mwthwFh1E0`#G^9Dhv8w#Gy z*a@@-u-stn3`ee@$1yTKP<|V~M8ox*tRS#EwOQ{;g2iUD`&>|2MExqEETEcEs`&eak;1@|Klc7ud@0Z^GzgnAhfxlr$mCr_5DsHmj(W@Ec*%Z>EdWValF`mb&Bv4^!&~K(o9aidGFKwgMQLC<#Tkvxkj;iu$RD7N zLtFPb5_t~w{M*&eUn@22uJA2gI*k$n$yc<0`|(6pVyYG}75G_C>I4!FHH7*kD@rb$W$!wtT}V?-KWm{)Zl7k%9Y-*p@3jZOiBd^?>VHENrwt>;A7@Lc!;M^ z_{Xb}7DhMf{bfDvWs&MgOUxTdVP8v23+xiJDHmD_XJe(rrKIM$<<^Oy$BM>@8=e3^ zOzj8=0enzgQQH)(o>1Mi^$<1zQqS8VAzqLsdER7!;-4qD?xapWtGG~4nvdghPv4&^8IC$vD-d=Yz85&ta2H6TI16XLS%ei zYo#N$fo0_tAQ9_mKck3v(!{#({hJ+86MF_QO-pNQs#*2=ao~#`KHk$Yvq(4^PXIxM zMMZ|NqXdX>+M#*+p4Ge&%8rwbdECY|Adtp^F@5#=^>ze#l#cB1f#K-z@Dt{&L8Xo0 z=tU2qm_Sg0)o4WxjEvsFK1`>OBoE133er$Gvkyqai=o?frb^_YQek0X4AM`cY8G~P zSQ7<-U01HC5bO`ZM9iK&n;39{g$4jiT3Q;KI3Ms}i;!~n1K(i;Ab5K3HCJE2!aT{h zB5Bfq!$s6Wg~P>%e;^biz)aqbi108qs0^o!F!_=?{+%p zavnk&4CGjBu7a0J1=~R4nHQq)cPv!O;HGD&>x=>)!%rkX2(3R_qRmk0aA=Rbbil?< za5F%ps4^^wkB`5^c8Wu_RCwFvr3kgqTHTF}-;Xm=0J=Y3?`ilSIl}1gEJk?;T?0B= zZRx!Pz6hM18hBm_CnieUcxocI_N+#%2$w}*T~rAFLeg6lZPq+&#YKx2RV2Qs!gZs3 z^Ad~V4~s<3{|FRe%q^Cn8%<6w!6IbYc3wsGQ1G%G>T@)6S6~mjrvge8w15CabrS$6 zfxyNhNV-i(iFoL`6WufbsFTyb3c;l1KlleKDDkCQ=gfT=yuSYaJe&)H(;=GNLH@fC z$3Fad;%8BB6Ke|=X$@>B#AzNtpilpa)q?+6ybe6{_|nOk+KWPl)PDc4tm8K*a@Jw@ gf4%Gfn_rBps%28^Vy?^}L)_T_V=yu=NeO~8z9Q$-!p?meT80pv2Qz#Th?Op1I z6w1BlKcC=_jV zRU`Mrfp!lwBil}z;S)4R51!wnqGGn{s?oW(TjSbfokaJ%t~YxyFe1}zwtLT>&Dn2t zA4nA#KG@n?&p5$2u~|lYPX(*`coOH)SJSlhP0<<_uOyec_$c#q2)#-y8uYRl9h039 zWLc(4VP5!?5ZBhWo|kXo4|~7*!XNekYWan~kEXT=&|CPS&60yDEDJw1q5S8i{{KI| z^pLRHsm{{KG_5E;5fS=?goF&!M9V<AyCn?z~iMv)#4-Qc=f+Wi&L`in%o8UB0X^ckiaoFcPV;kuocBZ)!W7 z?>RN`^YO{nWKT!SvNAcBFDinuaXa-xL+XqZ7)Fo&bItPi&(CX=ytm)Hd2%y}?)*9~HH-c+YO@EWB5zgN7# zD{|3#-8S~UnXBaNp+kp^a?RJ{lB=J3O$eO4do#M$#=S4ejowFh&Si(!xP#n8)+pY3 zi`$^t*5j|2>FMb?IXS6VSny(5&QDJaUB9hAG1OU|DCeSMW^-ce+R>p-p3uLwHTz-|Ff%<=*8lO5=*_gWrZPXjh_y2GI=5F}l{oSO zH+uM`L|NAjzggi4-}W*;9;~7U?pV{q<8RVC{Jy{6tgfM9Iri%gw_jIbpu=@F_ z+nlU3OW`n1RIYvgd?`0Kx9!QWkeUG+CT@q}nc7$(W^Qitt|v0zn$l=ZAKERUkYDZo z`ZW}{qI;s#uiAgf()zX?BH?XqW~1MmnV7g0%2RhlV56MW2180Q2R>y)ubfG+lI@FN`4M@ANtstChY5{u6{)~W{$~e_K(M( zvF0N^6J;~wTvOve!Y4YsnCu^!h6#p*h(riAr*sy%&`Kq&xZyh`d?3dxRQ}Aj@}?%{ z4I4HTdQFHgQ!T&1;~TP8#=g9wVu{bxsH&BfRY2R};Usred&CO6%$x#Xm3oR-Fsi||0 z6rW{Gl0Oremd2lDoO`hg@G9dS&yW z^H0uvfA;Ft$|JtNHzxbddQi$knE5Lweoc*iXYe6sO6$VP^%Tm?^uz^SL9*AYs+rbp z=bcSB?c%cYhLX=PHU^hXf3rOKbX=oaoXCFqnS}n0f`V2*Kh@IF(+9@JvY45fHKu7X znLTl>?NXXqJFxlCV~a2K2^r>3<=3rWAARi_Jq3qdl!}VV!qG9Ryjj$l;+OdKa&!0c<>d3RMRuhaRRi)<o&wb11G(mrE`bIV992R}3EGH+|-(D}>Mo>(|4Xl>h8?NI(1Iqx;a)iA%Au{Iw@$d%`6e3!SaWjnRn{v1__Xz0I-1 z%*HPyq)sj7a9gME^hwiBCF8eY_&LWLLhtDpBn<^z?#eMKwp zn;xAoj^I{Yi)B3c$e!(0qFhjKb=1z(y_cuXd}HVl*`F2CoMZkp4A+(7Irc4H$w%Hu zgw1#AtI+6=Ru1L4KhoyDzd!T+TDfk!KewW13X0WaR}d5L)t7mv+T~pb+c>qNxHVp0 z*}UY_Nr5vxmCIMG+rCQ1{%v{E4!8UE??hY&T9~oaL1}4elh>4|`uR(Kf4Oe=A%7!^ zvGe$VNushJcl(nw(of1fQ2;}tq9mLY6&0VB%UHMW*3nTL>Uc_)k{s8&2eO})2Q1Ay z{zgzYUUJFYbmyF;T_dme&srh(&vC|16N87h@7TeSkUnQ&QFCd7zE4urM5@=sV1IKi z56y}-{#Y@~j}MPyJE}!-D^fmXADo|Io6 zJM;bhh8;V&(ljFjvG1@7wzqEIwj3Y$utvuI@}y-WgG9+*yBi(2@1*rGaEMnHI`e{QlL)@F(G0XPNT1=G-XUMD{~} zW>MxRQ2ocf+iN`VAT_A z^UnB)#@@ZFl(4h{8#h{hs)@#tdQ#y+ty;cY;_0~{S|%&}%6gM)+AO3Ui&>eNsVoN!wQS__yOl;;#|q)ejA z%AS#%-g4h^skz5zwvy?=;_YX?v63tPGc(aS`T6RR2+x1e9$%0JtP{<(_%k_D^XkwjlWw(>vokZUMVKy-*Za>%wc4&-A-r^fP6I7lQnBw1x2me! z7`%w!$Ur%lwf`=CZEbDO7^n16I?6f0J=f^gMrxMKVgoGK zxowCKWM8Jb>hVw{O3{^Z_wcR#=Iti9MR7~5_+>Ngv@%ei8=p|FXwUteor z6RtiIi!0YlXCc@r)pus9=MnDJ+R^>#Z&Nuq)-QAYv1FvVhz0cjhFF9g* z>QoLYpY?Ftty=;Wt*wXLdn08lPfRIGi;Ih^nVBV4%p7}_DBN_S@y%TQ<5TVSPEU`& zxf6Kx>eWk^F7cWdyMB#9jR?ktgf%Nob}hw4W1-_Ro(>E+1S#uJHCrD$CRBf2Hdm$W z+uO{2T~E1KSq0u^80_4&dpAq&dU@Af6pLZEmq4i^lvQ6EZa5DAF*f(m01E9X`zLHQ zZUJRg>7SpwRaY(BASY*X>E&m&x!D?m%dsPSZdBO5yt15fE|N<&Y$D^G z{f6z^4?3Mby&9#bs`>ESp^=f!-KM730B&h3-n`jY=+vziJ)x*K=hal~K5~ z;B^I$e2U6;r!Iek+#>xON@~3?BEx4qRx@j>#t07v@`ij59skjKAz9Ijieirv(%-*? zIa-DsZ*-Nap+k@Csd*iJinFt`E6zMJ-8^^>aDW`1lJSoxQ13X(92^`Pu{o*U1nsu( zEcMxY_g%cCWnjg%=7J7S2CVkvuLkAam*1d}8)ciap$}Gy=9W;!=>!9WtVgM(T$24f zfy%f>(t?8RTRAHvAi%qIE353OwoRv-C(vVhUPN-O*=o0H_3G7?eMfCgx^?R+`;Kp2DI(q;_@8zsj9lItqo{te_Nq*TI06JuS304qhEuDhli<- z?7O2IU7{!?B!o)8_fM&65Dk85C(2~y1m|$S;sp8?`}M2Wu9*(dc^UY)d+XEOHVg&K zSo_e{+IlJQAEoiD>n>eg^;4(B0i`U5cf4j`VAzRvz588MOh{;G1z^h-?@6b^;^Oe; z8$RPEuHWA??r<9v8%~^?8S>j$_xQmBmN|vvk4$mV<+ZiT8P{&zG%B-_Yg>KSQ?I#M zAA%&;$h&SzOiZl&j;*A!ckiVN7q`K-4`&Tox}aD0M!=~}R&c|O_TOl!9}gz#%! zq);yMD6hn8bQ7eg0c}^!MXXcwWW@<)i;`(AauLGeAiFr!gg%%GyI`lMr~FDDC5J{m z=d$X{ms!u9JJ$u!1e&xrbla?G#H`!49*E->-1H-B#{^(k)2+@-Gm{?>tPQ<~22;bTDi?4F9k z!pkX@ev)Sg+lm^^I5@6KjS;M=V!mZ!I~EzBI3!B>A25fJdg%tE(BI_2QA_O7;G>mQRc!I43<{nUS9iOM#YADDmZ_C(Xmg?Qxd7 zbnT3do6}1R!g_joe!k@^74XS0yiG5Dq}0LbBtCQ!zwHEUZMSvp$dfVvFHcz+4uAEm>IsH&4pI|KznPtslo8ju89i8VY}z(rjn;m zoxi@`7<9bNz`!8mNSSZIKLg1Q1sTngh09q4dC~ki#LZO5aW5G<4yKBN#_*>No1p8< zm!pm8`6XXa@+@&=37$bAzHsT%Dl{uPGK7_mex- z`Z&Ahj3w^wix)5M7&VVk-|;;+2>@^*DoQ_Knw!T*_5#jJSaIP5AQ%C9DXKxMI60T& z%;n9+3h9ggTz2VM7;{(CiMda)`eEx#-b6`VT)%_;`}^$Y=a#dqTDNY6v9U48I8JDz zMRPyOQ}6riLz6!WI`6v;nR`$FD46H9Q{O~MW7Y)uxMi1nZz%ibR)>~V_|E0Hy$r0s zZ~u7Sd-7ykAv56s_?la6>sZ}AJStwipyBZuH3-;4z2vzG^Opm!OU29zS3NlT&oeH^ zk^q3`RajtDWRx+r)Z(jGt55tHeWOpP_lOr7vU6?-qyZ~%F@lr{-gtPTc_qjl`Kq`} z-QT}6p!4NSNQC#8TLVzsw|&V@y8Yx}@lZrZ#cVB8DE+=G&21S5{OX#TR$wG8PrYP) zXMZ0fnv2WHm5`c)nsayc?!M!bljGF7xNb|!D!Q6!+WiJ|OxHs~bnc)7QYaD< zxoTQAH|}Kk-JkmXdkKY)pWh%|Z~e#<)9e>NS_@vjy;9nO_QZ1F-ob#cZ_>j*&Rl7<2$*8OZHS{1gEsX%l5}7x$q%D_&}}_31z_R)yFR1qIg}a?wrq3U7n{;OX0`6+X}ABIiq1lvs zr0mos8PuVmq&^;r_%RJTclYfC`{PS2t(oRMfoeNEHWsXNTMY-B@#9nP-%_sfNvf(d zHpLs83LKB1lvzv;cY`-?Yms@n_0OL_DQ~_y^}b+q7T~FAjZ~DA`;ek<>+ugI#V~XD z+ud9OLxWATHOqWw?pst))yHpHIzB#b`%RX)DK^49=#;f}5O9Io+!7l{$0K*v`-g_~ zM+0gT;@bTzm}Xz#7`Kx5!GT|6!7pO{^xaSip>lxH$gcTp_TVU^p`l?T0HV}b0i+Rf z+6Zk0lE7|E#ZL%SW@cg8mo+O3mJ8rsm43t5w12QKO1T+Fth{EJ@ zx6`N9P&q2o;v>E~np}4C+BgE#$-8M29Rs_V3go+h>Nl@n59736l{cPCo#`!0-SzfzU(K&DczqPCmfh1k4Qn218H-|z#mS~aU8JGvJVw(i_d)X;Fx~pix)kRpICE0fB6DdTIwGg8|%K+RGV?VJS!oA z#z%aDQJCVs6-7-fR|$v>x*}#mMWI3e`7ERSd*Zxdrn-s>Wtr-x(IH#DoB1&|<~Gp5 zW@jdj#AdVc^W`4}<{(`0{0h#%zGSbJOKDfCW4|!3UmpoR$U>^yFw*SkX^B3K))`FcOkeSJ;JmVRntC<^$t z*Kcl`hbTGN)qGfa$ERcLx-yHjNTCQ|v{19PMKyfc1OzeH?c?OM% z2`@Ys9?md3*~>&x0ZkkMm3aQ{9ov#6OF}|I%1eEw>F-T5($T39ajwL}1!$so;KPF! z9JUURzV#!?`Qrum>WZJH8*E~2DfQX$qfA`RoT(y0W87FFdC!g#k2PDYmJuF6kW0(M$OBLEpqAGTYUB;*O8IB zrIh@7wPV+wJymE+OlT%0(Bp1<`a(dFbZC+E1~A^Gr>6;B$Z2ZyI8MS6pXqT8$YCII z(By_kMpUnFJJ|(I8F+w8^uRq8sBd+no}nRO0#yfwv8`8M+jdd}HJ#@fbfsWmk01%Y zn{{`@s_*%L(9=w?o$%!Y5DYQBl-DgMvY=7>+e0``G&#=bCQ@ zd(c9k7k1KZ#`>H)&&WkjAFMV!KF+Qg#l0DvSW)IdhA({}uiYclR8;->w}5^L=Fp9< z_zdu$numu+HFYoDySv65o)d%Qyk(a+e5&Q|7B?&8h0v)FVhIuC6X#bl1HH?^^_< z9JtH)QB2z}oJwVl^ikbR-&3|Tzo8zcHul~?rKMNY%PA}c))Uqyy=)bT5mcx7Z*O6d zB5D0%#RfsaFPT2>KN|>tWEVHv1bKS-*|TTW(1Xvd-*NWxWJ5%UW7&-0vSrKY9zTAp zuXs8;L-|-BFCF$T3q%n9?c2B0;g~-|`Pc-3;h!$<8E11Q9wo8-$ZFeT#~1)vbM|JN z%2ZTTsNy(8u3~21fGbqRMeYop+DI2jdUC4e^YhR~lCUQ?5d}l-;KBID`<6R{rqPAY zg|Y|{Ko+Q$x(Ygn1kq_|s#hx!cuGxq*58!In1edMA2hE|cL;h%&kfnzhQiCJso5qK zStq>2zK!W8$?vD|-aD9gvt>G2;pm=K%T&{v=pdl7{h67e4p!Un_MXYU_$}7wD@KBC zef~M(H}j|wV%W$~3KUIx@RaT{m(X3OrBvPP^tNmqo}5anZa%*}kdmN#z`}C_@kZkG zAh{VlvfqF1!iDR_qU!24d@;Jt65lyXh>2sfE3FAiBImsTCD;B{;)kD{12wvycMN}H z9}_X}?nG||6c5TdTx>PmRe_FLh0->HUI<#vW}IUtJgRVpk1uPT0H><*=})`zq6!>4 z&BKnOK!u1rh4wZtrx6uuxO*r36R>#(9=|_Z!d>`o>gfHH>9-oTKG9S}lSFf7A4ALz8-hN59p$?76wK6(03flCe@Km72cGrIRiLUhmZpUrA zn{9GCb^v-*JSi-UFOm&@W49H3Q$kHmEoJW}G4Tf0ge%F%!gNo(l-9WO=yL+!o7cZ| zqmQ5TxKs0RRAHZu>7is{sqD@F{bf4#_9Eci!tY~mZ`2O(ogP0KH1zqjT-JeXdM__8 z;hulgl(XBbs;X`>xI&-@+SoOI=c?3yf0zH|hnbpO)!uEGGX49vHuFxhKd=uT3CJB~ ztZB`gfn=)=OtBYSgfugsBNnM=1+a!noxjt_N40ibZ2bpmTP ztQMNzTd^*%S8yl5r@H(5?Tkilz4>}6Ie8`cO3mjNx%5}$vEuKq7_$fR@=8myVCz!+ z?cZf-cbvzy0V0J%u<7op3U}`g=AckW7XphO`Q3NpuY+lj3fPpGltfOdySw|Er1Upm zQAFXPNSHVa+sib0y@BzjI$ zx;~HawFMtn#0WYBUWZ%9tWwBVln=x)@Hr# zZ>89KDzp?R`EVHeUFCzm0~N;PbN)SRS~0cL&|g&0=}`G8XdBS*p2OvXOnAPmtnBal z8*C(2=2l>;7BAnKG2^#)jhO(dz?`UH1TrZrm;L;j!l^A4s02Zz<>N;}b}|lRuT8%) zfBy`E)7~xL?z4lL$?!o+%!#JFJn8yEo`n5gpmt(rs9|_`UA78(T?EM4brHu4T{tUD#Hcc$KPAaqm>`!#W*Qz|_6*#ay<0bW{&b zf9xCDt*@^IZx8Y$c-oYJ1l*4xUBTx#I#nmYYM%pzF;Jia ztulS=uslwO8hSD;SsI88RkJ0!srA&J_V!tmkL;TGbd%)S0HRO@11qdEGcygxul_uK zhDxtpud>LU6aP7PKq$U=_k0~;2Vk+ua@jo^cO|=mw(N+8<=nORN3Q>xmbqnnLg#XN zr$Om0DJdyQNKT20UhF8*7tF+~;Sf9A9~mG0`euvoA9td+(=jqu-P8!b@A2#CJ+q?K z#J<7VC7Um(4TfkBOobPKFT|21yD>F26=I!Oz67x@fV`@P025Z|>+9#KD8c#Px|R{Z zHQ4ac7N05Cd6EvqI6`D0g|okZ+7f>gmLNf{jd%8Nfv!_g2vM)BtPJ^~IC%AlZ^h(D z?+A!}4{$-xqKuVt$Kx`LujTWLh(o`03yHaYmh#K`4QHLZl{`%$j>L+VoV+KyS$ zD@wqG%D?5U!?J%q9J)E3`wv5KTK*^713)qr6Hw1IKzy8ke3aQPC%2@At9GzC_lA1| zN-0qT$jyfzQGxGv-=$A)WF#VD1+nHJxMNWjDHJePP4I4FE5UbR{dko?c|dyi$>9wS zCr^_1t-mJ2fDQ0$ZgxVMIDo`6K_$BJ@dfIl=$BX5Wto6@MH@SSrW%Xg90}m>nE^M( z)~8S)HlSv+erzU=C;{_xGo5owD5Uj6ChB>kuS_s`BbWfJEAVUvyN(jMi|gb9aXBG8 zHsk{Vd9~2DF2%=(0ECkh2_8dD*$Vxx@$8=Ldg>>$vCBn{OnsHr_Z8>39wR$*^j%lq z!CUjumi?<*7n!sOsx@ za)tp$IQA3s5Xcvy^Ru(lj+An;2o7z92HpxXGK9y$Z?DFVOEnT{f>S}RP1HDN*(F)} zcG#z@3sNWC=f+4bBKwdmq8AhvLETMb4L_hizsN91Taoh!XAa>AIscL+pRpuefUY>d z_y-0aEAb?5rKk4}cRvTFUFu)LL`6(3Xc9zihL%|cUls`Xck_N*@y0QU^L0@Nge(Sm zn!^%(`InMv+0Wj!luOR-^?VQf{wd{t#Uqc@jZY>u-8bTj65Re0}7no+YDxuxAWK- zToFHW4;8E=SOQgQq&G_03I&sniAf8Z;l?3j=eiOaMS1xrMiZS7Gw$s%D1B4F!r)*w zvVDn)uFf{SPI1q}%SpE|uoa4}?aFw#xyiVAYQMoh@3=J>9cw8#TUz-4yDuAGJM(h+ z^5x+CmGueIO*o6#NpwK0RZ7)>#2ps=sq(iNHzLYJ@9xoE`8-CoD_6e`hkoYy9# zZ73cZKS-bpg0}P4w)kzM_;sX0^Z^lWqWJ96*OzGeMX{*6EPSxcR}m&cFyuyy+L(=y zI*Kdk{J;aTT<5_R*Rb}3s;dFM3`5(eP)MQ-4k-~~(69(bKh;)fdF4z$YOF6R7CC7s zNkLfiYqE|jA#@>X#t*Lg=eE*Bo6Erx_br~|1H!gt*)dli_=FBli}TT!C6-<2*yBB- z^J}ep&XwyXXL$uk4bGx_LVMtORz(Aw0&ROG*Or%`PZPz0I4f9llJtNB%(3Q!&ug?# z5)&i#&;3V_s&KqPw&}U9YrXjn&|nP!wt`b?+41AYNiKu<+~8KM*VnVM5-(TbSG{zP z;2C_^a|iBjZp`iZ=K0|XN{1%H}td}l*F#kt?e+a6*HE_wUUAt7UhLT6?*ObhRw{H9vei^&T%iWzU zI!ON#a(CA4IJ*LiT2ogSn4T_V?l*Jh-1+l-l9GGtW=$VmnH|jdVjtCVc|ffh1t~UZ zv)OtFX9+nj<;06Gn9|b>(zEDux8?@;{$pQW{b-nPZp6A(;gk?xVKPT^9x2Ds@A|n9 zGPYBBJ58PC)y3{Tdthi<8k~9G*x_Ec*v6mCxh3w9zAg)9LsAx`{#Gh z#~5=zG}ctB@TDsZQ{xwcFjO6Nrm0MW(e>mf#_2zdV(t!H^M$FStRU#Sr%L*p4KgzCtZ47Suet9vaf-yA z;MS3B6WQ5tD-()O*a)OCxQZOvnB>c1*1WXhjG|<&zW7=5ixrPu=DJ6d)Yr}SZCE+? zYgNul`jWSm9PirK-M5=K!`%wRp{{PETJ!m|_e8r}kH?pQfB=Z@H$J=?6#RN$CD(uS zjU(Tw7nVa!`{<50XVnOQ)jRum&9L{L74D^igO$g+`hLxI_u(^qb+(l%bMCj{Qg|Fm zAajk>yL%=qi%<-;oL+ZBdRTZ_Eq$G)_)bwjx2+Sbjdh(*)u~-i>a%q)9{0C?BX8YX zbHHw2b6U%^$HEdY8~pC3d%_m;($?-!C(Ck9x$VB9-I)_tN8M!?Xo<*KOw9qK#mOUId>)tO*ILJJebN%jyqA2}2px)o*xO54`>4&gpNTGj8{F$UM1y z;jQv@APta2&MocOMrhIkLP9(5z5|kPYr8+6b>d}d!LyCQ2hY| z9#A#^7#O$|9lb$=#YU}t>D}&@hp#3F;#4U9&os}c?c0&JeZC=QRT8R-Z5=9|vd0!y zMt^HTu6FCDy8%mSdmc0>NxR9a<0~M~Qs_Qn74RL=3{800x9kFS>#^p2=K-%G52)zn zysB56|H@fya414xPo<%nqBRFaMKPi2IRBY+9!ZA8an~=~~%SVoH5!QA*E%ikOZaJ4QSVr25b@#eRoBmc*}A22wLz ziixor%%NP$P`R=7_-aI2f*=er2l93S$&+$&v_3unXkDjiS=`dN*EIAA6w0ppz1NFm z$re?QJ9O~i8fcgPj9lADK(qp&=pwKH--hn5S{sy)qy5FppAqq$?54FjraTk>322*u zY&r%8mRz6FCaprZA#P+SNzuj1JZo=X51E!@NDjghxfY;HJ_Ut!Kygre+2veJvwc1H zu&h}V0^!XH_4{*UT6*j)6+h_2d7wGtHHezPVh4&^{534!`R3 zzW4&^g=;?uZ|fqrVi>ZdsqkGOr|ty9LM(FyQC4o(J%J0Xm$;ok@ZN-D$rYe>H>MJi zCrkm2yI_ejb+w;vY31@mo*y0eFN~ z*486Pa**VfVbwl4=T{Pqa)I+9ayD~K&88#z7o|Ad91k3*9o$R}MFnlE8^5igchNb> z8t82&npfAiZ(-1JtZ`fQeO@gX-QiY4u=*KcYtTbQ;2UbvXLNIun6>+YCf0*nz1@A7 zcbh|tKLkr_kjr%6|9xvb#tyQexG)s`{|<-9LXm1(6Gt< z!u3)X$uvYPZUhO;verSyB;Nu0E9K`lMZm!|DD;O1exU*2mK^%jOLE;%XotUCcVurJ zhdn}=C{Q1Jt2vUY_pPeviR}&hghYhz`_1`M%HcH)V;y=)I35yC<1K9#qDTOkk=(qg z!(c4%7BQx_o@!fz7i+q@ZpBaF9WX-b*?Qvr3LFAy_ltn~Z|!Aphj+ibLRMws>l@lm zpNaMUC7ElnVJqPrpI7pkvH+S#cI|Veu-`Jp0RDx!0zo!*c9Kl*g-Nc3Pj&_nRsh1H z;eV;mf(Q}V=IFo&tT5u)kR~jV{H{`x5EXrC;W-^U%CnBOV0sFB+39m#-0D3{j%|f` z713?@pq(U{-Gzd19ite5b*;fxkk#^Zbem zz|G1ETSZ!0TFNG;_I1#b8g3{{`vSm_EM`dhHq)LcR*<{ z$*rS;Y*+|72&437&KPZCrRjWWlW#RWAy8ztQgzje9JXyUhi@BldJhc@MEvS&=tYct z9>$TtG{yu-UQiKZ02F@&w5}8?-{I2^NKQytjkuz;*MtFkxR? zD7scg{@zUN>(ir!g$yOM;V5kaHC_}D%EEUXF9hfi>Sac_DaojbP-x(XjJ zFGZz;mL38qjfSVCmJi2^_wU&Wk%hAA3@L_)Y_u!at>P&={h1#0ehHQ>?MQeYZsd1l zSKywoLC~l|jtx06DoRLrcu;uw?#z69TvAt?VuG$ktoFFm>s|b1-iv^RFf4_ zgoMKpg|__+{x6IdRip=5B_6%r=Nz_!wEgJXjmVclcWfzi=Et#(KqQkCFTxfeh*&!f z;rOkfABO5p>NODp6%-UCEy^i4r(s9-T-&OOJWzPMm^gB6s6tpGi~ypYI9jrXx!U*ptJ*@)O%GWPz^c2ox9;h<0wkG-eiCYl}sc=MDJ zox>6brDg0>{du*4mb|6JNJkE>%A`X+Nw2MYeNC&R{*mX`t^ zSu&&&6Sq67wQWFI{a{$~R;R&4tWmCN-teh0LVyj)KvA*7PgsF|v_Oi;(IBxvSgMkR z6GY&F<+q}gkP9d$%y40Yp?h88LFpjrz>$%W;Ky@FNAx0|1cb4*FgYeB5P+blhNXzK zVrV{uT%#=rCiBA~yv|9|ZkW z@h+9$4?l6Oz+0MS-4p7Y@xwJ_94Zhe3Lvfxc#j4F7tOv`NlQM>@Nvo56JhHnNEsof zDC+0&jgd~}+H-wd6&V2`fh^=)G;&f?6i|WoX|Ddem^QF)hnuu`x&ggJ#!HbWWc56p z{-*o(RdbQkFMdMp!FKcKa{*r&d9`DR&^8h)srrtgiK3szB z-nn<=X35A4E~3?c`l;1hkCtSf_k$>&Q1nEkT)>ivwq;sy>aauWXN?%D_5SYhGrbUn zj~m@VzzFNJ1!667T8TT{Rsu`mu(AyuZ@Iq#=14GtzND<+@Q?wDf`S5feM|rli2#}e zyWGti2{44TpMi$alBTKX)cM zsr(}&8IjBTWoY}&Rh}-80x#;mw4%iyFH^zGpZPDT5e=G{E~pKu2e>YlqA5SsO&~u( zt2qaoXmVKBpdJ*oqIFO#ZoS9qhd)@$`M~D1{iC(S zqy!ERc=`%68Cx(sfVz9xQ+b=pP3BQDj{+r-sN*Q?%&S)i`py1E$V6e&80$oJHa4Q7 z=cs>fZZ2!P*n1#+qO*@ozkO>26Pg7m*mkPo3T>n&GO|uk5VOnks9$`N+w`gCb$?^Y z9<9kDu8Hn*nNxO|3&z@_qxqlZ-`()n_?*8>U-2?sef?^1Gln>wjmgJP;v8POa)kz+ zC+*nfYkUj0Edm)RSotY91=O!%nj0#`MPa{Uq`(UCB4i6zz%(O@263K{2iS%#cHmBZ zM#d)O^BXKi+pDW-u`K9vi14!HD!UJ>B$^MwF?*A)&t>z~&BO0B{cJA|4$?iwT~E|f zFAYfW?TdaAH7K%iaN{w487(1`oVPyzPlxt@>^foTlP7=GtxeE9dS9vN-sqd8%`yvL zWCi*$Z2A7_=9Y;E0=WZ3@PBuggQAjYgiPL2umk{tO4&~DeRt|{`YT?(++9!Yj~0nZ z77GNwdmh!)>{8d#3g1x;fYJ+)Ml$N|`jFp2rz@pLGu*keN{*{4Ff4fK8Gm+31)Ad& zLl|E|A+u7DmPrB(Yf&{wImilBiO;db&_YkTrAo)eKty*cL3Xe7- z#|yU}f_FK>u=hbEkaUrms;j%Aq@)DsF48pp-n@qz zos_is!>EJsg4=GpfsP7*6-<||$m~=MqmkkwE`#`}1`H#UewDH_Dk8c!^5bN0Z`*s1}#5UuS?LsU4=8xv)rAbYiyr z214Vu|~A_-E*zXo~V~7HY14x?#Tj<*$Ui0hV1!v{NoFh6G(2>}kw?S!1#c z>G%xt?)k(ZZy3++8V-et-gzk*B+_hzXyNwh`pkn|kmU5QStYTrN^6!|3XLY;hXfh+E)8)!`x3iOLsisEt#Pw_7v1AV#MXzyn92bfOc)2^&zT0+z zbqN>tb+Asj=cq2^9z-~>#5fM;)KXPI0I_+izUP)siGUMt#@&5Y7(Nevq07a5ihl%z zYXuMs?fQJh7#4?LL_{Y{FeCA+o3noX-kqzKof_Agr%E6M={x~JVTJGzkVD37H8pAQO)g;gEd>-5{O4#&=O*!hzxOjCv5CJQXOm0|kW?y| z?2#~~=wK(~&p&uBl_xEp5#3k)%&w>`z}&l=IPxWv^`@9z|BlShU-6>2VW=KW?c8Vb zce857?CF6eoOkwzDf$@`arAX=OSyXkx*;a>x&FB@ga(D?#WDPZM4ZGpQRCq@mxd)2 z@-2d@ZKM*QIdZx?{oR~xs1!U3?t8=53sX0>$y~$akFfW*S9U$%{S{JspZ+UkBeRi_vzS1 zy_~bHcHunKTm}J)f+q{mqx;%e z7Tb%ujiDx6KTuB)@28|Fl7+%pj&_V*^yguxx*I*O_Wb=Cb^S8^fxH$7-2whb-&D4- zSr=pqtE?dUUXN-_xn&a1LN|=W#N6$G}wfD zY61&g82=u8Nqfd89WYI!6B0sU_5wGobzrAWX_S7QY1Npks$Xxk^Dc`8zl3`t_xyHd z=F~^2gM?>Td5Jo!C*C-Pf$CCXCVSN3g~G;n92J>~Ynv{1f(kvCT-!RfU9aBqZU|a@ zenWI7c8an%W<=~Cb$i+Z5@cRaJ^d-i@C#f2SNrnTw#71>l_>B*KpYTesN~m5(t8av z_X2hVNo2Js?Ek%^=vRi!!k3SYzNK;lnk*T#1xl;HKsIKIH-CAR!~lNUKuZAL#{y!_>JroMy&Ep3xGcyA%vkMwZ8L0oCq(>6>wxxC ziO|D2%mEO3?SK9Hq0D?T9*xdp1>)5sjzF`d%NJd=U|I?(l!Pso%}$BZ ztXvlYbj<~M`vs=4h?7bwC&>;7AS5{v45&XM@iDC5?UerC{t{ga)To496{gsiQzVgi zAqg6&R`J`N`R?c@7-rogtb4QRLlt1sZdlpi>*NUxJ-tA4nhp+PSZxt=X+4`k|8GmWf(2cd>gQ{26{k|#d@__0}u9bf?9C#d@5 z$&=lHSRKD^0aAYYq;Tz75}CqpwA+e*ZhJC**65VToH8~_zW$Vv!mG47{q4y(W1h_$ z{|94SAeMx(Jbe5&tN9;hgGeWv^|TP4qH-xiB8DWW;L$?A-(Zeyw~kyYs4hg1`Ppc= z3wKiTJ9+pt-*C=|r2Au7yPY6PMoxQLWStf{2 zI+OIG$qCP;Gj*? zJ2u<`8)tXoK72kv&lExO|kUFewIJE}^1MuvP z7bC!v_%Rv)h^|Mcqu+iyyyrvK%F{&&|cBx5}-s2wnijIOj-iquh>9xWSNXw-i1vLe z>V3`OIO7zdpZ`{NSf2Av7zuXZ!=zufeNgCWhnOF&gNzI~WwVDE0}v ztzLj@CJRtGuwr70u{Fo6$jYfbp0T&)w0p+S_eny30Z)wpQVIm{)cIZtb}{}Onesqo z5#dC}@Yo%u%RUf}Z^bVvdbivfqoIY~zfT89H)UG=tiREdTrRwbF9a=(0x&?-Nyw_d zVW!w{JbD0z0V^UuiY%Y_BRm+oZV@v}El;B#g?3AxZ$YLuhU1~;1A>YqAJJpGeqnpy zE2>3Y#2O*e$j{H;1WS>R2U<+u2&x>{n`I_+On(8mlrY{5KFF;*ci4ZsBexD&C-Qip z*tvO}ep!rhtLdO98R$}17m&eAfmM4Es@72Q#RCIi(RIcP)~FTAZQ^ZE-Xam2wupUV zq_b3bU{xM{l^BZe&fz`)@{LK1Z4j<(bXjaRd^(-r{?=5XIdy@xXy?@Tr7SJS8|R&9 z7AJuNG-3^8LY7cSrN$%@F`RT0w;RMEet8j42m0q{w{-I%qJa0F;O$kKV?wvCc%2 zDIJIAFaHn_#!vv1$TetUL>vdvWN=u0H9mfmhP2I+wnc@Te1>r2)y;K(<0)Kk-@aYl`I7OI2-D2k(a}Ua_3Gh$B(;5bX4;~%Sn^#8yI@692tTmSFFwUuUsMH-M+5Aed9cUy{Us>^AuL*_5khvRS@i; z5pv)9!n+~qFJd-AsX>fQwa#}hbx%(IOVLJ;w?yBDJ!B&wN4uUvOnIm#o2 z0x+crc}s9V4xNJ0U&ge{9uO2cJ!!-*x`Auq+wlttIoim87lDZ)R*=ujt@nSu8ZVhA zph(Z*7Kb#qK0F?TpFue>Sv6yDVkEI=0o@94LOz9(_z=CN{0!#akZYNLQNy3K_kXQ~ zkX-}=D=8@zqM!$ShaI&O$P~#Du@GO_w+j+gNQeNYzh~ilSmJ3Wtr-^qRwfNhrP5gco7NAE2EdRv_#-!^+s;k-eXDRr?m@5iGNC&a`&V0|eJ3Bb&^^3)v3t!eG3NN^#@y+SSj-97;rEM$|e>kK*jNY03Zo>wCTA9li zzYH!mnc!n@1)X7#&>TU57W#DBBjCGHQH@Q$)_);3+G}J2OYt;;prHcP3TO|%>|{i{ zx^JmF*l+u{gsR6_zrVE=p)$B3LAi*Zhebi@w#FPWA{iKPWqJ1O865tlK@o5c$e0u& z8JP2UhA$0$?ofxsZNoQFDb@d$Rqb6*v=fbxwTXas724VQQR&+k6ln6q94qitJk+I% zv~E0hr5iy%3I%NrPrtyZ3$2h|q6&1M^DEb5iZB3(QA$&E zfP2q?f00&c#AMM(2bS$7Og&Hv6?{jWs{l|wcQ3E-2?)kkn4!gke#r9y51cpF(f{ex zBj~)K4j4*hsSLr94LAXh;BmzS4zFqUVYfn|Jfmr%${>eNCRD_vK&H$n2*QR6g{R$znl(5xEN^iagr^HyoLN;jv$vPcu&Sf+&;JY!`$@ z5?p|q29U_8*#tzzn`1IDGE#x_%qTTlT*C1<=ddH9Q}J7m$4vSFgcErcBk@u*7B7RK z%!B^|=+FeK8RU4p8x*uY^Xa(V$@PfVd4&(8$^C2G{ogd;|2Z;;mo*VH2+u5g^X82+ zM#xD%mI!3PWrXptv(r%E2dhK23=9fdLV=e-Qe}8f2Rb1&1ttX10Z=Ex9IF2Z7swOv zP|6XZs94=ui(n2ECH7`5moNWogYmBqX(;{Jk=-~&KUskjkH+G|U37vo;5}SH3t(7r zBKIi`3NU$k8x-Nd;^G}JawN|V9E8!425W}mkEd;br;%rUkr)9&He0~+N%pRhDzWZ` zqF-#GL*&W?`^`pY*(VMxh%8xq#d5NykaHoAae;HQ1WJnr86W!jNt--ehjQQbt04j% z=YoSbAaak{mq`RKs`^@6S}aiKQMAc&r5a|EDQK{+1~Z9FLqp+{7RN-j^m0~)a@zmJ zC7St#S@sBgRVkfvbc}-RXa$1=7{9OY0-lVf(=Ou~p(_}4K__%t_(O<(gX$i)Q@0k- zkIjmrq8%!1SAk(;0xDPhE4&74#Ld@RdiL`4)p&C1?7Ve-&E$Aqn1;wnO_$Ex%t{;j)X1Sb!5V9#eQ!R^{AE#5qbl zehtI@4rzuteE|=)vOpvn;>Jzqrvl-hAjtH^7YQvC4YnHsCmJUZwZ=dJ2bp7cLz&YL z6Re^77hAfb-6$$33?oIwRyd3Q#k2Z$l2?3fPO1KvXIvAgzV}bk4i3lC--0XG%b!C9 zTS5Uv4TfrL4ef+U$92pv--mzZ^ z>moeZwh*HTsc}cUrjQ^7GF;kO+p{Q@dwQha;wf2`)r0f+gV{hehOJ*dX(dc$b;P6a zD2xhgyy?{}&V1e}>-TSqRXiqeZlY|CJl7P3oqjb7OZ4T-0=~GJh;f>1au#yS z*||u*!UXvH$!rbaH5n-t?#ZAUaW(8QKh55tw)m15yo6L}oa);lH|aIe%P+n9%NQdz z)Y47iiK=9>if`LCc02`O@1_;ae9F*^$Q9N+7oN+I`F9ThMks>6Qifk}IfgVt6?Y$H zmkqsJQknMtuSHd}3Evnh))l_V5#8OLp{mysqD(}3!=}>*ReLs5Zoe>rLk~7Zsz0lig+{<%-g`SGG!#|f&q4RW*YTi z2t;)eA;uTSuI3Ci*|n=7pe()auRN7?32TMNsfB{eQp#}#$*323C=MPKM&?!FJ&DC% zs9WjA^1%HsWM;;%?A*DtYA(k(mpkW3*~Q9Ab!1gFfO|zGu$8zUEehvHW0Herw_{Xn zpGItO(~aQdn!lT*P8SAB&6A?LKQEew{{@K#33)0)X&zzx{eP=UT^O}I=Rb$b{<^R5 z$|A^5h`q8yHgwSl+)+zEio(iG1Yp1v1UM)Z)W7HCF$BQxsc=O95|xa4T)Q#SM~LC3 zg5Kd#66X)xrKSK+SQ14Z2VS=<+{^I%TKOc4FCFufuFU&&vHy;Ek5C`THID>F;=!0~ z&ln`%E|~qWyYeljWcrKbmt=leD?M?3zH4V#fwPq%Ele;^*Aq;8Vm^}K^!TJ~Mqt_{ zPS+LIc?P){Y%LI)7^Z4`puxkLB96 z58p&ZrZSZ&Ntww!XABV{WLD-7na9i`V`egwd8iC!NJ1n-NN7ODjNKViGJNZ#{XEb2 zf8X!@zu)h-cU!exuKT*q^IU5k>o|^u%%+e_Fi5wcaijpw()<7OzfkQw_{w$2v|JgPnei}WfX6~Z1>Flvh0H9k?ZJk$0P^KUAZ7yT>=Y0}6%d3D{4_=ffkt3D zqgC^6KTQ0yY$S6*8|^B7e0I_T{YU?$6zcSL$X<5p{tTq-K=>?7=g%Joa^dmE?(^^Q z;S8!oH&{BEA{FFVypen7y_ztDQL^0o-8bkT<|12Y+|tiM}QnS+JdNgvIe>)X#K&-09J`!hnGrpGBsqGgNpxf&e<|1uY`97Q_ev@J=T|K3VIx_p&(@ zqhC%1I?_PkwE^W3x$KsiG%*1GUT8t^{lI*T{uJDUeW3#j)k#smbPVJ9bF}cAB$LAZ zoti0oz&k+3N666!iVGh={E&VdS+~MjnkdF2DM=4oT@3C2ecRe=nwn26duTZID)Att zQUDMeS<<3T0t9Bf2hVv&VU;{_oKgUJJq3`r_C2B@6O%2soUm4&RKw0g82Uz;tmEQn zoOB?F=?r2{dkyWQWAIUMF>n{iyBeN6v|i?bwgJsJgOV3OfX#-M6>{YUV@e)lDR(R# z0MGla9ozpEd#|q4M@@~y$%%n72}Iu@G*LJdr2y_#$<%k79xY@&_0*=L#Q296f5NZi z%#SH}w@(eb96LXuTiNtkg6?+LhkJtCL>&J@-~XpNfcKdnpA1=~aj;&V0x@E|Kq}w? zXw$x)0$ET(wFvC;*tj^&$udNO10!jWViG}}i9F5GvqQ%?R5-lQ_zIGx>G%>^0j+4{ z`vh#y5JV>XRHf)60cR9A3<0lF9>mXtx80$$6XN>-$;_cOlT^DmwA5=Y`g1Hkulza5 z&f;A6D1D`=7*2}!*x|P}mafW3Xh-J`}%w5A!GGZ_hy!)YkOBx z|Nk~?UV_-b+-kOb#s>_pa;~x>{VCKMH-R#C?wu&CBPhTSKjHo`^yZOJ8>Qe-xq>Gs z3X;$$^yme&6^`ITj6Z6hBbwgyg1hJN*J~%m#l=5<`b1e<0d^`|#2BToZz{iOyEdgY_=qjL{tQ3SuJ#zErO^p8m zK@XgVPGaELj>JDk#R#A=(y{vkXA*ExMn=Z$D?7PyE8S9-Q4O{6`AE(iHcVmF58u$pT(PAt_5Ju(u}wc@0fYrUvbF2pktV(EdEviEQ7&GO1Y* zOc=m#Vr2`Ubws(XZD?q1Yr}_X;S#X7fuKu_IZ8kv1FmSu^9-`Kvyd_)Ar|N-2le>T1RveKD1+dH^hdD|@(hj{vUXU6=L8<=U_o@tonkT-OW&w?U zM!z@diOZ8WKj*2Q`#rH=s_5}uR_KGYBN{@o+51PA;UiK#214v9#0Y2q0}P16U%&h( z9dG4;ju&N|&rF%8_j9ONd{Bj*7P+%ObpZe)K>L8RL?`7-2ej^XxOvEQ*^jDg zk5&H+CQ>_her@2f)bs1pJKD)f84-3-&uR=Th?Ppvp*+Hpw1#a}SQ{GMe8O(z-7o&ctBAlY~3Rn&Rx$kQ3AMnrCOUouyf?9Ub=Pj;8x76myfF6NW$ix9{ zMCIBy+#Ogxnm>cs2>{2(qmnVlAyVvHt7uzmyo`Q0l`@o_8_2&KrB@sr$DnJ|0!2<@ zl;SS0EnJr~KsQ^QW38~(`HNgz-p<`R@J z!qdH+N;7TaYKbM*Ymim!8xT3rtR-EBNDkrhDl0`;bo4#2efQXbUT+(q1nAv{K|glx zIlWTn2ax-j5AqGxDfPa^U$&-p_diHDV`u&cu3X@g*siN>8uy{|04LYDW$#+STZ#3C znlBvFcPgtU4tPYB9{(ME4!8fubY_QaSohpbFCk2JNfkZd@#$-0NlKks&cE@|4$xzU zVib8Vfb|A>Q!-TZ^DYQk0$W{Xpz{TIOjFOTjIc&`vvLbMus0-ENn)fej&)f0Gu|OT zcyd?3Jj?{X191o;^^q;tF@wGoN~NIIM@mtkh7!s*X&5raR59_t&vG{&WOJa3F-#I} zID643Ds*0S+3BgU)h1eCVT6!VqIwc_@lnwVIx$Az5kb=&)vZ@SRj_|GzYqGjifnHq z8R(z>v`&pG^mRLuY=U-4EIywX)V2NDpu7787M;k?Ql+1zWPBX~&hes@I@t~4Yyn69 zwx~GcfvX2fX)snv%H`3z?D0+AQGJ}koiDFNv2UYF{MXpNX20t!5D1}3gS3X4@*3yH zGfnV7(!*C+E3k9kF@|zZ?QdYVU< zB{xB&20|5Hk1OZnFZbhVGa@>kWx)VJm^zPnxVLY>?t?BK^qe|y;d>4^dnL>gt1&go zZ{JJj4W`x!n@7b}33Ln+U{=*B$*M6>H*KCjfRJL(#hDX}^-qn^Q9PJcPyf3d6W0g6 zl!~xtSKnP9P7n3yra5R}cC0>;W_kN|rcx35rjO#f8M(P=G2=6K4tJm?mgJQqHrhRU zpmNHGX3qH>o<4GZz3gkhIqZT&#`}-f!;vW(Q6;{Aua$7A_~pJV;hy6zd_lQ{E+J8L z_R)lx^l$qSB`FkNEH$`+T(R%1PdIyDz#F0PDUJQ|$NVPn-{>)@g9Ksg%znFd;@v2q z81W^iN*E}B1?h*N0geED%u7s6?oGrjk1=6FNcYfAg zId2wVA2I@4pT)8SCnQx|PKSkC@bRyoPHdKV8GoN{3)Ba_!0d(f4DdBSW3uy*gyd%~ z@iRumTD;Cy9SamvfffIftR`KGvk`+#5QxX-j%rM#P#0noRA(Ol5}ey2jX9Wz6l)Rt zD3?Lhi5YC;*)LIOpMYjvTSoU;mg^A-+h;$7k1|L9JqItqe%b>wY6OQM+Qk8iMNQA6 zS1BKES%fiL!yj}`$Z>TV;~Bj8CwFE}v__;oJCimb)k6wiaiF&{bX#?6z3 zJ;N6FQQeL>CBC*DpsykMAEL+sGE4oD*&c!&0C|*=yPWF+YL10Y>(#jQ9ckY(GvgzI zT?7|&xE^Psn>$VkM8VOX9%6X=@l4_DvFy>F_*)z1$XrVPjwH{=4$+5d1(eAq+1``} z*4j*qdt5@cRlFoj`)t)7_ZYS!RBA z?w?~M24La)4A1{46Dc@I#9XNv8uzkO7D8V`<=g#%|NR19dVNNi^NME`O|@9_h*6y3 zeL|Pn?TnGX-C#X3$Z&9O04o0r)MjM#^u#s#x0gRcz5^tE&h!Hpo~yc_STGN8QvSRV zbUC&>;j-!U41OY%wZyz^pD=dIqfwp0r7~o}h1f|F2^tx{lnU-u1{B?LSAoX7wK~&< zsu}2wO(9n#P-y{2av9(&WS)Z3m)G-O?*GQWF@cAH>w&@A(`~U!lV$f<{Dc#4>&V%- zaRVfb`Fqk)#=!eTG)w?_4kLsLI;^OGhpZL}rJ-Ylt|)J)-{0n`hdnzbd0Xeu1L4vf zzANs2DSI!So<0w0Y$@pYBeAA_@^3ddNge=MF)V_@9xxHx44V2Pgo) zNdJDWF(%SVwTfm^`N=Mwhd|&zbR2UTNR99M_<*O=X3QVRP$s6|#$)^;JC!3-7G{4A zFb|>)LK`apdOXn2K(v*WmH!r4cz|4gQD+o@B}mm%z`z$6*HJ!+S|_-6Mm3QCPdRro z4l*tQ|B{(cT&0$9N6M8lbbq-)=BaQqP!vWYVkG7QJaiz!9EY;27096B@YL$G^k9a; zD6YDrXSBjZ~jrQ>4GtEGp59P|*R_-zxdp-4Lt#QzcIC_tWx5B7TiM%)0Z z4N`|&_GWUmspJb{?x zokGN7fM^5MlArU&`?~yrKC#Dqe)2L{U?j6I!X_2?ay|u5YIwio6B-?2 zU+h!**0o<+mGrF~gga&T4xC@Q9&9!g6QO4aXF*Yd(39&OvE}_|E~-Z9GsMwb?}O7? zmXP9rTh7PN7q^aJ(NG+qWq~AVs3=gkbP)LrbaZq`Lums&X{1R56h3?tiQJLe1zgiG z$lV7HQ)H6+g8&S0z>iLZP`zLn?kie#G4g4~0tU0-AvOu#8l3NX##i)+)l2NEXc!8B z-E7R=Mm@)uy7V+}NTg?IK z%#eivym?e_aT~ul3L_yv)F1Sxv9a+ua8ohBR~2M^w-K{=nnU>jCfSjbgz6mwjc)iy zd2nwv_eZkUPP`Z?MwZrdG9qY?3E-qU8e$g(ssPFfK?Bp%4Fb!rsSl;ySoq1&p=H~) zc(KCGqe)TD<<_{~Hy@R)Qx}zb(w2LK!7^uvF@V3wgQVyQcxIqUZ^(eD$|~lU2VlEkF94!RRi>ViDp#12r7yZ3c{T-x_x!jtw(6}owX#4ELMPIKSR)0>6zs`dk zi$Cv{-FUIr$l=|-YxE)WKP)N!{F2=1S<|&>aHsFA^Ik6AA@Xu7G2q_ec#Iea|KigA z`$hjBzO(-{(f=zYh&JOfIGo1E2f+vaD?mifDPMq;q5!)NgRH)hl{~Z(U%XfiZ~h10 z$X<4>#ekObh>!WP674U27v^)nzk5eC8eW49Jm0R0f~`-8-hd$ zkUL(p#!)M{-oxv#wJb&YzI%jx@u!LAc^BOA><4*CX538I%xmKxXt23C9Px(?2Jei+ zH3|1Og$`=-^9k;xf7_laXZ}s9LS7GlNmalgM_mEX!n14Zz*9$S6fBFuG<*_rI^=24 z2PT1-SO2YwGRpy`6M#F|4PeLs8goxMzXkB?3l3uvY{u+~GBqy(l;ztirG*QNg0Eow zvl`Ay#D;fJFtVR%?QV>V-X(HTXE`^0?qlRtKPoSuho2wqpge<#oekE_|HS6X@6-o` z>}kw@qBWafb5LVDmG+@5(v>BhkGa?Y5pGExc#(F?U#+tRE9G z6wH1fHy*4r=eJmYQ}&nS$r;j*Uk|>5peE%7FETXA1~s(-mV$ROKCM-s7g6L?VtPb` z{q}?6p-D*h7Ccw(-Xz)TU;WGwO;&wxnElYsQ7`SnII20%Ya^Z{`vMz1!n{zv+je%~ z3=s(Ppa2+0vOti+bH2OGoQ$*aLJLz%GMbK+xY#y&(LqN}%jZ0^$gO^+FnljIzy>Ov zW8+Kjc8;QWD__9!)^G~V_X9mCN|&{z{63^F_VvuF?ONAmg`SmI!bv4k>Uw+0RAELp zh#qC8qRC4iMXn#grx5bA9VCCx@ut@wCDQCd@Q4u(27Ef`bsqu4q6ZHj+ALpMzv3GJ z^vbn9Yu8^qY(K&TrAQT7r~TETrI2Vr?{!PD&w}rigqC6GLD3}#l`44F5nxc*XN;Hp zEU8C^2hfytP5MQf?+f0uF~Euzj@XN<%pN3wcs!9|@@lJ29Q80X2u@jJueWte3K-uy z=7L#v(P0u2Ogmsa>fyod0a~kkTrM%i7jH++=WwN?!)Cc~B+*$j!TVQvxt1 z)Xwg2OGfVdX=N`CI=SOvtahJU}3Vk~gtAy*Fcc|)p*A4Tl13D|F$%EGO zzW-%oa0X~x8(~p>h{x#Q;sWT~9Ty(~vBE(cBzu8g!-pag&6$-*Up(M3CpNIIgw?z$ ztQE&#;`juW-hOyBsBtst<>ees+SfQSARIg3HR@r2+6~Yn^x|dqAj?4JHE$pXM?(>S zIY~P#S0b>EFQ(Ynm8?+OI=X#!Xj}3$g7(-GY)Q7s`IMHsRC2%)j*F=*FhVQ8eQl@rd$IKMV;BCm1_E4TK{XP*EdP@`z zu=`fFwW*Ke6}(cCh_i|C>#IOD_!o5eeYx`RT}XWow;>eR*36 z+5X#@Zp@dh`R`cvj+uMjm*xszD7IZ+a-DOu_}EO3a{Pp1g$f-O&nC3~!<1o_AO^GU zQ&W5l!uCJ}0>3>(MnMq_*a_H*7sXkFxOYa)#An#o?udKiXNE*G7WW+rcb??;x0UtU zGzjX5$nY3>gAT~==Ei{iAtg1aN->zG?bTx-(*}keBH6%311hZc3Byq1-SxK3DXZ+o z`)B7Uec*DU-}32Yp2v2LS4;}*^T;cS;5vvZ=k9(4gDQ8xzwfxX$b-QW8X^O0PkHjx zj~97E9#mex>*BLd%kb!CFGl?A1X2EH!8wd@_(4$)r#&J~!y-n|7braxAh=){+1T#S zX2%Cu`K&5}Hn?$Qm1=KZrKlXM>p~gm$2rhZJPJ-tdFqZ(RI-LHUvIzSPgZVX!5?jC2Eq~(NiromWCqdXz2ByQ@UvW2-IDf?&FXQw{RI&pU??&bdQ^AlZ z4Xia}$UxNt^KW>HCyP(q8lQ^veybPe^WYv-T;H&2`ECYHK@Ez{XNT6eN9Y~Th}E@J z$PKGIY+hx%X?ty}mrim`adhe*eD>S9w@1Y=$X5lt3!z7b2HN5tIBbPb&Ui zGyK|?r*ZuRYBfVelLSN)GR3~rkM4J!=@3}YoAeDy52)C*#%nZHbA&f``07vGM)tp| z++%0nQn*981Edg&T9DK@Pk+-H$xG`HSnw2;;XV|{FE}~Jl6ueAsLnUx#Rbrnn`u@; zZIz_b^yrZvsVC)Ag0X=)0K?3Sas~+EHX_g#E2@U~912|_xI-YZ!5}BJjzA?{BELi_ zWUA4TF`~+H9gdaPaBij?UuTad6!|i%T5w;j%p-43Q`Heo;!%U|i<=noj?(ANuS-<)5 zxa~#mOEKIa_5Sel>cnGjwp#M6Gu$#otdU%OltNCmqU@kymGSY4_TZM-|9PI!Z$W-f znci4Y%q!^FV=yqSWO;r4H8jFs|EV2HS4U z>5M1o_uXTV4^Wh8RcCb&z=900<*xL86}qp|K!pFWGaN1O7=FAnv&xo=+RY5FjsMfC zHKhRkIsOk0xM98Hf8)@_xQrk*EgIrgMK%WsrKxtq^SM0FY^j}JKg`@sUk`s4@13L{ zQJwxGinY-&@}x{J4|b~V*8ZT5)L3A<0f&m+ZEFjN5y0AFkNup<&T41gan%+~QjZCa zMvPgcccO6ROX-4Vd$f+XIQvwkrD%-5OwCIf>_~1x+H;cmz}ji;9bs4x3n4Gboq)lW0*1`enJEV(RN~NmxV|Bms81mD$P+x;FX`wK!+ts+3%^15&afOqs{s>ahz`AQWR`|7?lC9LO-pA$V~r0(}) z^wAY)W}Tl;{xHdmaQA(_%6{&|z}fef4C+Kzw z_Oe1D`D>%$MmQVcEbdlG|Qxh z2c%fo$5#EQCl5QSwW~WE!H{b29`!nWpeBj+RH}?Z{?GtHg>0ok83hyU5UeQY z{xa~^kZ2PqZpb|emNd8xbk4au#i(`57l?t!O7TZ5i`9L_vfuS$fQ~#9a{BP$bPbim zr^UXFhFX=z!;;s^XZ}1uOST)RO*>GXz*sNxg`sjZhvhh6@%+EoqY!Hl8UBMw6Vi%< zP>_j_@BMh@e~ZN4Q3tL*0zF}n4OqtB1Z(e(o*AinuGr9cdWp5+y)lnhx3KMfStiD% zL~w-9D~@s9rS~!{@ul93%i1ue1D9C0XP$oN&i`dSrUt<7gn?yf%n5RghqwT;7(uu% z0Hu)fM#OWKxuvx=rymWD4UCLbY->Rh8bE4qfV@NmtYD!V<*+Q{uTzQ~v|%6%%upvl z!@$53`walO`5txVxar@xqr`u|$s6QuJ?!Y^i={;Q=h6D)2so+vQm>?c+kG&w?*r07 z1WpOyA_AKmg8>Vb+sp8n7SV$N>?{XlJW7`@H>1!AKm^Pk*RyK^qjz+Vz~6`hx!5GY z7f2Zk>cW0dX#0SyFGc7!4Nz-f=q#I_-({L!5Amtj<#<$c3h${0Yr395hQqWpof%(x z$*JJ5zYB;sJqJd9oU>XvQ10>_LyZVVVPR_MwX`B^v%2~P(;~z23H+btZD`~<%+$@>k}K$c#p1`}uI4BlE)r;b zkA7ss##?{)XuU6CeT%~3>qkP&>tdqyrw$S%c0WMh6fa#u!_1+lt^k-Ql8S&nic`P( zC`_v8^SbVe4zeH+*oE17R1oOhn)vnPH3J+rUdVb?@zWtPqyt-TyMs_ zovPP{CKAQO-a73wWW@dweqs4SzeS}ui|6tw7f>GoQ8D+`XDqDRDNs*Xbo#*XnI~p% zNa#eJBry!w|n+u^)95PyORL5xT5ztL0A|CQyy%79P)JC57mD*d7nTv3yTmltA^ z=ro^KXHu2m2?>ad_bMxe5Z{ZT!XtL!AKMz4Jyp)ej5kf&eX!M8|B+k0!x2?zQIPqY zH0;H_Ex{KcNaD|1Tc1={F#FNCc-2!!t~XOP@*PKU=lVr~>;Jd`{4XF?mkhNdx6e3V z+57WDN<>^dnO%hp51Fc=niEtYcz{p@y#eb-5)k2maRE}-V_*jEec-u*0O$|~wXI;# zCZlUchn?9fz_c0Zb#fPlf1So5|;b& z~pIbID6kV}DPvA7agPWTuY!jsp$fsFA$eS`7OS4oyV za6W)j2stN0SBGuP_Wuh`%`;|6O@e;464ji=iNq$E^sM6mBFy({JpYg}a{AlpAe}+I z&$x{x&b!>$f8QByBed6$x7stiPl3pb0G=K);{&9JWql z09q6{P$l!dYKZ$>UMV<88EEU1ANy zlO^R!q3IPX0N}GW02Lzzri&9~dEEjIOUkObo9fbc=U( zca(L>=B|73dUT{GxBtZZ4TAckTyukeakNq&VrIxiBIxo;iZ6~UT$A*Jz#2|6aE z*I9!9Ea(?rJ2%wRSgjnzUSl7E$a7v!SfOj-K(q1-RR9xvCS6A*%*1# zbBdv2QtGVnKwt%hq|m{mxEB_eUHIq`VrLT@yTep^&$?>;uPN1z$LcNC552zM*JyN= zKdzyA;YrQmF!E(B+x-XFts{TA&&SiY%KbgTEi9>x9L=ry3gM3bZ#yCN$;)b;{6y4>b1Dv@B3GEQOH= zUf)%ndoU513f1IOu29!(DgS3KPg($nT3Dsh9RRENNuQH3u;3{8^eQ?Ic+@w8BvT>knScGl~;@@F!NheTwo_MeF` zhsKF@2#%;%xvzeL!AQI|~M%O-S+Fa@_ zRZEvEyU<31!P9nd#)+AHhZa)1ehPdr*ssyRt~&#B+G8YEk6!#eO>S7{bSbj08^`tN zEZ!(x3#0vQT**smrmAFI&9i;ZDij$1z6He3>s`ZL+5M|Z*!D+SG2;vzrkid76tl9u z&z+8WWhZk?^Z6?!KjPoN>X4?q_u)psc~II2)AwS~Lr1rY)K#E7&@Y39*?+!|9Lw#b zRa~RQlb~kGs(ov){7b)%5)?0WvnqM`M&0}F<TEAQ^xGe3s|C*8ptO*pa5yn2?Y3)yt#ZuZH)+o@U1>aYgD2F7`NO=yD zIn!VZk}|mz(s!0gj>m*E1HJ{8e} zRlt93`;%SS?u0~T1SKZ@$;PUq{I5E*nP3sPz|Fo_av@zq>vi8{ z89HsI!B!+;icZ2&Ix0#W6#9MT$=S0>Iyth%RFW_2)~}W6&Hr`|xZowpGPnO(3L>P^ zqUye=X|c=-I)ziFG5e*Vc}oKE40^fSrsa7?AyQwX>%L zO~j6<#vA4OYnG>(a)m!$CaiT9SOmc{4iWk;B|F_7?Wueg?31{01em8 z4bs_uT`RYVnn9`bSu9o|Oh}3D_yklrXgUHKAc9=cLD>RQVbk(JQL-F-Nzuo2%7W^y zg9+6O*zd4jCzhD?T`T0~#CY!Gjdq@`Jr-=$xAu2OcQe1yB&4lQA6CG?BNR!}{OA-? zDVJ;5uby%N2j2hO*Cr|OScry%XB?J=qOb2oqJ0QbN&p-RT70t`Q07j<}bn(3~FUKrJ~P4+0MIZx1d ztc+JW9d4=NyFp)wc*T%fpPa`-!TrruwH`w(ADkur@S&CBVI!VTyH5kS^f((}AHx*E zD-_h!!XAy))f8x83Y>8`uH&&IQ77UoZLd5%A4ZV$&Twu^X0ps@R@>unW40jy7pZy6 zeuzqlH@uffK1p*|UFq|6wXmuM@JTqNal(Zu@XF9~&`X%21)q{?s(6TKz~*w6z#ILw zQ|k*K_1Y4z776GW#IWg?M0jT>V^6t6CBdYR%7yy<^U9vetX^R}=vJeK)DhBkr?!Gn z?=^|J^VUQBb4cR^!fhD$2(!q?mki0(Ku7|Iq*;69Ew?kNW+w{tRXEC|^ED4aD5OnR z(sxp(DAKf@;7mUA{;L;Pr;KsMvYWGlULwt~y;inS(e3s_tdBMG42v6NZhXfZ9n>R% zI8SlC`SB3 zt83-^;V@NQsn5G+MbVb$RgYdYEhRhi>=$1JMsG%lBj96?@DC)>+z%p`E?vU-Bk}p~ z)fp7JS@#nc+7tD)Z*(2~MFO6X7`zJ^(>(N=z@y|~ajzv@FOJocyyWzl)lZ}=z`ooE z=L0jg`vSyJkSE^+?gR48%CN^G(J@Hp&Y&IsK4$uzbB=Id9M_zNOpBK7vxc=#?+Lt~ zJh#6g@;6Vq;=G`LTtHv;QIEjFj)TNT$c+{lkxe(MJdg z`2M}#yi-wTimyx|F`AhDlfsslYn@08W7wcUkf>n0u_36CmF@lfN+1JscgVZmzvsqu z@bb2&i~nwou|~b)qZ1z4BJq$%fv6(~?9rPSLC-9!q!f0t^ae?1Z|fz$&F_5f&cmgW zZTcL3q@^(6vI760^Aa~cGK0@3t_5wOxPUQ`rPiTo{A&wdksB-e8UC5p8$L=R)q(EFKM_d1cB`+wa-` zE-WJJrQgmnS##2udW|t{8ZJZq@#CuA=RUKnK^QUv!=l=mB!fF$T+eSH^CFPf>rSK| zvZY=iPQ9|pc?XB|BR)o{XZYOPelCCvEVJTZSYaOSMP5~uvuOy5z zj#Cz?$n(s8wr8*}?z17d74pnhrb$P)*rCUs4IWPp*9Vl*57K-+X^Nhit+HbX;dLk1 zLt>lJs}9RA4Y>z;Lw(a5>S&pj19!pl16d9twCn=7ad#s=8;pfRnclFmw<^l`3;jqW zlNFtsj7$7w2c52!5io5_j88HLY35yWbL>*9DLBno5kkKHkm{dG=AjdlT(ZlX!`}0> zA`9f-6r`F7>SZ9&gEItqzy}RO$2nwj(iDYC!yYAUdiJr=F9tT@f&mb?gaV#mb>#XkG*i5RE2m)5Ukb zBYSL%(q3j*>d;smWCnH{boJl$`&<{N4x;zdf>Sh%YJH70Qt2~%;8P-NsnPYby_$t8 zX7VM-b9Z`SQVjAg^8NE&7z`81Fw1~NBQbpov>+dvD1TdChmvf&%TnKf-nCp{3;Y)vK+=kxa~wMx_`1lN{_S zk5IA90Vw=<4XQ`XyDX^~FyC4}&?PkoF0nRD@Q@^^B|Z1uh$*iR)P%GM^F zYJDILe$9Er>~I~FO61e`IXq{60c2pHNyz)eh!s+71M2cNg7V>hE)gifbhzf8{g}j# zyNB$@p@)nTeq;QdU*~E(zoua9b~*6hT=UGXEm$U6>E?c&)zeH`KoQoE_277nrG|OLF^|T21>v*?#!B9M1-CDA*#-Ng3k$Gn=|4 zN|w1RtB~KCVV{v-Evj}k?q$=t0bi3OK7u4!Cg*+2Wp24r|0Jk}`q*C`Qgb>*!Ct;w zcgOZxkpQd4oZ9%AF)UZ5TEK-K{W{Gc<@|z6!#(?l6zPfgs_K2MKBN7eUk~Zyo*0NI zGvxd8nm{aGAS&s}R_K~_S-FnKZOD9cZZ!`X8bE6Kvq9DWh@t)+Sd|g+bmgTEMAaXZ zu(FGFrB!q<8K|TZ&5k<=Th)p#UWA^`{?;z57}3P%Bjh*}k0bfzSK7MpT{D;aKDfQ1 zW2|a@sgLMY*yP=w=Dyt|kal~D3pubs#Z{q%f-KYWnTF@ba!Y1q)g5wX`)qpyxZ`V< zQeeD8*^uE}`awJzbYm(%is|F+K5`MueSSwZOMfk=>K=1)_8x!*XxIu2gaG?M7!Q&u z_JjPmvDf@LXw;#RL{`s+BJW1Zhj+_TX5s z86YL2w(trZgJ)x0p~hOSIR(|6EoG1W{kUvDkoF*dA`mj%L2gFc^V~%d5fLkJ>ZMZJ zg4on!WAM5o=&A%fV#1Ke&p5K#13h09Nb}GvCYVb4{&}@Y?HwGbtbR?$tE2Ht5MoXu zN8y*dTeg5n3VIvpbuFBx4Ld63esbX>-NbA(O5}CU8=TNDH><^OY{TEohh`{P~&0^)hrIyFSplu(f)zkOzo+?S0kgkRhpf1b|F?E)j;zT zK~ph(3ES5RUhs=cwZ~A{y!A@i@oNk4%Rv96-r0h>6*UVAnc{w?R|ELv zK1MX#895%327e}(6MeSRH2vA`GL>syG`MB|+g$#`QuH3Q;Y9p)C4kF_LL*>4IY6HW z@wWolUu9rtEh*K`w*oK`x}W+Z!v^F^2A&_#YV70Le07Kv`4xayl?PC1mZ5ox=;f}a zAz%OpUP>wA?)G_$APJ!a7lqOB4Y0g8k(v2yQLWoWjk4p3xOOy?g(@Ug>Dli)$LHmB zKdJ^jNy>69yF|$mkbENj%#n$`!`3%~WJYi>>|D!Pd1{Ou%Qhy0K38Z-Uz?t0dF%M| z9vx}*;Ek)gT~dYX-p_~{u4VM`D@CNzSGVu^qgBz3v;FW~Yo-8;3vr*R8p~QmY+Shc zN0(*-8T;U5udjyJKIv#_jpu|i$T~Xm`rN(Sv+E6|XKQP#BY3_;k@3NE2X>wHmuKZC zOP|!kZZ}(*Y}@*(qO6QeR)I9%nM?ZY9Qfa(ZRS4a$zo{uFzXyFg6@-Ph>HEMjRsKBq)#b4lv2Q~76x`>J zF*E17X0x1+JpF#jqvzAN=kdGJ0ONi49=&IO+*n7_{$h_3#y(;Er@@~a=Cgg4Z}^`_ zx|~1Ka813njRmZRHf-G_o^}mu^5!%2((uxA!KzV~{AcOxuNtflJbpT%GR!ZI$zM-5f5Hz@Q?1>-s~ze1f-4PD)$y+7^XywluM zJ`pf6ImtAC2t(EsIrPzz*R&pU^20@nwq$~!&!H_Kn9sWMBlPm=?U3~rSa1jgBmY=l7dH6k+df4OeEeN(pbopY^zeZq8MQn zm7*B~zeH30*9RzYj^X%({5|aNwcXo6#N1zXUr19^yAZ9(XsWTPStXiYx$dCRWu?-? zmByN3o&`)OiS<4?kX+yaE{aBcA~$@5l_0eX?&bP)Ct$~)~dn&Bw%{qSzpqCmA!O2rv?GT-dQ z`)|DanQn>?Uj_WC`qX2rXtPl?&nraNY{b~znrS%`Fd5eIE$DT~FD-yfA!o3pib}d8 zkWWVNn~zSFZMxXyq}kGWr|$~qR+US~Ig@j|ZKWbi=Vs;9;X7@}^YOt0^d`XQzk2<4 zgPqc)e zG7|taqZy$1Wsok(=4(!X4zC>~0mo0>`i#NrehC0&b7;(Zb6yrhD`{aRRQC7J<%vD} zxFx9HvT*vHu$VtR&I26XomS70Q`BQ+SZqtR)*-8=prUGlsq*kq5t0Ute^}1eZl||l$_*l#>`#!o0p|ny0_6$&0)Q1{*a)eF zB2b;K>ge19z`wR(xH|}}MciBfHG^TXub>P;1(pv?!Zo#Hk1zUSPtd-&>2?V7VzY~K zNx62&bnzmfdD$~Bgm51imA!hJ&|+Dxn3a9x(?yx#-VkH!Q9Q}VUN-!I4-w!A8VuKh z>*UbLB8MO#$T0-Ro{T*4?rreu@vo@a1(ycI1fU?qN2Yo3?}z)xVE`{W(ev~3S-H8} zA+_eR>9P7bv-|S)^7?lm^me&twa1p?b5)LwXbxDiU2v^yCmUpL)wGszDCWlgws`h^ zj06MpB$+W;VRtAM`CseCFi8*Rg*7zrx2N1C*KhnIa8|~Fd@g|Ov~ZC?Fn?;BDP<29 zvX9e}UKF5b@(vmXj(Ie+=)<29wqL3I^^WA^S4muU;)(k_(NoIysoKNWwQ^n$?^&i) z+ZDw$tb{zg3f(bneUY~o*7P_2{GJBHK9`U(oV`q#+QQgXmd-Q}`yDqYt>I3qKkra& z(t^foh#_w52{wiu-1vPj@L=WVs8dLV8fUQ*cxh`>!qmH>2oC^W5wUgp}!tWcZNmi%0IZnfmGyTK8US8Y1v*~63b z3z2;bI^SJ5+?q@8P@x7QDpWw#$#WF59b0sPh>)iDt ziSh9w8dfRk6Z&|pH)Z83a25X}0hO{x` z+~ZK>T`{v!&-u3gcc)++dpvgy8DERU`W}+s{zcCCo)wEyEu_?e6?7A<@X1XZo{lu$aL~8D)Cmp|KM|W==>5}c z>y@>H@H2i1!wfR=B|X~@rWtU`kBsu4FrmBLD)lxbrFP}QMXyIZlT3Ge^c`NxUdQSZ zAn=xC_4U&avX3aWvda^PVoeGfa*o?9;*Ex8$yjw$?3f)oJ~2CHF6@5F|BjS9V8qbl zg*1UYs_!$Gi@HN}MXc`~*QC5BhW8V;ovMi^99!jY$slufWR4?r`|}MLUx56(5u%fR z@h%Mvsy%K-8JSvcR3yCnN67?QZp%~ib}#NO$F)8EK*KdA>2hk*cUd@Yt@HT8)V8OSA*LHUjIQBerii6ei-MZ$H zgN(zwwOQQjR-#^7y?O6OM_lE-Q)-}yL8CK4A-F%93#ijz6Vs?WajL50l|kV0R^uoR zhSsk!FyoCXZD0Ab=@)!gc9)M1ovz2LNxE}=^C+FJ07a`E+W$sr0kJ9S|=ZV6I zKbQo&9bIc4^9VZSAVCfWs>wbit)H{eo=T=)b~_{c zSY9o4f-@{|-i($s>=^-XCC*+{Y`bxaHql+8WUp=L=)oTUoN%$f-dH<5dok=im=S~}1 z9dCG)sdA346ON3Z!9#1<^6g8swYt{#XYq^_6YzFmGc?PQN(NU~S05(b1X8uNfSbgM zkEiJP^oM0v7M53|jaVnu*e)DW(ypZPqCVBY(Uh&Tv$Xm;=MPEP*1Xiw!QHTbB%L1^ zFPp=W)zma$VY^n6D8No3{e8zsydWZC!eVi4{X-%xrliE>i-A;Tj)kqBj{%3d71g+( zRVD9cgx|{d7iX*iS7S|#YVYFG7!PT*a=eg_#~g2VwSloL?c=Ff<9GGFb-Y;Ymf58O zO+n7H7#2)d=%pOzBI=~?qM=#wPL5yieO>u_q+alMx2ka+p>jEq)2Y7CU)q*eroJ5( zxqjWYMt@W91B=f+c5T()5A}7%7xb&j6b^wuixZ0nD`nAD_H6d+!*-7&BJ6+bcL^2$ ztkf^Z>Xve!)n?6R)oeW^9d-rX9?zGPR#u}{ICBf~o}N>0RL#1CD*fc9ZQv5D#e0qY zx)K4Rvte5s(vi-=%J_v_f2u`ikIK1zigT8~=2{1T)!A9FSrzLnPtU+m-+M}Rc&0rm zM6LV#)$x|1E$J%AJgddtvFP`+M^y2{*qe$9*Tu&C*|7EnXXkgv2`>%&dEMe1JfdqP zG)p&OxVZWWzS^M6(HtC2g6rD+Ab0rjkk7y?+S=~)@Jpd5<6^mQe*{<>DxNIsg1-;m z(YZ^1^N!xNcgNW&r#Gbjpg-$(>dFj@1q_qZ(rm+?mgTHvuqokzfn7Ez=CS}i1NPxa zHW+M*?Ja3Qm4uURI(p{I^4D5N*S%K*RVy=?+?%Zn+_ZEf>y>x^3>gWD)xWi<$q*j^ z8KhFN)X8T*OOJi*uA48h$ollN24!P=kSI$Q%s8l=UPw>%+gX^er ze%w16jvtSk-p@xe)o;|ut+!;T(-{8T_Is|eUU~Y~GOZN(-Jhuwwc_qWJ|yDqG=@4G zZ&?Jpc7Nqf)Y1wMasF9+d@tFk;hE(pvo}OM4New4l~%np#^73Ko1}V~_r=mR^+8T} zI3Azo2W*qLIQVOq_QXh-67}WaN5ddxGm(l@vqyXSa$FZHm1e^xg>KuJp1AK8ot?H# zC&R`j|ERPp`MfIM3*cG^I!2|R)$-djs>&L!5Tx52HnE+wAF&p}W=aZng?mJ2_g*a3 z8+z^hTKEmWb!X7yQ-(jg-l`A3PJAUQo0@vdLy!O6aRJZD-EB~v5%bu#i!wb{Nv?O* zd*qDQ);4JL^Sq=YurQSycHCOK9y&%}HLlmHipjb=bjJ|Bv8mkPdR5jX3B|q`sUc3= zDQCRndf&xlJy#!1SoBCJ&Mj7k&4$@NAJuuzO&f0e%~hUWcwSVtSWD9_>*77B=b!Cd z=rw${1aPt;7p@Fu-8q5AxdE0<41S3Bz=IZA5)0dASCsXCdo$)eIT19rjlU=EJvv@_ zTH*t33~}`BpL0K==7&C$ewC6u*&lE(i=)X{a!|KASmBPl7GCxf*=>7lJ|X3aRSS`a znn$DVPo21M{*uXdyroMjgyZx&oe|vpn~}Wd&l9f*Dyuv=F1Q!}aw=LJnP`KwTOpF~ zvh3x{1aKEu(-ZMczA7A+ejrWlo~R#nw`u1dIJ7l`t=}i35lGiiuf0D{vGvj;Zmg?m zcwbwijKrZXA&aiJbY)w-1eoz$jpjPzQ|6e=lS5R_q0fU#W0L1bua`EY6>G6?SG)7H zN7Ly&kBs6xhUx5NFZ&c9ma%7i2ow38CR%XQB?vHS0sWRq$=N5Hh8GpwNSgg1uEc+q zK6PbovSN>j<%)mAoh!QU1&Lo(8WpbW6mv%2&TCHNSDb%#J(wE{wuX!Dbg!(aGy2ZG zr*8N*HdKZ!Et#Bbk4aNVx?N)Xd0f~}!8qjbS1yKtpJx~l3Avq^c4+;g&;*_1vLT7_ zpLyI$<%A-q{=_paz4SaWVa*vvEwnMVlcG>v-P{W}bn*bQ;kLzm#Fz0YP0H$ z0|;nITa6S%UMvei3s>-CuS%0>$d7k3rdp3#U+i6VsOmjl5*Jsn`7~tqXrku*ov(L? zJ-WTRXv7pTeRq$Dh|a$wMQ^3=<%Jb7xV1C8uW%xZjgr$G={2mf!alS$_HT`#^F7Df zOUmF*GW*5&%;hTXKkv&V3#_;X%Qv2_Y zbaP`>eMxma=yOU+T6QJ9A69f(!m;dBSHT@ae~eo0Ps?lg0r|4q%|R#mZ^hkm{S@pR zyvt7~PQ_ibMtQ9FIPuTRjb3}+rtFy`5B=vDNni8O=?L4Oojt0pop{T&uJXiJI+a!x z@7^3gJIqBtJL$Zx5-s-EKRyNVx{rNwF-nrA-aL^==!=5`HIltVjDT!{)&IlSTYz<$ zZ*8N06;VM&N=iYHMnGDWknZkOK{}-+m5>Gzq`Nz$TUw+Wr33`&5TxU*$JzVc`~A*2 z-&}JIGXws4V*OU!Ypwh4PlC!H;Sq%{D)9Jgd12*4pG7afowKfPWy4sgD+YH+IT2k` zW;N--bw;gc>j4@JiS1MMFAj;dD(K4PDF5h>7K#6f;%M!W+3%CDJL=*TOrtv4?;DPt z5Ja>>kK&$Tt}eQxfzTSTKwT1s7MJje4@w4Fxbepv-h+r_Glq2kKz!ezEoEiM8;JfX%VFMhQE+bN6Tf}47I@q8z|Gmp@!Ox|#sX}kOGUl}y522M; zsuw$R*ub_A+osy&_}gdhR6g64PXo5X>$Vj{zi>~-Zw9vxK{;JeE5kSu-M-?cblm1` z+ghGae$dxnw;7p{8nvXT=$x#Rj+F!S&TK7O6gL(LD)4 zOMH5rDeN)6!Gp&a|Q<|rhVo-0yEQ2j=s(Y~;s_ONxmZ7=s8bJp> z6snG^IKuJgbq!jAb+f-_FZxIZVt(t9vR+SsLRnH$(#r#+uK!-?q+&~Fb#<42frt6M zhB&UPy)ryIOyxfd?B8sJSQv5(d$`vK=Nw-bbffx^9QbG?wuD3k?Ov_=i*OQ=APv1S ze>3P`E#YnG?>4V@zNlO}qn?fJ=`DvIKzG`xaago2+ULjDYP6YzHfcRjpSOoeQadVX zphY?`Fo1r}LXDromuYX$V$W^%rB2~m`CDN%`c5sFJL{fszlf6037h>_n@!kkYOFGO z!s({nTRs7Tl*>9RTmgh^SFm5W*zfO&p^K6v%-6vUIEx$#<&5feJkPjj{45_IU#<^l$NV^o~ukJ(Lj_dQ!+!HEU-~-c1 zgNon=O44jXL=iLHpj|Wp{R549sh|Y}WgN z)FvS?+PqOJz@~+zm_QiU@&lkpm@U%`jgxnhWcCkEI@Iyz&Q+Br_l>l|hP4j0<_=9L zKIjrSlFbtBE>)xegnjpElfH^m!2Hd596h*B|09#nOF6(#Apk-;D)@OlT=4psF*3q9FT zvgfGTwc6!LctcT0hEN(6GN|VJa3@hBez+9B*=;IJOVejl_N8WyH<)xRL#6WD-DZq0 zFKd`KMkyyzw=~!8hQWyfZBLlPBB>*V>BQcI8Mf5luj%hjZWdb{{fXAW-^Zkd~@tqIa$IdhLzoQbb zc}Wa4?TjH07skMXHgGHzf^tsNif4ayiT5&hH0^MISZV{TFTXH+BrSLU(;Q$YW zx&D+ZxR&PH>&8qZ;Zn*ung6IYr>tuIO^}W3m0UL%-e^e!Kg|s`+3L zJpGk7P(NB`!sB!}!3)fBN2y%Q&YN31dQ2~w2 z(WuTrt`c2mVs#bz+AhxJ7qPeIrfqvjqeECqlxar}IA@7bUFg1M-SOlW0}y*T5Hn4}QQ}&+}H?Mzt@$}P1}69hEv7e#Zn!*%oQg+KsAUZ^u+tA6r8%><(FV1L(@=! zsxV5qNrOpffAoy8#&Y)E-vP|q{vjcp2asiayXt( z?xih1itFtA#X9j#b;_A9MU3)dUF+s7tK&E$>PzF>_X?6PzRn1-Z&Ce!r#b93*s-Ulr`w1I6(knpGTDyGs535)tL=8z zgp|0mwtho{aiXr)W!KI~0|@!d2!AMr0ypp22ydJWp{*TY0}fO0yY>asi`@gc=`B90gJi~ zEt!%y_3TiS9nZL$c#doLtD`u>k~eu0-|{p6YJr$k9`54z_{K*VKVz0#yNEiNOJa}j zn!7NcFVgM(7<%aFjfa?|)2?^4n4cg80TstV3SGr{ni+4>WR^_ebv*VQH3sj)8uBdR zx4ix_s?W$^F0sa(<@~jqVAtulZX8-=^ctq=m$2xCXwf5*%P=DI&!(2yXnqs$!Il7M z_0Lm;Jpb>ef~0`~isEE)fSHes>AE5>$GT1$X6dLA{RlDKO*7K?)0z5B>o+9Rcd$x@y;zC+xm)rMQMS zLN23R4~|v%dWrP&eG;-Q%Qq~%Ak$TNn|O840Y*;kvo*}&f}uqe%r)bRi*Uix)6;MD z3t_#0;=l>W2@uuaf3BIk(?Fe@{3ePR&h91yO>2`x>!`65Jm)bh5MJhKJiacOH@x(% zoh(#^hG2B7Stnt3dBxkijAY#HgBC#>rJ-QK01lLvq`?`HJ$FxvscO4D>>u0}{`|wC zsfwy~!gMufv*}D>>y@LZjV||1-KuFlWK3C1O!#QI$NbL;cQVPNGPyE-)Q_r5_O^}{ zyI76qXD-M>FN}Af-oP;43z&a{9PKI0MT2gu2m_`5+9KD#$_6NIpV4q*?Avw#&OtcD z(flqWZ$KIIXahIq;Ex`ucEV3}uIgG9D{A3`*FR#Oe4p<*psd>-x(wq5=+I)%E9fH~ zmR0xqJKmZ7?f7$qw=={CWUoRnLnKBp_%}Vr*W6*+fj;*tTm&y!(@| zY=6hw+xv58=QR+Hf=yW;*jVG?jpNs2(eK`db*i^d=9^#rlw`Vj@)|Gg-SuMHflryS zX!VQblQ@^*wcJD%KY!^`R+MvbmWL#pY**Um!dvLXAz;Fu*{+HH1ZG<# zb$c*PJ0aVce-H)gY3S&gwf*gkmhv`lqaSkVQz)Xi`910vuRKYCI|9UEui#Qkqp&sX zzv4q8Wc{J*;XTedzfhM7ox;ux#_TG7h(HDgpBJi_Ba!>5Cud4|$D(+cEcSMBJ-!pz&^9pN`?7+gr5b z4jT=2S9e6gHLmfv7j)isC$iI7+zi4bD3~_SBfYZ$N5I;_^f0gt<{u_!vN$TpWIB8s zpS5*hamBMN8jgJ6r2?;5(Yk_GuV%k*qqXw=D*;p&;Ag{B)nR3>>}nwHE=`gv4ovWI z!Llv<4GbG`+Nx=<;uZD@^|>lRw%OxRLa^7bA{hLCR~}wlX^g{G<@T`M9S$32taxSQrW|u}? z0ojt&0oJd{F5dG{CCldw{`mbz5%SIeNbPdZncMz+pnrK=g`zYYr%|_?t%@(D>!c(? zF#M~Lw4&^_Gnx7eM%CAqjw?+Zc%*pw$`~6SM~2KWEzZVyn~B@J8T}c#K?i}pJVBiK zB5Jo}7773^BN{ua1>boSuJ`X%(I%u1MnAz+HX`|!qm(uG^&cD0udy8*9|x+l zL+P4`V%EWQcBiubabjOrCN@^?Hod-XKInPctn=!CgAVIFbNX{)t27+f@}<>VwQ&}< z^Z1brugGiB_!Bxgzh7jc{ME40>vv;MP`a2P)vFGMl5)=Z`@8T#%oY~?w&EHIWwK=w zWS$b9Si_k0`wRAZqhu%jkW$yDUhL1CZj*=AfhZgMPUn+v@#qDs!JUj8jcQNzp>3?7 z(|l{utd{O(npa&v+gCE0!GNuk#GR^dTH(P{PM<{OuF=g}o(6qW^&zf`*Sh(+LMeY_ zl;$z2W61KyOHph~+c)HnvAp8i2(hotg5)IV9iFUl>#t?r_TVI8R;BrwVM?^Knnt;Lj`9%nxid zemMR8lz^n}*9L`HhxM~ok%N0o%>)VeT?goz38pQ3QynD;)b%+pu%Pp^XZUzXo^u`? zOI{enWZ2qkk~-Mh&vPpFzyt3ulHO<{w}E|OB6K-Z)#c}?ah!W2nG{`_shN!wbrhJh zHP0XPkSu%(@^$oHgOBXdjniP}B~6Ks!Zq~l60Y<<>v+2}Hc%SOzp*-nF<&dTLe^wL z2lqdrROv1zrCP1#H7`LobULGT5tbH!7vmOen?t|v^oDmF(Lawt{fWe_mg1Y_gi}=4 zA>ehS?_&w&kVm_)sN@X)khCO%#lN;9iLqe586D-6=G25N;Yo~SF*E+jQ6@sTVQhlg z!13or)XeS$161`6=5)Q(&m}P%HPhM}O1Z~(Csbg#t0~J@Y3pz%Cwe#!Kk?4!?RCK$ za+jjDb6w8*TiUMe?_qmLU$Tup;yL}0;7{lz^{__xC{^n3_)#$5%79`g6$(L+V?}Qx zGg>pzPj`cFK81Y_JB+bl{TFNP;czsZ%V7*KY9}mO!MinxqV8n=_2d8@9`Z70?+TG5 z5KDCb9E`thMIq>;=+$gP1tY1n4~hicV{m*HYCI&qQGMX=xEK+Ki9ot-OzF1kfQ&z)-gU(-0MQbKjfm+*BVQnF;3o zfHlxpj(w`sMKi=YgBiW*n2n|3cW_;V^#u2?p1k5Fi*v8_^!R{T!Z1thK&9Q1@ajeM zlaomFg8R*vH}*|xS}pbZt{wzDN_fGHOejZQa=~_jeLnQkS zEzyP8UlEw2wg~qVYm;Z zlp7$l-T^#H2r&XFuk(-k{b?akT({79&>o$@!XfbxIucOY!0^@Jl1uaD(bT(HTfHd& zPBQo^4jr`Fyvf3R{OLc~jB5-JnHybavJn?>hULCJVP*sC=`U|rffeD5J$@KfC zx{~7y%n4%#b?tT~GA zfPGT(H0D#2Gv~|4y4}Y_0R%#lxfjT4qM>BP<8x5;V)Tc4H}Rdo^mrUsM+)4Tgl=I= z6Z{HNiI&m(CdMRlK9GSGbFt(#IbWxWf(ZcFUjIU$JA9s`lK#};6%|a+1>YQ1&lrW> zVUvWh$@qn5UN*ZXtf%^e$)_(w-7inR=ugBYy)sh#`?!>Fi0Wbjg{w5FymYrk zMSCzV-5TyhBsR302rD+!Bq%@c4TlRo=#lKd3^UJo_k*$#c@$7@n}jM@3K%y6#vvPVj)_6hlTn`AAB}9Iy7<($%W~I1WZ@&@X@mecZaTd=yY~$;Evt$V7k)zdI2oa zYS+rUZ-;*-zP*TG$GTql?HYv+tFCGL8+)18uEr1A?E{Bt=3u}zIK(7*0OzbK!f5N{ z*3b2T*Oiqm{=2ZBcbftZeQ6BUqc{yuMvttED2mg`0UGLCZmB0J%4XX~auSBmhH!hLCXgN^|5BAvke4^pNLN_iL8C$(@;R4KYM>Pq&l#PEh@Y7}VHwbj-!}bG0FArET zyz}$3eSY)lIwII|(hiLBWif2bKg=&xmtNQ9hk?dStRMkM@W0%MP+PO8@a^lzhC%lB z@14BG2fZN&yVk4~=i#Hq&@%cp*YTl)@M66-3nbp?l~|*Vs=67XkP1WM`&Q@LSWsc* zGjK;DSMH5#Mft6sA68NH52++MX_yrYe*Q!v2YsJ+4p*D{Z<5ohWN)1@t8LAab)uhV zmigZ{f97Z;eB^R(aOM(#CP(L1fWUk`XCh?mTEE-UUmDyfVZiC&?qsj1hL}){mtCU~ zz6u2LcV{zzRKnuKdwY6J{&>@It*7@|b?bKU{sDn&9%HMm;@YU_UqX-mQSK&jLwCo< z-m}OzkjcccNOqDpes+E%$O@M=_-3nyLdFFFt{<6^SBV*u$vssWP705oWssX6t>-p5 z$@KW4me79&UHdHvNtm8z9heOtcf6im+;Iomy&`GknEs5Sdvzemck@|J%uPimFoODi z$Y1UX)|V`7DtmQ~=92ZM8O5QLbJ=N?vK4aWQ_3U@&a1&A4AOH*;+sOtKhAFchUc87%h^E(KR!ZLod0~V1)^^p9Gqgdno(p25O%K3)mhu4>pvWo_GUWVARC~& zZgEk@<&MOfMdXpul6dp!WXW9NBbbzJUMuK`)0U+t;Me16|FN(b#5eF(KDRR+&22k7 zgxaDs!iw*(sy5j+y-1=fWEm%9;)&0_=Dtf|XB&Q7JI23>tjJ&E?qqsb|GF~U-sDXh zhO*;&E^DxqS#W&VY#(2vYHsa@FL`4xp~vL68%?!zQeCG3Yx+;FY0Q)g&I_avU#Kw3 z-M`k^WS}od1`m+R2Gixrzu4xQyV*)~cgepH>R^ATzi*=c*2=tUR*4LZm265^47i<) z%wL)XuPT_+zOZT_{*`WkH{iWa066r?Z24JJUG74tb3H`AiuRX(pFTS3qp&Qo{QhP0 z#$?$A6czyu%=5lV6ErAx{nmytc|MDM@cNNZ0aZ3fjj&q5$mpR?#z<vaUeTwsSf|%*`;Y0mm-RC) zSaoK#W?6WrTj18M89F{;UeI^z{l=^N3rI@Td) zf9uUCp*&3rwb!aPOU3=f!z1NzE-Lsr<2^pp-oqx9o4bK~LXF1!WqXb-b5^~CIy3dW z_g_sgzTLvsR0K3)zVNu(!O=B1^5IDVe-J6#6@r_iGkywYWg`VUrV+Htw1vavC<3)} zci4vIf7Z>W*}j*edv(X&SIK^GQJL4}L%6o;uk!9x$&)zMm+aG?*p<%(_up{|jjX&2 zWsfcm)p_|;yNY10xgIqfG@YcDnNJ#2cAfv(m$q%Yc>^>%rJK&R+)WcQV-rvJU8a&S zzkWQTBfmj(mjFYK%P0bamkN)gp4yv)4koqfRWk49(+pZgm&NAIhGp56XU}Tv=-kgw9q;fumo?4g zYnEexu#@E$qL@Wj-LwgK2}>5n%W+o;r|A+0vxE)ybM-5X&S+D1S+1kkqXG@aou)gN zY~(sj`lmM+xgGLV)XLDb8N*V9FCWyPDi3hXPlw+{z8Rs3mrqAqvCMn(V-q8Pt$?LA zANkY-daR*Y?}T_q6qc=QY>#Mb}t0^OypwLuDA}>w1apwzx>Og7med-Uwb& z&VCyx!n!8SqT4WWpWSb3*nYudYLW8(BvFB#z(kOv< zK{n5=Vz;BQT1{`Q3XK?;XnTo~o?&`=T)xlHQ3L=G%BEn{ORBqXp6 z577)g=}A#RadH0#6?N$x4kQ0a`@1L?P1hCd9as%GhRc`;nr~H;;|SiHDkFDm5jM{rj1F#ZGY?nx|j92)&>0ue<%dGrjHiPD&fVFjT+qD{?>z#T1>+Wga<;$0m zEn|d@#x3vakp=H zY!S8(zqh58`{{_9nU@ZCeVKSrk8DL=-EQAE4=$O~(y;i-LT6c8u0P$qt&Pf$9dG-x zGoaB|UagjI-#Y2%`K$hGcTrL=uE1V9@O3xx$)g4(dnFuSX%|Z@ zu#Q_vzm6|CQ#zl0f)Vd4jIxNdZsGZ1!|_H702sHjyjdn0Ia;LCBhch7$D+UHi(!PZaab({RlB@(1Efwn9K zA74Y$XN2!7I?c8$kW6eroQo25{HU;vDeb-`+r6`3+?-8Z7uvM(JIg0jTn&D&fLSV- zZ>%2LerT7!S!zaRCAkxWfE+AIH^YoA3#@g=ee{7Xn{d|Ixh%P@9*^yoJHEVk#`K~F zuq!pp_lo7#Qi8f!Q_GTp)|VI&egu}UOgT^3au0xQIoFfz4y64By<4~_!rC0@Cig|N zT!KbVJ80e)yX;${p2A+vtAnisP9+sND*F1m~}WB%aV@q zgxf?KEC0HVsbS%mE2qGNJr1u62*-4O{Xy0y85t4Mkbi#`7Y8gVcXf5Gmc?UYU}DZL zE>gp!*1tZXBrX=3iSNmUih(!lbQ3^HU=;&CzBbTZVEW%brZYKKs1t~NU-Sp?e8|&( zR0scw><2YB3!VVi-T(RI9oN6(14U0W3>(bC!uY38tdlUQ70qRZ$Q`z-iv;3k`Z3Va zmAsOOh43n`pzs!!*Z*S)`M>tp|N51jj(>0A!UC?Q_sPH@U57zy_(!f4 zAUrT0$_y?D{P)x9?tS_4B|D+;6kaM7A}EWH;aFNSm1$Ze?1P#gZ96?M-QSgFB#F_ok?*=qKW?{>!KR@8#eBtWf`dEZ+P0$!lr`fYkVxg+;7G zYDt29c#{axz?Z&0tF1&}?h;MI*5_b^Q8O*Oj+Wc7VJ^Ze-WKwITQC0qU+srSgAU|s zf#<3b3X{kTF@o)W>Fs@|npd#XM;dPXZ`;VvfHU%}(fw{90kf#OdNkqezYT-M7ok9V z{rlw!R5N`t=RC);;6@Z%nL8)urn^7 zLem}D#P^7vf^BCKeh*EXed z7v{(&Xk_C*XDg&_!CRo<;i>z!5PrmW;SJcS9#F9(GLj&t1|#uTjEuS(aayPQMzdXf ze0&fNe{CjT)jW&6DmpzfUq}YV%gqR2p&nt4`Y|9zW-vcSnr)~)_+ge zj54bQBGZPW6$VNwsuy40lM{k~@b^k9E7c$Xe}2FyBj~mXDl6lGlh5$z`@otB)Sw_J zPs_j{1dpFuI{Mxr2}>}AgVJMoJZ-J5{ou~&C@H-m*%AUZ#?nW+dU_PqwY5WOp?s2+ z)6NX_FjOckoIYS2i$63m5qFzOdwl6wvtTse3Ct}mIr&~Ji#|Fis)T@_HHJ^Q9kmH2 zibqH&?uC9M72-oU$m)Sp3ua|yeGnocyt_Lj7cNbm2GVCofIa&Ai5IA9;jO}1$HT!9 zga>YE^DKIYJD@(PFP>Wn7$@0HhiQpfUtT>tIvNCYQVI?fr^`7;{ws4}J09}9j7jV^ zGif8~mUL@*PYPrQWfC5Ly!}A^sk^&-nfW)?z^^o|xVHRSX&aEkB*MDb5=h~VG#Z-J z-^V$B#ACmL2bR$fuO6&M01q2m0PL^2ZQHMvckC9ot`2r>;#HP5J{k-r?W(5@4Gru- z)9Ad_bj1W{fPb#6NS>c=dN2k=MMMZgMK=uML`Oh2@~244#{E_)-xEC@YMe^sa8Q3Z z+t;;FEa)n~Ho*_$3dEe|gnu??l0d9g2B;ONI}nwT!^6XYyN;6rpc+jnCnrY?)C_m| zT-6(kdg$gM)5?LT$nJVzz0#j@soZiZcG~^eqO?*51Hhrp>R+VvOiZKa=1XK|8bEW9 z0!zXDpA5RP%gQ2PAlC%=Zg;=j4}CA0!CEUwO-cE_vXYAzB-Mq5cYzrvEGmisw&gXn z+d*R>3>enWFjWgwhalY%1=uMAlD?R`Mes?Yphg3FOoNRT5Waz&{bbP^qe}uHFSdBoE{fH^}(nnRM&mcwZ*rG*1T6gm^^K==auEGH{BjoF`U4 z<3qSpc@KVg38x=l=Q1CE3L~LeAowP4Xqc&SthsioEieBRS^EQ;Z5(U`0|TnNJWlU{ zBYe5Ab|V#b>|^gLt?3`biuuo9zr@ZD`#k)__YY~PsRw~#Pyo7(gUm*<+H{+^6!7w4 z4{ucK&xEw_E^zLR9ZucR+cYv8uHW6YTLCX@zcwBQShy%$!C0eF=jFojj#&UwbAai4 z7u-mgXj%%KP+~62J5Y;su6-JzUaW2(SP2;a+fqKVq!|BrnwRN41n}hTRVj zLd)ZGbLll9#hQXpnJ!PeTLfu+!pZ3=9Su!KzSCIIv#jFchnk;W`k$49@?k(=U>ZCW z?6AX+T4@9Qz!UMMt1D18iBHC~JQh+gF}I`L6z~nmdj|bX2s|G9Pe*t zO;|N1K%g=Pj?JIT%MuVsQovODAu;R;;Bef~c3vy#5YHPKw5XgCMZ8xqDQ_%L3nORy zsCKPgU7!D1gKG>h63R$ONPxi&%F4-Qf!anGoQJ8`zY+}B^-Dr6$~9%c;O?oZsll_p z5B~*B8d-d9NAF==rQBpl^nAhW=3j#Xnwgb>v@54zOh;qja*>PAI6FNag0X8Eru$*` zd!^C#a&SFbR`nvtZNgC+fSGeiC=x0TnswLap^_cMmE#e>;yA@z*vEP+$L3_yQ6 z|M^Kc&|nC|C08yr>vkWleX)-bk3U-TgD*!jE`KCSn8tJ+U~PfjWRMb+g-2)ZDCQ^+ zrwCnvIFi&^0<{ZNhxr5NykQ%L!XV&m0(KSg;e(#yA&Bo5=+?(V6nSc3U~n{s1-}Q} zY(#v#xlK%Zs)o)ato_J9!lC!k$Ny=Hd_VB7N|CwkDkO|C>(mH?jxUIVl%sp-FMaO& z`ZaaN{kWiM75Y#a(0Pi+OJjkg#BQ~qau7H^a)3;X9SZ2jplqU3W9L6NKi}Ec7m9Gx zgwKDBj8ude2SuU}FgQGgRg8OBSXj}|DHPf`c*O@B&2YsjoEb; zLnl-Cng}J*^ZmjU{^VHb@8MgC$GS!D6Fik!kMpn_qlX_pgLlX1VMuSU=l9S zKC7yV2E`fV#Igg?)!q(B0Cu*tctM*b#bbSCB+m|}O9$onPlfsT_;%Y#tfKG8t?6sg z$~iezH89LUXjy_A+6C$~$XDXNw6*!@zFxqGu@bCfZ$DaQ=1|DKO@P?hZhKBdv)YCV ziN3iic}t~zd}&~s1CSl;@}>u2yC6Xf9_|3-A^zg~3n0*3#9md*Ret#^@n1i+48P`R z2K=i1ht8MmKo}bfhYUVVYqu(d@E7shv=RK0)oWn~_8AQ@Nf!Ud1Y3KJSW;bNb{yEW{% zy&+3OMWq1p-H;5p-0pzfEE!an2Oy6jvD5ip_3A#5PAY(-9FU}pR}LZNl>}d%;<8cg z3uNFcJUc3iih>&(8@o+c$OsveZdm~r?Qo5~*%A2WKbzMGkZLpovP;cL3qx=k5eW$p z&>+jE2J5hKbj*SoE?+-s{#TR`LqRp@&&E_7f@uvJvmf>CLlT4J1d#eheOtiQ=Z}hv zL>_?&d{CKT5Ak`q%h9v9pKeGGDDW@brgY4#_HU=d<@45QgJ!lT?Y zqkIjxI5@^2zqi|pD+i(1Fkv4efg=VM7MHU$v7{v&_2J~eH3;xi#)2wOBGn-)U1e3+ zf#CJ8sKrbZw!88vxrCIyJha;V^k@LNgmX9G@<0!thfo|gIW@I9Ntu_QPf3vq6_GsH z3l$Ab+%7NGBwp^_#@yV1?-dqOppXTz*RqdB%Ve}T>ZNbX=o3#6-MEnb0VlRI4>X5(T+UI+5#Z7_>@$Xd`) zfEA!no}QjiSYv=rd#R}JuxU9IQ~k#5Ro1f?q3-Z)JUhaKe5nl>4j)?ocnSn$t?ALi z-b^|*KOpB60Rd5nn?Tq1=U6;LF$GdBkXh!ecD=~5R|??=6q>x?v4L>X4R!DWi@gbf za5jKpj-K8cRMboL0$!UxdGbUkZ6MiVq5>huLxd+G$etd4F`y z4yT0-Ae0vHIkyN1d=akwHGQ)+uH!y;DDj#S-^)nKm!Sdf`g7iK`M<9y8$MZzDeidasGH492Ts8%IoSD zlI5Hu{Ey%`!@|SwpWdn9{#Fmg2_UhH-p?6-B2~$qJJNte?ylq&eem@aOL!s~c>r*& zICc2QGKKz4A;*2V06FjwoU7Ovvmro1NCaio(v?A&@=XSCKL)bSZqk=O;ZoBPFLboG zE|uiAM})mx(*{XT5Xc*vtL}@Y##-n?`UUPm5wu2@es+cnr<3p)ZA@0%%{E^y)uX1O z8VHx;lVFVrg4Zqx`%=n~79(jLWQlESh53It9QpH<>FH@{vxgK@RP#(=(71=#TB3ha zf1;l)5cZhTzs-~1lJH0xwxkOP3L18lP|6$Gg%~0axd6%fw29yNvBp}BT3qodlJ2SL zzV?B+%*$wK?5luQajVj*osN1!4n7FkUiWuHvv{*R1%>KqiMKc!3)wjXUa$9^j;KA$ zfK2Bjn1~b<7g$i)3_$fQhIn8|mBQynX2!}xI{}NrxPF}yc@|EF=n%@{l&z3L44g_DsL4C;^l%{&9FCO<@V*U~ z8p*-^KO|0LAr5|LV{1#t!xInGJc32_d&I9@T(pKs+Hc1uBp)9iD?NSsrpcrGD9HXC zAh9eYfWRZ~92prg&S1F>8Ji;18Gn|Ce1Tg0T6oQe7-U+rOs@^&_x`?BnN|=>vxGj- z2>x7KlLm@(B&k=-Q!Q8mGVj|TmzM_8*nwHu#@;@os_M}SfaCC5HSdIqkJ|zm)rzuuxj`SVJ)Z`YXsWhRe;=0)m4rc6Zo~lNV|1Ty#13P7$|D#CS?I{gQ<^?yw&DV_ z$jY};nqWc}Ptb~5r{<=?As0YY3r)Hr8DY74dtq@=QBd%rPL=grfTaDuY+W7$Lxv+9 zR$J?mMni5pe~l9gPr#2&cX@3$8xkMe2aviSynxivvMgw^m4T5l1Jt*Ml;n6tfWJ8l zpcZ!Z%k}P2SIMR6wEc9j2yTDr_9#;#(b8=*83Ea5)vuE zLl)o;Z39sk%xDt1{$Y1cE?sDf@dEv=%!WQiDvZY;0RXiGZew7EoD*+oyu`w?4ps=_ zGUbwFp`D0Bm004YXUX$6rN&6Mdw5v+`zHfTUhvXoHVa=xuPCy^i`(0YVKZ6@!ZTmG z*_dPBr{3KTvmh~01QFMdvv4Jr%=b?^A&0XkhRs(`Uq9|{UxaNil>xh|T6eHfexdrO zQ2*FMhQ(I4j6`)sQKer0i%Oy_MM?4?)aD7L{J8OI231-r5ahlEa@G~f0tnbyAb-sH zEp2e}$ozpWLW5yDPn6fS*v_UJ)e~$Y>BfoJ)2Hg~pb-P9J(jT9Otw@VR9j=t3gtI#g%j zF2~{`rMPyal!Xfk@Xnxsk*l1v!7Mi&34n}U#b{VQ^&LLTlP7UdnI|XVq{1br1VQ~8 z3p~1zg5-A^tjwTjX=xEKqI`fGkI~=g3p_ofk{&M67X#bQfMkD+h}P%J3AYNPze%=; z7<5f>`ug1~%3Pt(ClkWw45tREhvBFP`1_|o*+3XnISsU|%W+l>DbVN*!0Eds zHAj@^qDXsRVd%ITNp{N3AbATSh4SchwS3jHnwR52a7h&A)uf@; z%{`+|T$EE|F2RGaPdULU%wV~3H!iZ3O*tx~I5gO8Qz9iucuyy)&F>JY$gOIiCJi|` zIWYzf`Wu$?S3UH5`AR4g1yhpYym4qoWrT>ms$_$`4Lp2&5zx5F0F-11qC6645I+c+ zlv(i!6#swt)s&U}h>Pf;7|h7drUjRo1vI@x>o#?e2zd3K`rTy)>2gTNjlo&%f}-RA zU`Z=MJQ|G#{Sg+opFj`y{vhu!#EroS(;Yyj2H=Ne)+Z{9hT3xW2;P?HPfR+Mi}_lt z8OqrLrn?t_KQ!)FHA;IQdjNq50ig%n=kY)UozgBqag*u{nN-`vPj2=EtGOf*u4Fv# z>g!k6DN!Y|!0(F>ODiaOhPD`@XSp^vJ?SLK%=tnK{;&uXbN0^HBcRlL^{Rv~h4t6T zy$q*d#I|D;qb%xsz@iJfj3jwYdO0hViB`ik0YvXUN}FN8!*B-qpQW6v#KEFpNaY7J zS?u4nn#S#2Z0BNZ!-XWPE>HEsVwfU0oR!Ii{QUg%Ux_Xuz-(*`$rsQvse|vQa&&Y= zkS1&nU2H~w$1xp84vhvVXJcW^OD2&ghVS6VC1L=7g8~2UOn=PA77l#IB3@UpEO%vN zGqyqSX3)3}2$5phO>htgW3NjFpC%LksHEw4rg`Z&(C?Cl6?RR74g~RJ0V$j~i>aEA zdmB?yQOwV%DW*!C;2?T+IM~knt2AU*XskKyDT+3Mbny}ZoLM@x4oC@x;JSW(pi)|} zDWL!Lm3~h&_zk;|kAjE!+eDlyYHKEO7NnFD~G{OR+IvpK!@(Me{+prnhY%_7qDaBY^Y>{rbL)$Z@S zSAcR4gp~an4i`zF@`PjZ#gY|R1;^4Qi5J_ zwpf%r&WhS{F`6K8tF-T+~;0ox7ib7nY ziIL7s^3|A&w^TkHB;o(U9S{XZ$ku6Ki3#9gsuPr<@jeC9{U8+X(7De!uCl%M{wh`j~+z>Lzxgl z;pXXi5i!y!P+$;Eim@3+42@#yjWE2+th0S`p?6SdYbA_zQ#l|6$XEt{8Gu zT7X;t0tR;;aYpPZ&ZXyq;8mb!VyMIa2%a--+VH$YeNaVw*yjkR(Ex5h2v;Vn*@Evr ziR6Pb@p$v}7yo$*+`giOgn#EMj9LwMTJT~$VGGq}>HzQYJ~1)m1_@_!cJ@{1RU^uq z*8m4VxNd;=r&e{%soaE}81)%^P9U<*1Z`f(0+H#05@@CaB7FrRni!_o_8t=pB1}2g z883v!G|=@5=8XtahtGag(`^FswG_pi>ydJZ1r>3^$Dj5g+`E9jyn+;_WoCv9bZnu} z@&?t^goQ_mrysFVfPTM%nh^DQK9oNM{ILE=u1Xa|%Jxt)E7b>PZSbV`Z zp-)m082}a1x>@7fltn(4Xb-W6H#kq$O8XR(_}q*UjLl@g&kqTI&JgM)3RL6RlRian z2Nme=Z%iT3-#;~ihufICRy(daz|oeq>zou6&a*xQ0HS4lv-JzSJESl-(#XKLw!>|^ z*bluRD6C`b{~j^gG}XKe7y*c~tpB5moGc(|f%Zo#)M4>84(p~0o5Ush$XP^e#2;G; zgAIo;V2rR_Q-|iAXd1bXpa8O*R)4%vOWkJu^Pk5Vu1A#d@c!ErFeQx%kMrYarc*T> z&^{VowrPN8T(eqOn_X8onQwNbWL|;@PEYb)lj^bH>xHi$5nNLd3N0i*-vxSlqydw_ z>rx>yKN4!PR1Zh_JuuZJfbJvfwx8Y9B4kx^@M3AeLxv{~U?VY+jfy&~aCIb*xj`Iy zO-I|ez!oA(a-0CF$OO1!tlD2mK|!Fctxa@{`M-`z8|8<+rTxr!GUya6Wkl(w0-Ca% zG_v5drvw%PPGUMJZH6RJol%C z7;M;lBoGx12;?9XXRv%Hi+Hdj&_^VBFr@B?TcA3z)F}d-_WrQD)hilqLf3i>7mTzk z?9NUO(YrMN4wkVm0`reJY#i^?byOCmAy;X6@qS63`LHd9SM#|0K zuVj}nwZciGG*n{DQS?`HiLWN8oh6m=pZ3gs2qENVY62bz?FjiIA z^;dx5-?8JJ_=~cm#dtFBL%+M+@Qf8!w%0O(WWs)b`Q77hf>r&s=MAo%KWK@iLlUc5 zVIFf<4p>&8Xeg-+uwwxRTHv7raX{^vn+Pc>X&In6xBbBpm$6SH(~C!(T=<~zz(KPJ zSz6EbT6&OcLzwPA2TOw?lLc1H)1X0v8)kX09VyyR|BU5;gP^uIv9jdJi6>j*_@7H^ zuLD-*GGHKglNJCku~gDQTKbyDR{who_p#xu`KrRt7+FI@YM7t#gMhsJ40%b`ptgRU zh!qVR8yiT2c^giCOMO|eL8QzOJ~Ai+MktUV8ri-I`Qy^Wq%xS*SbQ|Z!9^zrMNz&P zapr%1e?IBtuoEC~%*^7YKZtqhMyfJ@YXnL!`amxNeZl+e-1=8Xue)NuZvEZ|~Jh${1+Q;I+T zIHb}jR*ZDMPj%`n>n2I#Y_k1SbK@oYW$vfWr<*WEnF{IPiU%_jQzktBA#fbV;s2LU z503tSn!DC`DAPXtIJ6?IB*j)nvC3|dRB9sG&CsS4n~IX?KwFf^5M>>roKxD?RyNw! zhENnujZv$EjL2epy0k)^hgI6q zx;NpkX`uCsN#sWl9yY(`&ix+ednbpM<^74cq6}FCGK)Snw8{&O$8O~|joFRGa5h78 zu6n7)L$L@_oYS!4dls#dytBKJZc532j7zz_HAMrTn%&2>(MvXooa2#R)_F1C+MV-L zQtk3#nYHafxxh2?u_Qaa%$FQ|t~PgLW*~ZE0@~(I{O{LKQ;oN*(PFI%;9HvfJxf>g z8;FN|$N9Rn)?AGgp)zWa_jrTVxqGLgG;Q^K>aGUG0$EByhNHotfQbO;1s}Oaz@Zi> z@*TAQWw5@~S!-z1jl!Vs${!l3+`QiZWcf3~%| zeeUhA8;KKk1)-!J|DYZ6l8cy*9SwdwgspiF=T0*uDVwIx~>AN zm8dX)aVzhBG;a_PcqQeMYSO@^=E+BYtM2JCjn3>Gp_0whSw^&~TG5kS+uyBMuO!Xnyuw=wYPaR$dv!kC*r6nx&|55E ztDUIsPRlBpR(e~!5_FSIDxM`6n_6x=zj)%|Pqs+!W+er7x2>{g|C{C!kH6_N+nsHH z&3cKm4{uYK=c;q8luYYs@)E1nW6M*&b%t3XoxwqtN=|@HxHz3yib0xOO!ESh9tML+ znVAzj^XeL%ES>MUM4l(Y#Dw?6tby4y@Q>xS-F>35avOOzl?j)Qn zH>zT_lK#sc8e%II;;$~;_bMF5)jZn45c z8X4?zm?E|x8js_GL1(&o^$Up}oxXE?Z%+xEK27q7DBMy#%mp zw0>vL9t#2;ho&z<{TYfXd>W{-Kd#>&0U|z>(SREk0E%dY{t`Hk3`4%yFd$b4gVSD- zssgklnEh;1?jCivS35B}*Y?(m&04@vYay2>cX#)*YSftl!c+qCQ-|C!`2I~P z9Nxf_Zts0VW|*T(!|(|PPZ6I9@HBxKO?J$fZD@EQw=IH~WH=0{o1qypb92)jdH=?G zf-=dis9^;cGl=GkVbD#&<4l?{9;iFOMOX3|qP2h%Bju~~w;?HzwiM>e$Iwp|6c>+s za>-hbA&*eN8t6gq0vw%(x|+U&>VBvP#EGiuaIXsF88j?b=Zw`+F@i>xp%(K!2AB&) z&OFanOGUML1u3PP3m2+F#}jt>^5v0*whtW~)~!>1d86f1@*YAbYJvC-;_j%N2AAQ# z?-|D=@p#inER2?Lot@p$(~f@fcx)wzUBIJ?9p*&C1J!v4X5qb4n23y29A>}diw`ewkTSl@&-UwLTxbx@Fj|?F2*g83BLIu&awf35u z3dp8-h{ZxeWTls;mWFg)mv=JNNU?Lz%}oz|^*_&%r$}6!mH``^v4JhhHw( z*I1x)-35Bnic8k4;a6Z8NCxS-SDAgPSkH#{h=h2O2Qy6vX2IWBfT7=sTngb>^kRrlt#XM zch2~PVYF2bs;W*;QZPST<&pPn^3bazqT1G6g&)~EvM9;*rIO0aZD!6yZ=miC36F3- zX>J%)5#y7)C@M;(CgEL;9UZBn0HgxaoZ{Yoz3tzly-h;JOU8U0IDtNhpQWX#S>RfS zA@4k*r>}nxV1vPTm2)6fun^_jrymuMDiC@n@K^+FKvA1yce$yn%VCx~jGZBw@8ySu zhEmk?%;O2a>$~|~RTU6>e@ut9vnNp@hB-nWM?b8uuK}DJ3WQ&^zP^5Z{Y_jBK_n2} zbqm^ILTm66mD26TF_zZW7NBzg;Vafb4Ax$qr3H~(aCgf+7gQ5NgUCmS0l%r-%+AhU zW8`c5xwf_wke9^}kwTZS?$R7sFwrh+$a^=mc>qT7==Vb`U!phaH_JdjN~dkV_Ja~C zUVf(wKvD9_rDd{sUn7HB%_MDOmNbw;^F4dg1pL09o^sJqU=_ysEzy z2hS{khVn=hg)&OUf!NdJjDeyzj9*2py8cOb$@DXPtX2|Ep!vx{6NjUoG_jim-^nl> zVK7Z9r;VoS$2p&}7Vk?EbU}5!9M|mR9qg>o#SRv*l`>)j)`HsFsYqv1NvjUZfz-#* z#7%ftUwL^gfXI6(tyol_kX~?#Re(L=aiP_B0TB_U_XZWV7MuMUCg@{+LPEmMo<&Ag z`{iv18v~J#c5$380Xhd0b@(RSd{1o>>flAov-i zS(F2akAb2YfXT?^T-_{S2q6L+NF)}ax6%^i| zH}F}2(Ly-MW-zdY80Iw;?oD9E2T>Mea=V+^1|b0_Po4~++k*KrL+(Y%VnE>^*1GXJ zs|%qDi~aG(<0$v1;tjdRZl0>5syYUlkq0#w{2hyMs~F7Di^BQjMR(%FiA*4CoAbTo zm-@WCOQMc;_Zr%4R5ZE|N(vr`a{=WlK@Z5#YUH>O{&FGM3N#Q=;l171;f-D4|eFWCU^&b9(< zR0Mc8h|p6+=R2rVGItbD4%qM(iWO(n;Q&{1FIlR$!P<^!Ojq`^VzP;)SizWl$pKTZ)8Vx!>1hz>*lHxdS^KE~1a^V8~ zuB@s`+s~X}E1#=38Bt-WK;rjI^|gGXS+k_hrvJ!_eRe7B#xoMr?$J;Ezx*IjB=`Jf WlFz;%?==kmtu$Y=BI7Hkp#K0Kw2$@x literal 0 HcmV?d00001 From 2a212836412cc5a4831c442062d03d711922f1f9 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 23:46:59 +0100 Subject: [PATCH 600/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.4 (#3145) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e29eb6fb..c932235e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.3 +appVersion: v2.13.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.21 +version: 7.7.22 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: remove required function in $cluster_key from clusterCredentials + - kind: changed + description: Bump argo-cd to v2.13.4 From c9e59be22ff60c8505b728c9d9916dd91194fc63 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 10:51:42 +0900 Subject: [PATCH 601/617] chore(deps): update actions/create-github-app-token action to v1.11.2 (#3147) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 087e124d..450330ba 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 + uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514 # v1.11.2 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 4cfcbc2e26f30c164c966bcf71d266dbcdc2ac26 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 01:54:40 +0000 Subject: [PATCH 602/617] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.8.0 (#3146) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.8.0 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * chore: Sync CRDs from upstream release Signed-off-by: Marco Maurer * chore: Bump minor chart version Signed-off-by: Marco Maurer --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Marco Maurer Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 10 ++-- .../templates/crds/analysis-run-crd.yaml | 29 +++++++++- .../templates/crds/analysis-template-crd.yaml | 26 ++++++++- .../crds/cluster-analysis-template-crd.yaml | 26 ++++++++- .../templates/crds/experiment-crd.yaml | 2 +- .../templates/crds/rollout-crd.yaml | 55 ++++++++++++++++++- 6 files changed, 137 insertions(+), 11 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 757a6329..a9ed74ee 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.2 +appVersion: v1.8.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.38.2 +version: 2.39.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,7 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add lifecycle settings for controller - - kind: added - description: Add terminationGracePeriodSeconds for controller + - kind: changed + description: Bump argo-rollouts to v1.8.0 diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index d79c3608..d723b248 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -108,6 +108,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -217,6 +222,13 @@ spec: type: object query: type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -3025,6 +3037,9 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object @@ -3076,6 +3091,15 @@ spec: type: boolean query: type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object timeout: format: int64 type: integer @@ -3210,6 +3234,9 @@ spec: consecutiveError: format: int32 type: integer + consecutiveSuccess: + format: int32 + type: integer count: format: int32 type: integer diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 3c46bbad..b0f34229 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -104,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -213,6 +218,13 @@ spec: type: object query: type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -3021,6 +3033,9 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object @@ -3072,6 +3087,15 @@ spec: type: boolean query: type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object timeout: format: int64 type: integer diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index b7b07c2e..e8a9a6d4 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -104,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -213,6 +218,13 @@ spec: type: object query: type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -3021,6 +3033,9 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object @@ -3072,6 +3087,15 @@ spec: type: boolean query: type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object timeout: format: int64 type: integer diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 2f2ea2dc..58c0e72e 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index a22a9364..a883137d 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -672,6 +672,16 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + plugin: + properties: + config: + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + - name + type: object setCanaryScale: properties: matchTrafficWeight: @@ -944,6 +954,10 @@ spec: type: object annotationPrefix: type: string + canaryIngressAnnotations: + additionalProperties: + type: string + type: object stableIngress: type: string stableIngresses: @@ -3727,6 +3741,45 @@ spec: type: object stablePingPong: type: string + stepPluginStatuses: + items: + properties: + backoff: + type: string + disabled: + type: boolean + executions: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + index: + format: int32 + type: integer + message: + type: string + name: + type: string + operation: + type: string + phase: + type: string + startedAt: + format: date-time + type: string + status: + type: object + x-kubernetes-preserve-unknown-fields: true + updatedAt: + format: date-time + type: string + required: + - index + - name + - operation + type: object + type: array weights: properties: additional: From 2602b7a364eb5e24db9be041da24810681e764d5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 14:56:35 +0900 Subject: [PATCH 603/617] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v39.153.2 (#3149) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 450330ba..e9cc0a19 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 39.86.4 + renovate-version: 39.153.2 token: '${{ steps.get_token.outputs.token }}' mount-docker-socket: true env: From 55d2330df6ec86995d7a259d63ddfea956fc874e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 09:35:20 -0600 Subject: [PATCH 604/617] chore(deps): bump the dependencies group with 2 updates (#3150) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index f8f9fe02..c719d45d 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e9a10387..194c864e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: sarif_file: results.sarif From ffacdd45f9468a574f3215a31316f76d65f4c46a Mon Sep 17 00:00:00 2001 From: iwin1203 Date: Mon, 3 Feb 2025 18:39:13 +0900 Subject: [PATCH 605/617] chore(argo-cd): Fix typo on README (#3153) fix typo in argocd chart readme Signed-off-by: Ganzidaeyong --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/README.md.gotmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c932235e..54f47290 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.22 +version: 7.7.23 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.4 + - kind: fixed + description: Fixed typo in README diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3a4a2560..bc557cd1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -312,7 +312,7 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr Upstream steps in the [FAQ] are not enough, since we chose a different approach. (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) -Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash kubectl delete secret argocd-redis -n diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 0520c40f..4e0f1ab5 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -312,7 +312,7 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr Upstream steps in the [FAQ] are not enough, since we chose a different approach. (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) -Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash kubectl delete secret argocd-redis -n From 6b1ea92acba9d15f423cc03efc4d7a18dee6f9b5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 13:25:53 +0100 Subject: [PATCH 606/617] chore(deps): update renovatebot/github-action action to v41.0.12 (#3151) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e9cc0a19..87c2afac 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@d385c88822a237acaead89c462fa0aef7502748f # v41.0.11 + uses: renovatebot/github-action@9ad1a8e771c002ece340d1ff028fae4503fe041b # v41.0.12 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From f30bcd682d92023c4631cbb44fe233d9d5310275 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 00:43:31 -0600 Subject: [PATCH 607/617] chore(deps): update actions/create-github-app-token action to v1.11.3 (#3156) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 87c2afac..b27a99ac 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514 # v1.11.2 + uses: actions/create-github-app-token@67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7 # v1.11.3 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From c77cb712e078abbce1e015000a6057481580e3f8 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 4 Feb 2025 12:25:53 +0100 Subject: [PATCH 608/617] feat(argo-cd): Update to Argo CD 2.14 (#3155) * feat(argo-cd): Update to Argo CD 2.14 Signed-off-by: Marco Maurer * fix: Add more customization options to commit-server Signed-off-by: Marco Maurer * fix: Bump appVersion to v2.14.1 Signed-off-by: Marco Maurer * fix: Add 'resources' to commit-server Signed-off-by: Marco Maurer * chore: Drop commitServer.service.type Signed-off-by: Marco Maurer * fix: Add ability to disable the commit-server Signed-off-by: Marco Maurer * chore: Drop commitServer.replicas since there are no upstream docs Signed-off-by: Marco Maurer * feat: Allow adding extraVolume and mounts Signed-off-by: Marco Maurer * chore: Disable commit-server by default Signed-off-by: Marco Maurer * feat: Dedicated metrics service with basic customization options Signed-off-by: Marco Maurer --------- Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 8 +- charts/argo-cd/README.md | 63 +- charts/argo-cd/README.md.gotmpl | 18 +- .../argo-cd/ci/with-commit-server-values.yaml | 3 + charts/argo-cd/templates/_helpers.tpl | 18 + .../deployment.yaml | 24 + .../statefulset.yaml | 30 + .../argocd-applicationset/deployment.yaml | 12 + .../argocd-commit-server/deployment.yaml | 238 ++++ .../argocd-commit-server/metrics.yaml | 35 + .../argocd-commit-server/networkpolicy.yaml | 25 + .../argocd-commit-server/service.yaml | 26 + .../argocd-commit-server/serviceaccount.yaml | 19 + .../argocd-repo-server/deployment.yaml | 6 + .../templates/argocd-server/deployment.yaml | 6 + .../templates/crds/crd-application.yaml | 387 ++++++ .../templates/crds/crd-applicationset.yaml | 1163 +++++++++++++++++ charts/argo-cd/values.yaml | 183 ++- 18 files changed, 2257 insertions(+), 7 deletions(-) create mode 100644 charts/argo-cd/ci/with-commit-server-values.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/deployment.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/metrics.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/service.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 54f47290..869e9e41 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.4 +appVersion: v2.14.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.23 +version: 7.8.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed typo in README + - kind: changed + description: Bump argo-cd to v2.14.1 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bc557cd1..f1140f1f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -708,7 +708,7 @@ NAME: my-release | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | -| global.nodeSelector | object | `{}` | Default node selector for all components | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | | global.podAnnotations | object | `{}` | Annotations for the all deployed pods | | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | @@ -1621,6 +1621,65 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) @@ -1653,3 +1712,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 4e0f1ab5..d2862792 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -672,7 +672,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) ) }} + {{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} @@ -813,6 +813,20 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. {{- end }} {{- end }} +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "commitServer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) @@ -845,3 +859,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/ci/with-commit-server-values.yaml b/charts/argo-cd/ci/with-commit-server-values.yaml new file mode 100644 index 00000000..b4ffedca --- /dev/null +++ b/charts/argo-cd/ci/with-commit-server-values.yaml @@ -0,0 +1,3 @@ +# Test Argo CD with optional component "commit-server" +commitServer: + enabled: true diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 1ef054b1..aeaf3df8 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -177,6 +177,24 @@ Create the name of the notifications service account to use {{- end -}} {{- end -}} +{{/* +Create argocd commit-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.commitServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the commit-server service account to use +*/}} +{{- define "argo-cd.commitServer.serviceAccountName" -}} +{{- if .Values.commitServer.serviceAccount.create -}} + {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.commitServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Argo Configuration Preset Values (Influenced by Values configuration) */}} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index e61a8525..0b8285b7 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -175,6 +175,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -311,6 +317,24 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index a907ac76..733290d1 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -174,6 +174,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -310,6 +316,26 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -344,6 +370,8 @@ spec: name: argocd-home - name: argocd-cmd-params-cm mountPath: /home/argocd/params + - name: argocd-application-controller-tmp + mountPath: /tmp {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -385,6 +413,8 @@ spec: {{- else }} emptyDir: {} {{- end }} + - emptyDir: {} + name: argocd-application-controller-tmp - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 303106b5..9c085123 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -151,6 +151,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING valueFrom: configMapKeyRef: @@ -211,6 +217,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.webhook.parallelism.limit optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-commit-server/deployment.yaml b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml new file mode 100644 index 00000000..96cf6575 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml @@ -0,0 +1,238 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.commitServer.name }} + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-commit-server + {{- with .Values.commitServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + {{- with .Values.commitServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8086 + name: server + protocol: TCP + - containerPort: 8087 + name: metrics + protocol: TCP + {{- if .Values.commitServer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.commitServer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commitServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.commitServer.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + name: copyutil + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + volumes: + {{- with .Values.commitServer.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - emptyDir: {} + name: var-files + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.commitServer.hostNetwork }} + hostNetwork: {{ .Values.commitServer.hostNetwork }} + {{- end }} + {{- with .Values.commitServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.commitServer.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/metrics.yaml b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml new file mode 100644 index 00000000..7d198a70 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.commitServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }} + {{- with .Values.commitServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.commitServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.commitServer.metrics.service.type }} + {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.commitServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.metrics.service.servicePort }} + targetPort: 8087 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml new file mode 100644 index 00000000..6ec0a6ac --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }} + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/service.yaml b/charts/argo-cd/templates/argocd-commit-server/service.yaml new file mode 100644 index 00000000..7b0bf878 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commitServer.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: server + protocol: TCP + port: 8086 + targetPort: 8086 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml new file mode 100644 index 00000000..d0cf9e73 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.commitServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.commitServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 2617251d..f12332e9 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -239,6 +239,12 @@ spec: name: argocd-cmd-params-cm key: reposerver.plugin.tar.exclusions optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index cc5f7bfe..0b75f062 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -373,6 +373,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 7e3afda6..2c69f9ba 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -319,6 +319,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -466,6 +474,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -685,6 +697,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -834,6 +854,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1166,6 +1190,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1312,6 +1344,10 @@ spec: use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1378,6 +1414,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1523,6 +1617,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1670,6 +1772,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1848,6 +1954,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -2045,6 +2156,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2194,6 +2313,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2414,6 +2537,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2565,6 +2696,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2933,6 +3068,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3085,6 +3228,11 @@ spec: Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -3320,6 +3468,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3475,6 +3631,11 @@ spec: of Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications @@ -3824,6 +3985,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3975,6 +4144,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -4205,6 +4378,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4357,6 +4538,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -4463,6 +4648,11 @@ spec: description: HealthStatus contains information about the currently observed health state of an application or resource properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4480,6 +4670,8 @@ spec: type: string namespace: type: string + requiresDeletionConfirmation: + type: boolean requiresPruning: type: boolean status: @@ -4493,6 +4685,177 @@ spec: type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4730,6 +5093,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4881,6 +5252,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -5111,6 +5486,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -5263,6 +5646,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 6cf09222..eff945f8 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -242,6 +242,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -340,6 +344,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -385,6 +391,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -472,6 +514,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -570,6 +616,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -676,6 +724,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -864,6 +914,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -962,6 +1016,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1007,6 +1063,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1094,6 +1186,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1192,6 +1288,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1487,6 +1585,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1585,6 +1687,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1630,6 +1734,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1717,6 +1857,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1815,6 +1959,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2090,6 +2236,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2188,6 +2338,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2233,6 +2385,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2320,6 +2508,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2418,6 +2610,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2718,6 +2912,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2816,6 +3014,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2861,6 +3061,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2948,6 +3184,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3046,6 +3286,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3152,6 +3394,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -3340,6 +3584,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3438,6 +3686,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3483,6 +3733,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -3570,6 +3856,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3668,6 +3958,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3963,6 +4255,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4061,6 +4357,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4106,6 +4404,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4193,6 +4527,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4291,6 +4629,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4566,6 +4906,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4664,6 +5008,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4709,6 +5055,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4796,6 +5178,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4894,6 +5280,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5177,6 +5565,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5275,6 +5667,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5320,6 +5714,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5407,6 +5837,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5505,6 +5939,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6007,6 +6443,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6105,6 +6545,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6150,6 +6592,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6237,6 +6715,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6335,6 +6817,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6832,6 +7316,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6930,6 +7418,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6975,6 +7465,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7062,6 +7588,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7160,6 +7690,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7452,6 +7984,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7550,6 +8086,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7595,6 +8133,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7682,6 +8256,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7780,6 +8358,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8082,6 +8662,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8180,6 +8764,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8225,6 +8811,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8312,6 +8934,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8410,6 +9036,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8516,6 +9144,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -8704,6 +9334,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8802,6 +9436,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8847,6 +9483,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8934,6 +9606,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9032,6 +9708,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9327,6 +10005,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9425,6 +10107,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9470,6 +10154,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9557,6 +10277,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9655,6 +10379,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9930,6 +10656,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10028,6 +10758,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10073,6 +10805,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10160,6 +10928,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10258,6 +11030,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10541,6 +11315,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10639,6 +11417,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10684,6 +11464,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10771,6 +11587,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10869,6 +11689,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11371,6 +12193,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11469,6 +12295,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11514,6 +12342,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11601,6 +12465,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11699,6 +12567,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12196,6 +13066,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12294,6 +13168,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12339,6 +13215,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12426,6 +13338,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12524,6 +13440,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12820,6 +13738,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12918,6 +13840,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12963,6 +13887,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13050,6 +14010,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13148,6 +14112,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13430,6 +14396,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13528,6 +14498,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13573,6 +14545,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13660,6 +14668,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13758,6 +14770,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14260,6 +15274,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14358,6 +15376,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14403,6 +15423,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14490,6 +15546,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14588,6 +15648,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15085,6 +16147,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15183,6 +16249,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15228,6 +16296,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15315,6 +16419,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15413,6 +16521,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15780,6 +16890,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15878,6 +16992,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15923,6 +17039,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -16010,6 +17162,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -16108,6 +17264,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -16267,6 +17425,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: @@ -16280,6 +17441,8 @@ spec: type: string namespace: type: string + requiresDeletionConfirmation: + type: boolean requiresPruning: type: boolean status: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 4c069086..93e480ad 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -119,7 +119,8 @@ global: priorityClassName: "" # -- Default node selector for all components - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux # -- Default tolerations for all components tolerations: [] @@ -3749,3 +3750,183 @@ notifications: # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown + +commitServer: + # -- Enable commit server + enabled: false + + # -- Commit server name + name: commit-server + + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- commit server command line flags + extraArgs: [] + + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics + + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false + + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + + # -- Annotations for the commit server pods + podAnnotations: {} + + # -- Labels for the commit server pods + podLabels: {} + + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" From b732ef4689aa571c7fb99fa3f3d5c2ac0bef02f6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 10:07:42 +0000 Subject: [PATCH 609/617] chore(argo-cd): Update dependency argoproj/argo-cd to v2.14.2 (#3160) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 869e9e41..2c8122a2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.14.1 +appVersion: v2.14.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.8.0 +version: 7.8.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.14.1 + description: Bump argo-cd to v2.14.2 From f7b5090efb272e40881a78127db2ef9954c4b2c5 Mon Sep 17 00:00:00 2001 From: PatrickSpies <57619316+PatrickSpies@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:34:55 +0100 Subject: [PATCH 610/617] fix(argo-cd): only create dex-servicemonitor if dex is enabled (#3159) * fix(argo-cd): only create dex-servicemonitor of dex is enabled Signed-off-by: Patrick Spies * numbers are difficult Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> --------- Signed-off-by: Patrick Spies Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2c8122a2..ff93b69d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.14.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.8.1 +version: 7.8.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.14.2 + - kind: fixed + description: Create ServiceMonitor for dex only if dex is enabled diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 93c9fa32..2564cfa1 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: From d40470b95dd61c2232bf3e7a63f0af6a371a728a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 8 Feb 2025 14:58:48 +0900 Subject: [PATCH 611/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.6.3 (#3164) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index be8df0c6..a9fafdda 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.6.2 +appVersion: v3.6.3 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.4 +version: 0.45.5 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support configuring workflow events in the controller + - kind: changed + description: Bump argo-workflows to v3.6.3 From 56b2429f3b110acbc46bedb01767ba0f2242a694 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Feb 2025 20:18:18 +0100 Subject: [PATCH 612/617] chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 in the dependencies group (#3166) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 194c864e..29f267d3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: sarif_file: results.sarif From ff078480685bd22b93fafc5a3035fdbe1c4da942 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 07:16:36 -0600 Subject: [PATCH 613/617] chore(deps): update renovatebot/github-action action to v41.0.13 (#3167) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b27a99ac..15d4d3a8 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@9ad1a8e771c002ece340d1ff028fae4503fe041b # v41.0.12 + uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 3a329eae633ebf374d1aa2f6673b828848f9c994 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 08:30:15 -0600 Subject: [PATCH 614/617] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.6.4 (#3168) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index a9fafdda..364868f6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.6.3 +appVersion: v3.6.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.5 +version: 0.45.6 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.6.3 + description: Bump argo-workflows to v3.6.4 From 689fed54cb70cb693decf5512437f4bc5138d04f Mon Sep 17 00:00:00 2001 From: Yusuke Abe Date: Sat, 15 Feb 2025 19:11:16 +0900 Subject: [PATCH 615/617] chore(argo-workflows): suggest non deprecated option (#3113) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 364868f6..c1f8df1a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.6 +version: 0.45.7 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.6.4 + - kind: fixed + description: Update the SSO configuration instructions to reflect the correct field name diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 323524c2..6e400596 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -344,7 +344,7 @@ Fields to note: | server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | -| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. | +| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. | | server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index cf9b08d8..0c044454 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -717,7 +717,7 @@ server: # SSO configuration when SSO is specified as a server auth mode. sso: - # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. + # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. enabled: false # -- The root URL of the OIDC identity provider issuer: https://accounts.google.com From 341406ccb2c1c3c1f72432ca22b1470bde1f579a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 15 Feb 2025 10:12:33 +0000 Subject: [PATCH 616/617] chore(deps): update actions/create-github-app-token action to v1.11.5 (#3170) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 15d4d3a8..9460d792 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7 # v1.11.3 + uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 52870ab90783623973cce0987117ae854bb67b39 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 20 Feb 2025 09:41:59 +0900 Subject: [PATCH 617/617] chore(deps): update ghcr.io/dexidp/dex docker tag to v2.42.0 (#3172) * chore(deps): update ghcr.io/dexidp/dex docker tag to v2.42.0 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * bump the chart Signed-off-by: Tim Collins * helm docs Signed-off-by: Tim Collins --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Tim Collins Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Tim Collins --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ff93b69d..5d12006a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.14.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.8.2 +version: 7.8.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Create ServiceMonitor for dex only if dex is enabled + - kind: changed + description: Bump dex version to v2.42.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f1140f1f..25760a5f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1170,7 +1170,7 @@ NAME: my-release | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.41.1"` | Dex image tag | +| dex.image.tag | string | `"v2.42.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 93e480ad..f1213daf 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1025,7 +1025,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.41.1 + tag: v2.42.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: ""